Raivo just went Rouge
Raivo a very famous (former) open-source 2FA manager for iOS just added a paywall to its application, and things are just fucked up. The application is crashing and just not moving forward not allowing the user to see the TOTP tokens, practically blocking out the users from their accounts.
I stumbled upon this yesterday while trying to log in to my AWS account and saw all the new nonsense things that were newly added.
And upon some research (who am I kidding, just a duckduckgo search), landed me on the Privacy subreddit thread on Raivo,
And along with that, iOS doesn't allow users to downgrade the applications once updated.
And even if that was less, people who haven't had a backup of their tokens are just so screwed, they have to wait until the next release/patch is released. I had backed up the tokens on an encrypted zip and then was able to recover and import in another open-source 2FA application, 2FAS which apparently supports Linux as well as Android.
And to the beauty of the extent to which Raivo has to remove the issues section from their GitHub repo altogether, a former link can be found via the web search. Seriously wow!
Okay, so diving a bit deeper, it seems that Raivo was acquired by Mobime, according to a tweet made using their official account, they stated,
π’ Big News! π Exciting times ahead as we announce that Raivo has been acquired by Mobime (https://t.co/D3ZFAi8rKh)! ππ€
β Raivo Authenticator (@RaivoOTP) July 24, 2023
Rest assured, nothing will change for you, except for more support and development on the Raivo ecosystem. More updates will follow soon.
So what we can infer from this? Stating that things won't be changing for the end users? But only for those who are only willing to pay the amount and those who are willing to stay until you fix the app crashing issue?
Well, I am pretty sure the people who were using Raivo had a solid reason and belief in open-source applications, that's why they were using this, otherwise, people have many other big corporate 2FAs applications as well, eg. Google Authenticator, etc.
So now the question boils down to what we can do as an end user?
Well, I will suggest not solely relying on the applications(any) as such but keeping a periodic physical backup of this kind of sensitive data.
The same goes for passwords, I would suggest having a physical backup for your passwords stored locally, on which you can pretty surely rely on, and access without much of a hassle.