Comment by MereInterest
2 years ago
False equivalence. In one case, credentials are deliberately given for remote use. In the other case, credentials are expected to be used for a direct connection, but are instead taken for remote use.
One is an explicit delegation, while the other is a man-in-the-middle attack.
I don’t think so. Remote or direct is only something we think about. The general user could not care less nor know the difference. Hardly a false equivalence.