True. but it is hard to protect something that you must enter into apps and websites to gains access to content. a better way need to be implemented where you can authenticate via offline signature signing and not have to enter the most critical part of your online identity into an app or website. or maybe this does exist and i just don't know about it.🤷