this post was submitted on 19 Nov 2021
51 points (100.0% liked)

Technology

38817 readers
250 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 6 years ago
MODERATORS
all 24 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 3 years ago (1 children)

Prolly I'll be in the minority here. But blaming the tech itself seems the wrong way to go. Technology advance and adoption has been part of our species for thousands of years, and this is no different. So needing certain tech to do our every day human activities is normal. We should focus our attention towards what large companies who control this tech (mostly) are doing with this and how they are using it in order to control us and profit from us.

A de-googled android smartphone will get rid of most of the issues caused by large tech, and still retain most of the advantages. Sadly de-googled android is not consumer - ready yet though, so it's a real option for the more technically inclined. But then again, this might be an issue more related to technical literacy?

[–] [email protected] 6 points 3 years ago (1 children)

Most of the bank apps don't work on de-googled Android phones however.

[–] [email protected] 3 points 3 years ago (1 children)

The apps may not all work but the websites will work when you set the browser to desktop mode. That is how I get my banking done on LineageOS with Firefox.

[–] [email protected] 4 points 3 years ago

But you need the app or a tan generator to login with many banks now. The app works as a second factor authenticator in that instance, which the website can't do

[–] [email protected] 5 points 3 years ago (4 children)

You even need an app for accessing your bank account. At least in the EU!

[–] [email protected] 7 points 3 years ago (1 children)

My bank just sends SMS codes for verification, no app needed (Spain).

[–] [email protected] 5 points 3 years ago (1 children)

It's an EU norm, not yet unforced AFAIK, but mobileTAN will be removed anytime soon. My bank(s) removed it mid 2021 and introduced mandatory apps or TAN generator.

[–] [email protected] 3 points 3 years ago

same happened to me. Now I can choose if I want to purchase a tan generator or use the app

[–] [email protected] 6 points 3 years ago (1 children)

That is mostly false info banks like to tell their customers as their shitty apps allow them to shift the burden of proof in some fraud cases to the customers and also allow them to outsource some customer relation parts.

The relevant new EU legislation only requires there to be a second factor for authentication, but does not require an smart-phone app at all.

Look for a more honest bank with better customer service would be my advise. My bank does have an app as well, but it isn't required at all.

[–] [email protected] 6 points 3 years ago

AFAIK the other option as second factor is a tan generator that one has to buy. I don't know of any bank in Germany that has another second factor or will provide one in the future

[–] [email protected] 5 points 3 years ago (2 children)

Tell me about it. Apparently there are some banks that still allow you to pay for stuff online without having to own a phone. Unfortunately, my country has exactly zero of them. I checked. All our banks now need their app on their customers' phone to verify their online purchases. And I don't have a Play Store on my phone, so that's fun.

[–] [email protected] 3 points 3 years ago

Think of all the old people that do not know how to use a smartphone and don't want one ...

[–] [email protected] 3 points 3 years ago (1 children)

You mean for accessing your bank account from a phone? Or just accessing your account in general?

[–] [email protected] 5 points 3 years ago (1 children)

In General, because you need an app as second factor.

[–] [email protected] 2 points 3 years ago (2 children)

How about code being sent through SMS? Or using an OTH token, or something not forcing an app? Where I live, what's worse about those token apps, is that some do not work if not under google play. Some do, but most don't. I had to show them their app didn't work in a LOS4uG phone (no GApps at all), and they sold me the OATH token, they were not even going to sell it to me, because banks are enforcing the app, which to me it's a horrible practice. But banks are private entities, so I don't know if there can be legal actions filed against those practices, though I'm no lawyer, neither I have time, neither money to start such demands, but I'm thinking it should be possible.

In my country the government is also trying to enforce QR codes through an app, right now the enforcement was put on pause, given an action filed against it, but I'm suspecting it'll still be enforced in the end... It's sad to see where things are moving...

[–] [email protected] 5 points 3 years ago (1 children)

SMS as 2FA is not allowed anymore in the EU starting some time in 2022, IIRC. Not 100% sure though.

[–] [email protected] 3 points 3 years ago (1 children)
[–] [email protected] 4 points 3 years ago* (last edited 3 years ago) (1 children)

But this are randomly generated numbers, short term lived. They don't make any sense to anyone, if not having the other authentication factors, in the multi factor authentication. That's why they are multi factor (2nd in most cases). And those banks token apps, I guess they provide client server encryption, which bumps up security on the token sent a bit, but in my mind not enough to say just because you receive SMS tokens, it's quite easy to get into you bank account, without having all authentication factors at hand, and all the time, remember those tokens are short lived.

[–] [email protected] 3 points 3 years ago* (last edited 3 years ago)

They aren't going to bother trying to get the 2fa code until they already have your password, and by then, it's already too late.

Like this kid, did a SIM swap attack and hijacked 2fa codes.

https://www.engadget.com/canada-cryptocurrency-arrest-171617452.html

[–] [email protected] 5 points 3 years ago

In the state I live in, they are rolling out virtual IDs.

[–] [email protected] 4 points 3 years ago

But QR codes can be printed out, can't they? As long as holding your ID, and the printed thing, wouldn't that be enough?

[–] [email protected] 4 points 3 years ago

That's a really good piece. It chimes a lot with me. I too just have a dumb-phone at the moment.

(And I try not to internet shop either)