zlacker

[parent] [thread] 9 comments
1. crote+(OP)[view] [source] 2023-07-24 23:17:49
Ehhh, it depends.

In theory one could imagine a scenario like a bank website refusing to be accessed unless the entire OS & browser stack pass attestation - as that would rule out things like keyloggers, malicious browser extensions, and session hijacking.

In practice it'll just be used to lock down content and force unskippable ads on users, of course.

replies(6): >>didntc+p2 >>Negati+Q9 >>userbi+fk >>Zak+Lv >>dzikim+RJ >>hebozh+S84
2. didntc+p2[view] [source] 2023-07-24 23:35:16
>>crote+(OP)
And in practice it will eventually mean being unable to do online banking if you're on Linux. My Android phone with a custom ROM doesn't pass even a basic SafetyNet check, and this means I essentially cannot use mobile banking. For now, using a browser on my phone is a "workaround", but this proposal could change that
replies(1): >>xvecto+6c1
3. Negati+Q9[view] [source] 2023-07-25 00:31:59
>>crote+(OP)
But that's not a direct value. I'm aware that reducing fraud for banks will potentially (bank behavior makes me doubt this) increase interest rates/decrease fees since they'll have less stolen money. I'm also aware that the current internet is built on free-as-in-beer services due to ads typically covering costs.

I'm not interested in being hobbled for either of those problems. I remember when banks used to reject my browser because it wasn't IE in Windows. I remember when I had to look at webpages that were 50% advertising.

Screw that.

4. userbi+fk[view] [source] 2023-07-25 01:44:55
>>crote+(OP)
one could imagine a scenario like a bank website refusing to be accessed unless the entire OS & browser stack pass attestation - as that would rule out things like keyloggers, malicious browser extensions, and session hijacking.

The important part is that "malicious" isn't up to you to decide anymore; if you have any "unapproved" software that acts in your interests and not others', this could theoretically be used to lock you out too.

5. Zak+Lv[view] [source] 2023-07-25 03:31:33
>>crote+(OP)
> a bank website refusing to be accessed unless the entire OS & browser stack pass attestation

Even that use case leads to bad outcomes. I already have to jump through hoops to get banking apps to run on my rooted phone. Banking websites refusing to run on anything but Chrome on Windows is a likely scenario here, and that's awful.

6. dzikim+RJ[view] [source] 2023-07-25 05:40:41
>>crote+(OP)
IT in big banks is usually horrible and their security departments would close you and your family in a cage if it was possible and helped them avoid liability. If attestation exposes let's say your password policy, be sure you'll be required to set it for monthly changes the moment they can do that.

I don't want them to have a say in how I run my devices.

replies(1): >>Avaman+wf1
◧◩
7. xvecto+6c1[view] [source] [discussion] 2023-07-25 10:05:35
>>didntc+p2
And yet millions of users benefit from SafetyNet every day. Just because something constrains openness does not make it inherently bad.
replies(1): >>accoun+dh2
◧◩
8. Avaman+wf1[view] [source] [discussion] 2023-07-25 10:35:01
>>dzikim+RJ
Absolutely this. Banks are notorious for cargo culting. Their ideas of security are often inane.

I'm also sure it'll end up with things like "your browser is too up-to-date" or crap like that.

◧◩◪
9. accoun+dh2[view] [source] [discussion] 2023-07-25 15:59:26
>>xvecto+6c1
Millions of users are subjected to SaftetyNet. Your claim that this is to their benefit is unfounded.
10. hebozh+S84[view] [source] 2023-07-26 00:14:02
>>crote+(OP)
I hope banks like getting phone calls, then. MacOS and Windows normies are going to get caught up in this, and so are all of the laypeople who got pissed at those two and moved to OS's like Linux Mint.
[go to top]