(no title)
gaiagraphia | 10 months ago
Was the one thing which ended my couple of years without Google, as my banking apps started banning my phones fingerprint for being insecure.
Seems like in a major part of '''Pax Americana''' is needing to use a Google or Apple fingerprint to participate in society. Makes you laugh when people whinge about China.
zb3|10 months ago
conradev|10 months ago
One real world problem is that some existing systems are built relying on the integrity of the components within, i.e. BART in the bay area relies on the BART cards being honest and secure. If iPhones are to be allowed into the system, they also have to be honest and secure.
The capability is being over-used and abused, and we should design systems to never need it, but some do.
ImPostingOnHN|10 months ago
This describes a 1:1, total-trust relationship. There are other types of systems fulfilling the requirements without needing a 1:1, total-trust relationship.
For example, the main requirements here are: The account succeeds at making requests it is allowed to make, and the account fails at making requests it is not allowed to make. Both those requirements can be fulfilled entirely server-side, and should be. Why require the client to be locked down?
ThePowerOfFuet|10 months ago
Also, what's stopping you from using your bank's website instead... or switching to a bank which sucks less?
gaiagraphia|10 months ago
Just wanted to be left alone tbh ;/
lenerdenator|10 months ago