I think, practically, everyone will need at least a cheap-ish android or iphone, perhaps $300 (and a new one every few years ...), to be their locked-down "agent" for using financial or government services. It's not for you, it's for the government/banks, it is their agent for talking to you.
Kinda weird, if you think about it. But that seems to be the way it's heading.
> everyone will need at least a cheap-ish android or iphone, perhaps $300
No, the much more secure while at the same time liberty-preserving way to do this are heavily sandboxed secure enclaves with attestation, or even better standalone tamper-proof devices capable of attestation.
Like the ones practically every bank customer already has in their wallet, and for which most phones have a built-in reader these days... The only thing missing is a secure input and output channel, like a small built-in display and a button or biometric input.
In any case, I somewhat empathize with banks in that they want to ensure that my transaction confirmation device is not compromised, but getting to dictate what software does and doesn't run on my own hardware outside of maybe a narrow sandbox needed to do that is a no-go.
In principle I'm certainly on board with the idea, but the problem is - at least in the Anglosphere, probably further - that the financial system is part of the military and policing systems. They are a powerful and persistent lobby that want a phone to be able to provide enough who-what-when-where to be able to put someone in jail or in extreme cases drop a missile on them.
That is one of the reasons the crypto market is behaving like some radical innovation instead of just a group of bozos speedrunning financial history. For the first time since the invention of capital we have an asset class where it doesn't take the cooperation of a group of armed thugs to guarantee the integrity of the system.
I don't see how a separate dedicated piece of hardware is less secure. It has zero contact whatsoever with your other comm devices. It can be switched off when not needed, to prevent any chance of tracking you. Think of it as of an advanced yubikey.
It's not money-preserving though. You need an extra device, and an extra phone number. The separate phone number is another privacy-preserving feature though.
There's a second layer to the conflict here, in that (e.g.) the banks will want to move the entire flow into whatever secure device, enclave, or "agent" they supply - meanwhile, the whole point of me having a general-purpose computer is to be able to do general-purpose computing that I want within this flow.
My favorite, basic example is this: I'd like to create my own basic widget showing me my account balance on my phone's home screen. Doesn't have to be real-time, but accurate to +/- few minutes to what the bank app would say when I opened it. It has to be completely non-interactive - no me clicking to confirm, no reauthorizing every query or every couple hours. Just a simple piece of text, showing one number.
As far as I know it, there's no way of making it happen without breaking sandboxing or otherwise hacking the app and/or API endpoints in a way that's likely to break, and likely to get you in trouble with the bank.
It should not be that way. This is a basic piece of information I'm entitled to - one that I can get, but the banks decided I need to do it interactively, which severely limits the utility.
This is my litmus test. Until that can be done easily, I see the other side (banks, in cooperation with platform vendors) overreaching and controlling more than they should.
The point of the exercise isn't to just see the number occasionally; I can (begrudgingly) do that from the app. The difference here is that having the number means I can use it downstream. Instead of a widget on the phone screen, I could have it shown on a LED panel in my home office or kitchen[0], or Home Assistant dashboard. Or I could have a cron job automatically feeding it to my budgeting spreadsheet every 6 hours. Or I could have an LLM[1] remind me I've spent too much this week, or automatically order a pizza on Saturday evening but only if I'm not below a certain threshold. Or...
Endless realistic, highly individual applications, of a single basic number. The whole point of general-purpose computing empowering individuals. If only I could get that single number out.
> No, the much more secure while at the same time liberty-preserving way to do this are heavily sandboxed secure enclaves with attestation, or even better standalone tamper-proof devices capable of attestation.
Thats what is being required. The problem is making sure the policy is enforced correctly includes local business logic and user experience components. The money transfer needs to come from an authenticated user providing consent, not from some software that happens to have managed to get installed on the phone with sufficient permissions to interface with the secure element or to have their version of a library loaded.
That means one needs to validate user-facing software, and not just the API to a black box. Thus one is requiring a chain of custody validation up to the boot loader.
Nah, if a bank or some other civic entity wants to have a "secure agent" for transactions/communication with me, then they should be the ones providing that.
Much like I expect my employer to provide me hardware, and that hardware is used exclusively for work.
I shouldn't have to spend my own money on another device, nor should they be asserting their desires for control onto my own devices.
Maybe in US. In Vietnam, $300 is the average monthly salary, and the minimum wage is around $150. Probably the majority of people don't have a primary phone worth more than $300.
A country that is a dictatorship - I can understand why their slaves have to go through this. I fail to see why a true democracy would do this though. There is zero need to be required to have a smartphone; all those transactions work perfectly fine on a desktop computer system too, under Linux. People then may have a second device at home, some card reader and/or a thing such as Yubiko or something like that. IMO not even this should be required, but to mandate an app that would not be permissive under Linux - that is true dictatorship. I am surprised the government of Vietnam went that way.
Even elected governments already have the ability to take whatever they want from you, and force you to act against your own interests; this seems like a comparatively minor infringement.
My (Canadian) bank extorted me into installing their app, literally blocking me from doing transfers of my own money without it - I had to install it and take a picture of myself and my ID. After this I was able to switch to sms authentication and delete it, but they’re obviously trying to force people onto the app, and eventually they will do so more aggressively.
Of course in Canada we have a banking oligopoly that is effectively there just to rob people, but ironically any of the “challenger” startup banks are 100% app based afaik
Does not work anymore for many banks in Germany. I have 2 accounts that require me to have different second factor apps installed. For one bank I would have to open a separate account with a debit card to use hw tan generator. For the other AI would have to switch bank account after the regulators banned SMS and indexed paper TANs.
Assuming the browser has feature parity. I was visiting my parents over Xmas and my dad couldn’t make a payment because the number of saved payees was capped to 100. There was literally no option to delete a payee in the website, the only way we found was to install the app, authenticate, and do it in there. It’s happening already.
How are people on HN of all places still this short-sighted to not understand that this will stop being an option? It's incredible to see like 10 individuals commenting this all over threads like these. Think before you comment.
lxgr|1 month ago
No, the much more secure while at the same time liberty-preserving way to do this are heavily sandboxed secure enclaves with attestation, or even better standalone tamper-proof devices capable of attestation.
Like the ones practically every bank customer already has in their wallet, and for which most phones have a built-in reader these days... The only thing missing is a secure input and output channel, like a small built-in display and a button or biometric input.
In any case, I somewhat empathize with banks in that they want to ensure that my transaction confirmation device is not compromised, but getting to dictate what software does and doesn't run on my own hardware outside of maybe a narrow sandbox needed to do that is a no-go.
roenxi|1 month ago
That is one of the reasons the crypto market is behaving like some radical innovation instead of just a group of bozos speedrunning financial history. For the first time since the invention of capital we have an asset class where it doesn't take the cooperation of a group of armed thugs to guarantee the integrity of the system.
nine_k|1 month ago
It's not money-preserving though. You need an extra device, and an extra phone number. The separate phone number is another privacy-preserving feature though.
TeMPOraL|1 month ago
My favorite, basic example is this: I'd like to create my own basic widget showing me my account balance on my phone's home screen. Doesn't have to be real-time, but accurate to +/- few minutes to what the bank app would say when I opened it. It has to be completely non-interactive - no me clicking to confirm, no reauthorizing every query or every couple hours. Just a simple piece of text, showing one number.
As far as I know it, there's no way of making it happen without breaking sandboxing or otherwise hacking the app and/or API endpoints in a way that's likely to break, and likely to get you in trouble with the bank.
It should not be that way. This is a basic piece of information I'm entitled to - one that I can get, but the banks decided I need to do it interactively, which severely limits the utility.
This is my litmus test. Until that can be done easily, I see the other side (banks, in cooperation with platform vendors) overreaching and controlling more than they should.
The point of the exercise isn't to just see the number occasionally; I can (begrudgingly) do that from the app. The difference here is that having the number means I can use it downstream. Instead of a widget on the phone screen, I could have it shown on a LED panel in my home office or kitchen[0], or Home Assistant dashboard. Or I could have a cron job automatically feeding it to my budgeting spreadsheet every 6 hours. Or I could have an LLM[1] remind me I've spent too much this week, or automatically order a pizza on Saturday evening but only if I'm not below a certain threshold. Or...
Endless realistic, highly individual applications, of a single basic number. The whole point of general-purpose computing empowering individuals. If only I could get that single number out.
--
[0] - Why would I want that is besides the point.
[1] - E.g. via Home Assistant.
dwaite|1 month ago
Thats what is being required. The problem is making sure the policy is enforced correctly includes local business logic and user experience components. The money transfer needs to come from an authenticated user providing consent, not from some software that happens to have managed to get installed on the phone with sufficient permissions to interface with the secure element or to have their version of a library loaded.
That means one needs to validate user-facing software, and not just the API to a black box. Thus one is requiring a chain of custody validation up to the boot loader.
thewebguyd|1 month ago
Much like I expect my employer to provide me hardware, and that hardware is used exclusively for work.
I shouldn't have to spend my own money on another device, nor should they be asserting their desires for control onto my own devices.
dorfsmay|1 month ago
unparagoned|1 month ago
macbem|1 month ago
lossolo|1 month ago
Maybe in US. In Vietnam, $300 is the average monthly salary, and the minimum wage is around $150. Probably the majority of people don't have a primary phone worth more than $300.
shevy-java|1 month ago
A country that is a dictatorship - I can understand why their slaves have to go through this. I fail to see why a true democracy would do this though. There is zero need to be required to have a smartphone; all those transactions work perfectly fine on a desktop computer system too, under Linux. People then may have a second device at home, some card reader and/or a thing such as Yubiko or something like that. IMO not even this should be required, but to mandate an app that would not be permissive under Linux - that is true dictatorship. I am surprised the government of Vietnam went that way.
esseph|1 month ago
(From the kernel-level anti-cheat discussion the other day)
nickff|1 month ago
regularfry|1 month ago
Dylan16807|1 month ago
Just "a phone" with a bad update policy is $100.
thisislife2|1 month ago
andy99|1 month ago
Of course in Canada we have a banking oligopoly that is effectively there just to rob people, but ironically any of the “challenger” startup banks are 100% app based afaik
riedel|1 month ago
malux85|1 month ago
deaux|1 month ago
gonzalohm|1 month ago
skibidithink|1 month ago
gcuvyvtvv6|1 month ago
aembleton|1 month ago