top | item 47100609

(no title)

> I still don't see a way

1) don't give it access to your bank

2) if you do give it access don't give it direct access (have direct access blocked off and indirect access 2FA to something physical you control and the bot does not have access to)

---

agreed or not?

---

think of it like this -- if you gave a human power to drain you bank balance but put in no provision to stop them doing just that would that personal advisor of yours be to blame or you?

discuss

wavemode|8 days ago

The difference there would be that they would be guilty of theft, and you would likely have proof that they committed this crime and know their personal identity, so they would become a fugitive.

By contrast with a claw, it's really you who performed the action and authorized it. The fact that it happened via claw is not particularly different from it happening via phone or via web browser. It's still you doing it. And so it's not really the bank's problem that you bought an expensive diamond necklace and had it shipped to Russia, and now regret doing so.

Imagine the alternative, where anyone who pays for something with a claw can demand their money back by claiming that their claw was tricked. No, sir, you were tricked.

snovv_crash|8 days ago

What day is your rent/mortgage auto-paid? What amount? --> ask for permission to pay the same amount 30 minutes before, to a different destination account.

These things are insecure. Simply having access to the information would be sufficient to enable an attacker to construct a social engineering attack against your bank, you or someone you trust.