Comment on Did we win?
SomeDudeFromSpace@lemmy.ml 2 months ago
We will win when nobody can tell you what you can or can’t put in your own fucking device.
Comment on Did we win?
SomeDudeFromSpace@lemmy.ml 2 months ago
We will win when nobody can tell you what you can or can’t put in your own fucking device.
invertedspear@lemmy.zip 2 months ago
Counterpoint: my software allows you to access your banking needs. I’m financially on the hook if fraud occurs. Fraud occurs because your favorite “slap the monkey” game also installs a keylogger and network monitor. So I don’t allow my software to work if you have that installed.
I think you’re right that companies should not be able to tell you what software you can run, but users also can’t be trusted to keep their devices safe.
A lot of network, banking, and telephony protocols historically rely on trusting that there are no bad actors in the chain. Technology has added more links to the chain increasing the opportunities for bad actors to tap into it.
It’s a situation that needs better fixes. Maybe we just need to hand the current internet over to the bots and start a new one with security and privacy built in from the ground up.
OrganicMustard@lemmy.world 2 months ago
Android runs apps sandboxed, so no app can access what you write in another like your banking app, or the unencrypted packages it sends.
Pika@sh.itjust.works 2 months ago
Yea the argument stated works better for rooted environments than rootless environments or sideloading.
In a non-root scenario, you would need to specify a few permissions to give a keylogger that amount of access. I think that a big issue is people not understanding that there is a difference between a rooted device or root installed app, and a sideloaded application.
Just because you have a non-google device or a rooted device != you have a compromised device. Applications aren’t going to magically install running as root, every rom worth their salt keeps it a clear isolation between the layers, and some roms don’t even allow you to use the root environment after installing it.
Anivia@feddit.org 2 months ago
Androids sandboxing is far from bulletproof
ru.nl/…/new-research-highlights-privacy-abuse-inv…
OrganicMustard@lemmy.world 2 months ago
That one isn’t an issue with the sandboxing but with the networking system. Secure browsers have that in consideration and are not vulnerable to meta’s tracking.
feannag@sh.itjust.works 2 months ago
Maybe banks could use a way to authenticate the user a second way, that doesn’t involve a password. If only. (Sidenote: why do banks still insist on sms 2FA?)
kkj@lemmy.dbzer0.com 2 months ago
You’re liable if someone shares their credentials? Even if they did it accidentally by installing a keylogger, that seems like user error.
Zak@lemmy.world 2 months ago
Their wish to break the first rule of network security (you can’t trust the client) shouldn’t be everyone else’s problem.
MisterFrog@lemmy.world 2 months ago
If your software runs on windows or MacOS, this point is such bull, sorry.
Do you monitor what software people have installed accessing their banking needs on those platforms?