Comment

Comment on Nothing pulls its iMessage app from the Play Store following privacy disaster

Beefytootz@lemmy.world ⁨10⁩ ⁨months⁩ ago

I wholeheartedly agree with you, but in today’s world, that doesn’t matter to most people. I work in banking and the amount of people who willingly give their whole ass banking information to third parties is insane to me. I’m not talking like just their debit card number or their account and routing numbers, like legitimately their online banking sign in info, and they don’t see any potential risk at all

source

Sort:hotnew top

NuXCOM_90Percent@lemmy.zip ⁨10⁩ ⁨months⁩ ago
It doesn’t help that banks are normalizing this.

I recently began changing banks. To authorize a transfer from one to the other, my only option was to login via a popup. No place to specify account details just “log into your account to give us permissions”. Fortunately the new bank is competent so I did it from that side, but it is still normalized insanity

source
- cdf12345@lemmy.world ⁨10⁩ ⁨months⁩ ago
  What’s even worse is typically in the terms of those 3rd party sites, they say they can monitor your balances and transactions until you tell them to stop.
  
  source
- kautau@lemmy.world ⁨10⁩ ⁨months⁩ ago
  Because all the banks are invested in the company that manages bank logins
  
  en.m.wikipedia.org/wiki/Plaid_Inc.
  
  source
  - pineapplelover@lemm.ee ⁨10⁩ ⁨months⁩ ago
    Fuck plaid. I hate this
    
    source
Ghostalmedia@lemmy.world ⁨10⁩ ⁨months⁩ ago
IMHO, the big fuck up is on the business side of the fence. Their product’s success rides on Apple not sicking their giant legal team on them. They needed to play this carefully. AKA, they needed to live up to the security promises.

Now they’re in the press for being an iMessage security vulnerability, and security is something Apple spends a LOT of marketing money on.

Apple is going to want to protect that image, and I wouldn’t be surprised if they come for Sunbird in the coming weeks.

They played this fast and loose, and it will probably cost them.

source
- kautau@lemmy.world ⁨10⁩ ⁨months⁩ ago
  Yeah very much this. Their way of running a bunch of Macs intercepting iCloud messages was already sketchy, so I was surprised Apple hadn’t come for them sooner. But now that it turns out everything was being stored unencrypted in plaintext? Apple’s legal team couldn’t be happier, they did their jobs for them.
  
  source
  - Ghostalmedia@lemmy.world ⁨10⁩ ⁨months⁩ ago
    My guess is that they would care less about people who decide to sign up for this service, but they are going to care about the customers on the other end of the line. AKA, the people who are not tunneling through Sunbird, and don’t know they’re communicating with a compromised user.
    
    source
    kautau@lemmy.world ⁨10⁩ ⁨months⁩ ago
    That’s definitely true, if they follow their “Apple is the most secure consumer electronics manufacturer” PR strategy, they will be intent to try to trace what accounts were communicating with whom, and alert said Apple users about potential data breaches. Tbh, while it fits their MO of being really good at PR, it’s also just generally a good thing. People should know if messages they sent that they thought were secure turned out not to be.
    
    source
AnActOfCreation@programming.dev ⁨10⁩ ⁨months⁩ ago
I used to use Mint until I did some looking into Plaid. They present a login screen that looks like your bank and you assume they’re doing some kind of OAuth. Nope they’re just taking your full banking credentials and you have to hope they’re safe. I think Plaid is a ticking time bomb. When it gets hacked a lot of people will be in trouble.

source
- lledrtx@lemmy.world ⁨10⁩ ⁨months⁩ ago
  Are you sure about Plaid? Because jesus I’ve signed in through Plaid many times.
  
  source
  - AnActOfCreation@programming.dev ⁨10⁩ ⁨months⁩ ago
    Yep (and I had the same reaction).
    
    From their privacy policy.
    
    Data you provide to us. When you use Plaid’s products or services, like when you connect your financial accounts (like your bank accounts) to a developer’s app through Plaid, we may collect the following data from you:
    
    identifiers like name, email address, and phone number;
    
    login data when required by the provider of your account, like your username and password, account and routing number, or a security token.
    
    when needed, data to help verify your identity and/or connect your accounts, including your Social Security number, date of birth, security questions and answers, documentary ID and one-time password (OTP).
    
    plaid.com/legal/#consumers
    
    Additional reading: …stackexchange.com/…/is-plaid-a-service-which-col…
    
    source
    lledrtx@lemmy.world ⁨10⁩ ⁨months⁩ ago
    Oh Lord. I have all my money in one account and have used Plaid on it. If it were to get hacked, I would be ruined lol. Not a lot of money but that’s all I have.
    
    Thanks so much for telling me this!
    
    source
TheHobbyist@lemmy.zip ⁨10⁩ ⁨months⁩ ago
I think there is an importance nuance: it’s not that most people don’t care about privacy, it’s that they don’t realized that they in fact do.

If they ever get bitten in the ass caused by privacy issues, they are likely to share their outrage, justifiably. But yeah, most people don’t realize how important privacy is or what a lack of privacy actually implies…

source
deafboy@lemmy.world ⁨10⁩ ⁨months⁩ ago
It’s hard to train people not to shoot themselves in the foot when their own bank is providing free ammo.

My bank sent me an email this year that literally said Take our security awareness quiz and win an iphone. Click here!

Then there was one time some lady has called, claiming she has an offer from my bank, but needs to verify MY identity first… After contacting the support, I was assured the call was legit. The lady is selling insurance on behalf of the bank. Her number was supposed to be on the list of the official partners, which it wasn’t. When I’ve asked about caller ID spoofing, they’ve assured me they take security seriously, and are working on a solution. Untill then, I shlould rely on the list…

All of that is still a progress though, because you’ll never gues what was the official way to top up my paypal account ~10 years back. Giving my full internet banking credentials to some shady payment gateway. I’ve never noped the fuck out of a website so fast…

source
- satans_crackpipe@lemmy.world ⁨10⁩ ⁨months⁩ ago
  I used PayPal in the early 2000’s and never had to provide banking credentials to move money in or out.
  
  source
  - deafboy@lemmy.world ⁨10⁩ ⁨months⁩ ago
    Some banks in my country had a direct integration with paypal for making instant transfers, some have used sketchy 3rd party payment gateways. You could’ve just linked a credit card, but I had zero trust in online card payments at the time. That’s why the idea of paypal wallet with limited balance was appealing to me in the first place.
    
    source
Gamoc@lemmy.world ⁨10⁩ ⁨months⁩ ago
Hmm, tell me more about this…ass banking…

source
- Beefytootz@lemmy.world ⁨10⁩ ⁨months⁩ ago
  Monies go in, chocolate comes out. Easy peezy
  
  source