Conversation

Notices

1. Embed this notice
   kaia (kaia@brotka.st)'s status on Monday, 29-Apr-2024 18:01:29 JST kaia
   it sucks that banks in Germany can't use Yubikey or similar :angry_cirno:
   • Embed this notice
     iced depresso (icedquinn@blob.cat)'s status on Monday, 29-Apr-2024 18:03:57 JST iced depresso

     in reply to
     @kaia too busy suppressing war protestors
     kaia likes this.
   • Embed this notice
     :blobcatflower: (methyltheobromine@netzsphaere.xyz)'s status on Monday, 29-Apr-2024 18:04:42 JST :blobcatflower:

     in reply to
     @kaia they can only use backdoored tech :blobcatderpdeer:
     翠星石 and kaia like this.
   • Embed this notice
     iceloops (iceloops@shitposter.world)'s status on Monday, 29-Apr-2024 18:05:09 JST iceloops

     in reply to

     • iced depresso
     @icedquinn @kaia to busy getting hacked by china
     kaia likes this.
   • Embed this notice
     「セル」cell (سل) (cell@pl.ebin.zone)'s status on Monday, 29-Apr-2024 18:06:30 JST 「セル」cell (سل)

     in reply to
     @kaia i haven’t heard of a bank that accepts yubikey, at least in SG or ID :kaia_think:
     kaia likes this.
   • Embed this notice
     kaia (kaia@brotka.st)'s status on Monday, 29-Apr-2024 18:06:46 JST kaia

     in reply to

     • 「セル」cell (سل)
     @cell what kind of 2FA do your banks use?
   • Embed this notice
     「セル」cell (سل) (cell@pl.ebin.zone)'s status on Monday, 29-Apr-2024 18:10:23 JST 「セル」cell (سل)

     in reply to
     @kaia used to use the physical pinpad tokens, but everyone’s been moving to OTP in smartphone apps 💀
     kaia likes this.
   • Embed this notice
     kaia (kaia@brotka.st)'s status on Monday, 29-Apr-2024 18:10:55 JST kaia

     in reply to

     • 「セル」cell (سل)
     @cell OTP in general or in proprietary apps?
   • Embed this notice
     Natasha Nox 🇺🇦🇵🇸 (natanox@chaos.social)'s status on Monday, 29-Apr-2024 18:53:05 JST Natasha Nox 🇺🇦🇵🇸

     in reply to

     • 「セル」cell (سل)

     @kaia @cell Proprietary of course. If you want something *very* open you're free to use SMS-TAN. :thisisfine:

     kaia likes this.
   • Embed this notice
     「セル」cell (سل) (cell@pl.ebin.zone)'s status on Monday, 29-Apr-2024 18:53:08 JST 「セル」cell (سل)

     in reply to

     • 「セル」cell (سل)
     @kaia anyhow yeah, the economics of banks means that supporting things such as yubikey is rare - they try to cut down costs on everything not related to their core business, user facing security alas being one of them
     
     further reading:
     https://www.bitsaboutmoney.com/archive/optimal-amount-of-fraud/
     kaia likes this.
   • Embed this notice
     「セル」cell (سل) (cell@pl.ebin.zone)'s status on Monday, 29-Apr-2024 18:53:09 JST 「セル」cell (سل)

     in reply to
     @kaia the latter, every bank’s own proprietary thing :mokouDead:
   • Embed this notice
     Susanna (susie@blob.cat)'s status on Monday, 29-Apr-2024 18:53:19 JST Susanna

     in reply to

     • 「セル」cell (سل)
     @cell @kaia And most banks get really anal about rooted, bootloader unlocked or just alternative OS phones (with or without gapps). Thankfully my current bank app miraculously works although it rarely errors and need to restart it. :ablobcatsweatsiphard:
     kaia likes this.
   • Embed this notice
     「セル」cell (سل) (cell@pl.ebin.zone)'s status on Monday, 29-Apr-2024 18:53:42 JST 「セル」cell (سل)

     in reply to

     • 「セル」cell (سل)
     @kaia similarly, in asia at least, banks are moving away from web banking, going towards mobile app banking. if they have barely any budget for physical retail spaces; why hire multiple developer and support teams for web and mobile when you can just choose the option that has the least hassle and the most coverage? anyone who is left can just go to the branch or atm in person!
     
     further reading:
     https://www.bitsaboutmoney.com/archive/branch-banking/
     kaia likes this.
   • Embed this notice
     Perry 🦆🦫🥚 (perry@mk.absturztau.be)'s status on Monday, 29-Apr-2024 18:53:55 JST Perry 🦆🦫🥚

     in reply to

     • 「セル」cell (سل)

     @cell@pl.ebin.zone @kaia@brotka.st yeah, I hate those. Why can't they just let us use normal OTP apps? It's not any less secure.
     
     I fear the day when I'm not allowed to use my physical optical TAN scanner anymore.

     kaia likes this.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 29-Apr-2024 21:19:36 JST 翠星石

     in reply to
     @kaia It sucks that no bank is usable with free software only and most physical branches are being rapidly closed.
     kaia likes this.
   • Embed this notice
     kaia (kaia@brotka.st)'s status on Monday, 29-Apr-2024 21:24:05 JST kaia

     in reply to

     • 翠星石
     @Suiseiseki how do you handle this? do you refuse to use proprietary banking apps?
   • Embed this notice
     voltrina (voltrina@pl.voltrina.net)'s status on Monday, 29-Apr-2024 21:26:38 JST voltrina

     in reply to

     • 翠星石
     some banks have physical 2FA code generator devices afaik
     kaia likes this.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 29-Apr-2024 21:27:11 JST 翠星石

     in reply to

     • Susanna
     @susie >Thankfully my current bank app miraculously works although it rarely errors and need to restart it.
     Once you have installed the banks proprietary malware, you have lost.
     
     Even if you're using a mobile device, I would suggest at least using the online browser version, as although that really is as proprietary, at least they can't restrict what kinds of computer you can use with NetSuicide or played restrict and so indicates you're not entirely submissive.
     
     
     A while ago I happened to end up right next to the now rare physical bank and so I cashed a check and the employee was wondering why I didn't run their proprietary JavaScript instead of just physically going into the bank right there.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 29-Apr-2024 21:43:18 JST 翠星石

     in reply to
     @kaia I do indeed refuse to use proprietary banking apps.
     
     I do have a bank account, as the way society has been arranged, if you don't, without assistance of someone else who does, you will be homeless and starve (I wish this was an exaggeration like many claims of such).
     
     When possible I go to physical branches, although some things require accessing the bank website, which I access as rarely as possible via a reasonably setup browser (JShelter and ublock origin (which I configure to not execute 3rd party JavaScript)) on a burner computer.
     
     Ideally this would be something that Haketilo could handle in freedom, but I find JavaScript unusable when even doing trivial tasks and banks use fingerprinting, so you kind of need to replicate their secret API (but at least JShelter mitigates them from being able to set a fixed allowed fingerprint).
     
     My goal is to get rid of the bank account, but unfortunately that doesn't seem achievable until I'm in a wooden shack in the forest.
     
     
     I try to use cash when possible and if I store doesn't accept cash, I won't buy anything.
     kaia likes this.
   • Embed this notice
     mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius: (mangeurdenuage@shitposter.world)'s status on Monday, 29-Apr-2024 21:46:04 JST mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius:

     in reply to
     @kaia
     >Bank
     >being useful
     Choose one.
     kaia likes this.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 29-Apr-2024 21:46:20 JST 翠星石

     in reply to

     • voltrina
     @voltrina >have physical 2FA code generator devices
     Those would actually be reasonably secure if those devices weren't from companies like RSA, who does things like accept a bribe of merely a million dollars to backdoor their encryption library and the bank stored the code seed in a reasonably secure manner instead of storing and managing such exclusively with proprietary software.
   • Embed this notice
     mothball蛾玉 (西洋巣酸の木) (moth_ball@shitposter.world)'s status on Monday, 29-Apr-2024 22:25:27 JST mothball蛾玉 (西洋巣酸の木)

     in reply to

     • 「セル」cell (سل)
     @kaia @cell over here you they still have the physical number sheets that they'll mail you if you don't want to use the app, but honestly the mobile verification works so smoothly that I'm fine with it
     kaia likes this.
   • Embed this notice
     mothball蛾玉 (西洋巣酸の木) (moth_ball@shitposter.world)'s status on Monday, 29-Apr-2024 22:34:01 JST mothball蛾玉 (西洋巣酸の木)

     in reply to

     • 「セル」cell (سل)
     @cell @kaia It's a sheet of paper that has a bunch of six number sequences and they're all given an order number. The bank site tells you which line you look up from the sheet. When you're close to having spent all the numbers they mail you a new sheet.
     
     It's honestly a hassle and just introduces one more item you can have lost when you need it
     kaia likes this.
   • Embed this notice
     「セル」cell (سل) (cell@pl.ebin.zone)'s status on Monday, 29-Apr-2024 22:34:02 JST 「セル」cell (سل)

     in reply to

     • mothball蛾玉 (西洋巣酸の木)
     @moth_ball @kaia >physical number sheets
     i’m presuming you mean paper, so it’s like those cold war spy one time pad book thingys? honestly quite cool ngl
   • Embed this notice
     「セル」cell (سل) (cell@pl.ebin.zone)'s status on Monday, 29-Apr-2024 22:37:55 JST 「セル」cell (سل)

     in reply to

     • mothball蛾玉 (西洋巣酸の木)
     @moth_ball @kaia oh? in singapore and indonesia before phone app otp became a thing we used to use these, small battery powered pinpads which can do otp and challenge | response requests
     kaia likes this.
   • Embed this notice
     mothball蛾玉 (西洋巣酸の木) (moth_ball@shitposter.world)'s status on Monday, 29-Apr-2024 22:39:25 JST mothball蛾玉 (西洋巣酸の木)

     in reply to

     • 「セル」cell (سل)
     @cell @kaia clearly the solution that would've pleased everyone would have been to add casio watch integration
     kaia likes this.