• 0 Posts
  • 14 Comments
Joined 9 months ago
cake
Cake day: February 16th, 2024

help-circle








  • It’s like… I want to disagree with you, but you’re making me think.

    Why are we ok with having required services that are only provided by third party companies?

    They’re not specific - No government says you must have a Facebook or Twitter account. But you’re right - you have to have a bank account and you’ll not get far in 2024 without email.

    What about a step further? If you want a phone number, you need a landline or mobile. Both of those are only provided by private companies too…


  • Lemming421@lemmy.worldtoTechnology@lemmy.world20 years of Gmail
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    3
    ·
    7 months ago

    While I don’t disagree with you in principle, I do find it a bit funny that you’ve picked one of the easiest services to change between as your hill.

    There’s no reason you _ have_ to use Gmail, or Hotmail. There are a billion email providers and if you have enough technical knowledge, you can even run your own (I really don’t recommend this though, it’s harder then it seems to do it safely and securely).

    If you pick a provider outside the US, your government can’t do dick about getting it shut down, and if you pick one in a particularly privacy-conscious country, you can have everything encrypted to the point where the provider themselves can’t read your messages.

    Also, I assume this is similar in the States, but I’ve seen government IT projects in the UK and some of them are truly awful. I wouldn’t necessarily trust them to look after important emails for me. Plus a single source of email would be an awfully tempting target for hacker groups around the world.




  • The water infrastructure was nationalised decades ago. Each reason has a single private company that maintains the pipes, supply, treatment etc. to everyone in that area. Being private companies, the execs have been getting massive bonuses while dumping raw sewage into public waterways recently. And why? Because as someone else here said: after Brexit, the government got rid of the environmental laws saying they couldn’t. And when you’re a monopoly in your area, are you going to spend money on treating water you don’t have to, or give that money to the shareholders?

    It’s a fucking disgrace, a lot of people should go to prison for it and the whole system should be renationalised. But then people in government would lose money, and we can’t have that now, can we?


  • Ok, so not great, but not terrible.

    Firstly you had to fall for social engineering to get the dodgy app via TestFlight. Later on, you had to fall for social engineering to get the dodgy app via you installing an MDM profile on your own device. In the future, you’ll doubtless be able to get socially engineered to sideload it.

    Currently, in the UK (I don’t know what this is like in other countries), we get regular prompts from our banks not to share one-time codes with anyone, not even bank employees. And not to transfer money to ‘safe’ accounts, even if someone claiming to be the bank or the police tell you to. They’ll just need to update those to also say “We at Bank will never ask you to install test or special versions of our app, or update them anywhere other than the official Apple/Google app store”.

    This is a social engineering problem, not really an iOS (or Android) technical one.

    EDIT: The article is suspiciously vague one one point:

    Once installed on either an iPhone or an Android phone, GoldPickaxe can collect facial recognition data, identity documents and intercepted text messages, all to make it easier to siphon off funds from banking and other financial apps. To make matters worse, this biometric data is then used to create AI deepfakes to impersonate victims and access their bank accounts.

    What ‘facial recognition data’ is it gathering, and how? As I understand it, FaceID is processed in a secure enclave, and regular apps don’t have access to that - they send a ‘verify this person’ request, the phone itself triggers a FaceID scan, does the verification itself and sends back a ‘yes, all good’ reply to the app - the app itself does not get FaceID or biometric data. So unless it’s just doing something like using the camera to take some photos or videos of the user, I’d like to know what the article is talking about there…