And when you do that, you lose access to your bank, because bank apps routinely refuse to run on devices that leave the user in control (e.g. unlocked bootloader, rooted phone). Graphene and similar would be a much more acceptable solution if remote attestation of a locked bootloader were banned.
I really don't see the issue with waiting 24 hours. These protections in general seem very likely to help unsophisticated users. It really seems like a nothingburger to me personally. I was going to make an analogy to the ethics of getting vaccinated (and getting mildly ill of a day) to protect the immunity compromised members of the community, but even that is laughable because it underscores what a nothingburger this is (far more of the community is technologically unsophisticated than is immunocompromised, and what sophisticated users are being asked to do is closer to wearing a mask once for 24 hours).
You can always find justifications to erode all civil liberties. I think it's a major gap in the way history is being taught that people think that the reasons to remove liberties sound like overt evil mustache-twirling slogans. In reality they always talk about a danger that the benevolent overlord will keep you safe from.
All these changes are attacks on general purpose computing and computing sovereignty and personal control over one's data, and one's digital agency.
More and more apps won't run, again allegedly to keep you safe. You can't run your bank apps on your rooted and custom software. TPMs of desktop, everything needing approval. Yeah you may say tough luck, just use the web. But more and more banks sunset their web UI. It's apps only. And then you'll say "tough luck, start your own bank and offer this feature if you think there is customer demand". Or tough luck, win an election and then you can change the laws etc.
Yeah I'm aware that we can only watch from the sidelines. At least we can write these comments.
The new world will be constant AI surveillance of all your biosignals, age and ID verification, only approved and audited computation, all data and messaging in ID attached non e2e encrypted cloud storage and so on. And people will say it keeps you safe and you have nothing to fear if you are a law abiding person.
This would be less of an issue if there were an explicit regulatory mandate saying "businesses larger than X may not limit any consumer capabilities for interacting with their business in such a way that it can only be accessed by proprietary applications running on locked-down systems that a user cannot modify, control, or install their own software on. Offering to have a person handle that functionality on their behalf does not constitute an alternative to functionality made available via such an application". (With appropriate clear definitions for "locked-down", and other appropriate elaborations.)
I don't know that sounds pretty dumb on the whole. The key challenge is determine who is at fault in the event of a breach. I don't think it's reasonable to hold companies responsible for privacy while also requiring them to allow privacy to be invaded.
The current situation is that banks regularly require the use of an unmodified, unrooted Android or iOS device, which reinforces the duopoly and makes it impossible for anyone to compete. (Even emulating Android doesn't help, as emulated Android won't pass the checks banks do to make sure you don't have control of your device.)
That situation is not acceptable. Got something better than insults like "pretty dumb" to say about how to resolve this abuse of the two-player oligopoly in the mobile phone market?
You are uncritically repeating the party line from banks who claim it is necessary for security, without giving any rationale or supporting evidence, and coupling it with an insult.
