poliverso è aggiornato ma il sistema risulterà rallentato fino a domani

lemmy - Collegamento all'originale

Revolut, McDonald's, and Authy have banned the use of GrapheneOS.

cross-posted from: slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of 'non-google' approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.


Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that's true or not..

Revolut, McDonald's, and Authy have banned the use of GrapheneOS. - SLRPNK

Lemmy
slrpnk.net
Questa voce è stata modificata (1 anno fa)
in reply to Sips'

piefed - Collegamento all'originale

tisktisk

Is this not a sign of the true intentions on both sides of the dilemma here!?!?
Let us go to the end. We cannot afford to carry on in fear of these bans. Let the lines be neatly placed and the sides chosen wisely. If sustained profits are desired, the walled-gardens must come down.

Vote with your dollar and vote again with your data.
Wary, but never afraid is the motto privacy comrades!

in reply to anti-idpol action

lemmy - Collegamento all'originale

Droggelbecher

Thanks for the input, i realise it's been a while since I checked this! ÖBB Scotty, ÖBB Tickets (could forgo this one) and SBB mobile. I also need Digitales Amt (official government app for things like signing contracts without printing them, ordering your election materials to a different address than usual, checking your medical info etc). Do you happen to know whether that would work?
in reply to Droggelbecher

lemmy - Collegamento all'originale

anti-idpol action

The media in this post is not displayed to visitors. To view it, please go to the original post.

Don't know and sadly my Pixel got stolen recently, but you can see if Offi or Transportr meet your needs, they're available on fdroid.

I guess I have bad news for you regarding the government app: discuss.grapheneos.org/d/253-c…

Anyway depending on your threat model keeping a normiephone as a decoy and mainlining something like graphene os can be a good opsec decision.

Compatibility for Austria e-Government app - GrapheneOS Discussion Forum

GrapheneOS discussion forum
GrapheneOS Discussion Forum
in reply to OrganicMustard

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

although you need another trusted graphene phone to use it


No, Auditor can be installed on any Android phone. It's even available on the Play Store: play.google.com/store/apps/det…

You can even perform a remote verification, which uses GrapheneOS servers and doesn't require a second device at all: attestation.app/tutorial#sched…

Auditor - Apps on Google Play

Validate device security with hardware-based integrity and identity verification
play.google.com
in reply to 211

lemmy - Collegamento all'originale

SeekPie

Forgot to say that yes, CalyxOS does have microG, though you don't need to log into Google to download apps from Aurora. Login is only required for apps from Google (like maps, gmail etc).

I also got the Fairphone 5 because of the used price! Mine was 300€ with a slightly burned in screen (it was used as a store display model), though I only notice it when on a completely white screen and looking for it.

Questa voce è stata modificata (1 anno fa)
in reply to ryannathans

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

Not with GrapheneOS, since you can entirely disable the USB controller from the settings on a driver level, making it impossible to connect the phone to a forensic data extraction device. GrapheneOS also has a convenient auto-reboot feature, which (together with their patches to the Linux kernel and Fastboot recovery OS to include memory zeroing) erases the encryption keys from memory, putting the device in BFU state and requiring the PIN/password to unlock. This is additionally secured by the Titan M2 secure element, which makes use of the Weaver API and drastically throttles brute-force unlock attempts. grapheneos.org/faq#encryption

GrapheneOS Frequently Asked Questions

Answers to frequently asked questions about GrapheneOS.
GrapheneOS
in reply to ryannathans

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

Those conspiracy theories often come up in discussions here on Lemmy, but the TLDR is:
Google is a tiny player in the smartphone market, compared to vendors like Apple, Samsung, Huawei, Xiaomi, and others (statista.com/chart/25463/popul…). They also serve a much smaller geographical region than most other manufacturers. The Pixel 9 lineup, for example, is only sold in 32 countries. Most of those are wealthy industrial nations. Google doesn't even try to assume market share in developing countries in Africa and Asia. It can also be assumed that over 97% of Google Pixel users keep the Stock Pixel OS, where Google doesn't need a hardware backdoor since they can just implement it in software. So that leaves only a tiny fraction of all users: people in some wealthy industrial nation who specifically buy a Pixel to install a custom ROM. GrapheneOS for example has about 300K users. Do you really think Google would put in the effort to create a hardware backdoor and take all the risk associated with it (negative PR, loss of sales, etc.) just to collect some data about this tiny amount of users? Google already controls EVERY Android phone on the market by forcing vendors to include Google Play Services as a system application through their contracts, licensing and monopolistic market position. Be realistic for a second, and you will realize that your backdoor theories make absolutely no sense and that no business in the world would ever take such a huge risk with such little reward.

Google Remains a Niche Player in the Smartphone Market

This chart shows the share of smartphone users primarily using a Google smartphone in selected markets.
Felix Richter (Statista)
in reply to ryannathans

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

We don't know everything it can do


Neither do we know this about any other CPU on the market. All chipsets on the market are proprietary. All of them. And no, despite many people (who don't know anything about what they are talking about) claiming this, RISC-V won't actually solve any of these issues. Sure, the ISA is open source, but the ISA would be the worst place for malicious actors to introduce a backdoor. I can guarantee you that despite using the RISC-V ISA, the chips themselves will still be fully proprietary and the IP will be highly protected as trade secrets. You can build a fully RISC-V conformant chip with a backdoor, there's absolutely nothing in place that could stop this, and it surely won't change for the forseeable future.

in reply to Samsy

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

All of these are insecure as hell. Linux phones especially madaidans-insecurities.github.…

Fairphone also really fucked up: They signed their own OS with the publicly available (!) AOSP test signing keys. These guys really don't know that they're doing, and I would trust their hardware or software whatsoever. And no, installing a custom ROM doesn't solve this. Considering how bad their security practices are, we genuinely have to assume that there are security issues with the device firmware as well.

/e/OS is based on the already insecure LineageOS, and it weakens the security further, so it's not a good option either.

None of the options you mentioned can be compared to GrapheneOS. It's currently the best option if you value your privacy and security. You don't have to give Google money either, since you can just buy a used device, which is also cheaper and more environmentally friendly. Google also makes repairing their devices pretty easy for consumers and even works with iFixit. Here's a Mastodon post I recently saw about that: social.linux.pizza/@midtsveen/…

Erik L. Midtsveen (@midtsveen@social.linux.pizza)

Attached: 3 images I just repaired my Pixel 6a using the iFixit guide, and it took me about 45 minutes! I’m really proud of myself and wanted to share it here on Mastodon. The repair went well, and now I can access all my data again.
Linux.Pizza
Questa voce è stata modificata (1 anno fa)
in reply to Andromxda 🇺🇦🇵🇸🇹🇼

lemmy - Collegamento all'originale

Venia Silente

Well, on my phone that back in stock could only do up to Android 10, Lineage gives me Android 11 (maybe 12, haven't checked) so it's still a serious win.

Now, if you insist that I shall have an up-to-date device from the official manufacturer with all the bloatware, same planned obsolescence and zero control, or even worse a 4× overpriced Pixel, maybe you are so assured of this superiority that you'd be willing to fund it?

in reply to fuzzzerd

lemmy - Collegamento all'originale

orange

No, Play Integrity intentionally checks if it's a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.

I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. "Anti-competitive" is the first thing policy-minded folks think when I explain the API to them.

in reply to /home/pineapplelover

lemmy - Collegamento all'originale

acetanilide

I can't tell you how frustrating it is to not only be subjected to Fox ~~Entertainment~~ News by my family, but to be subjected to their social media segments every 5 minutes (not exaggerating).

It feels like when I find those ancient newspaper articles about how so-and-so moved in with her boyfriend before their wedding night or whatever.

Some things never change I guess.

in reply to Sips'

lemmy - Collegamento all'originale

VeganCheesecake

Banks seem to be hit or miss, happy that mine works. Would rather switch Banks than use a stock Rom, though.

All the Uber stuff works in Browser, both eats and their fake taxi stuff.

Not having a subtle reminder to eat at McDonald's is probably better for you.

Honestly, if your app could be a website, and includes services not on your website, fuck you, I'm gonna go to the competition.

in reply to Sips'

lemmy - Collegamento all'originale

AnEilifintChorcra

Lol I spent a week going back and forth with Revolut support in august. I could sign into the app but it would always ask me for a "selfie" verification and every time support would say its a super dark selfie.

Eventually I decided to try a stock ROM and it just worked and I realised what was happening so I transferred all of my money out and deleted my account.

Most local banks here are terrible at making apps, some even require a separate device that looks like a calculator to use online banking, so hopefully they wont follow suit anytime soon

in reply to AnEilifintChorcra

lemmy - Collegamento all'originale

kevincox

require a separate device that looks like a calculator to use online banking


To be fair this actually provides a very high level of security? At least in my experience with AIB (in Ireland) you needed to enter the amount of the transactions and some other core details (maybe part of the recipient's account number? can't quite recall). Then you entered your PIN. This signed the transaction which provides very strong verification that you (via the PIN) authorize the specific transaction via a trusted device that is very unlikely to be compromised (unless you give someone physical access to it).

It is obviously quite inconvenient. But provides a huge level of security. Unlike this Safety Net crap which is currently quite easy to bypass.

in reply to kevincox

lemmy - Collegamento all'originale

Aceticon

Those little boxes are just a bit of hardware to let the smartchip on the smartcard do what's called challenge-response authentication (in simple terms: get big long number, encode it with the key inside the smartchip, send encoded number out).

(Note that there are variants of the process were things like the amount of a transfer is added by the user to the input "big long number").

That mechanism is the safest authentication method of all because the authentication key inside the smartchip in the bank card never leaves it and even the user PIN never gets provided to anything but that smartchip.

That means it can't be eavesdropped over the network, nor can it be captured in the user's PC (for example by a keylogger), so even people who execute files received on their e-mails or install any random software from the Internet on their PCs are safe from having their bank account authentication data captured by an attacker.

The far more common ~~two-way-authentication~~ edit: two-channel-authentication, aka two-factor-autentication (log in with a password, then get a number via SMS and enter it on the website to finalize authentication), whilst more secure that just username+password isn't anywhere as safe as the method described above since GSM has security weaknesses and there are ways to redirected SMS messages to other devices.

(Source: amongst other things I worked in Smart Card Issuance software some years ago).

It's funny that the original poster of this thread actually refuses to work with some banks because of them having the best and most secure bank access authentication in the industry, as it's slightly inconvenient. Just another example of how, as it's said in that domain, "users are the weakest link in IT Security".

Questa voce è stata modificata (1 anno fa)
in reply to Aceticon

lemmy - Collegamento all'originale

jagged_circle

Sure, but afaik all EU banks require a phone number so they can send OTPs using your phone for transaction auth. This is a mandate of PSD2.

My disagreement is with your last paragraph. Because of this regulation, banks are horrendously insecure. If I refuse to enter a phone number when signing up for a bank account, I literally cannot get a bank account in Europe. That's insecure despite the user, not because of the user.

Questa voce è stata modificata (1 anno fa)
in reply to jagged_circle

lemmy - Collegamento all'originale

Aceticon

It think you're confusing security (in terms of how easy it is to impersonate you to access your bank account) with privacy and the level of requirements on the user that go with it - the impact on banking security of the bank having your phone number is basically zero since generally lots individuals and companies who are far less security conscious than banks have that number.

That said, I think you make a good point (people shouldn't need a mobile phone to be able to use online banking and even if they do have one, they shouldn't need to provide it to the bank) and I agree with that point, though it's parallel to the point I'm making rather than going against it.

I certainly don't see how that collides with the last paragraph of my original post which is about how the original thread poster has problems working with banks which "require a separate device that looks like a calculator to use online banking" which is an element of the most secure method of all (which I described in my original post) and is not at all 2FA but something altogether different and hence does not require providing a person's phone to the bank. I mean, some banks might put 2FA on top of that challenge-response card authentication methods, but they're not required to do so in Europe (I know, because one of the banks in Europe with which I have an account uses that method and has no 2FA, whilst a different one has 2FA instead of that method) - as far as I know (not sure, though) banks in Europe are only forced to use 2FA if all they had before that for "security" was something even worse such as username + password authentication, because without those regulations plenty of banks would still be using said even worse method (certainly that was the case with my second bank, who back in the late 2010s still used ridiculously insecure online authentication and only started using 2FA because they were forced to)

Questa voce è stata modificata (1 anno fa)
in reply to jagged_circle

lemmy - Collegamento all'originale

Aceticon

Ah, I see.

Your point is that the use of a secondary channel for a One Time Pass is still an insecure method versus the use of a time-based one time password (for example as generated in a mobile phone app or, even more secure, a dedicated device). Well, I did point out all the way back in my first post that SMS over GSM is insecure and SMS over GSM seems to be the secondary channel that all banks out there chose for their 2FA implementation.

So yeah, I agree with that.

Still, as I pointed out, challenge-response with smartchip signature is even safer (way harder to derive the key and the process can actually require the user to input elements that get added to the input challenge, such as the amount being paid on a transfer, so that the smartchip signs the whole thing and it all gets validated on the other side, which you can't do with TOTP). Also as I said, from my experience with my bank in The Netherlands, a bank using that system doesn't require 2FA, so clearly there is a bit more to the Revised Payment Systems Directive than a blanked requirement for dynamic linking.

Questa voce è stata modificata (1 anno fa)
in reply to jagged_circle

lemmy - Collegamento all'originale

Aceticon

Well, I haven't really made any large wire transfers to accounts outside the EU from that bank in over a decade so can't really confirm or deny.

I do know that in past experience with banks in general, the people checking the validity of suspicious transations (and large transfers to accounts outside the EU tend to fall into that classification given the prevalence of online scams from countries were the Law is a bit of a joke) will actually call you, or at least they did in the UK some years ago (pre-Brexit) which was the last time I had experience with something like that.

(At one point I also worked in a company that made Fraud Detection software).

Maybe they switched to SMS to save money, I don't know.

Questa voce è stata modificata (1 anno fa)
in reply to Sips'

lemmy - Collegamento all'originale

shortwavesurfer

Use the websites whenever you can. That's what I do at least. Although I had to stop using Lyft entirely, because they stopped supporting rides from their website apparently. And that leaves just Uber. I actually left my bank for a similar reason. It supported my phone just fine, and it worked without Google Play Services, but the website wouldn't let me do everything that the app would, and the app required that I have Aurora Store to download their banking app from the Google Play Store, and I wanted to get away from that, so I switched banks so that I could use the bank website instead. From what I can tell, you run into this kind of stuff a lot with FinTech apps. But if you use older banks, like Discover or Wells Fargo or things like that, they tend to work better. Maybe because they're not up with the newest technology, LOL.
in reply to Sips'

lemmy - Collegamento all'originale

HiramFromTheChi

I can't prove it, but I'm 99% sure Lyft did the same thing. Had a perfect rating (and was even a driver at one point), and they banned me without explanation right after I switched to GrapheneOS.

Emailed them a few times asking for the reason, and they refused to tell me.

_"Legally, we cannot release any additional information except that we found your account to be violating our Terms of Service.

We will be in touch if we are able to reopen your account in the future."_

There's absolutely nothing else that they could've misconstrued as "violating the Terms of Service."

If Uber's going down the same path, no more ride-sharing for me I guess. ¯_(ツ)_/¯

Questa voce è stata modificata (1 anno fa)
in reply to HiramFromTheChi

lemmy - Collegamento all'originale

NotMyOldRedditName

There's no reason a company couldn't release the info legally unless it was under something like AML (anti money laundering) laws and you were flagged as a criminal. They legally can't disclose why in that case.

Using a different OS isn't reason enough, if they were telling the truth about the legal restrictions.

Questa voce è stata modificata (1 anno fa)
in reply to zako

lemmy - Collegamento all'originale

kevincox

which is supposed to enforce to run apps in secured phones


The point of the Google Play Integrity API is to ensure that the user is not in control of their phone, but that one of a small number of megacorps are in control.

Can the user pull their data out of apps? Not acceptable. Can the user access the app file itself? Not acceptable. Can the user modify apps? Not acceptable.

Basically it ensures that the user has no control over their own computing.

in reply to kevincox

lemmy - Collegamento all'originale

zako

If you install GrapheneOS, you do not need root, so GrapheneOS is in control of the phone not the user. The key here is if GrapheneOS is secure enough to be certified by Google Play Integrity API. is it security or other issue? perhaps Google is not supporter of FOSS ROMs, perhaps it is not fun of how GrapheneOS removes permissions to Google Apps, ...

If it is not security, this is a kind of monopoly to control which ROMs are allowed to run apps.

in reply to ryannathans

lemmy - Collegamento all'originale

zako

There are only problems with a bunch of applications that recently decided to use Play Integrity API not with every banking app nor Netflix.

This is the list: grapheneos.org/articles/attest…

In fact those applications should not work with Lineage unless Play Integrity API is patched/cracked someway in Lineage.

GrapheneOS attestation compatibility guide

Guide on using remote attestation in a way that's compatible with GrapheneOS.
GrapheneOS
in reply to zako

lemmy - Collegamento all'originale

boonhet

So the Play Integrity API is literally why I moved to iOS. My bank apps didn't work with Lineage and the stock OnePlus ROM just sucked ass after the ColorOS or whatever update. I figured I might as well go iOS if I can't have a custom ROM anyway, and so far it has indeed been a much nicer experience than stock Android. If you can't TRULY customize everything, might as well at least get stability and consistency out of it, right? Plus at the time, there wasn't a single Android OEM out there with truly long OS update support.

Anyway, if this succeeds and custom ROMs are considered to have sound integrity, I might just move back to Android. Graphene seems cool, I haven't tried it yet because I've never owned a Pixel.

in reply to Wilmo Bones

lemmy - Collegamento all'originale

HereIAm

I've been thinking of switching the GrapheneOS. I certainly enjoy my privacy, and are taking steps to move to sources that don't harvest my data. Outside of YouTube and android I've completely degoogled myself, even replaced Maps with magic earth and OsmAnd. I even swapped full time to linux a handful of months ago as a gamer with a VR interest. But I'm not so hardcore to not use any service that might sell my data. I still use vanilla firefox, food ordering apps, and discord for example. So while I'm not someone who goes to extreme lengths to protect my data, moving over to GrapheneOS doesn't seem like a huge inconvenience compared to the gains you get.
in reply to HereIAm

lemmy - Collegamento all'originale

dipcart

I switched to grapheneos on pixel 9 straight from iPhone. The only reason I have any google stuff on the phone is because of RCS messaging. There is literally nothing I have any issues with on this phone, software or hardware. It has been a very smooth and comfortable transition. I very much recommend giving it a try. I think you'd be surprised how little google (exclusively) gives, compared to how much they take.
in reply to porous_grey_matter

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

You can use this website to check if your banking app is supported: privsec.dev/posts/android/bank…

@HereIAm@lemmy.world

Banking Applications Compatibility with GrapheneOS

Maintained Compatibility List for International Banking Apps This list includes banking apps that have been tested, submitted, reviewed, and verified as compatible.
akc3n, Tommy, spring-onion (PrivSec - A practical approach to Privacy and Security)
in reply to lacaio 🇧🇷🏴‍☠️🇸🇴

lemmy - Collegamento all'originale

Jyek

This has very little to do with Google. Custom OS's in general are being restricted by these apps, not Graphene in particular. All custom OS's and root access devices are inherently less secure, even if they are privacy focused OS's.

In IT this is called a zero trust. You don't trust anything you cannot verify yourself. And a user installed OS is not something anyone can verify other than the installing user. Obviously for your own security you have your own zero trust policy if you are using something like Graphene, but these companies aren't making it more secure for you as a user, they're covering their asses in case there are holes in security they cannot account for.

in reply to lacaio 🇧🇷🏴‍☠️🇸🇴

lemmy - Collegamento all'originale

Jyek

You're implying that Google is causing these apps to not support custom OSs. But it's literally not true. These apps are just not supporting custom OSs because their businesses don't want to support non-standard platforms for security purposes. Tons of banks do not support custom OSs. It has nothing to do with Google and everything to do with not trusting the user which is 100% the correct approach for cyber security.
in reply to Jyek

lemmy - Collegamento all'originale

lacaio 🇧🇷🏴‍☠️🇸🇴

Got it. So it's something similar to latest security proposals like not letting me download files on Windows because they are not normally downloaded. Or visiting a website with self signed certificates. So it's more secure.

The apps complain: "You need Google Play services to use this app".

So it's about security. Right. What kind of security does McDonaldss need? Does it need security for their coupons?

Besides that, I thought payment gateway provided very good security by themselves.

But let's steer from what happens on mainstream apps a little.

Isn't Google Wallet or Online payments insecure too? Don't they have tons security failures also? Human security failures, like if someone robs my phone and my info they would have access to my money?

Google and the smartphone industry employ accelerometers and other methods to make sure robbers can't get to the system. They admit themselves that the systems aren't safe and they're working on AI and electronic methods to avoid access to sensitive information.

Is this the security you're talking about? Maybe we should just steer the industry another way, like those Custom OSs do. Alternatives aren't security potential threats. They're the solution for the problem.

Making a monopoly based on making it "safe" isn't secure at all.

in reply to lacaio 🇧🇷🏴‍☠️🇸🇴

lemmy - Collegamento all'originale

Jyek

It's not for your security. It's for the company's security. You're really dense you know that. This is not about you and it's not about Google. What I'm saying is, people suck ass. So to protect themselves from people sucking ass, they restrict access to their system to their terms. Completely fair if you ask me.

You can go cry Google bad all you want. I might even agree Google is bad. But this is not a Google thing. It's an IT security thing. The banks and MFA providers are security first businesses. They will make the decision that protect them first and it makes sense for them to do so. If you owned a bank, there is a high likelihood you would make similar decisions that end users don't quite understand.

As far as McDonald's is concerned, who the fuck knows what their developers are doing. That app is trash anyways.

Questa voce è stata modificata (1 anno fa)
in reply to Jyek

lemmy - Collegamento all'originale

ganymede

perhaps dial back the attitude a bit there? if you think you know better than someone (even if you're wrong), then you should have no trouble kindly educating instead of insulting them.

you may also wish to revisit your highly questionable claim that graphene properly configured on pixel is less secure than stock rom on some random android device.

Questa voce è stata modificata (1 anno fa)
in reply to ganymede

lemmy - Collegamento all'originale

Jyek

It's not questionable at all to assume that a user rooting and installing their own OS is a security risk. That's the entire premise of zero trust. I'm sure Graphene OS is secure and better for user privacy when configured properly. But you can't trust that an end user will configure it properly. That's what I am saying and have been saying since the first message. You can't trust the user to be security minded. Ultimately, the best thing you can do as a developer or a business is support a known quantity of software and hardware configurations and that likely means only supporting OEM installed ROMs.
in reply to Jyek

lemmy - Collegamento all'originale

ganymede

that's great buddy. but while recapping basic IT facts might make you feel smart on facebook. this is lemmy where the average user ^1^ is perfectly familiar the principles. here it just telegraphs to us that you didn't read the fucking article (which would've taken less time than spamming the thread & insulting users btw).

^1^ before the influx of reddit api refugees - on that topic do you ever reflect on how corporate bootlicking might relate to the over-corporatisation of reddit which led to users fleeing? only to come here and do unpaid simping for the corporations, slowly ruining this place too?

Questa voce è stata modificata (1 anno fa)
in reply to jagged_circle

lemmy - Collegamento all'originale

boonhet

Wise has a banking license in Belgium much like Revolut has one in Lithuania.

Wise is missing some cool things Revolut has like metal cards that require you to use an expensive plan, or the ability to buy stocks and crypto.

What Wise has instead, is the ability to have both a REAL American AND European bank account in the same app, which you can instantly transfer money between. Revolut doesn't give you an American bank account if you're in Europe, idk if they give you an European bank account if you're in the US. But Wise has both.

Why is this so important? Well let's say you're in Europe, you land a side gig doing a bit of work for a big US corporation you're connected to through your old job. You've got your rate negotiated, everything's sweet. And then they hit you with the question: "Are you able to take ACH payments?"

Now you have to google what an ACH payment is. Then you have to find out how to be able to receive them. Turns out these are internal to the US. Banks outside of the US just don't accept them, because they're not part of the system. But wait! Wise actually gives you an actual US bank account complete with routing numbers and everything. In your name, not in some proxy's name either.

Here's a list of currencies/banking systems you can get local payments in, without going international

Yes I sound like an advertisement at this point, but it's ridiculous how useful this gets if you need to move money internationally. I didn't get all the hype before I needed it, but when I did, it fit my use case like a glove.

Wise Bank Details | Wise Help Centre

We've changed our name to Wise, but some of our account details are still listed as TransferWise. Below is a list of deposit accounts we use. We can’t publish the full account numbers here, but yo...
wise.com
in reply to boonhet

lemmy - Collegamento all'originale

jagged_circle

I have wise accounts both as a US entity and a EU entity. They give you EU IBAN and US ACH accounts no matter which side of the Atlantic you're registering from.

They're the best bank ive found in the EU too, but I didn't think they were a bank. Its important because a US not-a-bank just collapsed and a lot of people lost their life savings. The not-a-bank assured customers that their money was safe because it was being stored in actual bank's bank accounts. This would have been true, but the not-a-bank misplaced almost all their funds and, turns out, they weren't in their partners' bank accounts. Whoops.

Questa voce è stata modificata (1 anno fa)
in reply to Realitätsverlust

lemmy - Collegamento all'originale

Jyek

Most banks restrict custom ROM and root access devices for security purposes. Same with MFA apps. I get it. From an IT security perspective, restrictions on software compatibility limit the number of failure points. Even if you find a custom OS that is more secure as an OS, it is installed through opening up your device to security risk and there is no real requirement for you to close up that security risk afterward. My company has made the same choice to restrict supported platforms for our services.

McDonald's app restricting the OS is probably some security decision they made because it's more secure even when they probably don't need it though.

in reply to Realitätsverlust

lemmy - Collegamento all'originale

Jyek

I never said it was. It's also not the developers job to provide you the service on the platform of your choice. It's the developers job to protect the companies servers and data. It's the company's job to provide you the service and it's your job to decide to use it or not. And it sounds like you don't like the means of service provision. So don't use it. Easy enough.
in reply to bountygiver [any]

lemmy - Collegamento all'originale

Woht24

This viewpoint is so stupid.

The cashier is paid to take orders, whether they take 1 long obnoxious order or 3 small orders, it's the same shit.

People are so swept up in 'kindness and support' (internet circlejerking), they think that the fact you inconvenienced some 17 year old, representing a massive corporation, as a fuck you to the company that employs them, you've committed some moral sin against your fellow man.

in reply to Woht24

lemmy - Collegamento all'originale

neomachino

That worker doesn't want to be there, that's likely one of 3 jobs they need to barely scrape by.

You holding them up from doing other tasks they need to do to keep a job that barely feeds them is doing nothing but making their day a little harder. It affects the company 0%. The company is faceless and doesn't care how much you abuse the worker bees as long as they get your money.

I don't know what the answer is aside from not patronizing the company at all, but I know that's not it.

in reply to Lag

lemmy - Collegamento all'originale

neomachino

I highly doubt it, if the store is too busy they'll likely either do nothing because why would they or if it's really bad add some robots who can handle the workload so they can get rid of those pesky employees.

In the past few years almost all of the fast food places in the closest plaza to me have been working on a skeleton crew. Lines wrapped around the building, 2 miserable employees, upset customers, but the money is still coming in.

Most people can't just leave their job, even a days wage can crush a lot of people.

in reply to Takios

lemmy - Collegamento all'originale

PrettyFlyForAFatGuy

The media in this post is not displayed to visitors. To view it, please go to the original post.

depends on the situation. otherwise good employee who rarely if ever is sick and works hard calls in about being unable to work? absolutely fine

Person who i know knows exactly how many days a year over how many periods of absence it will take before HR get involved using it as a second pool of paid holiday days and leaving us high and dry to deal with the things she's paid to help the team with then yeah, bitch

her name was karen too...

in reply to Railcar8095

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

Most ROMs like LineageOS and CalyxOS drastically weaken the security of Android, so that would actually make sense. GrapheneOS has far better security than AOSP, the Stock Pixel OS, or basically every other version of Android that you would find pre-loaded on a device. grapheneos.org/features#exploi…

GrapheneOS features overview

Overview of GrapheneOS features differentiating it from the Android Open Source Project (AOSP).
GrapheneOS
in reply to far_university190

lemmy - Collegamento all'originale

theroff

Graphene shills have been banging on this point for donkey's ages. Reality is that many people use phones that are out of OEM support and many OEM ROMs are bundled with questionable software (Oppo, Samsung etc.) There are some decent criticisms to be made about LineageOS, but others to be made about Grapheme, like its Google-suggestive configurations, which is quite bad for security and privacy. Graphene says this is all optional and not part of the OS, but doesn't include any equivalent F-Droid installer.
in reply to Uriel238 [all pronouns]

lemmy - Collegamento all'originale

Mike

Unfortunately, this is probably because of the apps started using the Play Integrity API, which is a hardware-based attestation and can only be faked in two ways that GrapheneOS isn't interested in:
- you can fake an older device that didn't support hardware attestation yet, or had a broken implementation
- or you can try getting leaked vendor keys and emulate the crypto with those until they get revoked
in reply to blind3rdeye

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

The GrapheneOS team is already talking to regulators: grapheneos.social/@GrapheneOS/…

GrapheneOS (@GrapheneOS@grapheneos.social)

So far, only EU banks appear to be doing this which is convenient since we already have contact with the EU Commission with a focus on the anti-competitive Play Integrity API many banks have adopted.
GrapheneOS Mastodon
in reply to Sips'

unkn - Collegamento all'originale

dharmik

just had medium fries and coke. many people i know, including myself, use the mcd app because of the discounts it offers when ordering through the app. however, i am under the impression that since i use an ios device and have the option to decline being tracked by the app—which i very eagerly press "no" to—i am on the safe side. am i?
Questa voce è stata modificata (1 anno fa)
in reply to dharmik

lemmy - Collegamento all'originale

pound_heap

Apple does extensive audit of mobile apps, including limitations of tracking. So the app cannot spy on something you are not letting it to know. But you are giving it a bunch of info voluntarily.

I'd say using that app on iOS is similar to making a food delivery order using a loyalty member ID. Basically, you are letting the company (McDonald's) know who you are, what is your phone number, where do you live, and what do you like to eat. And if they wish to, they could use all that to purchase your profile from a data brocker. Or they can sell that info for a few cents to make up on that discount.

Questa voce è stata modificata (1 anno fa)
in reply to Roopappy

lemmy - Collegamento all'originale

FriendBesto

I used to work hosting Focus Groups, we would pay cash, and top dollar for even small chunks of specific data sets on demographics that would age very quickly. Since people's habits change, different trends, feedback, etc. Hence the need of constant campaigns. Today, people give a lot of this data away, for free, in a constant data stream, for months if not years on end for cents or even a couple of bucks a month. Via constant tracking and profiling. It's crazy how privacy illiterate people are.
Unknown parent

lemmy - Collegamento all'originale

boonhet

I can't imagine using either of those solutions every day, sometimes several times per day.

I made 3 transfers yesterday, but there have been days of 10-20 transfers and I don't always have them planned, often it's pretty spontaneous when we buy used things from other people, particularly strangers.

in reply to monotremata

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

If you only use Android, go with Aegis. For a end-to-end encrypted, cloud-synced (also self-hostable) solution, check out Ente Auth. It also works on desktop.

Ente Auth - Open source 2FA authenticator, with E2EE backups

Protect your accounts with Ente Auth - Free, open source, cross-platform 2FA authenticator, with end-to-end encrypted backups
ente
in reply to Sips'

lemmy - Collegamento all'originale

Andromxda 🇺🇦🇵🇸🇹🇼

I don't think it's a coincidence that the shittiest companies are those, who enforce Google's broken and monopolistic "Play Integrity" API. Revolut has connections to Russia, McDonalds supports the Israeli genocide in Palestine and Authy has always just been a massive piece of shit, not even allowing users to export their TOTP seeds. These are three companies I would NEVER even consider using anyway.

And "Play Integrity" API actually does NOTHING, absolutely NOTHING for your security as an end user.
You use an outdated, unpatched Android version with multiple severe, publicly known exploits on an insecure device?
Google doesn't give a single fuck.
You use the newest version of Android with all the patches applied on Google's own hardware, with a locked boot loader and a hardened operating system?
That's not allowed by the "Play Integrity" API.
It's only purpose is to serve Google's monopolistic business interests.

in reply to Sips'

lemmy - Collegamento all'originale

kata_ton_daimona

Small OT: In the article it's mentioned also the app "IO" (italian for the english word "I"). There are also other important italian apps not working without play services. The serious thing is that that apps are almost mandatory to do the ordinary public administration bureaucracy. We can say that the italian state forces its citizens to use a smartphone with Google Play Services installed. This is no sense.
in reply to utopiah

lemmy - Collegamento all'originale

jawsua

Paid Bitwarden or self-hosted 2FAuth. Its very lean so you could probably do it on a free Oracle cloud VPS and never pay. Or put Vaultwarden on a PikaPod for very little money per month.

GitHub - Bubka/2FAuth: A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes - Bubka/2FAuth
GitHub
in reply to Sips'

lemmy - Collegamento all'originale

Lychee

This is actually good, see it as an enrichment of your life. The only sad thing is Revolut though.

As an alternative to Authy I recommend Stratum (previously known as Authenticator Pro) apt.izzysoft.de/fdroid/index/a…

This due to its compatibility with Android wear (companion)

„Stratum“ – IzzyOnDroid F-Droid Repository

Open-source 2FA app with encrypted backups
IzzyOnDroid App Repo
Unknown parent

lemmy - Collegamento all'originale

monotremata

Oh, I was using Keepass2Android as a password vault, but was a little frustrated with it because occasionally it'll forget to synchronize with the file before adding an entry and leave a "conflicted copy" I have to deal with manually. If KeepassDX will also do TOTPs that sounds perfect.