• Zinggi57@lemmy.world
    link
    fedilink
    arrow-up
    174
    ·
    edit-2
    1 year ago

    I think a lot of people here don’t understand the danger of this fully and dismiss it with “Just use Firefox, problem solved”.
    Unfortunately, once this becomes widely available, that is once Chrome ships it, websites will start to use it.
    Maybe Amazon will just not sell to you anymore when you’re browsing with Firefox?
    Maybe YouTube wont serve any videos if you’re using Linux?
    Your bank will certainly implement this and only allow Windows 11 with Edge or some shit like that.
    Once this is implemented, we will all suffer, even if we’re using better alternatives right now.

    • Ember Ushi@sh.itjust.works
      link
      fedilink
      arrow-up
      88
      arrow-down
      3
      ·
      1 year ago

      Your bank will certainly implement this

      My brother in Christ, it was 2020 before my bank supported passwords longer than 8 characters. We have 30 or 40 years before we need to worry about the banks.

      • vaultdweler13@lemmy.world
        link
        fedilink
        arrow-up
        29
        ·
        1 year ago

        Some banks are still running windows 98 internally, admitedly so long as said system isnt connected to the internet it should be fine.

        • erogenouswarzone@lemmy.ml
          link
          fedilink
          arrow-up
          9
          arrow-down
          1
          ·
          1 year ago

          Lol, not to mention Cobalt and other horrors that are lurking in Legacy systems no one has looked at in 50 years.

          I’m thinking mainframe terminals, where the character has to be in the right place on the screen in order to store something in RAM.

          Even worse, how many systems are still using punch cards? How often do those cards need to be replaced?

        • xavier666@lemm.ee
          link
          fedilink
          arrow-up
          3
          arrow-down
          2
          ·
          1 year ago

          Win 98

          This isn’t true, this can’t be true and I refuse to believe it.

          • Catweazle@social.vivaldi.net
            cake
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            @xavier666 @vaultdweler13, it’s true, For internal use with PCs connected to the central server itself and not to the network, it is used for compatibility with corporate software, sometimes still very old Windows. This, when using it on the one hand only in a specialized way and on the other hand only locally, is more than enough. The same in factories in production for the automation of some valve or machinery with repetitive processes, a super-pc with a NASA OS is not needed.

            • xavier666@lemm.ee
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              1 year ago

              For PCs at workshop, I can understand Win98. The OS is just a bootloader to a single application. But for banking, it’s a terrible security hazard.

              • Catweazle@social.vivaldi.net
                cake
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                @xavier666, only if it is used in subsidiaries where they have to manage money movements over the network, but not in local administrative applications where it is irrelevant, as in all purely local uses. In monoapplications in this area, even an old MsDOS will be worth it.
                They have traveled to the Moon with an SO from a Tamagochi.

      • Da_Boom@iusearchlinux.fyi
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Have you ever rooted an android phone?

        The google SafteyNet Attestation is the precursor to browser DRM. It’s essentially phone DRM.

        There are many banks that have apps that require you to pass at least the basic level attestation, if not the CTS profile matching that fails the moment you modify any system level resources, even the bootloader

        luckily you can force disable CTS so it falls back on the basic level, for most apps at least. You will never have access to Google or Samsung pay though, as it actually knows your phone model should support CTS and will autofail if it no longer reports that it does.

        Alongside that apps like Pokemon GO and Netflix also require at least basic attestation to function - demonstrating the DRM and anticheat capabilities of such a system.

        • nudny ekscentryk@szmer.info
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I find it funny how the most root-resistant app I’ve ever encountered is McDonald’s coupons app. I can trick Google Pay into working on my rooted phone, I tricked Revolut and two national banks. Heck, even my government-issued digital ID was tricky but I eventually got it working despite root and unlocked bootloader, both of which it didn’t like. But McDonald’s? None of the workarounds work whatsoever .

          • CheshireSnake@iusearchlinux.fyi
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            I’m rooted and on LOS and can use any app I need (including banking apps, paypal, and netflix - i don’t use samsung/google pay). The only app i can’t get to work is one stupid food delivery app. It’s weird af.

          • Da_Boom@iusearchlinux.fyi
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Nah, I’m still running a stock ROM on a pixel 3a. Looking at this guide, it looks like this tool is dead. So unless it works on android 12, I can’t use it.

            Enabling strict denylist actually causes my phone to break, it will randomly cause my phone to freeze up, and fail to load on phone unlock to the point I have to go into safe boot to disable my Magisk modules, only then will it boot correctly. - maybe I’m denying the wrong system apps for strict mode to work. I have still added apps to the denylist, however.

            Im currently using universal Safetynet Fix to pass basic Attestation, and the only thing that fails to work is google wallets “tap to pay” feature. Which doesn’t matter as my NFC reader is broken in any case.

            • CumBroth@discuss.tchncs.de
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              Oh, I didn’t notice it’s dead. I just had it bookmarked because I remember spending a lot of time trying all sorts of workarounds before it and none of them ever worked (for CTS).

              I used this for Android 11; there’s a good chance it’ll still work for that version. But like I said, I ended up not needing it anyway - my phone doesn’t even have NFC! I think I mostly just did it as a FU to Google rather than for actual utility. :D

              Just thought it worth mentioning that there are/were workarounds for CTS. Don’t know how things are now on Android 12 and 13.

      • JustEnoughDucks
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Yes, US banks.

        Banks in europe are much more up to date with tech.

        They have APIs to sink transactions with external providers like nordigen API.

        They have 2FA that is linked to your national identity card which is chipped

        Nationally used apps that are universal 2FA linked to national IDs that banks, medical, and government services all tap into

        Everything is contactless payment nowadays, the US just recently started contactless cards

        Inter-bank transfers without external apps like venmo

        There are MANY problems with EU people getting their banks to work on a rooted phone.

        They will absolutely implement DRM if someone sells the bullshit to them under the illusion of “safety.”

        Hell, the US had handwritten “vaccine cards” for covid while European nations even had open source user spinoffs on nationally funded apps linked to national IDs to manage COVID vaccination and testing passes.

      • macintosh@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        If we lived in a sane country all 4 major tech companies would have already been brought to court over this in like, 2016. (Microsoft for the second time…)

        • Nowyn@sopuli.xyz
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          To be fair to America, I don’t think there are any sane countries left. Finland had an actual neo-Nazi as minister and while it didn’t last longer than Truss or even half of it, the party that is ministerial party is still there with similar ideas. They just had forethought to not write 14/88 in an old electoral ad. We are tied for first place still in the least corrupt countries and 5th in most democratic countries.

    • Jentu@lemmy.film
      link
      fedilink
      arrow-up
      16
      arrow-down
      1
      ·
      1 year ago

      Would apple just roll over on this? Or would they fight to make sure safari is also an option to freely use the internet (or at least severely limiting apples ability to do something similar) And websites that depend on ads, the number of Firefox and safari users have to be greater than the number of users who use ad-blockers. So wouldn’t it negatively affect ad income on websites if they implemented it and cut out all non-chromium browsers?

    • rasikww@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Doesn’t that also mean they lose customers or possible transactions which could have made them money?

    • Matt@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Technically the idea is that if Chrome has barely any market share (will never happen, but let’s pretend), they cannot implement this as it will anger and lock too many users out of day to day life.

      However…

      With Google Search and YouTube being by far the most 2 popular websites in the world, I think they still could. The vast majority of people would never give those up and if they’re told to use another program to access them, they absolutely will, meaning in an ideal world with a browser competition, they can easily destroy it immediately.

      • Regelfall@feddit.de
        link
        fedilink
        arrow-up
        11
        ·
        1 year ago

        Google search has become very bad and is easily replaced by basically any search engine. YouTube is still unparalleled though.

    • llcoolvm@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Did Firefox even say that they would not implement it as well? Are there any informations on that?