Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)I
Posts
4
Comments
704
Joined
5 mo. ago

  • Now I'm going to doubly not watch it.

  • If Hungary stops blocking financial aid for Ukraine, I'm sure the Ukrainians will be more than happy to deliver his invitation straight to Moscow.

  • I'm considering several, and haven't made the decision yet: Matrix/Element, Briar, and Session are all on the table.

  • Oh, so they're completely intransparent about what it is they deem "unsafe"? Smh.

  • Great you found a solution, but it comes at the price of a little convenience. Can you share what other app the banking app was objecting to?

  • Hey there, I'm happy you like Exodus. It's a great resource. Actually, the Aurora Store privacy reports are sourced from Exodus.

    Feel free to donate to the project.

  • While centralisation continues to be a problem (as the recent AWS outage has shown), Signal continues to be the a sufficient compromise between privacy and usability that a non-technical user will actually use.

    That said, I'm making contingency plans to set up an alternative for close family in case the US goes full removed and makes it inaccessible.

  • I've gone even further back, having mine painted on Greek pottery

  • Thanks, I hate it!

  • To the contrary: I'm painfully aware of those. That's why I run Exodus scans of every single app I install, and stick to FDroid for 95% of my apps. With banking applications, however, that is not an option.

  • I've made it work for now. If they terminally break it, I'll probably switch banks, and let them know exactly what broke the camel's back for me. But if all of them start doing it, I'll have to do it like gampa. ;)

  • I'm very happy if this helps! Here's a quick translation so people won't get tripped up by the German comments:

     
        
    # Push APK file to /data/local/tmp/
    adb push app.apk /data/local/tmp/app.apk
    
    # Install APK via package manager (pm).
    # Set installer as "com.google.vending", i.e. Google Play Store.
    adb shell pm install -i "com.android.vending" -r /data/local/tmp/app.apk
    
      

    I’ll use your workaround hoping that it’ll open a path for a while although I’m also dubious about the future.

    My thoughts exactly, and part of why I did the write-up! With Google's recent moves to lock down Android (and companies like my bank eagerly supporting their push), I'm wondering what's spending my energy on: pushing back and trying to stave off their efforts to take away software freedoms, like the folks at keep Android open are doing? Or accept the fact that "degoogling on Google's platform" has always been a paradox living on borrowed time, and now it's time to flip them the bird and look for greener pastures elsewhere?

  • And it keeps coming back to having to use a separate device for such apps.

    Frankly, I don't see how that improves security or privacy over putting your banking apps (and all the yucky Google software) in a different user profile, separate from all of your more sensitive stuff.

    Also, shelling out another $ 500 for yet another device you'll be lugging around just to have compartmentalisation - isn't that still giving up and accepting their demands to use their services on their terms? Personally, I don't want my bank to be able to soft-pressure me into using Google services. I don't want companies and countries to just assume and accept Google's monopoly. I don't want essential functionality like banking to get even more dependent on American big tech, at a time where it has become painfully obvious that this dependence exposes us to the most vile forms of extortion. I want to get away from that. And I want us all to away from that.

  • Nope. While asking for a second factor is the sane thing to do for something as sensitive as banking, banks around here do not offer TOTP. (I'd LOVE to have that in my Keepass the way you seem to have; care to share where/which banks do that?)

    Some banks here do offer a physical device as a fall-back for old people without a smartphone. These are basically just token generators or primitive code scanners. I've considered going full "old man yelling at clouds" and getting one of these. But then it'll live in my drawer and I just know there will be situations where I urgently need it and not have it on hand.

  • Wow. Here I was thinking I had come across a particularly nasty piece of fuckery. But then you came along with that keyboard story.

    That said, I can imagine how "checking for the 'wrong' keyboard'" (or the wrong install method, in my case) came into being: somebody installed a keyboard (or a malware-injected APK) which turned out to be a keylogger, lost their funds, and, instead of owning up to their own mistakes, blamed the company for it. Now everyone gets to "enjoy" the fallout because the company feels it needs to "protect" the rest of us dumb-dumbs from impaling ourselves with our own software choices - trading freedom for a false sense of security.

    Fuck their apps. But I understand that the browser solution may not work for everyone :(

    I'd have gone that route if I could. The trouble is: every single bank here uses a proprietary app for 2FA, meaning: I cannot log in via the browser without an app.

    it seems to me that they let Play Store do the checks, so if any hacking happens they can blame Play Store.

    Precisely! This is not about users' security. This is about corporate liability, and hence deserves pushback.

  • I need the app for 2FA. I have yet to encounter a bank that will accept TOTP for 2FA. Where I am, all banks use either pushTAN (through proprietary mechanisms, yuck) or SMSTAN (double-yuck). If I could use TOTP/Aegis for 2FA with my bank, I'd have spared you my OP. 😎

  • None that I'm aware of. Feel free to broaden my horizons, though!

  • I've been running NoScript for ages, so for me, any JS source not explicitly whitelisted is disabled by default. I have yet to encounter a single modern paywall that can be circumvented by this. Care to share where this still works?

    You're right about the scaling issues with mobile.