Most active commenters
  • mindslight(6)
  • fluidcruft(6)

←back to thread

Gemini Users: We're Going to Look at Your Texts Whether You Like It or Not

(gizmodo.com)
47 points miles | 15 comments | 26 Jun 25 06:09 UTC | HN request time: 0.826s | source | bottom
Show context
theandrewbailey ◴[26 Jun 25 10:24 UTC] No.44385950[source]
I didn't think that I would be happy that I run de-googled Android so soon.
replies(2): >>44386682 #>>44387777 #
attendant3446 ◴[26 Jun 25 14:27 UTC] No.44387777[source]
The only problem (at least for me) with de-googled Android is banking, at least where I live. You either can get an account in a bank where everything is done in person or by fax :|, or fully mobile bank that doesn't work without an app.

Well, it's not a big problem, because most of the bank apps still work, but they rely heavily on Google Play Services. It can partially be solved with a separate profile and Graphene's sandboxed Google Play Services, but still a bit annoying :(

replies(1): >>44388339 #
1. mindslight ◴[26 Jun 25 15:26 UTC] No.44388339[source]
First, banks generally have websites. Second, if the website sucks and your prefer the app (happens plenty), get a second older device that isn't de-googled and stays at home. There is no need to put all your eggs in one basket.
replies(2): >>44389978 #>>44390856 #
2. fluidcruft ◴[26 Jun 25 18:28 UTC] No.44389978[source]
Many banks use their apps as biometric 2FA for website login nowadays.
replies(2): >>44390226 #>>44390953 #
3. mindslight ◴[26 Jun 25 18:54 UTC] No.44390226[source]
I haven't seen any of that in the US, still only SMS nags. It seems like banks that mandate login nags that only work with the latest devices should still be pretty rare? (with understanding and sympathy to any regions where they aren't).
replies(1): >>44390289 #
4. fluidcruft ◴[26 Jun 25 19:01 UTC] No.44390289{3}[source]
I'm in the US and both the banks I use do this. It's probably optional but SMS 2FA is a complete joke due to the major security flaws of SMS. Presumably they could use a generic 2FA app but then it means they would have to provide technical support to the n-millionth backdoored spyware app that app stores get games to promote which has accountability and compliance implications. Another thing the apps do is instant confirm of suspicious activity and Google Pay which my understanding is keeps card numbers out of store databases that keep getting breached every other month.
replies(1): >>44390438 #
5. mindslight ◴[26 Jun 25 19:20 UTC] No.44390438{4}[source]
From my perspective all of the "2FA" are nonconsensual steps I'd rather not do, so the easiest options are the least worst. My SMS# for them is a GVoice which goes to my email. Somewhere far down on my todo is a script that just watches for those emails and spits out the code in a terminal for easy pasting.

Specifically, Ally, Cap1, BoA, and my local bank all only make me do SMS/email nags at worst. If any of them started pushing trash like expecting to force me to install their app on my actual in-my-pocket-when-out cell-plan phone, I'd drop them like a bad habit.

I've never really had a problem with unauthorized transactions, and I'm generally not squeamish about random online retailers (though most seemed to have moved to Shopify, shrug). Generally the most important thing you can do to protect yourself against fraud is review the transactions on your account within 30 days, so any feature that makes it more difficult to do this actually hurts you.

replies(1): >>44390647 #
6. fluidcruft ◴[26 Jun 25 19:50 UTC] No.44390647{5}[source]
Boy I hope your Gmail is never hacked and I also think it's a bit comical that you would build your financial security out of some Rube Goldberg Google service contraption while telling yourself that you're fighting the good fight against Google's encroachment in your life.
replies(1): >>44390844 #
7. mindslight ◴[26 Jun 25 20:13 UTC] No.44390844{6}[source]
"Financial security" ? Don't you think you're overstating that a bit? We're talking about bank accounts bound by Regulation E, not bearer tokens like cryptocurrency.

Traditional bank accounts are quite close to an open ledger - the only thing one really needs to initiate a transaction against an account is the account number, which is printed on every check. As I said, the biggest fraud risk is not checking your accounts every ~30 days. Do this, and your liability is basically capped at having to fill out some paperwork and change account numbers.

The "Rube Goldberg contraption" is to mitigate the nonconsensual SMS nag by making it as easy as possible. My login security relies on my passwords. If someone can get those passwords, it means they've pwned my computing infrastructure and I have got much bigger problems than cleaning up unauthorized bank account activity.

As for GVoice, I chose to start using it because I saw Google and AT&T as similar attackers. I've stuck with it because it works for more of these types of things than other VOIP providers. With "AI" that original calculus might be changing, and if (when?) I decide to jump away from that then I'll probably move towards something like @rsync's "2FA Mule".

replies(1): >>44390999 #
8. attendant3446 ◴[26 Jun 25 20:15 UTC] No.44390856[source]
Many modern banks, so-called "neobanks", provide a very limited web version that's only good to check the balance. And you are forced to use their app.
replies(1): >>44391999 #
9. marssaxman ◴[26 Jun 25 20:25 UTC] No.44390953[source]
You make me glad I only use credit unions.
replies(1): >>44391222 #
10. fluidcruft ◴[26 Jun 25 20:29 UTC] No.44390999{7}[source]
Which banks support 2FA mules?
replies(1): >>44391479 #
11. fluidcruft ◴[26 Jun 25 20:51 UTC] No.44391222{3}[source]
Honestly I appreciate these features.
replies(1): >>44391611 #
12. mindslight ◴[26 Jun 25 21:15 UTC] No.44391479{8}[source]
I would think all of them, because it's just another prepaid SIM like many people's actual phones. On that front, Ally SMS stopped working with GVoice (I just do the voice call when they want to nag, that still works). And way back I experienced some random issues with Cap1 - it seemed like they were trying to grab the subscriber record as a form of verification (sigh).
13. marssaxman ◴[26 Jun 25 21:27 UTC] No.44391611{4}[source]
What are they doing that benefits you?
replies(1): >>44392573 #
14. mindslight ◴[26 Jun 25 22:12 UTC] No.44391999[source]
So then don't use them? That is also the segment of the market that doesn't offer FDIC coverage on deposits.

There are always crappy gimmicky options. They only matter if you're forced into using them for whatever reason. Banking has a pretty strong factor of needs to work for older person of means that isn't itching to be on the treadmill of corporate technology. At least for now.

15. fluidcruft ◴[26 Jun 25 23:46 UTC] No.44392573{5}[source]
For one, it integrates Google Wallet and creates a virtual card so the actual credit card number doesn't end up in those merchant databases that get constantly breached. This ties the credit card number to use of the secure element in my phone which is configured to require biometrics to activate. That makes it extremely difficult to fradulently bill. Yes, you can fight fraudulent charges etc but that costs me time and effort and to be it's a no brainer.

I also like the convenience of using Google Wallet to pay for things. It's by far the fastest transaction and easier than futzing around with chip cards and pins. It's also more secure than the dumb tap to pay bullshit in credit cards themselves which do not require biometrics or pins. (Currently my main card is too old to include tap to pay, so I don't have to worry about how to disable it yet). Just generally Google Wallet is more secure than chip+pin while also being much easier to use and not having to trust some random keypad.

It's also nice to not even have to carry a wallet around. I'm not fully there yet (Apple supports my state's drivers license but Google Wallet support isn't ready yet). Phone is obviously something I take with me, it just makes wallet so vestigial since Apple Pay/Google Wallet support is becoming very ubiquitous.

My banks have also implemented 2FA login by just push notification so no typing number or such tedious stuff. Unlock my phone, pass biometrics and done.

There are more but those are just the first things that come to mind.