←back to thread

Gemini Users: We're Going to Look at Your Texts Whether You Like It or Not

(gizmodo.com)
47 points miles | 7 comments | 26 Jun 25 06:09 UTC | HN request time: 0.001s | source | bottom
Show context
theandrewbailey ◴[26 Jun 25 10:24 UTC] No.44385950[source]
I didn't think that I would be happy that I run de-googled Android so soon.
replies(2): >>44386682 #>>44387777 #
attendant3446 ◴[26 Jun 25 14:27 UTC] No.44387777[source]
The only problem (at least for me) with de-googled Android is banking, at least where I live. You either can get an account in a bank where everything is done in person or by fax :|, or fully mobile bank that doesn't work without an app.

Well, it's not a big problem, because most of the bank apps still work, but they rely heavily on Google Play Services. It can partially be solved with a separate profile and Graphene's sandboxed Google Play Services, but still a bit annoying :(

replies(1): >>44388339 #
mindslight ◴[26 Jun 25 15:26 UTC] No.44388339[source]
First, banks generally have websites. Second, if the website sucks and your prefer the app (happens plenty), get a second older device that isn't de-googled and stays at home. There is no need to put all your eggs in one basket.
replies(2): >>44389978 #>>44390856 #
fluidcruft ◴[26 Jun 25 18:28 UTC] No.44389978[source]
Many banks use their apps as biometric 2FA for website login nowadays.
replies(2): >>44390226 #>>44390953 #
1. mindslight ◴[26 Jun 25 18:54 UTC] No.44390226[source]
I haven't seen any of that in the US, still only SMS nags. It seems like banks that mandate login nags that only work with the latest devices should still be pretty rare? (with understanding and sympathy to any regions where they aren't).
replies(1): >>44390289 #
2. fluidcruft ◴[26 Jun 25 19:01 UTC] No.44390289[source]
I'm in the US and both the banks I use do this. It's probably optional but SMS 2FA is a complete joke due to the major security flaws of SMS. Presumably they could use a generic 2FA app but then it means they would have to provide technical support to the n-millionth backdoored spyware app that app stores get games to promote which has accountability and compliance implications. Another thing the apps do is instant confirm of suspicious activity and Google Pay which my understanding is keeps card numbers out of store databases that keep getting breached every other month.
replies(1): >>44390438 #
3. mindslight ◴[26 Jun 25 19:20 UTC] No.44390438[source]
From my perspective all of the "2FA" are nonconsensual steps I'd rather not do, so the easiest options are the least worst. My SMS# for them is a GVoice which goes to my email. Somewhere far down on my todo is a script that just watches for those emails and spits out the code in a terminal for easy pasting.

Specifically, Ally, Cap1, BoA, and my local bank all only make me do SMS/email nags at worst. If any of them started pushing trash like expecting to force me to install their app on my actual in-my-pocket-when-out cell-plan phone, I'd drop them like a bad habit.

I've never really had a problem with unauthorized transactions, and I'm generally not squeamish about random online retailers (though most seemed to have moved to Shopify, shrug). Generally the most important thing you can do to protect yourself against fraud is review the transactions on your account within 30 days, so any feature that makes it more difficult to do this actually hurts you.

replies(1): >>44390647 #
4. fluidcruft ◴[26 Jun 25 19:50 UTC] No.44390647{3}[source]
Boy I hope your Gmail is never hacked and I also think it's a bit comical that you would build your financial security out of some Rube Goldberg Google service contraption while telling yourself that you're fighting the good fight against Google's encroachment in your life.
replies(1): >>44390844 #
5. mindslight ◴[26 Jun 25 20:13 UTC] No.44390844{4}[source]
"Financial security" ? Don't you think you're overstating that a bit? We're talking about bank accounts bound by Regulation E, not bearer tokens like cryptocurrency.

Traditional bank accounts are quite close to an open ledger - the only thing one really needs to initiate a transaction against an account is the account number, which is printed on every check. As I said, the biggest fraud risk is not checking your accounts every ~30 days. Do this, and your liability is basically capped at having to fill out some paperwork and change account numbers.

The "Rube Goldberg contraption" is to mitigate the nonconsensual SMS nag by making it as easy as possible. My login security relies on my passwords. If someone can get those passwords, it means they've pwned my computing infrastructure and I have got much bigger problems than cleaning up unauthorized bank account activity.

As for GVoice, I chose to start using it because I saw Google and AT&T as similar attackers. I've stuck with it because it works for more of these types of things than other VOIP providers. With "AI" that original calculus might be changing, and if (when?) I decide to jump away from that then I'll probably move towards something like @rsync's "2FA Mule".

replies(1): >>44390999 #
6. fluidcruft ◴[26 Jun 25 20:29 UTC] No.44390999{5}[source]
Which banks support 2FA mules?
replies(1): >>44391479 #
7. mindslight ◴[26 Jun 25 21:15 UTC] No.44391479{6}[source]
I would think all of them, because it's just another prepaid SIM like many people's actual phones. On that front, Ally SMS stopped working with GVoice (I just do the voice call when they want to nag, that still works). And way back I experienced some random issues with Cap1 - it seemed like they were trying to grab the subscriber record as a form of verification (sigh).