Comment by gota

7 months ago

Disregarding the law (I'm ignorant) - why should PIX be "auditable"?

Almost everyone (very close to literally everyone) uses PIX and we have zero reported cases of mishap, errors or bad faith attacks...?

I quite frankly don't care that the system backed/created by the public services and imposed on banks is "closed"; to the point I'm generally curious as to what are the arguments for caring

Hope this does not sound dismissive - as a heavy user with no complaints for years, why should I care PIX is a black box?

3 comments

gota

Reply
closewith  7 months ago

> Almost everyone (very close to literally everyone) uses PIX and we have zero reported cases of mishap, errors or bad faith attacks...?

Earlier this month, hackers using credentials purchased from a C&M employee were able to generate unauthorised PIX transactions on client banks and steal at least BRL$ 500 MM, and maybe as much as BRL $ 5 BN, so it's definitely not fool proof.

> Hope this does not sound dismissive - as a heavy user with no complaints for years, why should I care PIX is a black box?

Brazilians in general are very accepting of government surveillance, with the omnipresent CPF and now complete disclosure of almost all consumer transactions to the State. It's always surprised me, TBH, given the very recent history of dictatorship and unbounded potential for abuse.

  • gota  7 months ago

    > Earlier this month, hackers using credentials purchased from a C&M employee were able to generate unauthorised PIX transactions

    To be clear - This was a "bank robbery" (inside job, given usage of credentials?) and in absolutely zero ways affects trust in Pix as a user

    As for your other point - thanks, our values and concerns are not aligned; it would be hard for us to agree on this

    • closewith  7 months ago

      > To be clear - This was a "bank robbery" (inside job, given usage of credentials?) and in absolutely zero ways affects trust in Pix as a user

      Well, that doesn't appear to have been the case. Instead it seems to have been an attack that leverage a as-yet-unknown weakness in the Pix protocol that seems to have allowed something similar to impersonation. Whether it has affected your trust in Pix is almost immaterial, as it has rocked institutional trust in the protocol and platform.

      As for user trust, with endless malware attacks like PixPirate, PixBankBot, GoPix, etc,

      > As for your other point - thanks, our values and concerns are not aligned; it would be hard for us to agree on this

      That's an interesting claim - how do you know my values and concerns?