In the EU there's the PSD2 SCA that requires 2 out of 3 factors from something the user knows/has/is for online banking. The "has" has been essentially chosen by most banks as a closed source app that can only be run on locked down surveillance-prone unrooted phones running Android or iOS, and you can only get it from the Google or Apple repositories. Your phone nor being under your control is seen as good here, because it forces the "has" factor.
So in the EU you can't bank (a necessity) with most banks on Kali.
The US maybe doesn't have such regulations or banks don't follow them, but I think you'll agree a lot of things require apps now. Maybe not the necessities, but we have to fight for the right to use whatever device we want. Fuck phones and fuck mandatory MFA.
The alternative to a banking app I experienced a few years ago was a hardware token which costs money, but not a lot of banks offer it. It was made by a useless company that issues overpriced certificates and tokens for mandatory MFA in the banking sector and some government programs, among other things. A company whose business is sustained by the regulations. I expected a TOTP token or something, but it was something ridiculous like I had plug into a USB port and connect it to the browser with some proprietary app. It worked only on Debian-based distros. Virtualizing it was a pain as it was before LLMs were good and I had to sift through long logs with information about USB-specifics I didn't want to know.
"But it's not phishable" is the usual reply when discussing these "stronger" types of MFA. It's my money, let me get phished - is my reply.
The regulators, Google and Apple with their device attestation APIs, the useless token companies - they all benefit one way or another. They have no honor.
Where did I say that? The necessities? All the necessities are browser based. I can do that on Kali if I absolutely needed too.
> All the necessities are browser based.
Until they aren't.
In the EU there's the PSD2 SCA that requires 2 out of 3 factors from something the user knows/has/is for online banking. The "has" has been essentially chosen by most banks as a closed source app that can only be run on locked down surveillance-prone unrooted phones running Android or iOS, and you can only get it from the Google or Apple repositories. Your phone nor being under your control is seen as good here, because it forces the "has" factor.
So in the EU you can't bank (a necessity) with most banks on Kali.
The US maybe doesn't have such regulations or banks don't follow them, but I think you'll agree a lot of things require apps now. Maybe not the necessities, but we have to fight for the right to use whatever device we want. Fuck phones and fuck mandatory MFA.
The alternative to a banking app I experienced a few years ago was a hardware token which costs money, but not a lot of banks offer it. It was made by a useless company that issues overpriced certificates and tokens for mandatory MFA in the banking sector and some government programs, among other things. A company whose business is sustained by the regulations. I expected a TOTP token or something, but it was something ridiculous like I had plug into a USB port and connect it to the browser with some proprietary app. It worked only on Debian-based distros. Virtualizing it was a pain as it was before LLMs were good and I had to sift through long logs with information about USB-specifics I didn't want to know.
"But it's not phishable" is the usual reply when discussing these "stronger" types of MFA. It's my money, let me get phished - is my reply.
The regulators, Google and Apple with their device attestation APIs, the useless token companies - they all benefit one way or another. They have no honor.
> Where did I say that?
>> I could care less about surveillance
I believe the parent is splitting hairs over your wording; if you didn't care at all, then you couldn't care less.
It's not splitting hairs it's the literal meaning of the words.
It's confusing and clarification is necessary in order to work out how to engage with the comment.