Comment by unscaled

14 days ago

This sounds to me like a repeat of what happened with SEED[1]. The recipe is the same: a real problem followed by a hasty (and probably inferior) NIH solution, a single implementation forced down everybody's throats followed by years of technological stagnation.

Hopefully this mandate wouldn't end up being as far reaching as the SEED mandate did (forcing South Korean web to run on older Internet Explorer versions with custom insecure ActiveX controls for everything).

[1] https://archive.is/ermII

7 comments

unscaled

Reply
jdw64  14 days ago

My country is always like this. I think it's a problem unique to East Asian countries—following orders obediently. I read the link you shared, and it seems similar.

  • unscaled  14 days ago

    That's interesting. I didn't know any other country in East Asia that showed this level of restrictive policy that sets up a cascade of problematic tooling and technologies.

    Japanese Internet was pretty bad in the 2010s, but this was all self-inflicted done by the private sector. The government had very little do with it. And even then, ActiveX controls were very rare. My main pain point with online banking was ugly sites, back buttons that don't work and passwords limited to 8 or 12 characters "for security reasons". But those problems are not specific to Japanese or Asian banking sites. The only Japan-specific woes I can think of are frequent maintenance windows where most banking functionality is done (mostly eliminated on my bank) and weird 2FA methods like Security Cards (just a paper card with a table of codes for challenges, also completely gone now).

    • iamalizard  14 days ago

      The paper card 2FA seems better than SMS 2FA or an app 2FA if you're relatively sure your physical security is good.

      The card shouldn't cost money or could cost 50 yen which would be more than enough to cover printing it.

      You're not vulnerable to SMS interception or phone malware. You're also not forced into Google's or Apple's walled gardens.

      2 replies →

    • avadodin  14 days ago

      It makes sense in a way.

      Would you rather take your chances as one in one million customers getting his "hunter2" password brute-forced by a dedicated attack or as one of the one million customers totally pwned by a buffer overflow/code injection from the password field?