Tracking from bank or both? Anyways, in Latvia we have similar system and it is a convenient way to authenticate within services where you MUST prove you are person X.Y.Z.
For example, some electric company, if you auth via this method, will provide you with contracts, electricity usage graphics for all the sites you own and and other info you must access as a customer. Same goes for recycling company. These usually provide a way to register using email matching whatever email you had in contract (thus linking to real person anyway)
And then for other services where you request some data electronically that they must "register" each request. For example request some extended data on land/house ownership. You can't have that with non-real-life identifiable entity.
So usually login via bank is an login option with companies you either have juridical relationships or you must provide real life identity where you would otherwise have to show passport in real life.
We have GDPR and consumer focused regulators in the EU. Our governments are actually out to protect citizens from corporate malfeasances, as opposed to either ignoring it, or out right enabling it.
If a company abuses this data, you have strong forms of recourse available to you as a citizen, and banks are incentivised to remove bad actors, to ensure they don't become embroiled in enforcement action triggered by a 3rd party.
> It's very hard to make a privacy case against FIDO.
With username and password, I have full control over my privacy in a very easy to understand fashion: If I randomly generate them I know I cannot be tracked (as long as I ensure my browser doesn't allow it by other means).
With those keys I have a opaque piece of hardware which transfers an opaque set of data to each website I use and I have NO idea what data that is because I do not manually type it in. I need to trust the hardware.
Sure, I could read the standard, but it very likely is complex enough that it is impossible to understand and trust for someone who has no crypto background.
And I also have no guarantee that the hardware obeys the standard. It might violate it in a way which makes tracking possible. Which is rather likely, because why else would big tech companies push this if it didn't benefit them in some way?
> Which is rather likely, because why else would big tech companies push this if it didn't benefit them in some way?
They switched to this internally a long time ago which basically eliminated phishing attacks against employees. There are security teams inside those megacorps that have a general objective of reducing the number of account takeovers, and non trivial resources to accomplish that. Not everything is a conspiracy.
Also, I am sure you will be able to stick to just passwords for a pretty long time while the world moves on to cryptographic authentication. I'm not being sarcastic here.
Yes, they also track the behavior of their employees. It is security for them and not for the user in many cases. In a perfect world those incentives align but they don't have to.
With your password manager, you're trusting a lot more: the software of the OS and kernel, the software of the browser and its dependencies, the software of your password generator and your password storage. You also have to hope the developers and administrators of the website you're signing in to aren't storing your passwords in plain text (and I don't just mean in the database - overly-aggressive APM/logging might be storing POST request data in a log stream somewhere).
The only attack that's an issue for both passwords and security key-based sign-in is targeted attacks against a website, where they use your browser to execute malicious API calls to the website after you've signed in regularly.
I'm not familiar with FIDO, but passwords place a lot of effort into the user (must avoid repeating them, must avoid simple sequences, etc). After years of warnings, this has berely changed - people use lousy passwords and repeat them.
So I'm all up for considering different approaches.
I have much more backups of my workstation etc., should I now buy dozens of crypto hardware key thingies and constantly switch them around to match the backup disks?
For those who do offsite backups: Is an offsite backup possible across the Internet? Or do you have to physically drive the key to the offsite location?
When I create a new account somewhere, does that mean I have to move N backup keys out of their drawer to the workstation and register each of them on the account?
And how to even create a backup and keep it in sync?
With backup disks, it is a matter of shutting down the machine, removing one disk from the RAID1, and you have a backup (the removed disk is the backup). Or doing "dd if=..." if you don't use raid.
Is something as simple possible with those fancy crypto toys? Or is some arcane magic required to copy them?
Is this perhaps all as usual: An attempt to get more control and tracking of users, disguised as "security"?
With devices that support BIP39 backups like the Ledger or Trezor, you are backing up the random seed that generates all possible future accounts deterministically.
Backup once, setup 100 accounts, lose authentication device, restore backup to new device, regain access to all 100 accounts. Easy.
> I personally haven't seen any problem solved by the blockchain thus far.
Solved problem: Hyperinflation caused by excessive governmental money printing.
Yes, I know you may not consider this as a "problem", but tell that to the millions of people who have had to watch their life savings being erased to zero value.
Yes, the Bitcoin price may be jumpy, but we aren't yet seeing kids playing with bricks of trillions of Bitcoins because they'd be so worthless that you can give them to your kids as toys.
That DID happen with fiat currency:
Enter "hyperinflation" into your favorite picture search engine.
I personally own a 1 billion bill of a previous currency of my country which I bought for the equivalent of $5 on eBay.
Hyper inflation is absolutely a problem. Not solved by the blockchain though..
I think you're referencing BTC in use as some kind of ubiquitous currency ? That would be an interesting use, until someone owns enough to influence the market, which, already happens, so it would make matters worse for more people
If they try to print more Bitcoin by changing the software that does NOT automatically mean that the majority of Bitcoin users will install and run that modified software.
The non-"print more money" version will reject its blocks.
So even if they throw 90% of hashpower at it then it will not be the consensus because nobody uses a version of Bitcoin which accepts the blocks it mines.
The thread does not seem to answer the most interesting question:
Is it really possible for app developers to leave out permissions in the list of requested permissions on Google Play and then get them nevertheless when the app is actually installed?
Another question would be: If google gives me an app from their official playstore, on their OS, should they be considered responsible for any loss that it causes to bank accounts, or we have given up accountability for big corps, hope regulators are sleeping well
You're saying they should be responsible. Ethically? Legally? I'm not sure which you mean, but probably both.
That's not the question I was answering though. That question didn't specify the flavor of responsibility, and I chose to answer it from a mostly legal perspective, which is that as things stand they are probably, mostly, not liable.
Traditional retail liability is probably the best place to look in this case. A store can be liable for the products it sells, but if it makes reasonable efforts to determine product safety then those are difficult cases to win unless you can show that the retailer knew, or should have known, that the product was defective or unsafe. One black & white example of that liability would be selling alcohol to underage kids who did not present any ID, or gave a fake ID.
I think "reasonable precautions" is probably the best rule from a practical standpoint. But I'm not otherwise going to address where the line should be drawn on "reasonable" precautions. That's a complex question, individual examples and product classes would vary, and there are plenty of expensive court cases that have not yet produced a universal "bright line" standard for defining "reasonable" precautions.
Your thinking is kinda bizarre - why do you demand accountability from the store, not the author/creator of the malware app?
For other products the accountability is always on the manufacturer/creator of the product - why, in software, do you all demand that big tech censors and polices what you're allowed to consume instead of actually punishing the wrongdoers who created malicious and dangerous software? Why can they just get away with zero accountability and you don't even spare a millisecond of thought?
Well, for one thing it's because I am forced to keep the play store on my phone without being able to uninstall it, along with Google play services, and also they are vetting all apps that gets to the google play store, and also the fact that they contiously bust balls justifying the existence of their ecosystem to safety and security of devices, are they allowed to have it both ways? So we need to keep them because of safety but like not really safety? More like safety of income stream for their shareholders?
In the UK, consumer product liability is with the vendor. They will usually recover the costs from the manufacturer, giving them an incentive to deal with reputable companies. As a consumer I don't have to care about the vendor's suppliers.
Because it's a different relationship model? With a regular product the thing the consumer interacts with never changes. With software the user is able to make it do wildly different things, stuff neither the manufacturer (Samsung, HTC, etc) nor the software vendor (Google) could envision, including running exploits in the software to do things the user didn't even intent.
No they don’t. Physical stores pay volume rates to the manufacturers. They own the inventory and resell it at a markup or a loss. The app stores do something totally different. They allow “manufacturers” to list the item directly to the consumer and charge 30% in money transmission (legal term) fees. They are basically offering the same service (and licenses) as Western Union (or stripe connect), just on a larger scale and more integrated.
Whether they are actually legally set up that way (or not) I don’t know. I did go down this rabbit hole 10-15 years ago to do something similar with a lawyer.
What could be interesting is if some states/countries have limits on the fees a money transmitter can charge and an app company sued for them operating illegally.
From a consumer POV it's the same as physical stores, regardless of how they acquire the product. Walmart has an average 32% markup and Target 46%[0]. Is target now liable for anything they vend to you that does something malicious?
Google is complicit in this by their refusal to ban larger app developers that create malicious apps.
Google may kick the malicious app off the play store for a couple weeks and make the developer remove the malware (or obfuscate it better) but then allows the app(s) back to the play store.
Windows is not vetting all apps, and is not forcing you to bribe them 30% of your sales to be on a store fully controlled by them
But yeah, I think making corps accountable would be of great benefit to IT, if we start hitting them in the wallet I guess that's the only way to make security escape conferences and make it to software companies HQs
I get to pay a corp to get a shitty product that makes me subject all sort of security issue, without being able to blame it on anyone, and in the end I have also to pay with my time because manager X didn't think that it was important to deliver a safe product. So yeah, I want to be paid for the time I have to spend to fix corps shits
Actually, I'm pretty sure there has been some stuff that Microsoft signed, for which MS is paid (not 30% sure), that were malwares. But I'm too lazy to find it
Then again, taking the thought experiment of your comment as written, can a malware dev sue M$ for Windows Defender blocking and/or removing their software?
Also, "being sued" isn't a very strong litmus test on its own. Anyone can be sued for anything at anytime.
I am *very* surprised that the list of requested permissions on Google Play does *not* have to match the actual permissions which the app gets when installed.
I would have thought that the list on Google Play is computed from the binary so it cannot be fake.
Is it really true that you can just leave out permissions in this list and then just get them once people install your app?
As far as I know (and I have quite a few apps on google play) the list is compiled from the apk itself. On android you need to specify all permissions in the manifest (a file in the app that describes what the app requires). If you don't and try to use it, the device rejects it. The play store description is a "human version" of the list. Some permissions are grouped and other ignored.
The app from the post had a list of permissions declared in the manifest, and on first look it seem to match what play store shows.
In any case: no, you can't leave out permissions and use them later. If you don't declare them, you can't use them. (At least not by normal means, it is possible with adb and root, and also by installing extra apps).
Thanks, but why does the post show two screenshots juxtaposed:
- one labeled as "2FA Authenticator permissions disclosed on Google Play"
- and the other as "2FA Authenticator permissions requested"
They even made "disclosed" and "requested" bold to stress that there'd be a difference, and in fact the former list of permissions is shorter than the latter?
You said that some permissions are "ignored". Is that the explanation?
Where is a list of all Android permissions which are "ignored", i.e. not told to the user when installing apps?
From the screenshots it looks like the permission to install software is part of whats lacking to be disclosed.
That has a rather big security impact, why does Google ignore it?
They are ignored from the standpoint of Google Play displaying them to you in the listing but not ignored by Android itself. Google 'streamlined' the permissions displayed to users in the store years ago but you can still see them (mostly?) via Settings->Apps and notifications-><select an app>->Permissions. This was most likely partly because apps used to need to request some rather strange looking permissions from a user standpoint (i.e. a flashlight app needed camera permission since the phone's LED was tied to the camera API, for example[1]) and partly because Google itself normalized the 'kitchen sink' approach to permissions with its own apps in the store when they switched from baking them into the ROM to distributing updates via the store and now most large companies do something similar with their own Android apps.
Unfortunately, every spammy/scammy app came along for the ride and now you're fairly dependent on Google's scanning of the apps to catch the bad actors which has been shown time and time again to be insufficient.
[1] However, they never needed access to things like your contacts or networking... but for Google to flag apps that did things like that, their own apps would likely either be flagged or called out for hypocrisy given their own 'kitchen sink' app permissions.
Camera is camera, that's obvious.
Disable keyward is disable lock screen.
Foreground service is probably ignored, maybe the word "service" is hard to explain?
Internet is full network access.
Query all packages is ignored. This is a relatively new permission that allows you to see what apps are installed, on android 10 and below it wasn't necessary to declare it, you could always get the list.
Receive boot completed is run at startup.
Request install packages seems ignored, which is odd but maybe because you can only request, the user must accept to install it in any case (no app can install anything on their own, unless root or system app).
System alert window is draw over apps.
Biometric and fingerprint are ignored, odd too.
Wakelock is prevent from sleeping.
So, the "hidden" ones are foreground service, request install packages, biometric and fingerprint, as I said I tried to find a description of how the play store is grouped, but failed to do so :( sorry.
This article is IMO very exaggerating issues there (please note that Google store shows that the app targets only Android >= 8.0, this has a huge impact for what's to follow)
List of perms from the article:
> Collect and send users’ application list and localization to its perpetrators, so they can leverage the information to perform attacks targeted towards individuals in specific countries that use specific mobile applications, instead of massive untargeted attack campaigns that would risk exposing them,
Yeah okay, giving access to the internet to an app enables the app to know what is the country of the user. Even knowing the language of the app know that. I'm sorry, but seriously, what are we supposed to do against that?
> Disable the keylock and any associated password security,
Listed on play store
> Download third-party applications under the shape of alleged updates
This doesn't allow to download apps silently. Every time you install or update a new app, this makes a huge annoying confusing popup, where you need to know where to click, and there are three such places! I even hate Google for how complicated it is. Criticizing Android for this is stupid.
> Freely perform activities even when the app is shut off,
I honestly don't know what they are talking about, that's pretty much always the case for all apps, there is no permission for that...? This is of course an issue wrt power drain, and Android is taking new counter measures against that power drain regularly. But that's just a power drain nothing else.
> Overlay other mobile applications’ interface using a critical permission called SYSTEM_ALERT_WINDOW for which Google specifies “Very few apps should use this permission; these windows are intended for system-level interaction with the user.”
This has indeed be very controversial. There are many great features that can be built with this. But the handling of this at Google has precisely been that apps need to be whitelisted manually Google-side to be allowed this permission, or go through a super complicated menu to enable it.
Overall, I have a very hard time believing this malware is anything but a PoC made by the anti-virus seller itself.
Edit:
One thing I forgot to mention. Many permissions in Android (like in iPhone) are DYNAMIC. Which means that user NEED to EXPLICITLY approve the usage of those permissions.
Google Play Store lists only the permissions that are granted without user's explicit approval.
I think it used to be back in the day, but many normal apps use tons of permissions so people skipped over them. Google revamped their UI to only show a select bunch of them at some point. Perhaps in this step they managed to mess up and miss a bunch of permissions that these apps use.
You can't get a permission that's not in your app manifest without root access.
Seeing as the app appears to install apps silently, it probably manages to exploit devices with outdated security to elevate its system permissions. Altering the installed binary and system permission table are probably the easiest way to use the standard Android API to install software in the background, because doing so programmatically is a pain.
I expected it to work that what is listed in the marketplace is the design and when signing the app it includes the permissions as mentioned in the marketplace. If the binary requests different permissions they are rejected by the OS without prompting the users.
CAES has lower efficiency, probably closer to 70% and only if you use something to reheat the air. (Compressed air loses temperature and needs an external source of heat to restore it to full volume)
Even if you use natural gas as a reheating element, the compressed air stores a significant amount of energy and is doing the majority of the work.
I too was wondering that as the ideal gas law states that PV = nRT. When you compress a gas it gets hotter, conversely, allowing it to decompress cools it. I assume they store the heat energy...
If you ignore efficiency then you stop making a profit pretty quickly. You can solely focus all you want on cost; sooner or later efficiency will make you pay.
Goldman wouldn't be making that kind of an investment if they didn't have a handle on both parts of the equation. Indeed efficiency (dealing with losses from seepage) have been the nut that hasn't been cracked with compressed air storage; these guys seem to have an economical (efficient) way to deal with that problem. If true, then they really are worthy of Goldman's investment.
EDIT: Please explain in the comments - because I seriously do not understand that - why on earth you are downvoting this!? You're advocating something cruel. WTF? What is the problem about saying "leave a person alone who apparently WANTS to be left alone?". You're advocating stalking.
The people who trying to figure out who Satoshi is and make it public should realize this:
What they're effectively doing is trying to completely destroy someone's life just for them having written a piece of software.
Because then everyone will assume (EDIT: not *know*, see the comments) that the person is insanely rich. And beyond the glorification of being rich everyone forgets what it actually means:
You're a prisoner of your money.
Want to go to a pub and have a beer? Not possible, you might get kidnapped or at least harassed by paparazzi.
Want to go outside for a walk? Same as above.
Want friends? Nope, how are you gonna find them if you cannot go outside? How can you trust anyone? Maybe they just want your money?
Of course, the rich can mingle among each other. But this very much limits your possible circle of social contacts, and there's no law of nature which says that someone like Sathoshi might even want to be friends with Justin Bieber etc., or vice versa.
Hobbies? Only those you can do alone.
Want a girlfriend/boyfriend/spouse? See above.
Also as a bonus a large portion of the public will HATE you, no matter what you do. Just see how much HN hates crypto.
You might get tortured for money, lynched or whatever cruel imagination you can come up with. Enough people know you = anything is possible.
Satoshi apparently wants to be left alone so you should do just that.
They gave you a software for free which spawned a whole industry, they don't deserve to be harassed for that. If you don't like it then don't use it, but don't destroy the developer's life. Nobody forces you to use it - and even if someone did then go harass them, not the developer.
Well, to start with, you're exaggerating. His life will meaningfully change (perhaps for the worse, by his standards), but his life won't be "destroyed" -- at least not by any reasonable standard. There are plenty of well-known billionaires who are perfectly happy.
To put this another way: is the search for knowledge immoral, if discovering that knowledge will inadvertently harm a person? That's sort of a deep question -- one which doesn't have a definitive answer, but your comment preaches as though it did.
> but his life won't be "destroyed" -- at least not by any reasonable standard. There are plenty of well-known billionaires who are perfectly happy.
1. The person has actively signaled that they do NOT want to be known by trying to stay anonymous. You're acting against their will. It is thus false to assume that they would like it. They have basically told you that they won't.
2. Destruction, in a minimal definition, means changing something so much it is completely different from what it was.
So to prove this is not destructive, name me the aspects of their personal life which will NOT be affected by suddenly the whole planet assuming they are rich.
There are probably none. Everything of their existing life will likely change.
So this is quite destructive isn't it?
And sure, their new life afterwards (if they don't get murdered) might be likeable as well.
But is it your right to replace the whole of someone's life with something different and expect them to like it?
It's a pretty intrusive attitude.
> To put this another way: is the search for knowledge immoral, if discovering that knowledge will inadvertently harm a person?
Yes in this case, because that knowledge is completely worthless for producing any real usable thing. So there is no benefit of the knowledge to value its harm against.
You can read how Bitcoin works in the source code, and deduce all necessary financial decisions from that. No need to know about the developer is needed. Bitcoin is trust-less so they have zero power on what it does. The code is its law.
So overall, what people are seeking is not knowledge but entertainment.
And it is super cruel to hurt someone for entertainment.
Moreover, all these claims of Satoshi having a lot of money are pretty much just speculation -- all they do is show that some early miner mined a few hundred thousand bitcoin. They don't show that miner is Satoshi, that's just a plausible guess because the people speculating know of few other early Bitcoin users. They also don't show that whomever mined those coins hasn't lost the keys for them.
Any person 'identified' as Satoshi may not actually be Satoshi anyways, people have shown that they're remarkably able to believe utter drivel.
So now imagine all the problems you listed but apply them to someone who isn't actually wealthy because because that early miner wasn't them, they're not Bitcoin's creator, or because the assets had been lost back when they were worth very little. They'd still be subject to all the assumptions and thus threats, but not be able to buy their way out of them to the extent that it's possible to do so-- e.g. they couldn't afford the multi-million dollar a year security.
(Someone might reply to you that if their problem was wealth they didn't want they could always dispose of it, but that just reduces to the problem above: people wouldn't believe they did so it wouldn't solve the problem, it would only remove the best tool they have to ameliorate it)
> They gave you a software for free which spawned a whole industry, they don't deserve to be harassed for that. If you don't like it then don't use it, but don't destroy the developer's life. Nobody forces you to use it
Not just that, the very premise and fundamental design of Bitcoin was to give its creator no particular control or authority over it. So their identity doesn't really matter. The fetishization of the identity of Bitcoin's creator is a stupendous act of missing the entire point.
People shouldn't delude themselves that they're not engaging in a mean and harmful act against someone who never caused them harm. It's gross and creepy. If Satoshi is still alive and wanted to be known, he would be. Not only did he expressly complain about the speculation about his identity when he was around (in the last message he sent before disappearing), his continued silence shows he isn't interested in now.
Or harassed by that supposed journalist who tried to expose that old guy she tracked down just because he was Japanese and was formerly some kind of engineer
i agree with the sentiment, however, it’s wishful thinking.
Bitcoin exists in a space within game theory where everyone is in a constant adversarial relation with everyone else. it’s an explicit design, and that relationship is the only way we really know that the software and cryptography are sound. but you can’t completely isolate the protocol from its surroundings. the adversarial challenge of trying to break the bitcoin protocol is going to leak into the adjacent challenge of trying to de-anonymous the person who explicitly wanted to remain pseudonymous. in a twisted sense, if SN remains pseudonymous under the extreme pressure of thousands trying to de-anonymize him, that’s the only way we can really be sure that anonymization is still possible in the modern age.
> remains pseudonymous under the extreme pressure of thousands trying to de-anonymize him, that’s the only way we can really be sure that anonymization is still possible in the modern age.
Other unwilling human beings aren't appropriate test subjects for your conjectures about security and privacy. If you'd like to test a security hypothesis, offer up yourself or your family for attack-- don't nominate other people.
> i agree with the sentiment, however, it’s wishful thinking.
if you’re trying to persuade me that i shouldn’t use SN as an unwilling test subject, save your breath: i’m not engaged in any effort to de-anonymize him. his project is founded on adversarial mechanics within an extrajudicial (i.e. lawless) space: it’s naive to think those mechanics won’t bleed over from the project to its adjacencies. that’s the point i’m trying to make.
Your comment still could be read as justifying "he was asking for it", or at least "he should have expected it". I'm not sure if that's what you intend, but I don't agree with that.
When Satoshi left Bitcoins were worth essentially nothing (and obviously when it was created). There is no shortage of example 'experts' from back then that were convinced that Bitcoin would always be worth nothing or nearly so. In such a state Bitcoin is just some random obscure open source P2P application (in fact, Wikipedia initially deleted the article on it exactly as such).
However that sum is low. You need 24/7 security people at watch, both guarding him and the home and then also key family members.
It is possible that he prefers a low attention detail, which reduces cost. But we're still easily talking about a mid two digit number for full-time personal.
It is however likely that different aspects are accounted differently (general company estate security etc.)
If you had to be constantly followed by security people the whole day, would your complete loss of privacy be alleviated by them being cheap?
Include in the equation that Satoshi additionally likely is a person who puts a high value on privacy, given that they ensured to be anonymous up to now.
I think you misinterpreted the meaning of my comments. $339k is a bargain for Berkshire (or whoever pays it) considering who they're protecting. That's all.
Do you want Java to do deep packet inspection on all network traffic?
Because Java supports naked sockets [1], so that is what you would have to do to block the network traffic from containing .class files.
(Or remove the capability of real networking. I suppose we can agree that a language which doesn't support networking is quite limited in its use nowadays?)
I don't have a 100% settled opinion about what the JVM design should look like, so I'm not fully aggreeing with the parent poster. However, I don't think you're being fair to the spirit of the complaint. There's a difference between two scenarios:
1. You can write a raw socket, pull a class file, put it in the right place, and load it using classloaders (assuming they don't want to abolish dynamic class-loading)
and
2. The language has a conventional way of loading arbitrary classes over the network using the standard library.
Any turing complete language can download and execute code. Even if the language doesn't support it natively, you can write an interpreter that acts on some code/bytecode. However, some languages support hot-loading code over the network in a straightforward way, while others force you to do all the work yourself (with attendant limitations). In effect, those languages require you to take the gun, check that it is loaded, and very carefully point it at your own foot.
I'd frankly prefer "insecure" user+pass over all of these guardrails which are 90% about control over the users and 10% about security.