> If you are really concerned with security, you should also be concerned with the security of your bank.
Yes, of course. There are reasons I don't bank with every bank under the sun.
> Do you keep all of your money under your mattress?
No. Do you?
I'm starting to think you're not having this conversation in good faith.
> You realize that no one has ever lost money in an FDIC insured bank account because of either fraud or a bug in client software.
You can claim that all you want.
Meanwhile time is money and dealing with banking issues takes time out of my day. Meanwhile FDIC is insured via taxpayer money and so my taxes absolutely cover the fraud perpetuated by whoever.
Nice trolling in the thread.
> So do you...
I fly because flying is regulated.
I drive because driving is regulated.
I take medicines that are regulated.
I don't go to hospitals in the U.S. Fuck that noise.
> Yes, of course. There are reasons I don't bank with every bank under the sun.
But you have an issue with the security of Apple and Google but you don’t have an issue with the security of your bank?
You haven’t seen the quality of software developers at the typical bank have you?
> I'm starting to think you're not having this conversation in good faith.
Your threat model is not backed up by any evidence
> You can claim that all you want.
Is my claim false?
> Meanwhile time is money and dealing with banking issues takes time out of my day.
And which banking issues have you had to deal with because the supposed insecurity of Apple and Android with respect to the banking apps?
> Meanwhile FDIC is insured via taxpayer money and so my taxes absolutely cover the fraud perpetuated by whoever.
Your funds aren’t insured by taxpayer money. Banks pay into the system based on the deposits they have.
And if you trust the fraud protection of your bank? Why are you worried about supposedly insecure phones that would cause fraud even though that hasn’t happen since the modern phone?
> I fly because flying is regulated.
>I drive because driving is regulated.
> I take medicines that are regulated.
And banks aren’t regulated? What is the threat model you are guarding against?
> I don't go to hospitals in the U.S. Fuck that noise.
You mentioned the FDIC which only governs the US. If you are in a car accident or have an illness, you are going to get treated outside of the US?
> > > You realize that no one has ever lost money in an FDIC insured bank account because of either fraud or a bug in client software.
> > You can claim that all you want.
> Is my claim false?
Yes.
My family specifically have lost money due to fraud, non-recoverable from the bank.
Many people have lost money from bank bailouts which only occurred because certain banks were fraudulently packaging mortgages. That's happened more than once.
> Your threat model is not backed up by any evidence
Isn't it? Let's see.
1. Spam is indistinguishable from spearphishing. It seems nobody understands this.
2. Working in high tech or finance results in higher amounts of targeted spearphishing.
3. Working with people in journalism or political activity results in higher risk of malware.
4. Having friends or family with criminal history or mental problems results in extreme loss of privacy.
5. Having ex-friends or ex-family (eg, divorce) with threats of physical harm results in a sensitivity to privacy. For example, having your name mentioned in court proceedings, even when you are not there, is publicly searchable and gives a reasonable estimate of your location. There's a reason that Witness Protection programs exist and it takes some extra levels of threats to make it into that.
6. "Security" software is often shady ([0], [1], [2], need I go on?)
So with that in mind, consider the following threat model built upon those:
7. "Businesses" who don't have a way for a real person to resolve an issue, such as Google. Let me know what phone number to call when my Gmail account is suspended because someone else tried to hack their way in, would you?
8. "Businesses" who use shady practices to steal data without consent. Let me know how to selectively share single data-points of contact information to a single app, would you? I want this app to have an email address, that app to have a phone number, the other app to have a different email address, blah blah. Good luck.
9. "Businesses" which abuse interstate or international policies to maximize profits. One state says it's illegal to hold data? No problem, hold that data in a different state!
10. "Businesses" which flagrantly disregard laws and fight tooth-and-nail to prevent loopholes from being closed. Every single billion-dollar "business" does this, including Apple. Just look at how much pushback Apple had against Europe enacting sane privacy laws.
11. "Businesses" which consider my work to be their work. Good luck getting paid for art when the art is stolen wholesale. Want to make a website with cool stuff? Good luck keeping bots from scraping it and putting advertisements up with no profit for you.
Don't presume that your threat model applies to everyone.
> And which banking issues have you had to deal with because the supposed insecurity of Apple and Android with respect to the banking apps?
None because I don't use them.
I have had banking issues, even without apps. So why add to the flavor?
One issue that I'm willing to share: create a technical-oriented business whose name reflects SQL injection. Something like `select * from \' -- or drop table systable;`. The local municipality was fine with that name. The local bank? Well suddenly their system crashed when trying to create the account for the business. That was a not-fun fun day.
Hell, another issue even unrelated to banking. Another regulated industry, telecom. I had an issue with T-Mobile wherein I could not log in to their website at all using Private Browsing in Firefox on Linux. I could log in with Firefox on Linux without Private Mode. T-Mobile's statement was that this is intentional. After over a year, T-Mobile quietly fixed the problem. There was literally no* technical reason whatsoever to be unable to log in. I had to call every month to make a payment, and also ask for a refund of the call-in-fee because I could not access the website. That's both a lot of time for anyone and also easily troublesome for someone without mental faculties to navigate the stupidity of T-Mobile bureaucracy.
> Your funds aren’t insured by taxpayer money. Banks pay into the system based on the deposits they have.
K. Wanna talk about bank bailouts? Too-big-to-fail?
> And if you trust the fraud protection of your bank?
No, I don't trust the fraud protection of my bank. I trust the fraud protection of the FDIC.
> And banks aren’t regulated?
I literally said that banks are regulated.
> If you are in a car accident or have an illness, you are going to get treated outside of the US?
If I can get outside of the US, sure. Otherwise I will surely die. That's the effect of capitalism's hyper-optimization for profit at the cost of real lives. Ever wonder why so many people are upset with insurance companies?
Outside of serious injury or illness then there are plenty, but fewer every year, non-hospital doctors offices around me who I can rely on to give me a sane price for normal health maintenance. Unfortunately, "normal health maintenance" is not private if you're coming with insurance.
Yes, of course. There are reasons I don't bank with every bank under the sun.
> Do you keep all of your money under your mattress?
No. Do you?
I'm starting to think you're not having this conversation in good faith.
> You realize that no one has ever lost money in an FDIC insured bank account because of either fraud or a bug in client software.
You can claim that all you want.
Meanwhile time is money and dealing with banking issues takes time out of my day. Meanwhile FDIC is insured via taxpayer money and so my taxes absolutely cover the fraud perpetuated by whoever.
Nice trolling in the thread.
> So do you...
I fly because flying is regulated.
I drive because driving is regulated.
I take medicines that are regulated.
I don't go to hospitals in the U.S. Fuck that noise.
I'm done talking to a troll.