It's really stupid idea, that results in photos of sensitive information displayed on my device on other devices that I don't control and sensitive information wrote on paper in random places.

Password fields are inputs. Screens are bi-directional.

I mean if the goal is to prevent potential malicious apps from taking screenshots automatically; instead of saving a clueless user from themselves or worse getting in the way of legitimate users I believe that the proper solution is to disallow programmatic screenshots while still allowing screenshots when there is the correct button press (and ensure that this cannot be emulated). Windows reserves ctrl-alt-delete as a direct signal to the kernel for security purposes. Why can't android do the same?

I think the threat model here is that a different, malicious app (compromised, installed accidentally or by the means of social engineering) might take screenshots of your screen and forward them to take advantage of you. You can file this under one's "own stupidity" as well, sure, but in the end they're not protecting you, they're protecting themselves, because banks might be liable for these kind of things, and by imposing these restrictions, they're reducing the amount of fraud and thus improve their bottom line.

It doesn't really protect anything though, because you can always just use an external camera to take a picture of your screen.

There is a special place in hell for people providing non copyable text information in the form of screenshots.

They literally had me photocopy the phone screen because of the same issue.

Why not copy it from the App?

Two mirrors will make it allowed.

That’s why taking screenshots should be a runtime permission thing.

> you just need capital

The capital itself isn't going to do anything sitting in the bank. It's used to procure a team of PhDs, an team of SWEs, DevOps, business people, HR, marketing, access to a GPU supercomputer (renting a couple of 5090s off Vast.ai ain't gonna cut it). For, say, $50 million, you could get the blueprints to an Android phone and port your choice of Linux userland and get drivers working, and then do a run of 20,000, sell them for $1100. Compared to training GPT5, $50 million is cheap. If we use an estimate of $1 billion for the whole thing, making a Linux phone running a hypervisor with an Android VM to run banking apps seems not-impossible. (Based on AVF.)

Netherland used to have its own system for NFC payments, and it worked perfectly. Last year, all banks suddenly abandoned it and forced people to use Google Wallet instead. Of course I refused, because I don't want to share my financial transactions with an advertising company, so no NFC payments for me.

It's ridiculous the EU allows this.

SafetyNet works in GrapheneOS. What Google Pay requires is that the attested signature is trusted by them, a lot of apps, including many banking apps (at least in the UK) use safetynet but do not require the signature is trusted.

I get where that one is coming from though - tap-to-pay is considered second-factor-authenticated, aka no PIN entry is necessary at the PoS terminal because the user already entered their PIN or presented biometric credentials to the smartphone.

If a malware were able to snatch the key material that represents the credit card outright or it could (by running as root) act to the TEE like it were Google Pay's NFC controller app, it would enable the actor controlling the malware to spoof the credit card on their own phone... and since tap-to-pay is considered authenticated, chances are next to zero you can dispute the payment.

I think the person you were replying to might have intended sarcasm.

Yes this was sarcastic, I should have put a /s

I also live in a one party consent state.

I assume you’re talking about another country, because in Denmark there was no general curfew under Covid (attendance to events might have required proof of negative COVID test or vaccination, but shops never did).

The Danish MitID identity "service" is actually pretty clever, except for the app used to approve actions or requests on your behalf. It's designed in a way that ensure that it can verify your age, but reveal nothing else about you. It isn't going to be used for "Porn ID" though. Instead it will provide your age information, basically 15+ or 18+ (I think those are the options), to an identity wallet, which in term will validate your age to the porn sites. Unlike the UK version there's no reason to have your face scanned, because the Danish government already knows your age and can provide that information via a trusted channel, MitID.

That's probably the issue the other post aludes to. The identity wallet will only be available via Google Play or the Apple App Store (as far as we know). So without a phone and a Google or Apple account, you're won't be able to provide your age information to e.g. PornHub.

It's not a full solution. I've seen UK sites that, following the Online Safety Act, simply require all users to verify their age rather than bother to figure out whether you are actually a UK customer or not. I guess it's easier to implement and many sites mainly rely on domestic customers anyway so they don't care if international users are affected.

Also, this isn't just about porn. For example, I can barely use Reddit now if I connect with a UK IP address: the merest hint that there might be some NSFW angle to a post is enough to trigger their algorithm into requiring age verification.

It's a temporary solution though. It's only going to get more draconian. Next thing you know the talk is about punishing VPN users, because now they can be painted as evading the law.

I would much rather fight this and retain my rights instead of participating in some kind of privacy and censorship arms race.

Yes I do, and you argument is ridiculous. First of all, porn actors are operating legally and consent to what they are doing. There are real problems with the industry, but the fact that porn actors have their face shown does (of course) not mean that consumers of porn should logically have to also disclose theirs to online services.

Second, porn is just the beginning. This will also be rolled out to social media, and I wouldn't be surprised if in a few years this will be required in lots of places where children could be exposed to something that politicians find offensive.

What kind of argumentation is this? Just because someone decides to show stuff, everybody else is also required to show themselves? e.g. If I go to a theater where the actors are clearly identified, I have to be okay to get a facial scan as well?

Some people tend to demonize porn, and it might be unethical in their eyes, but fact is: it is not illegal (in most countries). I don't argue that there are issues in the porn industry, but this is an issue with the platforms, that they don't allow the upload of non-consentual material, or and have processes to take it down. This is a 'THEIR' problem (the platform not the victims).

There some of these issues also exist in the standard movie and music industry as well. Hell, it even goes up to company executives and politics. But this is up to law enforcement do their job and to remove the illegal stuff and prosecute the involved persons, not by branding everyone as a suspect.

Why is it always "nation state" when this is brought up, do states and nations that aren't congruous not represent a perceived threat?

Why?

I would very much like to record phone calls made by me.

When the company on the other end denies what we agreed a recording would be useful.

> Multiple users accounts with all user data completely sandboxed and restricted to each user.

User data and user programs. Clean installation kind of user programs.

> Verified checksums on a blockchain are only useful if they are verified by some provider who associates a blockchain ID with a real-world identity.

Nix associates a unique id to each program version or package or config file. The verification happens on the Nix package manager.

The user uploads his exact config of OS somewhere, in his own home server, at a goverment server, at AWS, on a blockchain, somewhere. A blockchain seems like the best solution to me.

> This assumes that these two persons will never need to use a smartphone at the same moment, which is a bit of a logistical puzzle.

In general no one wants to share anything with anyone, but when two people cannot afford a device individually, but it is within reach when they buy it together, time-sharing becomes a totally acceptable solution.

> Installing apps is the trivial part; isolating, or removing / reinstalling user data is much harder. An SD card could work maybe.

Checksums might overlap by quite a bit. No need to remove programs installed by both users. If the total installation of each user is 10 GB, but the installation diverges 300MB only, not a big deal in most cases.

please research before spreading missinformation. the specific gsi rom passes strong out of the box