This is misleading though. There is simply no other choice if you want to use mainstream apps. It could be argued (successfully in my view) that any agreement is null and void due to its acceptance under duress.
Users have an inherent legal right to unconditionally access the full advertised functionality of devices they purchase. Any agreement after that is inherently suspect and I wouldn't be surprised to find out it was ruled unconscionable by some court if it came to that.
This isn't misleading in any way. It's unfortunate and we should be pissed about it, but this is exactly the legal arrangement that Google and Apple came up with.
> I wouldn't be surprised to find out it was ruled unconscionable by some court
Last US court battle, Apple told the court it needed the money from the kids casino to keep its profits, and the court just nodded.
Apple had to be held in comptempt of a court order after 4 years and a deluge of evidence, for us to see any significant move.
Just wait till you hear Geoffrey Hinton’s “little pink elephants” routine; it will all make sense then (it won’t). The mystery is almost rivaled by that other mystery of why some of us fail to be mystified.
It's DMCA abuse because that process is only legal to use in case of actual copyright infringement, not just any content you might have a moral claim over.
You can see on the email that the "Original work" field is just a link to the BK website.
> It's DMCA abuse because that process is only legal to use in case of actual copyright infringement, not just any content you might have a moral claim over.
I will reply to this comment because it's the easier to address, you're really hitting on the main misconception :D
It is incorrect to think that the DMCA form is only valid for copyright.
You need to contact the other party to start a legal dispute, you can do so by any available communication channels. The website is hidden behind cloudflare which purposefully hides the identity of the author and prevents any contact, except via a DMCA form. Burger King filled the DMCA form to get in touch with the author. It's merely a mean to legally contact the author and start a dispute, in the absence of better options.
It worked, cloudflare forwarded the form to the author (and the author decided to take down the article on their own). I really can't think of any reason why it would not be considered a reasonable and legitimate use of the form. All the better because it's an official legal form.
> The website is hidden behind cloudflare which purposefully hides the identity of the author and prevents any contact, except via a DMCA form
The blog post says that the author contacted Burger King and they had some sort of communication channel available, Burger King just chose not to use it.
DMCA is NOT a contact form. Part of the process is an attestation that you are the owner of a copyright and the content is infringing on that copyright, lying on that is perjury (even though I've never seen it enforced, perjury in general is rarely enforced). The convenience of DMCA as a contact and takedown form does not legitimize it's use as one.
It's fraud and perjury to file a DMCA claim for any reason other than someone infringed your copyright. A DMCA claim is only valid if you swear on penalty of perjury that the target infringed your copyright. Otherwise it's meaningless.
they've been demanding signing keys for apps distributed on the play store for years.
The only credible explanation I can come up with is that they need the keys in order to produce indistinguishably backdoored versions of applications, handy for tools like signal.
Otherwise one would never think of requesting the private keys-- if google wants to rebuild apps themselves they could sign with their own keys and possessing anyone elses private key is just pure liability as if there is any discovered abuse they can't show that they weren't the vector.
For what conceivable reason would they make the users go on desktop, considering mobile is in the process of being fully locked down?
If anything, they'd eventually deny access from desktop, forcing everyone to login via the fully manages mobile devices without any user freedom.
Some banks are already getting there btw, as their preferred 2fa is a companion app... One small step away from making that the only option, effectively denying access to anyone without a locked down mobile device.
It's already that way in my country. The few banks that still have the web version only support it for their business clients, and it's only something like two or three banks. If you're a regular client, there's not a single bank left that you can still use without a smartphone (unless you're ready to visit a branch for every little thing — so pretty much daily).
>(unless you're ready to visit a branch for every little thing — so pretty much daily).
What are you doing that you need to use your banking app daily?
It seems like a once a month affair. Pay the bills, take some cash out of the account, and you're done. Online shopping just needs a credit card, no apps required.
I'm not aware of your circumstances, but at least here in Finland I was able to get (and the bank was required to provide at my request) a cheap 2FA token generator device that can be used instead of the app (Danske ID). It works whether I am confirming an online transaction or signing into a service that uses the Suomi.fi centralized login system.
I requested it after they updated their Android app to have a check for pin-code enablement. Sailfish OS doesn't report it via the Android AppSupport system, so it was blocked before I grabbed an older build via Aurora and disabled it from updating. If it ever stops working, I'll only use the token. Once that stops working, I will switch banks.
My bank’s app doesn’t even work or even install on my phone because the bank considers my phone too old. So if they suddenly required the app to log in, I simply wouldn’t be able to bank with them. So they would lose my checking, investment, and HSA business when I move to another bank.
I think they worded that poorly, but didn't mean what you got from it: the point I'd take isn't that they will require you to have a desktop, but that even desktop will also have the same restrictions, so it isn't just a mobile problem.
And I have to agree, sadly. We've been inching towards that over the years, and it's entirely possible banks cease providing regular web access to their accounts (which this would necessitate).
But I think there will always be at least some banks that will have web frontend, so you'll just have to be pickier.
This happened to me recently in Austria, I had to get a new phone to be able to do internet banking. You can only use the app with attestation from the PlayStore, AppStore or surprisingly Huawai store.
When I complained repeately that this was forcing me into an American or Chinese ecosystem, they said that no one cares and I'm a minority :-(.
What gp is saying is that to access banking form desktop will require an approved OS and attestation just like on mobile.
The current state of affairs is that an approved OS and attestation are only required on mobile but not on desktop
most banks require 2FA or similar to confirm logins and operations. There is no way around it, this is the world we are heading towards: 2 companies in the entire planet decide who and what can be done online.
Actually my bank already requires me to use the phone app for any operation on the website. When I want to login from my laptop I need to use my phone with their app to approve the login, same for almost any operation.
Ah, and it can only be installed in one device at the same time :D Don't have your phone available? Bad luck for you
> can only be installed in one device at the same time
I neither like nor understand this restriction. It makes device failure / loss / theft a much more difficult experience to recover from than it would otherwise be. The device should be throwaway. I specifically keep old phones in case something happens to the new one.
WhatsApp is probably the stupidest example of only being able to be on a single device (but I'm forced to use WhatsApp for one specific purpose, so I already resent it). Signal does the same thing, so maybe it's related to the E2EE that WhatsApp licensed from Signal...
>WhatsApp is probably the stupidest example of only being able to be on a single device
that's not really an artificial limitation but a design choice. They don't store your messages, only deliver them. Once the message is on your device, it's gone from their servers, like old POP3 mail.
I use the Signal fork Molly to get messages on multiple phones. One remains the primary and the others linked, but I get messages even if the primary is off.
The authenticator app that I use for most 2FA can be on multiple devices, and you can export and import some or all of the entries, password protected.
I would be extremely F'd if my 2FA was able to be lost or stolen due to a single device limitation.
I have a huge problem with companies using their own apps for 2FA.
Google started doing this for Gmail. To use Gmail on my laptop, I need to approve it with Gmail on my phone. I never signed up for this. I’m now afraid if I delete the Gmail app from my phone that I’ll lose access to my email.
I hate the direction “security” is taking us. It’s done in the name of security, but it feels more like blackmail to get and keep the company app on your phone.
Is that a thing Google logins can be set to require? I _can_ use the Gmail app on a device for 2FA, I can also press "try another method" and use any 2FA app.
I guess I’ll have to look. It just started happening one day.
One huge fear I have no is breaking my phone while away from home and getting locked out of everything.
I was on vacation several years ago and broke my phone (the only time I’ve ever done that), and got lucky in several ways. I had a 2nd work phone with me. I was able to use that to call an Uber to get to an Apple Store; I was lucky to be in a city with an Apple Store. Then I got lucky again that I was able to talk Apple into giving me a replacement right there instead of a repair, they happened to have a single phone in stock to do that with. Then I got lucky yet again when I went to set it up, because I had an iPad with me by dumb luck, which was able to do my Apple 2FA that I didn’t sign up for.
If I go somewhere with just my 1 phone and no second device… I’m thinking I need to setup and bring a bunch of recovery codes, which has its own risks. My plan would be to cryptically write them down and put them in a money belt, as if those got into the wrong hands I’d be screwed.
I really don’t know what people do who only have a phone and nothing else. It seems they would always have this risk.
i do like how many apps are starting to play nice with 3rd party authenticators. i use ms authenticator for a bunch of things. Although knowing MS it has some massive license fee for them to support.
De facto, this is already the case - you can use your computer as a display but to actually authorize a login or transaction you need your phone with said attestation.
True for PayPal though. I just recently had to jump through seven different hoops to verify my ID (with creepy, creepy face scans) and they absolutely refused to even start the process on desktop. Eventually got the stupid thing to work on my iPad; Android+Firefox was a no go, and it's stock Pixel 5a with Google OS.
Thankfully I don't actually rely on PayPal for anything serious, but there are artists whose commission I like to pay, and being able to actually pay them would be nice. :/
For logins, at least, they support passkeys on the desktop as well, so long as the browser does it. Which basically means Win11 or macOS, either some Blink-based browser or Safari.
I use my yubikey on both my android and linux (tumbleweed) with exclusively firefox, I have not found something that does not work.. Maybe you mean non-hardware passkeys built into the os? But one could just use keepassxc or like bitwarden, those work in Firefox and Linux as well
How it generally works iso low risk operations have no restrictions, but if you want to send a large amount of money to a new contact, the banks make you approve the transaction on the phone app.
Phone apps are generally significantly more trusted because of the fact you can’t install malware that steals the session token, and they can do a Face ID check before any risky operations.
I'll just have to disable it and choose a banking app that works on the browser. Tonnes of my apps are sideloaded. Quite a few are on the playstore or the dev might upload their details.
How will you login to the banking app in the browser without a locked down phone? In Germany, MFA is enforced and with many banks the only allowed second factor is an app on a phone.
I don't see how your explanation leads to consciousness not being a thing. Consciousness is whatever process/mechanisms there are that as a whole produce our subjective experience and all its sensations, including but not limited to touch, vision, smell, taste, pain, etc.
You've missed our consciousness of our inner experiences. They are more varied than just perception at the footlights of our consciousness (cf Hurlburt):
Imagination, inner voice, emotion, unsymbolized conceptual thinking as well as (our reconstructed view of our) perception.
Let's be careful of creating different classes of consciousness, and declaring people to be on lower rungs of it.
Sure, some aspects of consciousness might differ a bit for different people, but so long as you have never had another's conscious experience, I'd be wary of making confident pronouncements of what exactly they do or do not experience.
You can take their word for it, but yes, that is unreliable. I don't typically have an internal narrative, it takes effort. I sometimes have internal dialogue to think through an issue by taking various sides of it. Usually it is quiet in there. Or there is music playing. This is the most replies I have ever received. I think I touched a nerve by suggesting to people they do not exist.
I get you somewhat, but remember, you do not have another consciousness to compare with your own; it could be that what others call an internal narrative is exactly what you are experiencing; it just that they choose to describe it differently from you
I'm not the one who made a list of things AI couldn't do. Every time we try to exclude hypothetical future machines from consciousness, we exclude real living people today.
That's cool, thanks for sharing! In my perfect finding I would see some primitives for infographic/charts/etc. This library is great for pendulums :) (currently watching your video on non-chaotic double pendulums and it's awesome!)
Users have an inherent legal right to unconditionally access the full advertised functionality of devices they purchase. Any agreement after that is inherently suspect and I wouldn't be surprised to find out it was ruled unconscionable by some court if it came to that.