> imagine if the proponents of these systems had their way, they'd add remote attestation to websites too. Imagine your bank's website only loading on a "secure" windows environment, non-rooted android phone or an iphone.
Actually, IIUC this is already the case on Android[0].
Some (many? most?) banks/banking apps are rejecting (and/or complaining about) access from rooted phones right now.
I can't confirm this personally, as I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.
Perhaps someone who uses banking apps on their surveillance device could chime in on that?
> I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.
Well, it gets even better, even for folks with principles like you have.
If you want to use general computer, you need to log in. For logging in, you need second factor. That second factor is going to be in 99,99% cases exactly the app in the smartphone, that refuses to run on rooted devices.
So no avoidance, if you want access to your account.
>If you want to use general computer, you need to log in. For logging in, you need second factor.
The administrator of my network does not require multi-factor authentication for my logins.
That's probably because I am said administrator.
As for professional settings, if my employer wants me to use a surveillance device and/or an app on said device, they can provide that device to me.
As an alternative, I suppose I could use whatever subsidy is provided by my employer to purchase/use a separate device for such things.
If they choose not to do one of those thing, I guess I won't be logging in and will soon be working elsewhere.
Requiring me to use my personal equipment for work purposes is inappropriate IMHO, and I've yet to hear an argument (other than folks not wanting to carry multiple devices, which is a personal choice) that changes my mind about that.
I'd welcome anyone to make such an argument, mostly to discuss why it's inappropriate, but I'd certainly keep an open mind about it -- perhaps there's an angle(s) I haven't considered.
I meant access to your bank account -- in the context of the thread above --, not to computer account on your private or corporate computer.
At least in Europe, it is not even bank's initiative, it is from above them. They've got PSD2 directive to implement. And when they all have to implement it, is kind of difficult to vote with your wallet.
Yes, this is already the case on Android.
Two years ago I canceled smart-id contract (https://www.smart-id.com/) and stopped using any "smart" devices. Because one day the smart-id app ceased to work on my rooted smartphone.
Soon my old 3G dumbphone will be useless as the mobile operator ends the service. People are pushed to newer phones^W surveillance devices and I have to hunt for real 2G phone soon.
Your 3G dumbphone is not as dumb as you think. Considering the threat models from that era, it's most likely more manageable remotely and less compartmentalised.
Btw, you could acquire a Mobile-ID SIM that will work on a rooted phone (but also with feature phones, if you wish).
Actually, IIUC this is already the case on Android[0].
Some (many? most?) banks/banking apps are rejecting (and/or complaining about) access from rooted phones right now.
I can't confirm this personally, as I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.
Perhaps someone who uses banking apps on their surveillance device could chime in on that?
[0] https://www.howtogeek.com/241012/safetynet-explained-why-and...