884
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 16 Mar 2026
884 points (99.0% liked)
Open Source
45475 readers
833 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 6 years ago
MODERATORS
Still doesn't sound very open.
I should be able to tell my bank to only trust devices running an OS signed by the grapheneos key, and more importantly I should be able to tell them to trust an OS signed by my key.
Edit: I don't mean to shit on this too hard. It might be the best next step.
It is kinda insane though that we've had public/private keys since the internet started walking and somehow we end up with all these over-complicated or pointless ways to use them.
Decentralized systems are more difficult to understand, and also inconvenient.
Also, very hard to monetize.
Therefore, capitalism converts the issue into walled garden approach. Easy for rubes to use, nobody bats an eye.
I don't get why it has to be that complicated anyway. I should be able to just give them my key, why does a OS or device vendor need to be a part of it? When I get a card I need to verify my identity somehow, times past that was me going to the bank, signing a form and showing my ID card. Fucking Tim Apple or Satya McGoogle didn't have a role in that, why should they now?
Sidenote; I know Satya Slopella is Microsoft but I don't frankly care to learn what the pedo in charge of Google is called.
The government did though in supplying said ID, so there was a centralised trustable organisation that the bank could depend on for verification.
Exactly. After that, the bank should accept that I wish to pay with my own device without Google, Apple, or Samsung having a say.
They don’t need GAS approval for me to pay my bills on my computer. Nor to make online purchases on it. Why is it suddenly required on my phone? It’s idiotic.
If I say that my device is okay, that’s all that should be required.
Blunder Pinochet. Or is it Sundial Pinoy. Or Thundercat Pyjamas.
Compost. That's all they're good for.
How do you know that your OS installation doesn't include malware? Like there have been many cases in the last few years where
npmmodules were found to contain malware. Who says that's not also the case in some modules that are a part of your OS?And more importantly, who is legally liable if malware actually does cause harm? E.g. malware acts on your behalf and sends your money to some criminal organization. Not only did you lose money, but now you're a suspect of supporting a criminal organization!
Of course that issue might be alleviated if you simply don't have any money to send anywhere in the first place. That might be a viable alternative, but it only works for some people, i'd say. Or you could also set a daily transaction limit of say $100 that you can use to buy groceries; to limit your losses that way. The limit ofc cannot be changed from your phone alone, you need to go to a bank physically to change it or sth. Otherwise malware could again change it on your behalf.
How do I know that when I do online banking through a browser on a Linux or Winslop PC? Yet somehow I can just log in on those with my credentials and be done with it. (And please dom't give them ideas.)
One possible way to deal with this and very nearly return to the former freedom-to-tinker status quo is to send the bank your custom OS along with a computer-checkable formal proof that the bank's app, while running on your OS, behaves as it would be expected to under the stock OS. With homomorphic encryption, it might be possible to do this without revealing your custom OS, only its one-way hash. The bank can then verify that the proof is correct and then accept transactions with attestation from your custom OS. This would enable installing a custom ROM that can be used for online banking without having to go through some cabal/consortium. The only caveat is something of this magnitude has never been done before. It's a research project for sure. It would take many man- and compute-hours. But it would be very cool.
And who guarantees that your PC doesn't have malware?
Seriously, people will gobble up all the shit served to them without a question asked or giving it a second thought.
Microsoft is legally responsible if the software they provide is found to actually contain malware.
Erm .... no. Microslop is not responsble for viruses on your PC.
You don't understand what you're talking about. You've made that very clear twice now.