"R.Wieser" <address@is.invalid> wrote

| Although full-blown paranoids see danger /everywhere/, I have been called
| called paranoid for pointing the above out.
|

That's basic ostrich strategy. If you warn them a
lion is coming they'll see it as raining on their parade.
When privacy and security first began to get focus,
mentioning any preventive measures would immediately
illicit "tinfoil hat" namecalling.

Notice that Carlos didn't say his chief concern is
convenience. He just labelled any other approach as a
"very limited life". As though I'm hiding in my closet,
with my charge cards in a metal case. If you want to
justify keeping your head in the sand then it helps
to imagine that everyone else is worse off.

In the US these days we're actually having a very
different problem. People raid public mailboxes with
something sticky on a string. They pull up any mail
they can. If they find any checks they then bleach
out the ink, except for the signature, and write
themselves a big payout.... Seems like a very dumb idea
to me, but it happened recently to a friend, and now
mailboxes are being modified such that the flap for
depositing an envelope has a very limited range of
opening. I got a "gel" pen that's harder to erase and
now usually walk to the post office with my bill payments.
It's a good excuse to take a walk, so that's not a problem.
(The bank called my friend to confirm her check. Apparently
some of them now have software that analyzes penmanship,
looking for forgeries.)

Auto-payment is increasingly popular here. I prefer
to write checks. The only company accessing my bank
account is the US Treasury. If I wanted to change the
account that they access I'd have to file a form in person
at the bank. The UST requires a password and then sends
me a temporary email key. No cellphone or device ID
required. I think the cellphone authorization is primarily
a Google idea. It adds significantly to their tracking ability
to have clear, frequent confirmation that you're connected
with a particular cellphone that they're tracking. And it's
being used as security for email, which has virtually no
security by design!

Auto-payment has also become another sort of scam in
the US. People sign up and then forget it. Phone and
cable companies then jack up the price regularly and I
have to call them to put it back down. But who can blame
them? Most of their customers are now auto-paying by
card or bank account. They won't notice a price increase.

There was a famous case a few years ago in the US of
a woman (not surprisingly German) who had her whole
life on automatic banking. She died in her garage and wasn't
discovered for 5-6 years. Even then she was only found
because her bank account ran out and her house was
foreclosed on. It was a sad example of fully computerized
living.

https://www.cnn.com/2014/03/07/us/michigan-mummified-body-found/index.html

On Fri, 10 Nov 2023 15:58:03 +0100, "Carlos E. R."
<robin_listas@es.invalid> wrote:

>On 2023-11-10 15:14, Newyana2 wrote:
>> "Carlos E. R." <robin_listas@es.invalid> wrote
>>
>> | Probably, you also don't buy anything online because they will know who
>> | you are. You only pay cash.
>> |
>>
>> I avoid buying online.

>That's a very limited life.

I agree.

>
>There are many things I get now online which are simply impossible to
>buy elsewhere.

Same here. And besides those, I buy almost everything online because
it's much more convenient and saves me money.

Almost the only thing I shop for locally is fresh food.

>>And I avoid charge cards. I use
>> them. I have 3. But I only use them for certain things.
>> Mostly work expenses. I also use them for things where
>> there's no other realistic option, like automatic payment
>> for web hosting.

I use charge cards for almost everything, even for small payments. The
only exceptions are a couple of local vendors who do work for me and
don't take cards.

R.Wieser <address@is.invalid> wrote:
> Carlos,
>
> > In the EU, even knowing the bank account data of someone doesn't allow
> > anyone to extract money from it.
>
> Yeah, you need to have proof that you are a company to be able to do that.
> And registering yourself as a company is quite hard here, you only have to
> pay a nominal fee and you're one (been there, done that).

Yes, but can you then actually extract money from people's (Dutch)
bank accounts?

> ... which is exactly what happened a number of years ago. People who
> noticed unknown companies dipping into their accounts, and had to act
> themselves to get that money back.

AFAIK, they can only do an 'incasso' ('collection' in English?) and
you can reverse that and then they have to prove that it's legit.
(Happened only once to me, in however long incasso's exist.)

> As for a smartphone for authentication ? I always found that odd. You have
> exactly *zero* control over what is going on on it, and if you make sure you
> can (rooting it) you are flagged as "insecure".

See below on poor Joe Average User.

> Besides that, its a *non-secure* chain, in the sense that pretty-much any
> helpdesk employee can transfer your phone number to another physical phone
> (social engeneering).

In most cases, the *phone* is the second factor (in 2FA), not the
phone *number*.

> As for using a smartphone to order *and* do MFA ? Thats like having your
> (four-digit?) bank code writen on the card itself. IMHO thats just /asking/
> for it...

It can be done quite safely. The question is what percentage of Joe
Average Users *know how* to do it safely.

[Rest - mostly agreed with - deleted.]

Newyana2 <Newyana2@invalid.nospam> wrote:
> "R.Wieser" <address@is.invalid> wrote
>
> | Although full-blown paranoids see danger /everywhere/, I have been called
> | called paranoid for pointing the above out.
>
> That's basic ostrich strategy. If you warn them a
> lion is coming they'll see it as raining on their parade.
> When privacy and security first began to get focus,
> mentioning any preventive measures would immediately
> illicit "tinfoil hat" namecalling.

FYI, all but one of the scenarios mentioned in your post can not
happen here / are no problem here in The Netherlands (and probably not
in the rest of the EU).

So this seems to be again US-only (or NA-only?).

The last scenario - dead lady found - can and did happen, even after
10 years! :-(

[...]

On 2023-11-11 14:52, Newyana2 wrote:
> "R.Wieser" <address@is.invalid> wrote

....

> Auto-payment is increasingly popular here. I prefer
> to write checks. The only company accessing my bank
> account is the US Treasury. If I wanted to change the
> account that they access I'd have to file a form in person
> at the bank. The UST requires a password and then sends
> me a temporary email key. No cellphone or device ID
> required. I think the cellphone authorization is primarily
> a Google idea. It adds significantly to their tracking ability
> to have clear, frequent confirmation that you're connected
> with a particular cellphone that they're tracking. And it's
> being used as security for email, which has virtually no
> security by design!

I don't recall Google T&C saying they track bank apps, so I doubt they
do it. Even with SMS there are limits to what they do.

....

--
Cheers,
Carlos E.R.

"Carlos E. R." <robin_listas@es.invalid> wrote

| I don't recall Google T&C saying they track bank apps, so I doubt they
| do it. Even with SMS there are limits to what they do.
|

I don't mean that Google records your banking
transactions, though nothing would surprise me.

What I meant was that the very idea
of a cellphone for authentication is a way for Google's
gmail, or other services, to connect your cellphone
to a confirmed personal ID and location tracker. That means
that their tracking collar data from your phone can be
confidently linked to you personally. The idea that 2FA with
a cellphone is necessary for email is absurd. Google's
rifling through most email. Most people are leaving their
email on a server and reading/composing in an insecure
webmail UI. And even encrypted email is decrypted with
each handoff on its way to the destination. It's only
protected from man-in-the-middle attacks. In short, email
is not private communication. So Google's demand of
cellphone 2FA never made sense, except for tracking
purposes.

You seem to be enitrely in the dark about even
standard tracking. This is what I was talking about
with the links, such as the Kochava story. Kochava is
just one dataminer, buying spy data from "free"
cellphone app makers and other sources to create a full
record of you: your religion, politics, shopping, and your
exact location in real time, all the time. Google does
similar. They also share data with credit card companies.

https://www.washingtonpost.com/news/the-switch/wp/2017/05/23/google-now-knows-when-you-are-at-a-cash-register-and-how-much-you-are-spending/

All of these snoops are selling data and exploiting data.
Forcing you to have and use a cellphone connected to
your email is esentially making you tie on a tracking collar.
But Google are very clever. All of their products and
spying are so convenient and seamless and functional
that once you're in the Google zoo it's far too much
hassle to consider leaving.

Newyana2,

> | Although full-blown paranoids see danger /everywhere/, I have been
> | called paranoid for pointing the above out.
>
> That's basic ostrich strategy. If you warn them a
> lion is coming they'll see it as raining on their parade.

Yep.

Than again, having to think about something you can't change stresses the
mind out, and as a result it will refuse to think about it any further.

> Notice that Carlos didn't say his chief concern is
> convenience. He just labelled any other approach as
> a "very limited life".

Although its the easy, convenience-driven excuse, he's not absolutily wrong
in that. I'm starting to run into walls because a credit card is all some
(internet) companies accept. Even in my own country.

And I like to pay cash. Not because its so secure (though its /the/ privacy
method), the ammount of money in my wallet (and having to fill it up again)
acts like a gauge. I keep my spending habits under control that way.

Regards,
Rudy Wieser

Frank,

> Yes, but can you then actually extract money from people's
> (Dutch) bank accounts?

Yes, that is what happened. Banks trusted companies more than the regular
john hancock. After all, the owners of those companies are known, right ?
But the crooks wised up and used mules to create the (bogus) companies...

> AFAIK, they can only do an 'incasso' ('collection' in English?)
> and you can reverse that and then they have to prove that it's legit.

Indeed. But the crooks betted on their victims either not checking their
statements rigorously and cross-checking the entries with their receipts.
Heck, I do not even do that. IOW, they hoped to (and did) fly under the
radar (for a while).

> In most cases, the *phone* is the second factor (in 2FA), not the
> phone *number*.

If you send an verification SMS to a phone number, it gets received on
whatever phone that that number is linked to.

> It can be done quite safely. The question is what percentage of
> Joe Average Users *know how* to do it safely.

It can ? Try me.

And no, combining other another number with what is written on the card
doesn't count. Although it is a method to have a single master-"password"
for a heap of cards (how many do you have ?), in that case its also another
security risk. :-\

Regards,
Rudy Wieser

On 2023-11-11 19:48, Newyana2 wrote:
> "Carlos E. R." <robin_listas@es.invalid> wrote
>
> | I don't recall Google T&C saying they track bank apps, so I doubt they
> | do it. Even with SMS there are limits to what they do.
> |
>
> I don't mean that Google records your banking
> transactions, though nothing would surprise me.
>
> What I meant was that the very idea
> of a cellphone for authentication is a way for Google's
> gmail, or other services, to connect your cellphone
> to a confirmed personal ID and location tracker. That means
> that their tracking collar data from your phone can be
> confidently linked to you personally. The idea that 2FA with
> a cellphone is necessary for email is absurd. Google's
> rifling through most email. Most people are leaving their
> email on a server and reading/composing in an insecure
> webmail UI. And even encrypted email is decrypted with
> each handoff on its way to the destination. It's only
> protected from man-in-the-middle attacks. In short, email
> is not private communication. So Google's demand of
> cellphone 2FA never made sense, except for tracking
> purposes.

Email is not used for bank verification.

Because the context is using something on the phone as second factor to
authorize banking operations.

>
> You seem to be enitrely in the dark about even
> standard tracking. This is what I was talking about
> with the links, such as the Kochava story. Kochava is
> just one dataminer, buying spy data from "free"
> cellphone app makers and other sources to create a full
> record of you: your religion, politics, shopping, and your
> exact location in real time, all the time. Google does
> similar. They also share data with credit card companies.
>
> https://www.washingtonpost.com/news/the-switch/wp/2017/05/23/google-now-knows-when-you-are-at-a-cash-register-and-how-much-you-are-spending/
>
> All of these snoops are selling data and exploiting data.
> Forcing you to have and use a cellphone connected to
> your email is esentially making you tie on a tracking collar.
> But Google are very clever. All of their products and
> spying are so convenient and seamless and functional
> that once you're in the Google zoo it's far too much
> hassle to consider leaving.
>
>

--
Cheers,
Carlos E.R.

Newyana2 <Newyana2@invalid.nospam> wrote:
> "Carlos E. R." <robin_listas@es.invalid> wrote
>
> | I don't recall Google T&C saying they track bank apps, so I doubt they
> | do it. Even with SMS there are limits to what they do.
>
> I don't mean that Google records your banking
> transactions, though nothing would surprise me.
>
> What I meant was that the very idea
> of a cellphone for authentication is a way for Google's
> gmail, or other services, to connect your cellphone
> to a confirmed personal ID and location tracker. That means
> that their tracking collar data from your phone can be
> confidently linked to you personally. The idea that 2FA with
> a cellphone is necessary for email is absurd. Google's
> rifling through most email. Most people are leaving their
> email on a server and reading/composing in an insecure
> webmail UI. And even encrypted email is decrypted with
> each handoff on its way to the destination. It's only
> protected from man-in-the-middle attacks. In short, email
> is not private communication. So Google's demand of
> cellphone 2FA never made sense, except for tracking
> purposes.

Not this FUD / urban legend AGAIN!

This (non-)issue has come up again recently and was debunked for the
umpteenth time. (Last time (around October 23) by Andy Burns and me in
thread "T.bird 115 locked out" in this group.)

I even told *you* specifically as recently as September 27 in *this*
very group.

You do *not* need a cell phone for Gmail, *nor* for 2SV (it's not
(always) "2FA").

*If* you need *2SV* for your Google *Account* (not Gmail) there are
several options, the lowest one is a phone *number* (*not* a *cell*
phone and probably not even a phone at all).

So can you STFU with this nonsense!

> You seem to be enitrely in the dark about even
> standard tracking.

Considering the above, I suggest you step away from the mirror, NOW!

[More of the same/similar FUD / urban legends deleted.]

Yes, some of these things can happen, but it's quite offensive to
claim that Carlos is not aware of the risks *if* he's doing the kind of
things you describe.

You owe him (and the group) an apology!

R.Wieser <address@is.invalid> wrote:
> Frank,
[...]
> > In most cases, the *phone* is the second factor (in 2FA), not the
> > phone *number*.
>
> If you send an verification SMS to a phone number, it gets received on
> whatever phone that that number is linked to.

In the snipped part you talked about "a smartphone for authentication".

*That* was what I was referring to. SMS is only *a* way of 2SV (not
2FA). There are many other means of 2SV/2FA, especially on smartphones,
and those other means do not use phone numbers to communicate with, so
they do not have the (phone number change) danger you were describing.

> > It can be done quite safely. The question is what percentage of
> > Joe Average Users *know how* to do it safely.
>
> It can ? Try me.

Lock your phone *and* the 'dangerous' apps, preferably with biometrics
(I use fingerprints) and preferably auto-locking.

BTW, do you have a smartphone? If so, what platform (Android/iPhone)?

> And no, combining other another number with what is written on the card
> doesn't count. Although it is a method to have a single master-"password"
> for a heap of cards (how many do you have ?), in that case its also another
> security risk. :-\

Huh? You lost me. In the snipped part you were talking about "As for
using a smartphone to order *and* do MFA ?", so I responded in/to that
context. So what "card" are you talking about?

No offense, but you snip - IMO too much - context and then you seem to
lose track of even your own (con)text. Two times in a single post is a
little too much for my taste, so perhaps a little less snipping or/and
more reading/remembering?

On 11/11/2023 19:27, Frank Slootweg wrote:
>
> So can you STFU with this nonsense!
>
>

TAKE IT EASY SLOOTWEG. NEWYANA2 AND HIS PREVIOUS NYMS MANYAMA IS SIMPLY
SPOUTING NONSENSE BECAUSE HE HASN'T GOT FIRST-HAND EXPERIENCE OF USING
GMAIL, ONLINE BANKING OR ONLINE SHOPPING.

HE HAS READ SOMEWHERE (MOSTLY IN NEWSGROUPS SUCH AS XP, VISTA, OR
WINDOWS7 - ALL OLD TECHNOLOGY WHICH THEY ARE STILL USING) THAT ONLINE
BUSINESSES ARE ARE SPYING AND TRACKING SO HE IS HERE TO SPREAD THAT
RUMOURS. YOU NEED TO LEARN TO IGNORE THEM BECAUSE THEY ARE NOT LIKELY TO
CHANGE AND ONE DAY THEY WILL REALISE THAT THEY CAN'T DO ANYTHING WITHOUT
KNOWING HOW ONLINE BUSINESS WORKS. DID I SAY THEY ARE STILL USING OLD
TECHNOLOGIES BECAUSE THEY DON'T TRUST NEW ONES? THEY WILL CONTINUE WITH
THEIR BELIEFS BECAUSE THAT IS ALL THEY KNOW.

THERE ARE PRISONERS WHO HAVE BEEN IN JAIL FOR SO LONG THAT THEY CAN'T BE
RELEASED NOW BECAUSE THEY WILL FIND IT VERY DIFFICULT TO COPE WITH
MODERN LIFE OUTSIDE. THEY WILL NEED TO LEARN HOW TO USE CASHPOINTS TO
WITHDRAW MONEY OR HOW TO GO OUT AND DO SHOPPING AT A MALL. THE WORLD HAS
CHANGED SINCE THEY WERE LAST FREE IN THE OPEN WORLD AND IN PRISON THEY
ARE SHIELDED FROM EVERYTHING. THEY WON'T EVEN KNOW THAT THINGS HAVE TO
BE PAID FOR TO SURVIVE OUTSIDE THE PRISON BECAUSE IN PRISON THEY DON'T
PAY FOR ANYTHING!!.

TAKE IT EASY AND KILL-FILE THEM RATHER THAN CLOGGING UP THIS NEWSGROUP
WITH NONSENSE TALKS.

I HOPE YOU LIKE READING THIS MESSAGE. MY KEYBOARD HAS CAPITAL LOCK SO
JUST TESTING IT TO ANNOY YOU AND OTHERS ON THESE NEWSGROUPS.

HOORAY I JUST DID IT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Frank,

> In the snipped part you talked about "a smartphone for authentication".

Somewhat. It was a response to the parent talking about them.

> *That* was what I was referring to.

Ah? You just skipped what I said about it and where actually talking to
the parent and what he said about a phone ? Odd ...

>> > It can be done quite safely. The question is what percentage
>> > of Joe Average Users *know how* to do it safely.
>>
>> It can ? Try me.
>
> Lock your phone *and* the 'dangerous' apps, preferably with biometrics
> (I use fingerprints) and preferably auto-locking.

I don't get that. I was talking about writing a bank cards PIN on the card
itself. which is something you quoted, and suddenly you are talking about
phones again ?

> Huh? You lost me. In the snipped part you were talking about "As for
> using a smartphone to order *and* do MFA ?"

Tell me, what did I write directly after what you quoted there - and which
you quoted in your previous post but now have excluded ?

As for a response to that above (partial) quote : do you do that often,
putting the chickens and the fox into the same box ? Its not an 'if'", but
just a 'when' that the one will grab the other.

Especially as, as I mentioned before, most people (including you?) have zero
idea what those apps all are doing on their phone - and have no way to
check.

> No offense, but you snip - IMO too much - context and then you
> seem to lose track of even your own (con)text.

:-) You sound like the pot who claims the kettle is black.

Regards,
Rudy Wieser

R.Wieser <address@is.invalid> wrote:
> Frank,

Sorry, but my elective root canal procedure has priority. Better luck
next time.

"Carlos E. R." <robin_listas@es.invalid> wrote

| Because the context is using something on the phone as second factor to
| authorize banking operations.
|

I was talking about the privacy problem of 2FA through
a phone for anything.

On 2023-11-12 01:17, Newyana2 wrote:
> "Carlos E. R." <robin_listas@es.invalid> wrote
>
> | Because the context is using something on the phone as second factor to
> | authorize banking operations.
> |
>
> I was talking about the privacy problem of 2FA through
> a phone for anything.

What problem?

The service that wants me to identify already knows that I'm going to
identify through the phone and it is me. There is no privacy leaked.

--
Cheers,
Carlos E.R.

Frank,

> Sorry, but my elective root canal procedure has priority.
> Better luck next time.

Yeah, same here. I don't quite like hypocrites.

Regards,
Rudy Wieser

Carlos,

> The service that wants me to identify already knows that I'm going to
> identify through the phone *and it is me*.

How ? By them calling your number and asking if the person answering is
you ? Yeah, that'll certainly work ... Number hijacking isn't a thing.
Nosirree.

Also most, if not all 2FA is computerised. Besides the user, no actual
persons involved..

And so you have a smartphone which sends a request for transfer of funds,
and the same smartphone receiving a request to allow that transfer. If you
get malware on your phone which can initiate (or manipulate!) the transfer,
what do you think is the chance that the same malware can intercept and
answer that 2FA request and handle it (either by replay, thru manipulating
the 2FA app or just by social engeneering the user itself) ?

> There is no privacy leaked.

I think you're the only one here bothered by that. Somehow I think that
most, if not all others are more concerned by the possibility of seeing
their bank accounts being drained.

Regards,
Rudy Wieser

R.Wieser <address@is.invalid> wrote:
> Frank,
>
> > Sorry, but my elective root canal procedure has priority.
> > Better luck next time.
>
> Yeah, same here. I don't quite like hypocrites.

I just looked up "hypocrite" in the dictionary, but I'm afraid it does
not say: Someone who doesn't play along with dishonest snip-and-distort
games.

Sorry for trying to have a normal conversation with you on some points
you raised, I should have known better.

Of course, as always, you claim that your respondent is the one who is
in the wrong. Nothing new there.

But anyone who wants - and that - theoretically - includes you -, can
check who said/snipped what, in which sequence, who misinterpreted/
misrepresented what and who dodged which questions.

As I said: Better luck next time.

On 2023-11-12 07:58, R.Wieser wrote:
> Carlos,
>
>> The service that wants me to identify already knows that I'm going to
>> identify through the phone *and it is me*.
>
> How ? By them calling your number and asking if the person answering is
> you ? Yeah, that'll certainly work ... Number hijacking isn't a thing.
> Nosirree.

You are being ridiculous.

>
> Also most, if not all 2FA is computerised. Besides the user, no actual
> persons involved..
>
> And so you have a smartphone which sends a request for transfer of funds,
> and the same smartphone receiving a request to allow that transfer. If you
> get malware on your phone which can initiate (or manipulate!) the transfer,
> what do you think is the chance that the same malware can intercept and
> answer that 2FA request and handle it (either by replay, thru manipulating
> the 2FA app or just by social engeneering the user itself) ?

This is some concern I already mentioned.

>
>> There is no privacy leaked.
>
> I think you're the only one here bothered by that. Somehow I think that
> most, if not all others are more concerned by the possibility of seeing
> their bank accounts being drained.

I'm not concerned by the alleged leak of privacy. It is somebody else
who is.

--
Cheers,
Carlos E.R.

On 11/11/23 04:01, Carlos E. R. wrote:
> On 2023-11-11 07:28, T wrote:
>> On 11/10/23 04:16, Carlos E. R. wrote:
>>> Arlen, you are a paranoid.
>>
>> Dude.  Paranoids have enemies too.  They
>> just find them quicker than regular folks.
>>
>> Please do not go picking fights on this group.
>
> He started...
>

You did not have to respond

Frank,

> I just looked up "hypocrite" in the dictionary, but I'm afraid
> it does not say: Someone who doesn't play along with dishonest
> snip-and-distort games.

Indeed it doesn't.

But it however /does/ say that its someone who demands others to (not) do
something, while doing the opposite themselves.

> Sorry for trying to have a normal conversation with you on some
> points you raised, I should have known better.

Same here, as we had a similar clash not too long ago.

> But anyone who wants - and that - theoretically - includes you -,
> can check who said/snipped what, in which sequence, who misinterpreted/
> misrepresented what and who dodged which questions.

:-) You must have totally missed where I did spell exactly that out to you
two posts back.

But no, you have not missed that at all. You've just choosen to ignore it,
instead trying to play your "I don't understand" game.

> As I said: Better luck next time.

Same back to you. But don't get your hopes up.

Regards,
Rudy Wieser

Carlos,

>>> The service that wants me to identify already knows that I'm going to
>>> identify through the phone *and it is me*.
>>
>> How ? By them calling your number and asking if the person answering
>> is you ? Yeah, that'll certainly work ... Number hijacking isn't a
>> thing.
>> Nosirree.
>
> You are being ridiculous.

You noticed ! :-)

And why do you think I was acting that way ? Perhaps because I thought the
same about what you penned down ? Could it be ?

Good, now we got that outof the way, explain how someone at the bank calling
"you" is supposed to know its /you/, and not someone who took over your
phone number (and knows a thing or two about you).

And than the (to me) obvious problem : How do you know that the one who is
calling you "from the bank": is actually /from the bank/ ? IOW, the "are
you who you say you are" works *two* ways, not just one.

> This is some concern I already mentioned.

You did ? Where ? (date/time of the post will probably be enough, though a
short "start here" quote will be appreciated) I want to read what your
conclusion was. Thats assuming that you came to one, and not just left it
dangling ...

Regards,
Rudy Wieser

R.Wieser <address@is.invalid> wrote:
> Frank,
>
> > I just looked up "hypocrite" in the dictionary, but I'm afraid
> > it does not say: Someone who doesn't play along with dishonest
> > snip-and-distort games.
>
> Indeed it doesn't.
>
> But it however /does/ say that its someone who demands others to (not) do
> something, while doing the opposite themselves.

You have a habit of *implying* these alleged wrongdoings, but never
actually *point out* (i.e. quote) where these are supposed to have taken
place. OTOH, I preserve/quote relevant context, so there's no doubt
about what I'm responding to.

So, you can still backup your above veiled allegation(s) with
specifics, instead of vague insinuations, but I doubt you will.

> > Sorry for trying to have a normal conversation with you on some
> > points you raised, I should have known better.
>
> Same here, as we had a similar clash not too long ago.

Yes, it's probably best to try to avoid eachother.

> > But anyone who wants - and that - theoretically - includes you -,
> > can check who said/snipped what, in which sequence, who misinterpreted/
> > misrepresented what and who dodged which questions.
>
> :-) You must have totally missed where I did spell exactly that out to you
> two posts back.

If you mean the "the chickens and the fox" thing: That made absolutely
no sense (in context). As there was enough aggro already, I didn't ask
for clarification.

> But no, you have not missed that at all. You've just choosen to ignore it,
> instead trying to play your "I don't understand" game.

Just because you play games doesn't mean your correspondents do. Your
- often offensive - responses didn't make sense because of the snipped
context, so I asked for clarification, but that's apparently a 'game' in
your eyes (Zoals de waard is, vertrouwt hij zijn gasten.)

As to "You've just choosen to ignore it", what's *your* excuse for
(snipping and) not answering my specific questions? (Clue-by-four: "BTW,
....")

> > As I said: Better luck next time.
>
> Same back to you. But don't get your hopes up.

Don't worry, I won't.

On 2023-11-12 14:14, R.Wieser wrote:
> Carlos,
>
>>>> The service that wants me to identify already knows that I'm going to
>>>> identify through the phone *and it is me*.
>>>
>>> How ? By them calling your number and asking if the person answering
>>> is you ? Yeah, that'll certainly work ... Number hijacking isn't a
>>> thing.
>>> Nosirree.
>>
>> You are being ridiculous.
>
> You noticed ! :-)
>
> And why do you think I was acting that way ? Perhaps because I thought the
> same about what you penned down ? Could it be ?
>
> Good, now we got that outof the way, explain how someone at the bank calling
> "you" is supposed to know its /you/, and not someone who took over your
> phone number (and knows a thing or two about you).
>
> And than the (to me) obvious problem : How do you know that the one who is
> calling you "from the bank": is actually /from the bank/ ? IOW, the "are
> you who you say you are" works *two* ways, not just one.

First, my comment was regarding privacy, not security. You are moving
the goalposts.

Then it is not a phone call, it is an encrypted message sent to the bank
application, so seeing the message requires one or two passwords.

>
>> This is some concern I already mentioned.
>
> You did ? Where ? (date/time of the post will probably be enough, though a
> short "start here" quote will be appreciated) I want to read what your
> conclusion was. Thats assuming that you came to one, and not just left it
> dangling ...

Date: Thu, 9 Nov 2023 20:20:58 +0100
+++--------------------
> The point of two factor authentication is to add a _second_ layer of
> security so that if your account/password is stolen - which happens a lot
> in data breaches - there must be a second 'token' - something you _have_.
> With SIM swap fraud the malefactors effectively have your phone and can
> get the code.
>

Right.

So imagine I use the app in the phone to connect to the bank. The bank
sends a code by SMS to the *same* phone, the app reads automatically the
message and logins.

Now suppose my phone is stolen...
--------------------++-

--
Cheers,
Carlos E.R.