On The Banishment Of Cash (part1)

I am failing to understand four simple things:
why do people always fail to know the limits of their individual reach?
why do people always believe everything authorities say?
why do people always think «it won't happen to us»?
why do people always prefer to lose everything in order to save a part?

All these four shine and glitter as they intricately weave into the topic of «cash vs plastic» (keep them in mind while reading).

It has become a popular fad to use «plastic» instead of cash… as usual people are completely unaware of the dangers of this fad. And for some reason they think that «plastic» is somewhat equivalent to cash — NOT EVEN REMOTELY!

The most important issue is (as usual) the simplest one and (as usual) the most ignored one — WHO COMMITS A TRANSACTION? You come to a store for a loaf of bread, you pay for it and take it away. Are you sure it was you who payed for it? I am sure, because I always use cash. When I give a banknote to a cashier I physically commit the transaction — this is MY FINAL SAY. When you type your PIN, you MERELY ASK a bank to commit the transaction for you. In the end of the day it is the bank's decision whether you gonna have this loaf of bread or not. Think about it for once! The bread you are having now is not a result of a free trade between you and a backer, it is a free will of an (undoubtedly honest) 3rd-party. The bank decided on their own volition to allow you to have this bread, and they can as easily decide to starve you at any time.

And when I am speaking about bread, I literally mean bread. It is a common practice in Ukraine and Russia to arrest bank accounts of family members of political dissidents, thus rendering them incapable of engaging in any trade, i.e. buying bread. When you are under a police investigation for political reasons, you are offered a choice: your family will starve unless you confess that you were digging a tunnel under Kremlin with a premeditated goal to assassinate the dear comrade Stalin. The most famous implementation of this tactics is the Ruslan Kotsaba case, his wife and kids have only survived thanks to the public campaign (launched by the defence attorney) encouraging people to trade with the wife for cash (she is a pastry chief).

But, of course! It can not happen to you! No way! (Ask The Lighthouse Project what methods do courts and prosecutors employ in USA and Canada to exert pressure on falsely accused.)

The banks do not bother with breaching your security, they took away your agency altogether.

(to be continued)

Fingers vs Fingerprints

It turned out that my "Authentication vs Identification" article was not sufficiently conclusive in the sense that some hardcore biometrics fans still nurture a non-trivial and well justified objection. So I need to address and destroy it, in order to close the topic. My opponents' argument is:

Your analysis narrows the both sides of the problem to a knowledge/ownership claim. Even if you are right, the conclusion is only applicable to the authentication by means of a knowledge token, whereas all the rest relations between the user and the token (suitable for authentication purposes) are set aside. There is one particularly important relation (the one fundamental for the entire biometrics field): «the user is» or other way around «the token is a part of the user» — this relation implies inalienability which makes the token safe for authentication purposes.

It is true. Completely true. It is undeniably true! In the physical realm.
Read more →

Each Security Hole Is Created By Someone Deliberately.

Naked Security reports another (not very special) piece of malware for Android. It is quite sophisticated and effective, it has fooled almost 200K users.

I want to talk about one particular detail, quote:

The apps were installed directly onto unwitting Android devices as the extension bypassed the operating system’s permissions process.

Once again my question is how is it even possible in a mentally sane world??? Who created this bypass and why? No questions asked to Android, everybody is throwing feces at «evil-evil-evil» developers of malware. I believe that the idea of infosec related media is to channel the users' wrath into a safe direction, away from those who made malware possible in the first place, and suppress real inconvenient questions to the «trusted» developers and «respected» vendors.

Within the next few days I will explain you all evils of the android quasi-security — today I am too angry.