this post was submitted on 25 Apr 2024
5 points (61.9% liked)

Privacy

31935 readers
701 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Banks, email providers, booking sites, e-commerce, basically anything where money is involved, it's always the same experience. If you use the Android or iOS app, you stayed signed in indefinitely. If you use a web browser, you get signed out and asked to re-authenticate constantly - and often you have to do it painfully using a 2FA factor.

For either of my banks, if I use their crappy Android app all I have to do is input a short PIN to get access. But in Firefox I also get signed out after about 10 minutes without interaction and have to enter full credentials again to get back in - and, naturally, they conceal the user ID field from the login manager to be extra annoying.

For a couple of other services (also involving money) it's 2FA all the way. Literally no means of staying signed in on a desktop browser more than a single session - presumably defined as 30 minutes or whatever. Haven't tried their own crappy mobile apps but I doubt very much it is such a bad experience.

Who else is being driven crazy by this? How is there any technical justification for this discrimination? Browsers store login tokens just like blackbox spyware on Android-iOS, there is nothing to stop you staying signed in indefinitely. The standard justification seems to be that web browsers are less secure than mobile apps - is there any merit at all to this argument?

Or is all this just a blatant scam to push people to install privacy-destroying spyware apps on privacy-destroying spyware OSs, thus helping to further undermine the most privacy-respecting software platform we have: the web.

If so, could a legal challenge be mounted using the latest EU rules? Maybe it's time for Open Web Advocacy to get on the case.

Thoughts appreciated.

you are viewing a single comment's thread
view the rest of the comments
[–] mox@lemmy.sdf.org 7 points 6 months ago (1 children)

It is annoying, and they're definitely pushing people toward invasive smartphone apps using various means, but this particular annoyance has a good reason:

Browsers simply aren't as secure as individual apps, mainly because they execute code from other web sites as well. That means credentials available to a browser are only one remote exploit away from being compromised. And browsers are big, complex beasts with an unending stream of vulnerabilities waiting to be discovered and exploited. Tight countermeasures make sense for things as important as banks and medical info.

[–] possiblylinux127@lemmy.zip 3 points 6 months ago (1 children)

While it is true that web browsers do have security issues sometimes, they do sandboxing quite well. They isolate each tab in its own memory space and process so that an exploit would be limited in scope

[–] mox@lemmy.sdf.org 3 points 6 months ago* (last edited 6 months ago) (1 children)

They isolate each tab in its own memory space and process so that an exploit would be limited in scope

Browser sandboxing is nice when and where it works, but is not universal, complete, or immune to exploitable bugs. It also happens to be a high value target.

[–] possiblylinux127@lemmy.zip 3 points 6 months ago

True but all things considered its pretty decent