What about being required to carry a your-own-government-controlled tracking device?
Because the US or Chine government can't harm me in Europe via the data they collect from me, But the EU authorities can if they want to, so naturally I fear them more if they were the ones hoovering my data.
What are the odds they're using this on-shore tech grab to implement their own domestic version of China's social credit score system, to easily get data on their own citizens who commit "wrong-think", without having to through the effort to twist the arm of US entities every time they want to do that?
Food for thought, but I do think we're living the last years of online anonymity, it's inevitable.
The EU commission just passed chat control to have government mandated software in every phone
https://www.eff.org/deeplinks/2025/12/after-years-controvers...
In some areas, sure - like GDPR.
In other areas, absolutely not - like chat control.
As another commenter pointed out, it seems as if government mandated privacy intrusion is OK, while violations by corporations are quickly shutdown. It’s like the opposite of how it works here in the US.
The Danish proposal for indiscriminate chat control did not receive enough support and was retracted last autumn. Similar proposals have been put forward regularly over the past 30 years and have so far come to nothing just as regularly.
For the conservative (and sometimes not so conservative) non-experts things like this sound like an easy win. So every new generation of politicians has to be educated about it again.
The Danish proposal for indiscriminate chat control did not receive enough support and was retracted last autumn. Similar proposals have been put forward regularly over the past 30 years and have so far come to nothing just as regularly.
Once you give people an outside boogieman(Putin, Trump, Covids, etc) or a self inflicted false flag crisis(surge in violent crime rates for example) to shake them up to their core and put the fear in them, you can then easily sell your intrusion of privacy in their lives and extension of the police state, as the necessary solution that protects them.
When you start lose control of your people because their standard of living has been going downhill for 2 decades and they realize the future prospects aren't any better so they hate you even more, you can regain control of them by rallying them up on your side in a us-versus-them type of game against external or internal aggressors that you paint as "the enemy". The media is your friend here. /s
This isn't an EU or US exclusive issue, it's everywhere with a government issue. The difference as to why the EU people seem to be more OK with government intrusion compared to the US, is that EU always has external aggressors the government can point to as justification for invasiveness and control, while the US has been and still is the unchallenged global superpower so it has no real external threats ATM, meaning division must be manufactured internally (left vs right, red vs blue, woke vs maga, skin color vs skin color, gender vs gender, etc) so that the ruling class can assert control in peace.
Either way, we all seem to be heading towards the same destination.
Only from corporations, but not from their own governments. A lot of Europeans put a lot of blind faith into their governments and the EU, and criticism of these institutions is usually met with accusations of being a bot, MAGA or russian troll.
>The European institutions are characterized by a huge devision of power.
Didn't really stop them passing whatever rules they wanted during Covid, did it? Or today with Russia and Ukraine situation. Sure is convenient that we keep having more and more crisis and boogiemen that governments can leverage to deflect accountability and bypass the wishes of the population, for our own good of course.
>There is no chance that European instutitions can impose their will against a considerable majority of people.
Famous last words. People always can be, and routinely are, manipulated to vote against their own best interests, even if everyone claims manipulation doesn't work on them. The propaganda industry is HUGE. Why do you think Germans supported to tie themselves to Russia's gas and destroy their nuclear power. Was it all their original thoughts or was it a massive campaign of dis-/mis-information designed to get everyone on board the same train? And mass manipulation like this is every other Tuesday these days. See Cambridge Analytica.
A individual person can be smart, but people together as a collective voting block, are stupid, and the elites treat us like cattle, as seen in the recent files.
The problem with this phrasing is it makes it sound hyperbolic, but it is important to remember the world is large and there are always, in a literal and normal sense, multiple major crises going on at any moment.
People who don't pay much attention to politics sometimes get confused about why crises elevated by the corporate media get ignored. A big answer is becuase they are elevated for political reasons, usually the crisis is fairly routine in absolute terms.
True, but my point I wanted to draw attention to, is HOW these crisis are handled now, not that there's many of them.
Every crisis now seems to be exclusively used as a vehicle to justify taking away just a little bit more of your freedom and anonymity, or implement more fiscal policies that will leave you footing the bill but just so happens it will be enriching the wealthy as a side effect.
Because such policies shoved out the door in times of crisis, don't pass through the lengthy public debates and scrutiny regular policies have to go through, so it's the perfect opportunity to sneak and fast-track some nefarious stuff in.
I'm not that old yet, but I don't feel like this backdoor was misused to this extent in the past, like pre-2008 I mean (except 9/11 of course). It definitely feels like politicians have gooten of taste and are abusing this exploit now more with every little opportunity.
Now imagine being debanked by your own government because they don't like what you're saying and becoming unemployed, homeless and dead. I don't think they're remotely comparable.
For example, a few years ago, a power tripping gov bureaucrat turned off my unemployment payments over a technicality. Luckily, I had enough money to pay a lawyer to sue them and won, but it was tight. What if I hadn't had the money to hire a lawyer? Since I was in a foreign country, with no family or close friends to fall back on. I was exclusively relying on the welfare state I paid into for years, that then turn its back on me for shits and giggles.
So I don't think you understand just how bad it can be for you if your government decides to turn on you and fuck with you, if you're comparing this to losing access to your work email account.
See the famous case of UK postal workers that got fucked by their government trying to hide their mistakes.
Of course in this judge's case there might still be some banks who are willing to work with him even at the risk of getting sanctioned as there weren't language in the news that he was completely debanked which I assume they would highlight if it was the case.
It is not unreasonable for governments to pursue avenues for laundering money. I recognize that you likely don't believe governments should prosecute money laundering, but that view is not aligned with the majority of citizens in your country.
The government can prosecute money laundering and all the other crimes, but it's not an excuse to impose extrajudicial punishment. Until they stop, having some cash and crypto is your only means of defense.
I'm unsure about your reference to extrajudicial punishment, is it referring to de-banking associated with AML and KYC regimes in the US? If so, I agree that unjust things are unjust. I believe we should seek to fix those injustices directly through lobbying lawmakers, rather than rejecting an entire system that has significant security benefits.
I am sympathetic to people who have a fatalistic attitude when it comes to political reforms. Having other financial instruments as a backup is a good practice.
It's not entirely hopeless I guess. For what it's worth, the US government recently issued an EO that purportedly stops banks from debanking you for political reasons. Hopefully a future administration would take care of the other part.
Since when is google a bank?
>The only solution is untraceable, permissionless money, like Monero. Why do you think governments try so hard to ban it?
Because untraceable currency is mostly used by criminals for crime.
How is this comparable to your government debanking you meaning that no bank, landlord, layer or job will touch you?
It's as close as you get to a complete shunning from modern society. You're reset to the cash you hold on you and keep custody of. And yes. In the U.S., the list that manages who can and cannot transact is centralized under OFAC. So it is at the whims of Executive whether or not any financial activity can be done with you.
They lost access to everything american, including Visa and Mastercard. It's in french and maybe not the best source but it's not paywalled :
https://www.tf1info.fr/international/nous-sommes-attaques-le...
> "Payments are mostly cancelled," he continued, "as almost all cards issued by banking institutions in Europe are either Visa or Mastercard, which are American companies."
They are not completely debanked since they can go to the bank and withdraw cash, but it's a crippling situation to be in.
One only needs a few looks at what the EU Commission has been doing lately to see that if left unchecked their plan is a UK-like total surveillance state.
Attestation in on itself isn't unwarranted which (to me) is an important security measure. Attestation as commonly implemented on Android via Play Integrity (the way banking apps are known to do) is restrictive, sure: https://grapheneos.org/articles/attestation-compatibility-gu... / https://archive.is/snGEu
It's a security measure against the owner of the device, in other words, an attack. Would you be okay with me using a remote control to forcibly slow down your car so I can merge? Using attestation this way is fundamentally incompatible with ownership. If the bank wants some assurance about a device, they need to sell or issue one to me, like credit cards or point of sale machines, which are explicitly not your property.
The fact that the assurance is provided by a third party you have little recourse against just adds insult to injury.
Would you consider MFA to be a measure against you, the owner of the device, because it makes it harder for you to login?
>If the bank wants some assurance about a device, they need to sell or issue one to me
They are offering you free software and are operating under a security model tied to these specific devices. You're still free to walk into their branches, or use their physical cards, if you prefer not use their limited selection of devices.
>Would you be okay with me using a remote control to forcibly slow down your car
Car manufacturers do this as well though. Some of this is for the benefit of their customers (preventing theft from easily cloned keys). Some of this is not for customer benefit, like locking down infotainment systems.
Banks however are only interested in preventing fraud.
Not really, unless the MFA involves the same type of attestation involved in the process. TOTP is fine, and you can put it in your password manager to avoid phones, and can be done without consenting to any spying. And I don't really own the account anyway.
> use their physical cards
The premise of this discussion is these will get replaced by the hostile phone app, since the Europeans are too lazy to make a proper replacement.
> locking down infotainment systems
I don't agree with that either, but you can presumably buy a car without one, and you'd still be allowed to drive. What if the government says, you can't drive anymore UNLESS you use the locked down infotainment system and consent to all the ads/spying that comes with it?
In theory - of course, it shouldn't make it any harder for _me_ to login, it's just that in practice the friction is inevitable since it can't distinguish between me and someone else without it.
> You're still free to walk into their branches, or use their physical cards, if you prefer not use their limited selection of devices.
The point is that this freedom is going away. I'd absolutely want to use their physical cards (there are smartcards with e-ink displays which would be a great thing for confirming payments), but no, they're slowly taking this away, starting by limiting transfers done without their mobile app.
And _their_ mobile app needs to invade __my__ property by locking down the system. I understand this might be neccessary to ensure the UI can be trusted, but this shouldn't happen on my device as it restricts my ability to do completely unrelated things.
In this example, a banking app is not making the entire Android device non functional when it refuses to work when remote attestation like Play Integrity fails.
Like I said, I'd be fine if they offer a viable alternative, like a card or a physical authentication dongle (which doesn't require spyware to use).
If it's an important safety measure _for me_, shouldn't I get to decide whether I need it based on context?
I think it's fair for banks to apply different risk scores based on the signals they have available (including attestation state), but I also don't want the financial system, government & big tech platforms to have a hard veto on what devices I compute with.
Sure, banks could probably build a mechanism that lets some users opt out of this, just as they could add a Klingon localization to their apps. There just isn't enough demand.
I don't think a good security engineer would rely on atty as "front line" anti brute force control since bypasses are not that rare. But yeah you might incorporate it into the flow. Just like captchas, rate limiting, fingerprints etc and all the other controls you need for web, anyway.
I know I'm quibbling. My concern is that future where banks can "trust the client" is a future of total big tech capture of computing platforms, and I know banks and government don't really care, but I do.
Correct. And the end of ownership, privacy, and truth too. If something can betray you on someone else's orders, it's not yours in the first place. You'll own nothing and if you aren't happy, good luck living in the woods.
Hm, Play Integrity isn't that slow on Android, from my experience.
> don't think a good security engineer would rely on atty as "front line" anti brute force control since bypasses are not that rare
I'm not privy to device-wide bypasses of Play Integrity that ship with Trusted Execution Environment (which is pretty much all ARM based Androids), Secure Element, and/or Hardware Root of Trust, but I'd appreciate if you have some significant exploit writeups (on Pixels, preferably) for me to look at?
> My concern is that future where banks can "trust the client" is a future of total big tech capture of computing platforms
A valid concern. In the case of smart & personal devices like Androids though, the security is warranted due to the nature of the workloads it tends to support (think Pacemaker / Insulin monitoring apps; government-issued IDs; financial instruments like credit cards; etc) and the ubiquity & proliferation of the OS (more than half of all humanity) itself.
Hi, you don't have the break the control on the strongest device. You only have to break it on the weakest device that's not blacklisted.
The situation is getting better as you note, but in the past the problem was that a lot of customers have potatos and you get a lot of support calls when you lock them out.
> think Pacemaker / Insulin monitoring apps; government-issued IDs; financial instruments like credit cards; etc
I agree with you on the need for trustworthy computing. I mainly disagree on who should ultimately control the trust roots.
A monitoring app doesn't even interact with systems you don't own. Just put a liability disclaimer for running modified versions.
> warranted
Decided by whom? And why is Google trusted, not me? At minimum, I shouldn't face undue hardship with the government due to refusing to deal with a third party, unless we first remove most of Google's rights to set the terms.
This is unserious when Insulin overdose can be fatal.
> And why is Google trusted, not me?
(Hardware-assisted) Attestation on Android doesn't require apps to "trust Google".