this post was submitted on 04 Nov 2023
30 points (96.9% liked)

No Stupid Questions

35735 readers
885 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 

ATMs I’ve checked:

BNP Paribas: no balance inquiry option. Nor did it print the balance on the receipt.

Attijariwafa: no balance inquiry option. Both ATMs are always out of paper, so no way to check whether the balance would be printed on the receipt. Anti-feature: you must enter your PIN before it shows you the menu. Does that mean it connects to my bank even in the absense of a transaction?

Ing: no longer has ATMs?
KBC: no longer has ATMs?
#Belfius: no longer has ATMs? (answered)
Aion: only has 1 ATM (unplugged & vandalized)
Europabank: has no ATMs?
DHB bank: has no ATMs?
Fintro: ATM is the same as BNP Parabas?
BBVA: do they still exist?
Bank of Baroda: has no ATMs?
Beobank: didn’t check if they have any ATMs
Keytrade: likely has no ATMs
BinckBank: likely has no ATMs

Batopin (3rd party w/Ing & KBC): no balance inquiry option.

This website claims to give a way to check your balance, but I’m not so trusting:

https://www.getmybalance.com/

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 1 year ago (1 children)

Your banks don’t have websites and apps in Belgium?

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago) (2 children)

Banks are gradually removing features from their websites in a progression toward complete elimination of the website. Some banks have already taken that step. They impose an app whilst also closing their over-the-counter service.

Unlike the US, 1-factor authentication by banks is illegal in Belgium. So for web access banks typically hand out devices for 2FA. Some banks avoid that cost by imposing a smartphone app in lieu of a card reader or RSA token (BYO smartphone).

There are many problems with bank apps in Belgium:

  1. You must buy smartphone hardware (the apps detect when they are executed inside a virtual machine & deny service [tested with Ing’s app])
  2. You must patronize a surveillance capitalist (create a Google or Apple account)
    2.1. You must subscribe to mobile phone service in order to satisfy Google’s unreasonable demand for a mobile phone number as a precondition to obtaining an account
    2.2. You must trust Google with your mobile phone number, IMEI number, and inventory of apps & versions you download (thus a reconnaissance risk)
    2.3. When Google records your place of banking, you must trust Google not to share that info (with debt collectors, for example)
  3. All bank apps in Belgium are closed-source, so you must trust the apps not to carry spyware and to work in your interests
    3.1. The bank’s privacy policies are written to allow your realtime location to be tracked via the app.
  4. You must chronically upgrade your hardware every few years because the bank apps are upgraded with reckless disregard to the lockstep-coupling of hardware to software on all phone platforms that are supported by Belgian banks. You cannot run a VM to prevent irresponsible electronic waste (see point 1)

The #GDPR possibly (and only symbolically¹) protects from some of that, such as Google sharing your place of banking with debt collectors. But the GDPR does not prevent criminal exfiltration of data that cavalier consumers trustingly agree to the collection of.

Footnotes:

  1. I say “symbolically” because consumers only have two pathways for remedy under the GDPR: article 77 & direct lawsuit. Article 77 has no teeth. When the DPA ignores/mothballs an art.77 complaint, there is no mechanism for action against the DPA. So DPAs are largely neglecting to treat art.77 reports. That leaves direct lawsuits. The EU has decided that GDPR plaintiffs are not entitled to compensation for legal fees. So that kills that option. You can get a symbolic win in court but you still lose because lawsuits are costly and the damages you can prove are negligable. So the GDPR boils down to an honor system.
[–] [email protected] 10 points 1 year ago (1 children)

I say this with the best intentions, and you have every right to take all these things into consideration, but you're sounding very paranoid. I think your best option would be to immediately withdraw any funds you receive and keep a completely paper administration.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

It’s more about ethics than security. I’m an ethical consumer, which means I will not patronize unethical companies. Feeding data to Google is as good as feeding money to Google. Google is part of the fossil fuel industry (they are in partnership with Totaal oil and use AI to help Totaal find places to drill for oil). My objection to Google collecting data on me is less about cyberattack and more about not supporting a harmful force in the world.

I’m also ethically opposed closed-source software because I think it misplaces power. The worst kind of misplacement of power is to give it to tech giants who abuse their power and use it against consumers.

I’m also ethically opposed to software designs that make phones disposable and force the disposal of perfectly good hardware. I’ll buy a smartphone after that problem is fixed. #RightToRepair is still insufficient. There needs to be a rule that the moment a phone maker decides to stop supporting a device, they must do whatever necessary to ensure the platform (kernel + drivers + gui) are FOSS at that point of dropped support. I’ll wait for it. I can hold out as long as needed.

W.r.t. paranoia, street wise people and those with some infosec background always seem “paranoid” to normal people. And to us, normal people are cavalier because they needlessly share information without applying the rule of least privilege. Privilege should only be granted on an as-needed basis and that includes access to information. It’s unreasonable for banks to snoop on people arbitrarily without a warrant. It’s not just that the banks abuse the info, but the overcollection exposes everyone to exfiltration by criminals. That’s not fiction - it has happened. (Captial One via Amazon contractor, Equifax, several other banks including a bank breach I recently detected but have not reported yet). I have already been the victim of multiple data breaches even with some diligence to not be completely reckless.

Trusting banks with sensitive info is the least of the problems I describe & possibly not a show-stopper in itself. But taking everything together I remain baffled at the zombie masses endorsing & supporting all of it. A basic information security class should perhaps become part of the mandatory secondary school cirriculums at this point.

[–] [email protected] 7 points 1 year ago (1 children)

My man.. You are not getting around the tracking. It's never going to happen. Unless you literally toss everything with a network connection and disconnect from the electric, gas, and water grids, you are going to be tracked.

[–] [email protected] 1 points 1 year ago (1 children)

You are not getting around the tracking. It’s never going to happen.

I do. I only access banks electronically if they accommodate Tor. The bank only gets to know my physical location when I do a transaction where that’s unavoidable. Even if I were to carry a mobile phone on standby wherever I go, the bank would get nothing from it if I don’t run their app.

[–] [email protected] 2 points 1 year ago (1 children)

I only access banks electronically if they accommodate Tor.

So they know when you logged in and what you did when you got there. So you can't escape it there.

The bank only gets to know my physical location when I do a transaction where that’s unavoidable.

So you can't escape this either.

Even if I were to carry a mobile phone on standby wherever I go, the bank would get nothing from it if I don’t run their app.

They would get nothing except the time, location, amount, business, and how that relates to the other purchases you make and all the data those transactions generate as well. That data is shared with the bank, Visa or MasterCard, and all credit reporting agencies. This is unavoidable too.

You are not getting out of this unless you allow it to seriously affect your life.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I figured you were trolling but gave you the benefit of the doubt right up until you mentioned “all credit reporting agencies”, in Belgium. There are no credit bureaus in Belgium, only a central bank which (unlike US credit bureaus) is public sector and not interested in grabbing data for profit, or in obtaining any data it’s not legally required to obtain.

Nice try though.

But FYI, your assumption would be wrong even in the US as well. Request your credit report from whichever credit bureau you believe is buying location data from your mobile phone provider. Notice the realtime location data is not on that report. Then go to your local small claims court and spend ~$100 to open a lawsuit against them for $1k (+~100 in court costs). Bring to court proof that they acquired your realtime CDMA/GSM location data, a copy of your credit report showing it’s not there, and a copy of the federal law requiring that consumer credit reports are complete when sent to the subject of the report (yourself). It might be the easiest $1k you’ve earned. You don’t have to prove actual damages either because the statute specifies $1k per violation. If you can catch all three credit bureaus doing what you claim, that’s an easy $3k. You can even hit all 3 in one case. Good luck!

BTW, I don’t put much stock into what you’re saying at this point but I am curious about the claim that phone providers are sharing sensitive personal info with Visa and Mastercard. Cardholders are just a number to visa & mc. Visa & MC do not even typically know the names of card holders. Exceptionally, if you buy airfare using a credit card, then the airline reveals the name of the passenger to the credit card company. Though to store that name as the account holder is ad hoc because they would have to make the assumption that the passenger and the buyer are the same person.