> So: Are you in?

No, I just want Mozilla to focus on Firefox, the browser.

The problem is that we're supposed to use these "secure apps" on our own devices.. but since they need these enhanced security guarantees, our own devices cease to be ours.

Google is to blame, they're abusing device security by preloading their unremovable spyware with elevated privileges.. people then want to remove it but then find themselves unable to use banking apps because of this.

I'm not against having a separate secure phone to use with banking apps, but that phone must be designed for security, not for Google's ad driven business model..

Your words can be reasonably interpreted as "that phone must be an iPhone"; did you actually mean this?

I'm not a fan of Apple, but I have to admit they're less intrusive when it comes to unremovable unwanted software (it's less open for those making software though).

I wish we didn't have to choose between Google and Apple, especially here in Europe where we can be sactioned by the US for doing our job..

WebAssembly sucks with regard to emulation speed, it doesn't even support native JIT. If you disagree, go and make a QEMU port where TempleOS doesn't take 5+ minutes to load.

WebKVM is what we need..

Was that not basically in the same vein as Google's NaCL? Was that not largely abandoned due to the success of WASM.

lol?

> AI-powered spam blocking.

This message is not spam. I repeat, there's no spam in this email.

You're absolutely right! I'll put this at the top of the inbox.

> a historic victory in preserving U.S. sovereignty and protecting American workers and businesses from extraterritorial overreach

It seems only US is allowed to be sovereign according to US

Extraterritorial overreach is ok if the US does it, not ok if done to US.

The US wants to act in it's own best interest. It also wants everyone else to act in the US' best interest.

Same as everyone else.

Shouldn't this data be public anyway?

More or less. Unless it's something to do with the employee's privacy or something to that effect. Doesn't mean the criminals are the good guys here, since they're trying to make bank on it instead of releasing it to the public -- if it's something that the public has an interest in.

No, not really. The science products eventually become public (after 1st access right by contributing nations). But why would the API keys (for instance) ever be public?

Terraform files? Seems waste of time to have to make it public.

The title is misleading. "Allows" need to be in quotes - they did everything they could to make sure this won't change anything in practice. Screw Apple.

Could you elaborate? Other than the "Japan" requirement it seems legit?

I guess the requirements are pretty onerous, but they all seem like table stakes for a browser these days (Firefox or Chrome should have no problem with them, for instance.)

They weren't going to title "Apple forced to allow alternative..."

They are the ones allowing the alternatives because they are the gate keepers. They have "the keys"

We can't let banking apps invade our property.. things like banking apps need so much control in order to be secure that they need to exist on dedicated devices.

> things like banking apps need so much control in order to be secure

They don’t. It’s a security theatre.

Bank security has and never had anything to do with real security. It's all stupid audit checkboxes and missing forest for the trees. I've dealt with PCI and similar auditors and I wouldn't trust them with my gym locker combination.

My only solution is to have multiple accounts, spread the risk, and rely on legal protections and bailouts when they inevitably screw up.

In Spain (I think the whole Hispano-America by proxy) the BBVA's banking app just allow a 6 char long password. This is bullshit. Also, if you try to root the smartphone the app might disable itself. I'm tired of this. Can't wait to a good cyber attack from Russia+China so the whole security theater crumbles down (and in China too because of the social credit) until the civil rights get restored back.

"At <insert bank>, my voice is my password."

That's not really necessary, though I understand why banks are doing this when they're held responsible for their customers' inability to spot fraud before hitting the "transfer my life savings into a Bitcoin wallet" button.

Having a dedicated "banking device" is a good solution for power users, though I'd probably just switch banks if my bank tries to pull that bullshit on me.

But the user needs to be able to override this faulty check, albeit my solution is to never let any app decide what I can have on my device by not installing the app.

EDIT: there's also Android Protected Confirmation that works in the TrustZone so apps can't display over that. It was made exactly for apps like banking apps, so they should use it.

This is "protect the users from themselves" as-a-feature to prevent scammers from using malware to obscure their scams. Letting the user override the warning would make the entire feature useless.

Using overlay permissions, it's relatively simple to trick someone into transferring money by overlaying a different UI that the malicious app makes the user type or paste into. I believe blocking access to the app while such an overlay is present makes a lot of sense. Trusting apps from Google Play to do this while blocking other install sources would be an obvious mistake, though.

I'd argue this feature shouldn't exist (because of things like the API you mention) but having a user override doesn't make sense here.