monko

Ok buddy.

Speaking from personal experience, prepaid cards rarely work for these types of transactions. If you think service providers don't know the difference, you're kidding yourself. There are good reasons to demand a real card.

No, unfortunately that is simply untrue.

The payment processor in the article, Stripe, does indeed work with crypto businesses and allows users to keep a crypto balance, but you would need to convert to regular tender to book a room at a Radisson (at least according to their website).

Sadly for the hodlers, while you might be able to buy your coke and hookers with Dogecoin, the hotel will want a credit card on file.

Earth 2.0's soft launch was met with modest success, but some far-right critics claim the day 1 patch, which removed racism, bigotry, and hate based on identity, makes the game "unplayable."

God he is so good at losing money rn

The article is about service providers, like payment processors, offering alternatives to far-right interests when incumbent providers refuse their business.

For a cryptocurrency to be useful, it would need to be accepted by the service provider. And I doubt you could pay for your anti-vax rally at the airport Radisson with crypto.

Perspective: shoebox.

Values: likely shoebox-based, or perhaps worshipping the ever-present AC

Science: science as a set of principles and methods for understanding the physical world wouldn't be affected by a man or men in a shoebox.

I wasn't really sure what you were talking about, so I looked them both up, and I think there's a really good chance your optician gave you Nazi-tinted lenses by mistake.

Gotcha, point taken. Ultimately, I think there needs to be a better identity proofing process overall. But that may rely on a total infrastructure overhaul, which seems unlikely.

I get what you're saying, but it's not about getting locked out. It's about other people using recovery methods to take over your account. Why would anyone try to break through durable public-key encryption when you can just phish a victim's email account password?

And it's not like real-time phishing for 2FA/MFA isn't widespread—it's just not automated to the same level as other methods. That said, two- or multi-factor is going to stop 99% of automated hacks. It's the determined ones that I'm concerned about.

In regards to the Apple thing... Apple passwords can be reset using a recovery email. That means the security of the account leaves Apple's ecosystem and relies on the email provider. So, if I'm a cybercriminal determined to hack your account, I start there.

Then, if you've got your keychain all set up, it's time for a SIM swap. I clone your SIM or convince your mobile carrier to give me a SIM with your number. And even if recovery contacts and keys are alternatives, the use of SMS is problematic. If you really can turn it off, then I'm all for it. But if you can't be sure, neither can I.

SMS is a very low-security option that is showing its age. It was never intended to be a secure verification method, yet it's become incredibly popular due to its availability. Unfortuantely, telecom companies are simply not interested in upping their security.

All SIM swap protection is opt-in at this point. Verizon and the gang might wise up considering the lawsuits leveled at them by victims—many of whom lost millions in cryptocurrency due to the carriers' negligence—but it's not likely.

The point here isn't that passkeys are bad for consumers. They're convenient and about as secure as existing methods. The problem is that they're being sold on average folks as a security upgrade even though they're more of a sidegrade. PKI/FIDO already existed before the whole passkeys buzz did, and it had the same limitations. This is mostly just branding and implementation.

Depends on the provider in question. While Apple does allow SMS recovery, they also let you designate a trusted contact who can let you in as an alternative. This is obviously more convenient (if you have a friend or family member who can be available when you need them), but the situation with SMS vulnerabilities is still my main gripe.

Totally! Browser and device fingerprinting are commonly used as first-line defenses against ATOs (account takeovers). There are other kinds of fingerprinting, like those that can learn about your installed hardware and drivers. Really, I'm learning about more fingerprinting methods all the time. That said, decisions are usually made based on several different information sources. These include variables like:

• GPS geolocation
• IP address/location
• Time of day
• Device ID, OS version, browser version, etc.
• Hardware profiles, including CPU and GPU architecture/drivers
• User behavior like mouse movement, typing patterns, and scrolling
• Whether the user is connecting via a known VPN IP address
• Cookies and extensions installed on the browser

There's even some buzz around "behavioral biometrics" to identify individuals by how they type, but this is still not the sole method of identification. It's mainly about flagging bots who don't type like humans. However, learning how an individual types can help you determine if a subsequent visitor is the actual account owner or a bad actor.

In my experience, fingerprinting and adjacent identity proofs are rarely used in isolation. They're often employed for step-up authentication. That means if something doesn't match up, you get hit with a 2FA/MFA prompt.

Step-up can be pretty complex if you want it to be, though, with tons of cogs and gears in the background making real-time adjustments. Like you might not even realize you've been restricted during a session when you log in to your bank account, but once you try to make a transfer, you'll get an MFA prompt. That's the UX people in action, trying to minimize friction while maintaining security.