It's an even more dire question: do you want a future where you're required to carry that cellphone on your person at all times?

And for the slippery slope: do you want a future where it's legal to arrest people until their phones can be verified? To prevent impersonation, maybe chip people like dogs so that they can be reliably matched to their phones, and make it a crime (maybe "attempted impersonation") to tamper with the chip or to help someone tamper with the chip?

Magisks have stopped providing patches to games that helped to bypass root detection.

But for people thinking about it, its still worth it, with Afwall+ to not have ads in any app, newpipe to have functionality of youtube premium and barinsta to make sure you are not dragged into endless reels recommendations on instagram, its magic.

I use a Pi-Hole in my LAN, and Wireguard to it. Low latency so works very well, and given it has a killswitch my connection is always secure -- public WLAN or WAN be damned. The downside is my device and all apps have access to my LAN. Although some of my devices are on a DMZ, and the Pi-Hole works from there as well but the rest of the LAN not.

[1] https://f-droid.org/en/packages/me.austinhuang.instagrabber/

Personally, I gave up on root when it became too much of a hassle to maintain, which was after Android 4.4 as far as I remember.

In this case, there is a clear government and/or corporate motive in increased data mining and social control, so the only thing restricting them is they need to make people accustomed and not consider it too intrusive in non-totalitarian societies.

Things like "contact tracing" or "preventing terrorism" or "think of the children" are among the ways that the powerful actors at the top are convincing the populus that such a measure would be necessary (and beneficial), and the majority of the population does not seem to care much about this to do anything. Hence, it is reasonable to believe that the claimed event (phone being required at some level) is going to happen at some point.

If you run across any of those in the real world, let me know.

But on topic of the questions in this discussion, allow me to offer an unpopular opinion, just because it sounds like an interesting thing to think about.

> As great as smartphones are, do you want a future where everyone is required to purchase one, an a cell plan to exist in society, to engage in commerce, enjoy shelter, health care and security?

Required to purchase one? How about given one instead? In my country, we have eID cards, which can be used for digitally signing documents and can serve as methods of authenticating against a government site - due to legislation, now everyone gets one, much like people got passports. And yet, nobody questions needing these cards or passports, even though technically if you lose yours, you do have to pay for a new one because "it's government property".

Alternatively, if people would still have to purchase one, force the manufacturers to be open about their production costs and profit margins, mandate certain specs of devices not to exceed certain pricing - much like Chromebooks have already taken over education in many places of the world due to their relatively simplistic nature, i don't see why we couldn't have basic spec Android devices in abundance either.

Better yet, protect phones and being able to use them like one would treat the likes of eID cards and similar:

  - all phones need security updates for 5-10 years from the manufacturer
  - all phones need certain levels of battery life: if a new Nokia 105 can last for a week, i don't see why you couldn't cut down the standby modes of Android phones to do the same
  - all phones need their batteries to be replaceable by the user, should they want to do so, no phone can be sold without them as available replacement parts for purchase
  - all phones need proper permission setups: a passcode for installing apps, and full control over network requests, similar to NetGuard https://netguard.me/
  - all phone OSes need to be open source and open to modification, no more locked bootloaders or other stuff like that (might need a confirmation with the user's code first)
  - all phones need their hardware drivers and all documentation pertaining to those be open source
  - all phones must support custom apps being written, installed and run by the owner, much like a *nix machine doesn't constrain you
  - all phones must support third party app stores, should the user choose to use them, e.g. FOSSHub/Fossdroid
  - to fight malicious usage of the above, have a LED indicate whether a custom ROM is or isn't being loaded and have a checksum or something show up during boot with info about any digital signatures of the ROM

Who knows, maybe eventually the majority of phones would once again become more blocky and more of them would be IP-68 certified, or something like that. In my mind, phones should be dependable computing devices, more like a Raspberry Pi/Arduino with a sturdy case in your pocket, rather than dainty status symbols. Think along the lines of these:

  - https://www.catphones.com/en-us/
  - https://www.ulefone.com/
  - https://us.blackview.store/

I already do, so nothing would change for me. I cannot imagine leaving a phone at home, much like i cannot imagine spending a day without Internet (this is probably a controversial statement, should lend itself to some discussion about how people live nowadays, especially the younger generation). Doing so would be depriving myself not only of a means to communicate and navigate, but also of the ability to look things up, like tutorials, or information about something that i'm interested in. Some might extend those arguments to things like note taking, audio notes included, as well as entertainment. Alternatives exist, of course, but they're rather unwieldy - who wants to drag a notepad, a map and a compass, as well as a voice recorder, maybe a dumb phone or a walkie talkie with them separately?

Edit: probably interesting to compare this with carrying a wallet around - since it has money/bank cards and quite possibly ID and other pieces of information as well. Which could be replaced by a phone. And it's not like you could use it after stealing/robbing it off of someone, since it would be behind a passcode or additional lock mechanisms.

> And for the slippery slope: do you want a future where it's legal to arrest people until their phones can be verified?

I have no illusions about this not being abused if that were ever the case, which kills argumentation in favor of anything like it from the onset. Similarly to how there were various "tests" put in place before voting in US, many of which targeted ethnic minorities. I bet similar excuses could be made about officers "failing" to validate a phone/identity due to "technical issues" and thus depriving people of their freedoms.

That said, i am in favor of means to identify people that actually work for a change - you should not be allowed to start a company on someone's behalf after presenting pieces of information that could easily be found out, like someone's name and any sort of a national identifier. My country basically had the same problem - a national identification number for each person, which many sites still asked for during signup. Due to this value ever leaving the confines of something that holds and uses it as necessary, it's no longer reasonable to rely upon. Consider the eID cards instead - it stores a private key and can only be used to sign things with PIN codes that the user must know/store themselves. The certificates never leave the physical device. We need more of that approach. PII leaking would suddenly become a less harmful thing, because it's not like you could actually do anything with that information.

> To prevent impersonation, maybe chip people like dogs so that they can be reliably matched to their phones, and make it a crime (maybe "attempted impersonation") to tamper with the chip or to help someone tamper with the chip?

Pretty dystopian, admittedly. Some people already do, to enjoy the benefits of RFID chips. Personally, for the most part, i'd prefer to stick with fingerprints for opening biometric locks with phone apps and such acting as alternatives. Then again, if i were writing a dystopian novel (you know, more dystopian than real life, where every action that we take online is catalogued and can be looked up by the powers that be) it'd be curious to explore the benefits and drawbacks of having everyone have chips in them. If the society were ruled by a benevolent AI? Probably less crime and strong application of the law. If the society were ruled by regular people? Probably blackmailing and discrimination like you cannot even imagine.

(note: none of these views are exactly held strongly, just something fun to ramble about)

It is just hard to tell it to a machine. So i am ok to use a token for that.

The trouble for me are the instances, that want to certify, that i am me. I dont need them, but they are there. The middleman, who wants to have a say, to allow or deny.

I have no problem to tell a token, that it is me. I am pretty happy to self-certify myself.

Actually it is - while you provide for yourself and that may be fine, if you have dependents, having daddy be the single source of authentication for everything is pretty damn stupid. You might have accounts for your kids but they need to actually access those accounts.

If you end up in a coma in the hospital, again, having yourself as the single source of authentication for medical purposes is pretty dumb, too.

If you have any group of people dependent upon a thing, having yourself as the single source of authentication is pretty damn stupid. Look up how nuclear missiles are/were protected, if you want a real world tech example.

This thing where people assume they are the only thing in the world so whatever they want is fine for everybody else, that the real fucking stupid thing.

Well, that's the crux of the problem, isn't it? We need a way for you to confirm that it's you and not someone else who has stolen your credentials. Multiple factors of authentication generally work well enough against this. Same for physical devices, be it those eID cards or something like YubiKey or whatever.

> I am pretty happy to self-certify myself.

Well, that's how GPG/PGP works - as long as you give your public key to other people by yourself, be it in person or otherwise. Then you can manage the private certificates for signing stuff yourself however you wish - be it keeping them in a cloud account somewhere (hopefully not), on a local HDD, a USB stick, or printed on a piece of paper where you'd re-type it as necessary (just a silly example).

The problem is that people want a central authority for certain cases, such as interacting with the government - with the appropriate set of software and middleware built around it, so less technically literate people could just put the card in a reader, input a few codes in some official software and be on their way, rather than trying to figure out what the hell a keychain is.

This shit has got to stop. I ran into similar doing a mortgage... They "only accepted the escrow payment through ${RANDOM_APP}." Yea right, y'all can take a check, and they did.

I'm quite sure _all_ the app does is process the payment.:rolleyes: /s No way they collect/sell any info I send through it. Oh, and I'm sure they'll be super upfront whenever their database that my info sits in for eternity with 'admin:admin' protecting it gets popped.

That said, my previous workplace has offered entrance with cellphone, as well as entrance by regular key fob. Over time, I have seen people switch more and more to cellphone method, and either returning the keyfobs or leaving them at home.

Also, a nitpick: you don't necessarily have to purchase a cell plan for your phone. For example the scheme discussed in the article will work over WiFi just fine. And if you are in front of your computer trying to login, the chances are, you have WiFi as well. So while old cellphone is less convenient that keyfob (needs charging, bigger, heavier), it is still pretty usable.

Whenever I hear about "smart" devices as a replacement for something that is safety/security critical (like a lock), the question of what happens when the internet and/or power fails is rarely even considered. Does the lock fail open or closed? Does the door open if there is a fire in the building that damages the internet/power wiring? If it fails open, does that mean someone can bypass the lock by simply cutting the network/power cables outside the building?

There might be reasonable answers to these questions at a large business building that can afford fallback options, but I'm not sure there are good answers for e.g. residential situations.

If the batteries die and you need to get inside, you need to have a physical key or an alternative ingress.

    Paula: "...what's that?"
    Blank Reg: "It's a book!"
    Paula: "Well, what's that?"
    Blank Reg: "It's a non-volatile storage medium.
                It's very rare. You should have one."

I had a broker request a switch from a printed card with challenge responses to a cell phone based system. Rejected with prejudice. Never ever will I do banking or trading with a cell phone.

- Go to the supermarket (you can ask a friend with a phone to help you order online)

- Take a taxi (usually, depends on the driver)

- Eat at a restaurant

- (Basically, enter any place of business)

- Go to the hospital

- Travel to another province

- Visit any scenic area or large public park

- Get a Covid test

- Visit your friend’s apartment (usually)

What if your battery dies? Super-reliance on cell phones means this is a solved this problem: it’s trivial to rent a charger anywhere there’s a convenience store.

To be clear, I also see this as an anti-pattern. The presence or absence of an expensive connected device should not restrict what a person can do in meat space. A person not carrying a mobile phone is still a person.

But I don’t see how you actually do contact tracing at scale without this. In the beginning of the pandemic, entering a supermarket meant writing your contact info (including ID number!) on a paper ledger at the entrance. Fuck that.

The person who smashes their phone, on the other hand, would be totally screwed. Ubiquitous surveillance means that cell phone theft is basically not a thing anymore because the thief is pretty much always caught.

No, I don’t. So it’s a good thing you can already use FIDO authentication without a phone using e.g. a Yubikey!

FIDO security keys connect over USB or NFC to authenticate into a computer. There have not been much successes using them for physical access.

No one remembers that, because it didn't happen. It was misreported, but the correction never went as viral.

“[The data centers are] hard to get into… [T]he hardware and routers are designed to be difficult to modify even when you have physical access to them. So it took extra time…”

https://engineering.fb.com/2021/10/05/networking-traffic/out...

I believe there's laws in some states that require cash to be accepted.

That's before discovering we can't be cured after an car crash because our smartphone can't properly identify ourselves with emergency care smart systems, or we can't enter our hose due to an e-ID vulnerability of our connected door.

I kinda liked smartcards for authentication: https://en.wikipedia.org/wiki/Chip_Authentication_Program

This stuff is simple, works offline and is hard to hack.

I understand it still has some shortcomings, such as permitting MITM attacks.

I hope the new FIDO standard gets a variety of implementations, including dumb keys, etc.

If that does, I revert back to a 1990s savage!

I don't see it as a slippery slope argument because almost everything will eventually move to being online-based, and if "having a phone" becomes the standard for authN, then someone without a phone is excluded from participating in all of those things.

I’d be fine with this, so long as there’s a safety net of some sort to provide cheap/used phones to anyone who now needs one. Computers make lots of things easier, and forcing every business to accommodate the additional complexity of non-electronic access sounds like a bad idea.

That said, I do agree that something should be done about “use this app to open your apartment door” and “use this app to do your laundry”. I think the emphasis should be on interoperability. So you as a business can’t require the use of a specific piece of software, but you can specify a protocol, preferably one that’s already in use.

As for “my phone lost charge at 3am and I got locked out”. I see this as equivalent to “I lost my keys at 3am and got locked out”; unfortunate, but ultimately either your fault or bad luck. Time to call a locksmith (or digital equivalent, a hacker?).

Kinda hard to with a phone that's out of charge...

[*] Obviously after confirming it's really theirs and/or they have the requisite authority. The usual disclaimers apply.

  > If you knew that you needed phone charge to enter your apartment I bet you'd bring a spare battery pack when you went out.

Re-read please out loud :

"If you knew that you needed phone charge to enter your apartment I bet you'd bring a spare battery pack when you went out."

I'll have you know that I read all of my posts out loud several times before submitting them. Otherwise I wouldn't be sure if they were up to HN's high standards.

Having not read UBIK, I'm not sure what exactly you were going for by comparing having to keep your phone charged to "a deeply unsettling existential horror story, a nightmare you'll never be sure you've woken up from"[0].

I genuinely do not see how being required to manage a phone's battery is any more onerous a requirement to place on someone than keeping track of a key. People are used to doing both already, and of course I'm not suggesting that it would be acceptable to remove existing fallback measure like resetting locks in the event of a lost key/phone.

[0]: Grossman, Lev. "Ubik–All-Time 100 Novels". Time. (via Wikipedia)

really? you can predict how much you use your phone during the day? my key will never loose power, people calling me is something i can't control.

and control is the problem here. i can control that i will not loose my key. just as i can control that i will not loose my phone. and while i know that usually i can get through the day with a single charge, i can't predict that one day a year where that charge won't be enough. so just because of this unpredictability i have to go out carrying a backpack just so i can carry a powerbank. because my phone fits in my pockets, an extra powerbank requires me to have some kind of bag, in summer when i want to go out with shorts and a t-shirt. oh and what about my off-grid weekend trips where i don't get an opportunity to charge my phone for two days?

also, what about my kids who are to young to have a phone on their own?

requiring a phone severely affects my lifestyle in ways that i just don't want.

but i just realized what the solution to the power management is: every door that requires a phone needs to have a charger station right next to it. only that would really solve the problem of being able to make sure i can have a charged phone when i need to enter.

that still doesn't solve the other problems, but at least i can leave the powerbank at home now

What if you drop the phone and break the screen?

i have yet to find a powerbank that small. though if such a powerbank existed it would actually help because it would not be able to carry more charge than what is needed to unlock the door. it wouldn't be useful for much else.

RFID seems like the perfect building access system to me. You can disable individual key fobs (whereas with metal keys you have to rekey the locks each time someone moves out) and they're cheap to replace.

I definitely wouldn't mind having the option to use my phone, but it just isn't a good single point of failure. Software is nice and everything, but not nice enough to control access to my home.

Is something really more convenient/better if it doesn’t work when you need it most?

Just carry a Tesla Powerwall for your building. You could fit in the space you save by not needing keys!