Great point. What I’m recognizing in that PR thread is that the bot is trying to mimic something that’s become quite widespread just recently - ostensibly humans leveraging LLMs to create PRs in important repos where they asserted exaggerated deficiencies and attributed the “discovery” and the “fix” to themselves.
It was discussed on HN a couple months ago. That one guy then went on Twitter to boast about his “high-impact PR”.
Now that impact farming approach has been mimicked / automated.
Many consumer banking apps have begun integrating similar identity verification third-party providers. They are very inaccurate.
Sometimes it works with the front camera on one smartphone but doesn’t with another (iPhone 17’s distortion), sometimes it recognizes your face on one day, but desperately fails to recognize you on another. I had to repeatedly record videos for it only to fail over and over again. Anything their system flags as suspicious, anything, will trigger the same video identification flow again, which effectively blocks your money in the account.
I’m closing my accounts with a couple of banks with these video id flows. Simply because it’s way too easy to lose access to my money in the account with them. If their QA is not good enough for this vital requirement, I don’t want to know how they treat other requirements. They simply outsourced the id verification to some third parties that are way too unreliable.
I can't speak to the accuracy, but I just integrated stripe's offering for our product (which involves banking). We were small enough for a while not to need it, but eventually the fraudsters find you.
If you don't take these measures, you will lose money to fraud. You may also lose your business because you aren't meeting your AML/anti-terror obligations. (I also just had to take my annual training course).
There are a bunch of mitigations, of which identity verification is just one, and all of them are lousy for our good customers. I wish the banking systems were better and we didn't need to do any of it.
When I researched a bank learning they want to use some third party never-herd-of identification service on me was the moment I knew I do not want to share any of my personal details and consumer habits with that so called bank. They do not care enough to pretend they keep all my data in-house.
I’ve got the feeling that it’s spreading and is soon to become the default.
Another banking app has failed to identify me a couple of times (I attribute it to iPhone 17’s front camera distortion) and fell back to the snail mail id code as a 2nd factor. It arrived only several business days later. Instead of just letting me use my own 2nd factor such as a TOTP device or a physical security key. But maybe there are some legal requirements for that flow, I’m out of the loop.
So there’s a whole range between passkey-is-enough on one end and outsourced video id or snail mail for 2nd factor on the other. The latter can of course be misused to siphon as much personal information as possible out of you, even linking and scraping your other banking accounts for consumer profiling - designed as a requisite part of the authentication/authorization flow.
Discover hit me with a 3rd party ID check (Socure) after being a customer of theirs for decades. They locked me out of my account, including access to savings, CDs, and credit card e-statements until I complied. And they did it without any warning.
Can someone explain what the real difference is to a consumer user between an iPhone and a Pixel or a Samsung device? Across all services, push notifications, and device backups.
Both promise security, Apple promises some degree of privacy. Google stores your encryption keys, and so does Apple unless you opt in for ADP.
Is it similar to Facebook Messenger (encrypted in transit and at rest but Meta can read it) and Telegram (keys owned by Telegram unless you start a private chat)?
There are things Pixels do that iPhones don’t, e.g., you get notified when a local cell tower picks your IMEI. I mean it’s meaningless since they all do it, but you can also enable a higher level of security to avoid 2G. Not sure it’s meaningful but it’s a nice to have.
Some of these companies don't make money from you, the end user, but by selling ads and data to more effectively deliver said ads.
Differences in capabilities, experience and implementation are all downstream from that. In other words, everyone pays lip service to privacy and security, but it's very difficult to believe that parties like Meta or Google are actually being honest with you. The incentives just aren't there.
With Apple, you get to fork over your wallet, but at least you seem the be primarily the user they've got to provide services to.
I think there’s also a topology chasm at play. Apple controls most of its hardware stack, with Qualcomm modems and Samsung displays, but the SoC is now Apple’s own. Google relies on rotating third parties to assemble the Pixels, hence poor QC. Samsung makes its own Exynos modems which they don’t dog-food and like Apple rely on Qualcomm instead, while Google still depends on Exynos.
Then there’s a big disparity across all Android hardware vendors. Google must cater to that more or less federated topology of Android devices. It’s much harder.
Yet I don’t see any technical blocker for an opt-in for an Apple-grade ADP in Pixels and Galaxies.
It’s all quite weird. Even with Google Passwords, how do I know that it’s E2EE if I can unlock it from a browser with just a device PIN? Lots of loopholes.
Addendum: this just in. Apple has much more to lose if they pull something like this; for meta, news like this... barely registers? At least I'm not surprised at all
I wonder how exactly Apple Intelligence works with ChatGPT and soon with Gemini. If I remember correctly, there’s no privacy there? If so, where’s the privacy boundary in Apple Intelligence?
Google pushes Gemini everywhere and wants to keep on to your interactions, with human reviews. While I applaud the transparency, having Gemini scrape my screen makes me uneasy. My frog’s not warm enough for that, yet.
And Gemini in Sheets and Docs is just a toy. Microsoft 365 Copilot is a step ahead but is wrong more often than not, at least from my interactions with them. Both very disappointing. No way to justify access to my personal or my company’s or clients’ information.
Apple promises something they call Secure Compute or so, don’t remember the exact name, which appears to be encrypted and randomized in their cloud compute, which is off-device. With iPhone being the most powerful to date (per GeekBench), Tensor Pixels will have to offload most of the edge compute to GCP, and Snapdragon Samsungs while being powerful (I have no idea but would assume) must follow the Pixel Android approach.
So AI features will exfiltrate even more personal information, occasionally, accidentally, or purposefully, and the user would have consented to that and the human reviews just to get access to the smart features.
> Can someone explain what the real difference is to a consumer user between an iPhone and a Pixel or a Samsung device? Across all services, push notifications, and device backups.
By default, Apple offers you at no charge: email aliases, private relay, Ask No Track barrier. These are just the ones I can think of right now. I am sure there are more. A big thing with Apple is not that they offer different privacy services but they make it EASY and SEAMLESS to use. No other company comes close.
Aren’t they part of iCloud+ only? Ask no-track can arguably compromise your privacy by fingerprinting.
I agree that the privacy controls on Apple systems are well-organized.
Still, it’s more important to have confidence that the privacy services are not smoke and mirrors with carefully carved-out loopholes. It’s one thing to provide something and hold the competitor as the litmus test, the other to sustainably live up to your promises, like the now pejorative “do no evil” slogan, with retroactive ramifications. There’s really little users can effectively validate about Apple’s privacy promises.
Apple also makes it easier to achieve that privacy:
- They put all the privacy controls in one place in Settings so you can audit
- App developers are mandated to publish what they collect when publishing apps to the App Store.
> - They put all the privacy controls in one place in Settings so you can audit
That’s true. On Pixel Android, there’s several unrelated places in the various settings for the device and for the Google account to take care of and see that they do not collide. And for every function there’s always some sort of small print like “it’s all private to you unless you choose to share” - but to use any of the features/services you have to “share” like with Google Photos and Calendar and Tasks, you lose track of what you share with whom in the end. So essentially not only the metadata is collected but also the content and nothing’s private as a result, at least that’s what I got to understand. And even if you ask Google to delete your personal information, it will retain it for a while for compliance purposes.
As for
> - App developers are mandated to publish what they collect when publishing apps to the App Store.
I believe that’s still moot and rather a voluntary disclosure that no one vets. I’ve seen apps with no collection stated on App Store but deviating privacy policies, or app functions that contradicted their own privacy policy.
From what I heard and read, I understood that as a well-meant idea but still a misconception on the consumer part due to lack of enforcement by Apple.
> From what I heard and read, I understood that as a well-meant idea but still a misconception on the consumer part due to lack of enforcement by Apple.
I'm not familiar with the detail so I cannot comment directly on what you are saying. I don't have the time to go read up on it right now.
But what I would say is that many aspects will be indirectly enforced by Apple (and can be audited/enforced by the user) through the privacy controls (location services, microphone, camera etc.). Clearly that does not cover everything, but it covers a large chunk.
Apple have also made it impossible to for example get a device-level ID, you can only get an app-level pseudo-device-id. So there are various code-level enforcements too.
Same here with a Pixel 10 Pro. Having seen issues that others have been struggling with, I’m shocked at the poor quality controls. It’s not only hardware, the software breaks every now and then. Looks like every patch introduces some bugs or bricks some Pixels. According to Gemini, it’s all known and has been discussed for a long time. I checked Pixel bug reports, some of them closed with wont-implement states, while users still struggling.
This was the first time in two decades that my smartphone broke, and it could only be replaced.
In the end, to me it’s really too much maintenance with Pixels and Android devices in general. Really don’t get it why people prefer Android. It’s like desktop Linux. Not there yet.
Sure, it just annoys me that people seem to have amnesia with all the bullshit associated with desktop Windows, I guess because they’re used to it.
The recent updates breaking Notepad and Calculator and Outlook and the Shutdown feature are rare in that they have gotten press, but there are hundreds of other bits of bullshit associated with Windows, like the fact that Windows Update just routinely breaks your computer and the Windows recovery and repair tools do not work, and as far as I can tell they have never worked for anyone.
Linux has its share of bullshit, but at least the backup and recovery tools actually work.
I haven’t had an issue with hibernate in a few years on the more normy-friendly distros like Mint or Ubuntu or Suse, but I acknowledge that some people still do. I still don’t accept that it’s less ready that desktop Windows.
That is terrible. I’ve been out of the loop with consumer Windows for like 20 years and enterprise Windows for a decade, last time was at a .NET shop. Two years ago or so, after watching a couple Microsoft folks give their talks, I tried one of the Microsoft Surfaces at a store and got quickly frustrated with it.
What you’re describing about Windows is very reminiscent of what Pixel users describe on Reddit.
I’m totally with you, I wouldn’t use Windows voluntarily. I’m not in a position to tell whether it’s more or less ready though, just no recent experience with it.
Yeah, if you’re comparing it to macOS, then I would broadly agree that desktop Linux is less-ready.
I do think it has improved considerably, especially on AMD hardware, and I think it’s better than Windows at this point. macOS is arguably better, but Macs are considerably more pricey, so they can be a bit difficult to recommend to people.
Text section is also extremely annoying when marking up PDF files in the Preview app (select -> highlight). Anything you select (whole words), deselects some trailing portion and you’re left with only part of your selection with a highlight pop-up prompt. You want to reselect, so you tap aside, and it deselects the entire fragment. You repeat, again a trifling piece gets unselected, but this time the partial selection remains in tact after the highlight popup prompt is dismissed, and you try to expand the selection, but it either doesn’t react or cancels the entire selection, just for fun.
It can take a few times to get the selection right, but by that time you forgot why you wanted to highlight that passage in the first place.
It totally breaks my flow of consciousness while reading and marking.
It happens on iPhones and iPads, with and without the Pencil.
Piercing the corporate veil is a very common practice across countries, both in civil and statutory cases as well as administrative cases. It’s a very fragile shell.
There’s little hardware improvement in iPhone 17 over iPhone 16. Arguably only the move from titanium to aluminum in the casing is a tangible performance enhancement (better cooling).
The iPhone 17 delivers significant display, battery, camera, and memory improvements. The aluminum switch does enhance thermal performance, but calling it the "only tangible" upgrade requires ignoring ProMotion displays, 36% longer battery life, 4x camera resolution boosts, and doubled storage.
The standard iPhone 17, in particular, received upgrades substantial enough that upgrading from an iPhone 15 or earlier makes strong practical sense. Hardly the profile of a phone with "little hardware improvement".
Thanks, you’re likely right, but significance is in the eye of the beholder. I don’t attribute much value to the marketing fluff and on-paper changes.
It’s great the battery improved but does it really matter? You still will charge every day.
The camera resolution, well, it’s still just a smartphone camera with some AI post-processing, which Xiaomi can do better with their Leica or Oppo with their Zeiss lenses. And either one is still bad compared to a proper camera.
ProMotion display, Pixel’s still better.
Your point about storage made me laugh, but let’s maybe leave it for another time.
That all is very minor and not noticeable to me. If you go from 10 to 15 it’s a 50% improvement, but if your competitors have been at 20 and won’t regress, you’re still behind.
So yes, to me, the aluminum case is the only tangible. My palms don’t burn anymore. And I’m grateful to Apple for letting me pay more again for this noticeable improvement.
It was discussed on HN a couple months ago. That one guy then went on Twitter to boast about his “high-impact PR”.
Now that impact farming approach has been mimicked / automated.
reply