Hello, lately I started wondering which option is the best one, when it comes to privacy for bank notifications like incoming or outgoing transfers 
option set 1:
option set 2:
Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services
banking app is authenticated, the other options aren’t. It has transport encryption with only two parties, while email does tls on a voluntary basis with a number of relays in between. It’s man-in-the-middle by default. If your bank could do e2ee mail (pgp), then it would be fine, but I havent heard of a bank offering it
Therefore the app would be safer, but I guess not privacy friendly (trackers and so on)… is that correct? Thank you
so it sems to be a choice between security (an app) and the privacy (sms or e-mail) ?
banking apps of classic banks have less incentive to go wild on tracking. Review the score, crash/error feedback has a legitimate use.
I’d stay away from sms. Email is great, but just isnt confidential. At best it is s/mime signed so you have authenticity, but its not a private medium. I’m sad too, but maybe a few years from now something is getting standardized.
so if I take into consideration sms or e-mail, the mail seems to be a better choice?
Both are safe, as long as they are part of 2 or 3 validation steps, and on secure or trusted network.
Anyway, please be aware that while using public networks, all your identification factors (ID, password, email, and … yes SMS) can be intercepted by an attacker (MiM).
On a public network, you should consider using a “classic” SSL VPN (not TOR), and use only email as 2nd factor (SMS won’t be transmitted through VPN, email will be).
this seems to be logical 
regarding the internet connection I use home network and when I am out than I switch to mobile data on my phone 
so my intuition was right regarding this choice 
if the bank offers App notification, use this. Prefer not to receive sms or mail a bank, so any such message is questionable. It’s so easy to phish.
The MitM stuff in public networks is a tricky one. In the end your OS has a truststore for SSL certs that a MitM attacker can’t deceive. It used to be easy with plain http, but that time is gone
very interesting discussion, @smu44 / @tcecyk
Your post @smu44 has prompted me to think about it … what if a VPN and the VoWifi function are enabled? Are SMS going through the VPN, so they would be a safe option?
And what would happen if the phone is on in addition to being connected to Wifi (with VPN and VoWifi is on as well)? Would the SMS go through the cellular network, or the Wifi (so “safer”)?
Thank you for any feedback
Sorry, I can’t answer to any of your questions: no Vo(whatever) here 
I was asking the question above, because when I saw the report from exodus (in attachment), I was wondering what is better (or less worse ) … banking app / SMS or mail / login into the website … unfortunately it is not very clear yet in my mind …
This topic was automatically closed after 30 days. New replies are no longer allowed.
no issue, thank you anyway for your support, 