Bank notifications

Hello, lately I started wondering which option is the best one, when it comes to privacy for bank notifications like incoming or outgoing transfers :thinking:

option set 1:

  • SMS text message
  • e-mail, e.g. on protonmail, tutanota

option set 2:

  • SMS text message
  • e-mail, e.g. on protonmail, tutanota
  • banking app from App Launch

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

banking app is authenticated, the other options aren’t. It has transport encryption with only two parties, while email does tls on a voluntary basis with a number of relays in between. It’s man-in-the-middle by default. If your bank could do e2ee mail (pgp), then it would be fine, but I havent heard of a bank offering it

2 Likes

Therefore the app would be safer, but I guess not privacy friendly (trackers and so on)… is that correct? Thank you

2 Likes

so it sems to be a choice between security (an app) and the privacy (sms or e-mail) ?

banking apps of classic banks have less incentive to go wild on tracking. Review the score, crash/error feedback has a legitimate use.

I’d stay away from sms. Email is great, but just isnt confidential. At best it is s/mime signed so you have authenticity, but its not a private medium. I’m sad too, but maybe a few years from now something is getting standardized.

2 Likes

so if I take into consideration sms or e-mail, the mail seems to be a better choice?

Both are safe, as long as they are part of 2 or 3 validation steps, and on secure or trusted network.

Anyway, please be aware that while using public networks, all your identification factors (ID, password, email, and … yes SMS) can be intercepted by an attacker (MiM).
On a public network, you should consider using a “classic” SSL VPN (not TOR), and use only email as 2nd factor (SMS won’t be transmitted through VPN, email will be).

2 Likes

this seems to be logical :smile:
regarding the internet connection I use home network and when I am out than I switch to mobile data on my phone :angel: so my intuition was right regarding this choice :grin:

1 Like

if the bank offers App notification, use this. Prefer not to receive sms or mail a bank, so any such message is questionable. It’s so easy to phish.

The MitM stuff in public networks is a tricky one. In the end your OS has a truststore for SSL certs that a MitM attacker can’t deceive. It used to be easy with plain http, but that time is gone

1 Like