Wednesday, August 30, 2023

No App, No Entry

Andrew Anthony (via Hacker News):

Leaving aside the “sorry, not sorry” expression of regret, the presumption is that the elderly remain vigilant to every missive from the online world, when in fact many find it a jungle of scams, junk mail, endless passwords and security risks into which they venture as little as possible.


Citing the Jaffes, the historian and TV presenter Amanda Vickery noted in a series of outraged tweets last week that “most car parks now don’t take cash, ticket offices are disappearing. If you are not tech-savvy you are toast. It is so exclusionary.”

The real cause of Vickery’s ire, however, was a breast cancer clinic she attended that, in her words, turned away “some old ladies … because they did not have an SMS message from an app.


There are also an estimated to be 1.3 million adults in this country who are “unbanked” – ie do not have a bank account. For them, something as mundane as parking a car is increasingly fraught – a quarter of London councils have removed pay and display parking machines in favour of smartphone-centred apps.

Even if you do have a smartphone, it’s not great to have it be a single point of failure. It could be lost, stolen, away from cell service, or have a low battery. Most electronic tickets and admission passes don’t seem to work with the Wallet app, and who knows whether an e-mail, app, or Web link will fail when you need it, even if it was cached. A common pattern is to take a screenshot of the barcode or QR code, but that requires more tech-savvy.


What frustrates me is how fragile this can quickly become.

I recently was traveling with my 7 year old daughter on public transit, and her card was denied… something was wrong with the ‘kids free travel’ product loaded on her card. Since her card is actually issued by a train company, I had to login to their website. Since I hadn’t logged into their site (as her) in a while, I had to verify my account with a password reset link. The site then sends a create password link to HER email (they would not let me use my email since I was already a user), which I had also not used in a while, so I needed to answer some security questions. The email was severely delayed so cue lots of refreshing.


Thankfully it was a long bus ride but the driver was clear I would need to pay if I couldn’t arrange it. This is all totally insane as kids ride free and you don’t need an RFID card to see that at 7 year old is under 14. And the worst part is that since it’s a bus pass loaded on a train card linked to an email address you need to access on your mobile phone… there is just no accountability.

A similar event happened when my bank just decided I couldn’t login since I accidentally used a VPN once, with no error message. Congrats, you won the lottery, you get to play the 3 hour call support game.

Update (2023-08-31): John Gordon:

I last wrote about “mass disability” and the Left Behind in a 2021 post. The concept has sometimes seemed on the edge of going mainstream but it’s never quite made it. Maybe we’re getting closer; a recent Michael Tsai post (No App, No entry) reminded me of my Mastodon thread from a few weeks ago[…]

Update (2023-09-04): Naveen Arunachalam (via Hacker News):

One day, I was so insistent on doing my laundry without a smartphone that I even considered doing my laundry off-campus so that I could avoid having to deal with Washlava. So imagine my surprise when I learned that Washlava indeed does provide an option for users without a phone. You can actually check out an iPod Touch, generously provided by Washlava and SidPac, to open the Washlava app and perform your laundry.


As it turns out, I was the first person in SidPac history to request the procurement of this device. When Andrea finally found the abandoned relic, she dreadfully noted that the Laundry Pod was out of battery.


When the Laundry Pod finally gained consciousness, little did I expect to encounter yet another challenge: a password screen. After a couple failed attempts to guess the password, I admitted defeat and dejectedly retreated to the front desk to request the password.


My next hurdle was logging into Washlava. When I first made my Washlava account, I had used my personal gmail and a temporary password that I intended to change later. My Android had always logged me in automatically after that, so I never got around to changing my password and never had to log in after the first time. Thus, lacking practice in the art of presenting my credentials to Washlava, I found that I was unable to log in.


As I made one last-ditch attempt to guess my password, I decided it was time to press the sacred button of last resort. Unfortunately, this turned out to be futile: on the iPod Touch, the keyboard cannot be retracted to uncover the “Forgot Password” text, meaning that it is effectively impossible to click it.


One significant problem with making your hardware dependent on an app is that if you are a washing machine company, you probably don’t make mobile apps. So, you hire a contractor. They design an app without any expertise in the product or the domain, and program it on the cheap. It is trash. Later, the contractor goes out of business and you give the code to another contractor. They notice that the code is garbage, and not even garbage that somebody there made. Feature work is impossible, the app languishes. 1.5 stars in the app store. Every time there’s an iOS update, people can’t do their laundry for a couple weeks, until the one programmer working half time on the app can push an update. Later, you (the washing machine company) decide to sunset that product line, which means there’s no updates to the app. iOS changes, the app stops working altogether, everybody has to buy a new washing machine.

I’ve been that contractor, which is why I will never be the owner of an appliance that requires an app to function.

4 Comments RSS · Twitter · Mastodon

This is why I avoid 2FA. It means that there are two things to screw up rather than one. Every time they add another piece, they make it more fragile. There's a lot to be said for usernames and passwords.

A while ago, a payment to my cellphone company did not go through, so they turned off my service. In order to make the payment go through, I had to log into my bank account, which used SMS as a 2FA, causing a catch-22: I couldn't activate my cellphone service without accessing my bank account, and I couldn't access my bank account without my cellphone service.

I recently attended a concert at a Live Nation-run venue in Washington. Tickets were completely digital, in that you could only use Apple wallet OR the Live Nation app. It stated that printed tickets would not be acceptable.

That gave me some pause and added anxiety, as I was traveling out-of-state for the concert and weekend festivities. I was constantly checking for my phone to be charged and on my person.

The ticket was nothing but a QR code, EASILY printable.

Old Unix Geek

The lack of wisdom of "solutions" these days is astounding. Given that most online tools are not that hard to hack, I avoid them and companies that force me to use them. I encourage my elderly parents to do the same since they find it difficult to distinguish phishing from reality. But it's becoming more and more difficult to do so, as even governments force their use. Enemies of the West will have a field day if ever we end up in a war with them. It's not like the threat of a jail sentence will dissuade them...

Leave a Comment