And this is government software handling sensitive information. I thought people were required to have higher qualifications and good security knowledge to develop software there, we are cooked if this is the norm.
Governments are the biggest pushes of AI, this was probably vibe coded.
Often what they want is just plain old automation of basic tasks, but they’ve been told by “Big Government Contractors Corporation” that AI will do that for them. Of course, BGCC has an AI division happy to help them.
You would think right. I recently had a transit pass loading application update and demand that I turn off developer mode to continue use. This app is also run by a government agency across the pond(canada). Went over to the play store reviews and were all complaining about it.
They allege it was to help protect accounts and personal data. Ok, then why doesn’t my bank account get compromised regularly? Or any other account I’ve logged into on my phone literally ever because I had turned on dev mode weeks after getting my first android 10 years ago. This application has been janky for years and only in the past month have they made positive changes to its functionality. I am biased and maybe more irked then necessary but I do expect better/the minimum from these kinds of institutions.
They allege it was to help protect accounts and personal data.
TBH it scares me that more and more things may go this way. You want online banking, or w/e? Well! You better use “trusted device”! What does “trusted device” mean? It means the device is locked down against its “owner”.
It’s like a relentless march where personal computing dies and corporate computing takes over. Ever more, our technology answers to big tech, not us.
Also doesn’t help that these companies pass around money with eachother and government entities all the time so they don’t tecnically need any of our business to function. Which enables them to pull this kinda shit and wait for us to get mad enough or to put up with it.
My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be. They’ll gradually put up with worser and worser and this intrusive encroach on our technological freedom is going to look terribly different in the coming decades.
My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be.
Oh absolutely! It becomes normalized for those who never knew any other way.
I lucked out, my pa was a techie and got me steered towards the importance of tech freedom. Not everyone is so fortunate. Tech is almost an extension of our minds now. How we remember. How we learn. How we communicate. When we give away control of our devices to big tech, it’s like giving away control of our thoughts and emotions. Even our culture.
Highly qualified people are probably not interested in working for the government. Or maybe this was outsourced to some cheap private company, who knows.
No cyber security professional worth anything will stand there and say this is a good solution “for the children”. They all know it’s a bullshit solution to a problem of education. Therefore the only people that will bid for the work will be grifters.
I’ve seen worse examples of government software handling sensitive information.
Apparently respecting highest privacy standards doesn’t have anything to do with cybersecurity standards.
A shiny new bucket doesn’t leak, but the lid can’t be locked so anyone with two hands should be able to open it up and see what’s inside. Sure, it’s private, but not secure.
They probably paid a million for this vibe coded app. I am confident that I could somehow make this.
Super common here in Germany that sensitive data is handled via crappy apps that essentially have backdoors.
If you break them and report the bug you can be prosecuted under some hacking paragraph.
If you break them and report the bug you can be prosecuted under some hacking paragraph.
The old shoot the messenger approach!
We’ve had some high profile examples in the US too. Like this one, from 2021. A professor was investigated by governor Mike Parson of Missouri, for literally using View Page Source in a browser. And reporting a major vulnerability in good faith. I linked Parson’s wikipedia page, because he deserves his ridicule. Not for his ignorance! Many are ignorant of how the web works. That’s OK. He deserves ridicule for how he handled the episode. For dragging the professor’s name through the mud, who had only tried to help.
In the end, the governor received much ridicule. The investgation was dropped.
Merkels famous quote (“Das Internet ist für uns alle Neuland” - “The internet is new ground for all of us”) still holds true in 2026 lol. Literal third world countries are more advanced when it comes to digitization and stuff lol.
As if Ursula knew what she is talking about. Nevertheless, this is a terrible idea and most likely something with another agenda behind, other than the stated reasons.
With that being said, we need another president for the commission and perhaps a completely different commission. How many years until her term ends?
I miss the old definition of hack.
I really can’t remember an era where the term hack wasn’t used incorrectly but this case seems a lot more fitting than usual
I hate that melon husk ruined the term “Grok”. Grok, by Heinleins definition, was closely related to Hack, by its original definition in relation to tech. Not to drill new holes, nessecarily, but to understand a system so well that the holes, or lack thereof, are just readily apparent.
I’m waiting for Melon to ruin “Butlerian jihad”.
thanks for explaining. every time I read grok the bigot in me is like eww Elon, now I know is yet another thing this guy ruined
“Technically ready”, as per the post the dude replied to. It’s “good enough” to fool idiots. For people that care to scratch the surface, the veneer falls off super easy
That message at the bottom was written by “it’s open source so it must be safe” type security expert
I think he’s quoting Von Der Leyen because it’s the same person that posted the exploit and the whole thing was in quotes
This Meta’s stupid attempt to not get sued for addicting kids. They want to force the problem on the entire world, so they cant be held responsible. They are pushing these same laws in several countries, Brazil just passed a near identical law.
Meta would steal your right to privacy, and force you to identify yourself to every single electronic device you own just to avoid being held liable for harming children. Absolutely disgusting. Zuck belongs in the deepest pits of hell.
They want to force the problem on the entire world, so they cant be held responsible.
Yah. On top of that, big tech cos often likes high regulatory burden. Ideally different between countries and jurisdictions. Big tech can afford compliance teams and w/e else they need. But! High regulatory burden is harder for upstart competitors. And very hard or impossible for tiny projects.
The same with technical burden. Like browser engines, used to be simple, now, extremely complex with wasm and webgl and stuff. There are only a few left standing. And some only barely.
The higher the burden, the more big tech is entrenched.
The only way they will get the message is if there is a concerted white hat campaign targeting EU lawmakers to show them the error of their ways. If they refuse to see, then some black hats need to make them feel it.
I wish I could say I was surprised
And they think I’m going to add my ID into an app?! Let alone an unsafe one. No, thank you. I’ll just carry a physical card, which is already mandatory.
I stay away from anything this ghoul has to offer
Why would you tell them about this? LLMs are creating a golden era of cracking, and exploits are currency.
Some people actually want to improve the world without needing to get rich quick
What, by helping governments impose online controls on their own people? So thankless.
Sometimes people won’t understand that an idea can’t work until they try implementing it and the practical issues hit them in the face. Better now than once everyone is forced to use it.
I guess if they have a bug bounty you’re still helping the fuckers, just taking cash for it. At least this way they are looking stupid and incompetent.
As far as I understood, the app only contains a token proving you are 18 or older. Nothing more…
So what potential breach is he taking about?
Or did I miss something?
Teen can “hack” it to state it’s 18.
It’s apparently easy to bypass, but it also stores fingerprints and id images unencrypted.
Meanwhile Mr Paul is all about how bad this app is, how he won’t help fix it or do anything for the government(because he was asked i think).
This app needs more work, and second, the attacker needs access to the phone. Now you can access the phone when it’s unattended, steal it, do what you do and then give it back, or do some remote code hacking.
