Youâre assuming that people are that switched on to set just their home as the known location. I appreciate I am absolutely in the âwhat-about-aryâ land but I maintain there is a risk that by doing this, Monzo will inadvertently disclose known locations which may be elsewhere.
Granted, you have to have more than one method and thatâs where I think it really comes into itâs own. I still think there is a risk that locations will be inadvertently revealed - I personally prefer apples approach where it either lets you do it, or says you are not in a known location and there is no map view at all.
Where else is the safest place to make large transfers?
I donât think itâs difficult to understand, and feel youâve either overlooked it all or not read it all properly to understand what itâs saying.
Really donât know how else any of this could be clearer. Itâs clear as day as it stands.
Youâre overthinking the map.
The map just shows you as a blue dot and your vacinity.
It may be helpful in the instance you are at home, but some reason the GPS isnât performing accurately therefore you need to move about a bit to make blue dot show you in your safe location.
It doesnât tell anyone anything other than the person looking at that part of the process, to see you are pinpointed here, and this is why you can/canât make the payment.
Itâs not saying nope, no can do, but head to 123 Monzo Terrace, X1 1XX and you can make that payment no probs.
If itâs just eye candy, something to fill up the space whilst youâre checking because it looks cooler, Iâd err towards feeding back that Iâd prefer it not be there that at all. It is an exploitable attack vector for thieves, so it does increase risk.
But if thereâs some actual justifiable utility to showing it, that utility may outweigh any such risk in the threat model. But itâs not really explained by Monzo in the OP.
I too prefer Appleâs approach, but thatâs not without flaws either. They made different tradeoffs. Monzoâs approach corrects for some of them whilst introducing some new ones. Itâs a relatively new paradigm, and the methodologies are relatively untested, so itâs too soon to say which is actually better from an objective standpoint.
Car Showrooms, Buying items via bank transfer on ebay, at your place of work which the public might have access toâŚ
Not really, I read it all in detail. In fact, youâll see I even agreed that itâs a great step and itâs actually really easy to understand the process and what Monzo are trying to do here. I am in agreement.
This is all I was trying to say, just that I personally donât see the point of the map as this approach could allow an individual to identify a known location, which might if seen be used against them in the future.
I was simply questioning the fact it showed the location on a map and could be used in this way, that was all.
Which is the same way of saying letting me put a pin in on screen which I know anyway is no risk of someone stealing my phone and then using it.
Look - I get it, this is me simply moving into edge cases and I didnât intend this to go as a far as it has in terms of a debate. Iâm not saying Iâm right or things should change.
I was simply pointing out that showing a map on screen does in fact introduce a threat vector which apple have avoided by not doing. Iâm not saying either is right here!
Anyway, as I have repeatedly said, I like the fact that you have to use multiple controls and this is a really positive step forward.
The map is showing the same as what you would see by opening the native Apple Maps app?
Monzo is showing some text that indicates whether your current location is within one of your known locations
Unless a mugger walks the whole of the UK with the map open this is not an attack vector
That said, they will quickly find your home address from the thousands of copies on your phone and therefore this security method will likely just give a victim time to contact Monzo and lock down their account. I wouldnât doubt someone whoâs motivated enough to shouldersurf and snatch your phone would mind driving past your house momentarily
I realise Iâm trying to pre-empt the inevitable cat and mouse game and predict how thieves will try to circumvent such tools, but is it wise to use your home?
My first thought was to set mine as my local beach. So not quite at my home, but near enough thatâs it not an inconvenient on the incredibly rare occasion Iâd need to go through the check.
My home address is save in the Monzo app. If they get access to the Monzo app at all, they have access to learn a known location without further authentication.
A couple of things in hoping to see as the battle goes on though:
Apple Intelligence intelligently redacting certain information anywhere within your phone, prompting a Face ID scan to read it. Such as shipping addresses in emails. Your own personal information within apps.
Exploring the feasibility of trusted WiFi networks in addition to locations. Perhaps in tandem. So the device both has to be at the location and connected to the trusted WiFi network at that location.
Utilise ultrawideband chip technology to establish trusted relationships with other devices. Require proximity to one such trusted device as a means to authenticate. (Probably a good few years out on this though, and we need an open interoperable standard).
I was gonna edit my post above with this to clarify what I mean when I reference the map. Elected not to so the conversation could hopefully move on. Saved it to my clip board just in case, so here we are:
The issue as I see it isnât necessarily the map (a map just so happens to be on the screen, so I see it as a map screen). Itâs announcing to whoever might be watching over your shoulder that youâre in a known location, wherever that location may be. Monzo let you set 3. Only 1 will be your home.
Apple doesnât throw up anything if youâre in a safe location. It only throws up a screen when youâre not.
Side note: awesome that itâs Apple Maps, not Google Maps. Hope they make the switch for the other location features too.
99% are going to store the QR code on their phone and use their Home as the known location, and even then that will probably cut down on a huge majority of this issue
Respectfully, you are presenting a strawman argument, i.e coming back at a wholly different point than the one I was trying to make.
I am not and never was criticising the choice of options or that this would cause more friction than its worth. Itâs a great tool.
I was, as said, noting that by displaying the location and saying if it was a known location, you could or not inadvertently therefore reveal where that location was. That was the only line of debate I ever put out.
Iâm done with this thread now. I simply raised a point that this might be used as an attack vector but probably not. That was it. It had nothing do to with a lack of understanding of what Monzo are trying to do, or how it worked. I understand it, and I think itâs great.
It was only ever a more broader security thread and a genuine question around the need for the map to show location which I think is purely a UI thing - which is fine, itâs their choice to do it this way.
Okay - this is the part I was missing from the whole discussion! I get that point, but feel that itâs a non-issue, in the same way that someone shoulder-surfing you through Appleâs solution could assume that by not being rejected youâre in a safe space.
Glad weâre on the same page now! Maybe itâs adding extra screens that realistically may not even be necessary.
But yea - letâs move on, letâs go argue about Plushies or something
Yeah, that screen tells you whether youâve passed the location test, whether the map is there or not, I canât quite get my head around how some UI fluff is making it less secure but maybe Iâm missing something
Location based security isnât a new thing. Itâs been on revolut cards for a few year. Nothing stopping them flipping the switch to align to transfers too.
My cards have caught me out a few times, annoyingly if the payment systems are registered elsewhere ie London and Iâm in Hartlepool. Will never forget that at Vue cinema
