"That's higher than any other president by a massive amount" - Any modern president. Abraham Lincoln had a 2859.40% increase. Martin Van Buren had a 1458.32% increase. We've had quite a few over 200%.
I'm pretty ignorant about these kinds of things so how does this work? If Valve can specify the court to be used couldn't the company always choose something like Alaska or Hawaii where it would be difficult to show up?
The key to mass arbitration filing is that it's the lawyers doing it, and they're the ones showing up wherever in place of the people who have signed agreements with them. Said lawyers are essentially gambling that the target company will give up and allow normal legal maneuevers, because doing arbitration en masse is actually really expensive for the company mandating arbitration.
FWIW I’ve started to see new arbitration agreements pop up that specifically try to disallow this strategy by using verbiage like “ only the consumer is allowed to file this claim” and even “lawyers who would handle more than 20 of these claims are not allowed to file them”. I have no clue of the legality of such clauses but I have seen them in the wild in the last few months
24 billion dollars for 184,000 homeless people (United States Department of Housing and Urban Development estimate). That's 135k per person. Where is the money going if not the homeless industrial complex?
Why not keep everything transparent and make lobbying illegal? I know neither secret voting or making lobbying illegal will ever happen but it seems like you're just putting a bandaid on an issue without regard for the consequences. People that vote for representatives like to know how they vote. Why even have the theater of a transparent vote that does nothing?
I don't think we need to do it for every number. Account number, for example, could still be HTML. Balance could be converted, though.
The harder we make it for scammers, the worse it is for them. I'm not claiming this is fool proof - scammers might be able to generate a png on the fly and inject that as the image like solrdev mentioned in another comment. They would still need to match background colors or possibly jump through some other hoops. The more work we make them do, the more likely the are to mess up. It also makes it more obvious to the person being scammed.
In terms of deleting the image and inserting text instead, I've tried it and it's hard to make it look good quickly. You also see instant feedback of the missing element and then the text coming in. It's a cue that something isn't quite right.
One sees this argument a lot in security circles, mostly by people with little to no training. This idea that "every little bit helps, so let's toss in some obfuscation ".
Security doesn't work like that. Mostly because (as in this case) the obfuscation is trivial to bypass. I simply replace your set of pngs with my html text.
It's probably worth understanding that professional scammers are not deterred by these trivial speed bumps.
The way to defeat scammers is to train those you know to accept that every one who phones you is a scammer. Every email you get is a scam. Trust nothing. Believe no one. The more they protest the more scammey they are.
And just for kicks, if you make any mistakes, if you do anything without consulting me first, I'm putting you in a home! (I wouldn't, but the point is made.)
Pngs on the bank page or not won't make my mom safe. Rabid terror of being scammed will.
I don't think this is completely unheard of, FWIW. For a few years, one of the big banks (maybe BofA? can't remember for sure) was actually doing this (rendering text as images) for account numbers, not balances.
Personally I found it quite annoying, both because (philosophically) it's just security theater that doesn't actually protect anything, and (pragmatically), like the other poster said, it made copying & pasting more difficult. It also broke page zoom (I'm old and need to enlarge all the fonts to read). But such a feature did exist.
I'll give you accessibility. I tried changing images in the browser on the fly and it just hides the image. That's probably because the browser would need to make a new GET request.
Maybe? You'd hope, but who knows. Still easy to just replace the image with plain text in the HTML, or a data URL (if allowed). Or put an iframe in there. Point is, if they control the HTML they can do pretty much anything.
Edit: Just tried it with Chase, Merrill Lynch, Citibank, Bank of America, and Wells Fargo. Only Wells Fargo had a CSP in place to prevent this. But even Walls Fargo let you just inject a data URL image.
Systems that these banks have provided are provided for feasible access to your account.
They are not in any way interested inn tightening of fortgaurding their portal's rendering, until it ends up causing them to give more money i.e. bad for business.
They ask a person to login to their bank account with screen sharing. They then take control of the mouse and edit the HTML on the fly making it look like they transferred a large amount to the bank account. Now they ask the person to wire money back or they will lose their job.
If they already control your browser, they don't have to edit the HTML and fake anything. They can just transfer money to themselves from your account...
If they wanted to edit the HTML for some reason, it's trivial to just use their own image or replace the <img> with their own text.
The prevention for this isn't to render texts as image, but not to screen share your computer with random people online, much less hand mouse control over to them while you're logged in to your bank. If it's some elderly person doing this or the such, you should really teach them better or they'll get scammed from much less esoteric threats :(
If you're interested, I would suggest watching some Kitboga. I don't actually know anyone that has had this happen but there are plenty of stories around the internet. I will try doing some img replacement with my own text and see how it works out.
I can believe that it happens. People are gullible, unfortunately :(
But I don't think the fix for that is for banks to change how they render text. Users can get fooled with just a few IMs. I know people who lost thousands to Zelle/Cash app scams purely over Craigslist emails or messages that way...
Making banks render text as images won't magically fix that. Especially since many people these days use phone apps instead of browsers for banking anyway.
In the scam they pretend to make a refund to the victim where the victim has to put in the refund amount, the scammer, that has access to the pc via remote control then adds a 0 to the amount and pretends the victim has entered the incorrect amount.
That input was just in the windows CMD and did not send any money.
The scammer now will talk about that he lose his job because the company has lost a lot of money.
The scammer than wants the money back via gift cards.
(Because gift cards cant be tracked or refund)
