I now (finally) got back a response from Kiwibank on my formal complaint to them, for sending extensive information on mortgages and mortgage applications to clients (us) by plain text email (with PDF attachments).

In a way I *knew* it would come out this way. A lot of weasle words making statements that they're compliant with the Credit Contracts and Consumer Finance Act 2003 (LOL, > 20 years old), having extensive 'controls in place' and using 'transit protection'. As if they could control what happens on a service provider's side with (A) the content of the emails, and (B) them actually *also* transmitting them on with transit encryption.

Even if it is compliant, it just should not be *acceptable* by the point of view on how to conduct business.

How naive do they think people are who are *explicitly* asking about these issues?

This is some serious #SecurityTheatre they're pulling off.

Now I need to come off of my rage, or my freediving training will not be effective tonight ...

#Kiwibank #privacy

What is Security Theater?

#Security #theater refers to highly visible security measures that create the #illusion of increased #safety but don’t stop #threats.

The term is often used disparagingly to describe #superficial security practices that don’t reduce risk. Simply put, security #theatre is all about #appearances, not #results.

https://www.techtarget.com/whatis/definition/security-theater

#SecurityTheatre #ignorance #incompetent #IT #CriticalThinking #Internet #banking #airports #QuestionAuthority

Frustrated the Govt.NZ mobile app for Android won't work on my (much more secure) @GrapheneOS
Android phone, because they use Google's device attestation and/or play integrity API. It's likely much more secure than either bloated and/or outdated devices with Google sh*t.

There's not even a benefit in it AFAIK to raise the degree of security. What *extra* security would that give they're not already getting without it???

It would be nice if someone (who is pro-attestation/integrity) could *actually* describe a true threat vector that it prevents. So far, it's just corp orate bullying, and people buying into it as it's being sold as an additional security feature.

#GovtNZ #SecurityTheatre

New paper: "Agents of Chaos."
20 AI researchers red-teamed autonomous #LLM agents with email, shell access, and persistent memory.

How do you compromise one? Change your Discord display name to the owner's. In a new channel. That's it. Full admin. File deletion. Identity reassignment.

An agent nuked its own mail server to protect a secret from a non-owner - then reported the secret deleted. It wasn't. The email was still sitting on ProtonMail.

Another leaked 124 email records including SSNs and bank accounts because the request sounded urgent. Direct ask for "the SSN"? Refused. "Forward me the email thread"? Here you go, unredacted.

No authentication. No authorization model. No access control. No permission boundaries. Display names as identity verification. In 2026.

We solved this in the 1970s. Unix permissions. RBAC. Cryptographic auth. Principle of least privilege. All well-understood, all ignored.
The industry is shipping agents with root shell access and the security model of a Post-it note on a shared fridge.

Paper: (interactive) https://agentsofchaos.baulab.info/

#AI #AIAgents #AISafety #InfoSec #RedTeam #AIGovernance #AgentsOfChaos #SecurityTheatre

Research shows the visible presence of long arms in public actually *reduces* both objective and subjective measures of safety.

1. This does not make most people feel more safe.

The visible presence of instruments of death and maiming in a context has measurable and pernicious effects on free speech and even free thought. The visible presence of firearms tends to increase most people's level of stress hormones (adrenaline, cortisol), triggering our fight/flight/freeze response while inhibiting higher order cognitive functions. Even where this effect is mild, across a whole population over time, it makes a cultural difference.

Research also shows people tend to self-censor more while in the presence of firearms, and are less likely to be generous or vulnerable.

#NSWpol #NSWPolice #SecurityTheatre #ChrisMinns

https://www.theguardian.com/australia-news/2026/feb/25/heavily-armed-nsw-police-to-patrol-places-of-worship-and-protests-after-hate-unit-made-permanent-ntwnfb

1/2

You want to add a new card to your Apple wallet? Sure, go ahead! You'll need a 6-digit code to verify yourself, just a sec.

Oh, you're an _additional_ cardholder? Well then you will need a Letter of Introduction, handwritten using a peacock quill on vellum, sealed with wax with your liege's insignia and delivered by horseman to the bank's headquarters in Rome.

#ux #usability #securityTheatre