I think this requires some prior knowledge.<p>From <a href="https://palant.info/2023/01/02/south-koreas-online-security-dead-end/" rel="nofollow">https://palant.info/2023/01/02/south-koreas-online-security-...</a> :<p>> I’ve heard about South Korea being very “special” every now and then. I cannot claim to fully understand the topic, but there is a whole Wikipedia article on it. Apparently, the root issue were the US export restrictions on strong cryptography in the 90ies. This prompted South Korea to develop their own cryptographic solutions.<p>> It seems that this started a fundamental distrust in security technologies coming out of the United States. So even when the export restrictions were lifted, South Korea continued adding their own security layers on top of SSL. All users had to install special applications just to use online banking.<p>> Originally, these applications used Microsoft’s proprietary ActiveX technology. This only worked in Internet Explorer and severely hindered adoption of other browsers in South Korea.<p>Wowsa!
I'm the one who originally first wrote about the situation in S. Korea in the 90s when I was working for Mozilla and we noticed that Firefox had almost no market share there.<p>At the end of the day, it's up to the S. Korean govt. or regulator to make the changes necessary to get rid of this nonsense. The govt./regulators have other issues to deal with so these S. Korean 'tech' companies get to make a mess of citizens' computers and privacy. It's been well over 2 decades of crappy S. Korean software like the keyloggers and whatnot and no end in sight.<p>If S. Korean citizens cared, they would force the politicians to do something and it would change. They don't, so it doesn't change.
Just generally, Korea seems to have some weird legacy internet stuff.<p>It's pretty hard to find places you can order in Korea, or from Korea, that don't require a Korean phone number. There are services and stores that exist just to buy things from other places in Korea and reship or resell them to people both in and out of the country, just because people don't have Korean phone numbers.<p>Even online purchases like audiobooks often requires a local phone number.<p>They sure make it hard to spend for any non Korean to spend money.<p>And it's not <i>every</i> site, there are some huge retailers (www.aladin.co.kr for example) that do not require it. So it's got to be just that most websites never bothered to build a checkout process that works without a phone number?
This used to be done in South Korea by (ab)using ActiveX. This looks like a continuation of a bad practice.<p>Not that banks in other countries are much better with their reliance on mandatory (or nearly mandatory) smartphone apps.
I don’t see how this service checks if the website is supposed to be using it. So it seems any website can get all this information and use it to track users.
The issue also is (for the banks depending on the application) that they can't trust aplication running on the user's computer. This begs for opensource implementation that returns plausible fake data. :)
> When a banking website in South Korea wants to learn more about you, it will make a JSONP request to localhost:21300. If this request fails, the banking website will deny entry and ask that you install IPinside LWS Agent first. So in South Korea running this application isn’t optional.<p>To me this reads as not mandatory in the broadest scope, but needs to be on whatever device people use for online banking.