I am toying with the idea of building an online banking USB stick for friends and family (all of them Windows users) which they can use to boot a save environment before making their transactions:
Simple UI (XFCE)
No applications other than a reasonably locked down browser (Firefox + uBlock Origin) with home banking page pre-configured
Read only USB stick / RAM only OS (Ramroot)
BIOS and EFI boot capable
Nouveau graphic drivers only
Network Manager to easily setup Wifi or LAN
Now, there are systems like the Debian based Slax Unix already, but when thinking about this some more I was wondering if Endeavour wouldn’t be equally suited?
The usual argument for Debian is that it’s stable, only security updates in-between major releases.
But for my use case the update policy doesn’t really matter because the moment the USB stick is created it doesn’t matter if the updates following the system freeze are security updates or functional updates. The sticks will have to be updated/rotated whenever security demands in either case. So the base OS could as well be a rolling release, a regular Endeavour update instead of just security patches.
Benefit would be that more current hardware will be supported, and the fact that I know Arch better than Debian based, and full control over what’s happening.
I dont know if its stil there but like ubuntu & unetbootin you could burn an iso on it . You can save some information like if you create a App for banking other other stuf… it stay save on usb but if those are efi capable idk
and banking is kinda subjective, everybank is different. And this time of date most people also there phone to bank
I created a Slax based USB stick which boots in BIOS and EFI mode over the weekend, that piece should work.
And yes, every bank is different but for friends and family I think if I had two URLs pre-configured I’d covered them.
Those which use their phone for home banking don’t care or have given up on security already, not my target
I am after those which don’t feel comfortable using home banking because of security concerns on one hand, and don’t have enough IT expertise to create a secure environment on the other hand.
But maybe it’s a stupid idea, not quite sure yet
If it is strictly for friends and family, probably not a problem.
If your goal is for open availability, I would recommend getting some legal advice on what happens if someone is using your Banking stick and their account is compromised. If they loose a lot of money what would your liabilities be? Would you be open to a law suit? In the US that would be a civil law suit, not sure about other countries.
