Will smartphone ownership become a de facto requirement?

[Duke87]

I'm not sure about Okular or Foxit, but I know the NYS tax PDFs don't work in Sumatra (which is what I used on my Windows 7 laptop).  I suspect they have code to detect what they're opened with and throw the error message if it's anything other than Adobe.  For what it's worth, I just use the built-in document reader for most everything.  I only use Adobe (at home, anyways) for this.

There is something about it that definitely means it won't work in just any PDF viewer, and not just because they've coded it to throw errors.

I've noticed that once you've filled the document out, it will open in Ubuntu's default Document Reader without throwing an error, and it will even (somewhat glitchily) let you type in and modify user entry fields. The fields that auto-calculate do not update though, and neither do the barcodes, so if you try to further edit the document like this you will only break it.

Since I don't happen to have an .exe for Adobe Reader lying around though, running such in Wine has not been an option and I've been stuck filling out and printing the form on my work computer.

[vdeane]

It does indeed open fine after printing.  It's too bad NY no longer has a way that's universally compatible; I don't even remember how I found a working Adobe installer, since the "skinny" one they normally serve won't work unless you actually have a supported OS, and the latest full version won't work either.  I've been using version 15.007.20033.2203.  Unfortunately it does involve copying the files out right before install finishes (as the installer convinces itself that it failed when it actually worked and will abort itself on ending) and closing an error every few seconds.

It should be illegal for a state to have a regression like NY did.  There is no reason why it should be so cumbersome to file taxes in a manner that won't take two months to even acknowledge receipt (as happens with hand-written returns) for people who run Linux.

[US 89]

I get all sorts of spam texts intended for a "Saber". I have never met or known of anybody by that name.

[Scott5114]

It does indeed open fine after printing.  It's too bad NY no longer has a way that's universally compatible; I don't even remember how I found a working Adobe installer, since the "skinny" one they normally serve won't work unless you actually have a supported OS, and the latest full version won't work either.  I've been using version 15.007.20033.2203.  Unfortunately it does involve copying the files out right before install finishes (as the installer convinces itself that it failed when it actually worked and will abort itself on ending) and closing an error every few seconds.

It should be illegal for a state to have a regression like NY did.  There is no reason why it should be so cumbersome to file taxes in a manner that won't take two months to even acknowledge receipt (as happens with hand-written returns) for people who run Linux.

I don't understand why they wouldn't just do this through an encrypted Web form.

[1995hoo]

....

It should be illegal for a state to have a regression like NY did.  There is no reason why it should be so cumbersome to file taxes in a manner that won't take two months to even acknowledge receipt (as happens with hand-written returns) for people who run Linux.

Who, exactly, do you contend would have the authority to pass a law making such a thing "illegal" and on what constitutional basis do you propose they do so?

[kalvado]

....

It should be illegal for a state to have a regression like NY did.  There is no reason why it should be so cumbersome to file taxes in a manner that won't take two months to even acknowledge receipt (as happens with hand-written returns) for people who run Linux.

Who, exactly, do you contend would have the authority to pass a law making such a thing "illegal" and on what constitutional basis do you propose they do so?

Something anti-trust  - government effectively promotes one product over competitors.
Court answer would be "you can still file on paper, so no problem here"

[J N Winkler]

....

It should be illegal for a state to have a regression like NY did.  There is no reason why it should be so cumbersome to file taxes in a manner that won't take two months to even acknowledge receipt (as happens with hand-written returns) for people who run Linux.

Who, exactly, do you contend would have the authority to pass a law making such a thing "illegal" and on what constitutional basis do you propose they do so?

Saying that a thing should be illegal is not quite the same as arguing that there is a federal or state constitutional provision that a litigant can use as a club to force reform.  It seems to me that tax forms that can be worked with using a PDF reader from only one provider are objectionable on the grounds of undue preference to an individual market participant, even if this is legal under state and federal law.

Something anti-trust  - government effectively promotes one product over competitors.

Court answer would be "you can still file on paper, so no problem here"

I'm not sure that argument would work even under old antitrust jurisprudence, which was focused on the existence of monopolies (not all of which were attacked--for example, NCR had over 90% of the cash register market for decades).  Currently the government does nothing under antitrust as long as there is no evidence of movement in consumer prices:  Big Tech monopolies escape antitrust action because their products are provided to the public free of charge.  State tax forms that can be worked with PDF software only from Adobe would likely survive antitrust review on the basis that (1) it's the state's decision, not Adobe's, to make the forms available in that manner, (2) PDF is a documented standard to which patents no longer apply, and (3) the forms and the software are made available to users at no charge.

[kalvado]

Something anti-trust  - government effectively promotes one product over competitors.

Court answer would be "you can still file on paper, so no problem here"

I'm not sure that argument would work even under old antitrust jurisprudence, which was focused on the existence of monopolies (not all of which were attacked--for example, NCR had over 90% of the cash register market for decades).  Currently the government does nothing under antitrust as long as there is no evidence of movement in consumer prices:  Big Tech monopolies escape antitrust action because their products are provided to the public free of charge.  On this basis, state tax forms that can be worked with PDF software only from Adobe would likely survive antitrust review on the basis that (1) it's the state's decision, not Adobe's, to make the forms available on that basis, (2) PDF is a documented standard to which patents no longer apply, and (3) the forms and the software are made available to users at no charge.

an underlying problem is that this involves a paid operating system - free alternative is not included.
Would be nice of state to do a bit of a testing and post a list of compatible pdf software beyond acrbat itself. but that implies too much of a customer service type of thing.

[J N Winkler]

an underlying problem is that this involves a paid operating system - free alternative is not included.

Would be nice of state to do a bit of a testing and post a list of compatible pdf software beyond acrbat itself. but that implies too much of a customer service type of thing.

Yes, there are definitely equity concerns.  I'd incline toward the solution Scott5411 suggests:  put the forms on the Web (to which indigents and the digitally underserved should have free access through public libraries and the like) in such a manner that taxpayers can use them without being tied to a particular platform and also receive copies for their records in a portable format.

[vdeane]

A form on the web is what NY used to do.  It was basically the current "enhanced" PDF, but online and accessible to anyone.  At the end you could even generate a regular PDF for your records.  Then NY joined Free File Alliance (which is basically a dog and pony show where the tax software companies provide free software to people with lower income levels and extremely simple returns, but the products are deliberately designed to "upgrade" as many people to paid software as possible), and the online system went bye bye because it's too much like tax software (unlike the federal Free File Fillable Forms, NY's past and current systems not only do math, they look up your tax rate).  I complained and they might come up with some system in the future, but we'll see.  Even the note about not supporting Linux is recent.

[Scott5114]

an underlying problem is that this involves a paid operating system - free alternative is not included.

Indeed–the Adobe software might be free, but the fact that it only runs on commercial platforms sold by Microsoft and Apple is tantamount to requiring a purchase from one of those two companies. There is also the matter of people who do all of their computing by smartphone these days–do the Android and iOS versions of Adobe Reader support these forms?

A PDF with code inside has to be the worst solution to the problem available, as it both causes dependency on commercial software and, I would imagine judging from past experience with PDF forms, offers a terrible user-interface experience. The best solution would be a Web form, but if for some reason that is seen as undesirable for security reasons or something, another good solution would be an app based on the Electron toolkit, which is basically an application in a Web browser masquerading as a desktop or mobile application, and thus is trivial to port to both mobile and desktop OSes. (Discord, Skype, WhatsApp, and Slack are examples of programs built with the Electron toolkit.)

[SectorZ]

A form on the web is what NY used to do.  It was basically the current "enhanced" PDF, but online and accessible to anyone.  At the end you could even generate a regular PDF for your records.  Then NY joined Free File Alliance (which is basically a dog and pony show where the tax software companies provide free software to people with lower income levels and extremely simple returns, but the products are deliberately designed to "upgrade" as many people to paid software as possible), and the online system went bye bye because it's too much like tax software (unlike the federal Free File Fillable Forms, NY's past and current systems not only do math, they look up your tax rate).  I complained and they might come up with some system in the future, but we'll see.  Even the note about not supporting Linux is recent.

Massachusetts had a similar way to file your state income taxes with the state directly and pulled the same stunt NY did with the free file alliance stuff. Instead of a PDF though it was a system similar to TurboTax and TaxAct, just without things to help you along the way in terms of advice.

[wanderer2575]

To the original question:  I suppose at the current rate, smartphone ownership will be a requirement for a lot of things.  One consideration is whether those things are wants vs. needs.  Right now I'm still one of the holdouts, not because of any stubborn "back when I was a kid" attitude, but because the added expense isn't justified.  (Convenience should count for something, but I probably would take an additional step backward on that point trying to figure out how to run the damn app.)  Right now I've got other options and I have no problem using them.  Restaurant requires me to have its app or at least texting ability to know when I can enter and be seated -- they can't bother to call my bare-bones cellphone?  Carry-out place requires me to place my order through an app?  No thanks, I'll eat elsewhere.  So glad you're doing so well these days that you can turn customers away.

And having to clutter up a phone having to download every company's individual damn "app" is ridiculous.  That's like having to install a separate instance of Office every time I want to create a document.

AND while I'm ranting, I'm tired of the default excuse that a company is "going paperless for the contactless safety of our employees and customers/guests."  The current one making my blood boil is with my tickets for this season's orchestra concerts.  No more paper tickets; it's all digital (or obtain printed barcode tickets myself) to be contactless.  Well, it was already contactless before -- I held out the tickets and the usher scanned the bar codes with his/her handheld scanner gun toy.  Which they will still have to do, except they will scan your phone display.  If this is about cutting your costs by not having to print and mail tickets, fricking own it and say so.  Stop giving us the automatic "COVID" excuse, the way we've been getting the automatic "9/11" and "homeland security" excuses for the past 20 years.

Now get off my lawn!

[JayhawkCO]

To the original question:  I suppose at the current rate, smartphone ownership will be a requirement for a lot of things.  One consideration is whether those things are wants vs. needs.  Right now I'm still one of the holdouts, not because of any stubborn "back when I was a kid" attitude, but because the added expense isn't justified.  (Convenience should count for something, but I probably would take an additional step backward on that point trying to figure out how to run the damn app.)  Right now I've got other options and I have no problem using them.  Restaurant requires me to have its app or at least texting ability to know when I can enter and be seated -- they can't bother to call my bare-bones cellphone?  Carry-out place requires me to place my order through an app?  No thanks, I'll eat elsewhere.  So glad you're doing so well these days that you can turn customers away.

And having to clutter up a phone having to download every company's individual damn "app" is ridiculous.  That's like having to install a separate instance of Office every time I want to create a document.

AND while I'm ranting, I'm tired of the default excuse that a company is "going paperless for the contactless safety of our employees and customers/guests."  The current one making my blood boil is with my tickets for this season's orchestra concerts.  No more paper tickets; it's all digital (or obtain printed barcode tickets myself) to be contactless.  Well, it was already contactless before -- I held out the tickets and the usher scanned the bar codes with his/her handheld scanner gun toy.  Which they will still have to do, except they will scan your phone display.  If this is about cutting your costs by not having to print and mail tickets, fricking own it and say so.  Stop giving us the automatic "COVID" excuse, the way we've been getting the automatic "9/11" and "homeland security" excuses for the past 20 years.

Now get off my lawn!

I don't know that you have to have every company's app on your phone.  Just looking at mine right now:
Airbnb - Could just book on my computer
Amazon - Can purchase on my computer
American Airlines - Could print off boarding passes at home
Arryved (a tab paying app that my local brewery used) - Could just pay at the counter
Blackjack Pizza - Could just order on my computer
Booking.com - Could just print off itineraries
Chase - Can pay credit card on my computer
Citi - Can pay credit card on my computer
Domino's - Could just order on my computer
ESPN - Can check scores on a computer
Frontier - Could print off boarding passes at home
...

you get the point.

I don't think there is a single app on my phone that I need to have to use the service or company that it applies to, other than Uber/Lyft.

Chris

[vdeane]

AND while I'm ranting, I'm tired of the default excuse that a company is "going paperless for the contactless safety of our employees and customers/guests."  The current one making my blood boil is with my tickets for this season's orchestra concerts.  No more paper tickets; it's all digital (or obtain printed barcode tickets myself) to be contactless.  Well, it was already contactless before -- I held out the tickets and the usher scanned the bar codes with his/her handheld scanner gun toy.  Which they will still have to do, except they will scan your phone display.  If this is about cutting your costs by not having to print and mail tickets, fricking own it and say so.  Stop giving us the automatic "COVID" excuse, the way we've been getting the automatic "9/11" and "homeland security" excuses for the past 20 years.

Especially since surface transmission of COVID was debunked around a year ago.  Any place still doing stuff like that is either obscuring another reason or implementing security theater.

[GenExpwy]

The release notes for Firefox 93.0, which came out a few hours ago, say:

Firefox PDF viewer now supports filling more forms (XFA-based forms, used by multiple governments and banks).

It seems that Chrome has added support in recent months for XFA (XML Forms Architecture) in PDF.

One vendor has a page listing XFA readers, including one for Linux.

[Scott5114]

↑ That's good to know, thanks! (Although it does mean you have to use the Firefox PDF viewer, which feels icky enough that I've instructed my Firefox to open PDFs in Okular by default.)

[abefroman329]

AND while I'm ranting, I'm tired of the default excuse that a company is "going paperless for the contactless safety of our employees and customers/guests."  The current one making my blood boil is with my tickets for this season's orchestra concerts.  No more paper tickets; it's all digital (or obtain printed barcode tickets myself) to be contactless.  Well, it was already contactless before -- I held out the tickets and the usher scanned the bar codes with his/her handheld scanner gun toy.  Which they will still have to do, except they will scan your phone display.  If this is about cutting your costs by not having to print and mail tickets, fricking own it and say so.  Stop giving us the automatic "COVID" excuse, the way we've been getting the automatic "9/11" and "homeland security" excuses for the past 20 years.

Oh, with pro sports, it's worse than merely cutting costs, it's the respective league and StubHub hopping into bed with each other so they can have a monopoly over the resale market.

[vdeane]

The release notes for Firefox 93.0, which came out a few hours ago, say:

Firefox PDF viewer now supports filling more forms (XFA-based forms, used by multiple governments and banks).

It seems that Chrome has added support in recent months for XFA (XML Forms Architecture) in PDF.

One vendor has a page listing XFA readers, including one for Linux.

Alas, despite supporing XFA, neigher Chrome nor Firefox work with the NYS tax form.  I don't think they used to have the error plastered on top of obvious form fields, though, so that's a change.  That said, the form fields don't work as they should, so there's more to the puzzle to making everything functional, even if the error weren't there.

[ZLoth]

I've had a Android Smartphone since it was a personal graduation present back in December, 2010. And yes, Smartphones have come a long way since then.

One of the big reasons why a smartphone may become a de facto standard is because of security. There are too many people who think that Dogwood53! is a nice, secure password (minimum 10 characters, includes an upper and lowercase character, a number, and a special character), use it on all of their accounts, and never EVER changed it from 2005 despite the numerous password breaches. (But hey, the Nile is a river in Egypt). Yet, using a good password manager such as LastPass or KeePass is "too complicated".

Because there are three factos for good authentication (something you know, something you have, something you are), this is why there is the need for Two Factor Authentication (2FA). While sending a one time code via SMS is considered 2FA, it isn't the most secure methods. Many sites often use Google Authenticator codes as 2FA (which you can store on a app like Authy which is also available as a desktop app), some companies use Duo to log into their servers. And some Duo configurations have you either supplying a passcode or authenticate through the app... no callback allowed.

I've never understood the point of having a credit card if you have a positive amount of money. Why not just take it out of what you have and avoid paying interest?

A couple of reasons. For starters, if you want to book a hotel room, rent a vehicle, or take a cruise, this helps ensure your reservation without locking up money. If you do a hotel confirmation with a debit card, the hotel does a pre-authorization which effective makes that amount unavailable until the hold is taken off.

In addition, I have all of my recurring billings except my mortgage on my credit card. This includes toll payments, electric, water/garbage/sewer, gas, and Internet. This allows me to have one bill to pay off at the end of the month instead of several and avoids late payments.

I also use a rewards card because I can get money or rewards back such as Amazon gift cards. Of course, I pay off the card at the end of each month.

You know what is the most insecure financial instrument? Checks. At the bottom of each check is the routing code and account number for anyone to see.

[Scott5114]

I've had a Android Smartphone since it was a personal graduation present back in December, 2010. And yes, Smartphones have come a long way since then.

One of the big reasons why a smartphone may become a de facto standard is because of security. There are too many people who think that Dogwood53! is a nice, secure password (minimum 10 characters, includes an upper and lowercase character, a number, and a special character), use it on all of their accounts, and never EVER changed it from 2005 despite the numerous password breaches. (But hey, the Nile is a river in Egypt). Yet, using a good password manager such as LastPass or KeePass is "too complicated".

Because there are three factos for good authentication (something you know, something you have, something you are), this is why there is the need for Two Factor Authentication (2FA). While sending a one time code via SMS is considered 2FA, it isn't the most secure methods. Many sites often use Google Authenticator codes as 2FA (which you can store on a app like Authy which is also available as a desktop app), some companies use Duo to log into their servers. And some Duo configurations have you either supplying a passcode or authenticate through the app... no callback allowed.

The problem here is that too many websites are getting self-important about how stringent their security is. Like, having 2FA on a bank website makes sense. But I shouldn't have to have 2FA and a 46-character password, 3 characters of which must be upper case, 2 lower case, 4 that are neither upper or lowercase (but not punctuation or numbers), 1 number, one punctuation mark that isn't an asterisk, one character that is only part of the Norwegian and/or Icelandic alphabet, and one emoji, to sign into the account where I buy cat litter. What's a hacker going to do, change my subscription from the pink kind to the blue kind? Oh nooooooo.

SMS-based 2FA is kind of irritating anyway since most of the time I'm on the computer because I don't want to be on my phone, which I usually leave in the other room if I don't need it for anything. So I have to get up and go to the other side of the house to get it to enter some dumb 6-digit number in. At least if it sends to my email I can check it without getting up.

[ZLoth]

But I shouldn't have to have 2FA and a 46-character password, 3 characters of which must be upper case, 2 lower case, 4 that are neither upper or lowercase (but not punctuation or numbers), 1 number, one punctuation mark that isn't an asterisk, one character that is only part of the Norwegian and/or Icelandic alphabet, and one emoji, to sign into the account where I buy cat litter. What's a hacker going to do, change my subscription from the pink kind to the blue kind? Oh nooooooo.

As flippant as you are trying to be, that hacker can change the delivery address from your address to a another address that they can pick up from, increase the quantity of both the blue and pink kitty litter, add in additional expensive items, and resell the stuff on Craigslist. And, your address and phone number can be used for false applications. To quote a line from the move The Incredibles:"Your identity is your most valuable possession. Protect it."

SMS-based 2FA is kind of irritating anyway since most of the time I'm on the computer because I don't want to be on my phone, which I usually leave in the other room if I don't need it for anything. So I have to get up and go to the other side of the house to get it to enter some dumb 6-digit number in. At least if it sends to my email I can check it without getting up.

According to this article, about 62.5% of United States households are only using mobile phones. And, yes, you can view text messages through your computer's web browser. That "dumb 6-digit number" can prevent impersonators from accessing personal identifiable information which can be utilized to create false credit cards, mortgages, and so on. That ounce of prevention is better than years of cleanup.

[Scott5114]

But I shouldn't have to have 2FA and a 46-character password, 3 characters of which must be upper case, 2 lower case, 4 that are neither upper or lowercase (but not punctuation or numbers), 1 number, one punctuation mark that isn't an asterisk, one character that is only part of the Norwegian and/or Icelandic alphabet, and one emoji, to sign into the account where I buy cat litter. What's a hacker going to do, change my subscription from the pink kind to the blue kind? Oh nooooooo.

As flippant as you are trying to be, that hacker can change the delivery address from your address to a another address that they can pick up from, increase the quantity of both the blue and pink kitty litter, add in additional expensive items, and resell the stuff on Craigslist. And, your address and phone number can be used for false applications. To quote a line from the move The Incredibles:"Your identity is your most valuable possession. Protect it."

SMS-based 2FA is kind of irritating anyway since most of the time I'm on the computer because I don't want to be on my phone, which I usually leave in the other room if I don't need it for anything. So I have to get up and go to the other side of the house to get it to enter some dumb 6-digit number in. At least if it sends to my email I can check it without getting up.

According to this article, about 62.5% of United States households are only using mobile phones. And, yes, you can view text messages through your computer's web browser. That "dumb 6-digit number" can prevent impersonators from accessing personal identifiable information which can be utilized to create false credit cards, mortgages, and so on. That ounce of prevention is better than years of cleanup.

But here's the thing...I don't care.

The odds of someone hacking into that account and doing that, and the level of harm it would do me, are low enough that it doesn't justify the amount of added effort 2FA adds.

If someone did that, I would notice the increase in charge on my bank statement, go back and correct it, and have the bank reimburse me/chargeback the fraud. It would be pretty clear-cut that it was fraud, since it was shipped to an address that wasn't mine. The only thing I would really be out at the end of the day is a few hours worth of shoe leather dealing with the bank.

And that presupposes the place has my credit card saved. That's usual on things like Amazon or subscription services, but it's not a given anywhere else. And I generally don't save my credit card on sites where I just sporadically buy things here or there. On my own e-commerce website I don't allow people to save card information because I don't want stewardship over that data.

I own an LLC so my address and phone number are public record that the Secretary of State's website will cheerfully hand out to anyone that asks. I own a house so they can get it from the county assessor's site too. I can be as paranoid about that as I want and it won't make a damn bit of difference, it's already out there.

[ZLoth]

But here's the thing...I don't care.

The odds of someone hacking into that account and doing that, and the level of harm it would do me, are low enough that it doesn't justify the amount of added effort 2FA adds.

Actions have consequences. Sometimes, those consequences are unplanned, unintended, and unexpected. And, unfortunately the United States hasn't done too well in the security aspect, favoring convenience over security.

[J N Winkler]

I think high-friction authentication methods should be restricted to sites that can commit money.  There also needs to be a general recognition that (1) any form of authentication will create a perverse incentive to short-circuit the security (e.g., by using the same password for multiple sites) if it is inconvenient, and (2) authentication itself is pointless if end-to-end cryptographic security is not provided.

As an example, many state DOTs require you to create an account and log in to download plans.  I've never understood why they don't simply make them available for anonymous download, as many of their peers do.  Some of them don't even have secure login mechanisms; HSTS is still not universally implemented, and I've even run into sites where the login information is sent in clear over plain HTTP (which even a layperson like me knows is a huge no-no).