Lobby the govt to keep NUUP access to Free Software users

How secure is USSD? They outlawed "pull" requests in UPI citing the fraud angle. They have a good argument for USSD too.

@Life is Tetris it depends on how the application is deployed. Details are sparse but from what I can make out, USSD by itself is not very secure (subject to MITM attacks for example) though it is possible to add further protection.

However, I don't buy "the fraud angle" as an argument to stop providing services. By that logic, UPI itself should be outlawed as it increases the possible ways of conducting bank fraud. The real solution is well designed interfaces and proper user education. As one example, IMHO the proliferation of OTPs for every little thing has increased the possibility of fraud as it leads to an "OTP blindness" of sorts and makes it easier for people to claim that an OTP is required for some other purpose too when in reality it is being generated for a fraudulent transaction. One of my Internet banking portals now requires an OTP even to sign in to the account. My recommendation would be to use OTPs only when a sensitive financial transaction or card unlocking is happening: in other words "OTP" means "money is going to be debited". This makes it easier to educate people and form a clear association making it hard for fraudsters to claim that "we need this OTP to complete you KYC", "...for you to receive the funds into your account", etc. This is just a rough starting point of course and ideally something that a professional design team would decide.

In practical terms, the "pull" request related frauds cited by the government were more about social engineering than about technical security. (Unfortunately this affected NUUP users because asking the receiver to make a "pull" request was one workaround when bugs prevented direct initiation of transfer via UPI ID.) We can only hope the government won't decided to axe USSD as that would more or less make UPI transactions impossible for us, outlawed or not.