>What is the point of a token if its actually centrally controlled like rental properties?
This goes down the rabbit hole of crypto a bit and I don't want to drone on too much if it gets annoying, sorry in advance.
Most tokens will not be centrally controlled in the future (I can elaborate if you're interested). During the transition period there will be centralized tokens like RealT which have similar properties to the paper forms we use today but even in that state they do offer improvements such as integration with DeFi products (RealT tokens can traded on Uniswap and will likely be integrated into Maker allowing for using your property shares in a collatorized loan), easier accountability/auditability, and other use cases (Let's go a bit sci-fi and say your car lock will open for you as long as you prove you own the car's ERC-721).
>Presumably those spending limits and indeed ANY limits are user configurable with a token that could itself be stolen or just used by software instead of a person on the machine in question.
This stuff does exist and there's some really good documentation out there that's not just me rambling :) Changing or turning off the spending limits or whitelists comes with a user-defined waiting period, so even if a virus somehow accomplishes this feat you would still be notified and have a day or so to cancel the changes and recover your wallet. Your original example was a browser extension which cannot fake keyboard or mouse input to your wallet. It would need to be a real virus of some kind which is rare on desktops in today's world and basically impossible on mobile platforms. I'm not saying the risk is 0% but it's not like mass numbers of people are going to just get their crypto stolen willy nilly, especially if they use their phones like the majority of the people in the world do.
>Credit card transactions are tolerable because the financial sector takes in a huge chunk of the value of the economy and writes off losses out of that huge pile of money.
Credit cards will still exist in a crypto world. Banks will still exist too. You will be able to reverse those payments just like you can today even if the credit card company backs their operations with ETH/DAI/BTC instead of USD. On top of that, it's actually really easy to develop a payment system on top of Ethereum that contains the ability to reverse transactions for a period of time with complex logic such as different amounts of time for different merchants based on a calculated risk score. For end users this isn't much different at all in the short to medium term.
The point about changes requiring time to implement is well taken and I can even imagine people relying on notifications to catch bad behavior because I see some people doing that now.
Malware isn't impossible on mobile. Android install security is in a fashion crap and androids are 90% of the market worldwide.
OEMs base their installs on old kernel versions that support their custom never to be upstreamed modules needed to boot their board then after 0 through a few updates stop providing updates for their phones. This is so because their is no stable interface for kernel modules.
My own phone is running 3.18 while my laptop is running 5.6.
Ultimately a lot of people are running around with devices that are actually vulnerable to things we already know are broken in addition to the known vulnerabilities upcoming that will be known to attackers long before its known to OEMS.
You can posit a better more secure future but the honest truth is that our present work is crap and we have no particular reason to believe the future isn't also largely composed of crap. It's trivial to imagine that in a situation where you can derive an increasing payout for breaking security that the attackers wont keep pace with those trying to secure the future.
This pessimism has been the correct answer from the moment computers were networked to one another through today. Given that we have been bad at securing networked computers for 5 decades it behooves the optimistic to prove it.
Maybe in 5 years we will all be running devices running Sel4 with only substantially audited code but I would bet on more steaming piles of insecurity instead.
This goes down the rabbit hole of crypto a bit and I don't want to drone on too much if it gets annoying, sorry in advance.
Most tokens will not be centrally controlled in the future (I can elaborate if you're interested). During the transition period there will be centralized tokens like RealT which have similar properties to the paper forms we use today but even in that state they do offer improvements such as integration with DeFi products (RealT tokens can traded on Uniswap and will likely be integrated into Maker allowing for using your property shares in a collatorized loan), easier accountability/auditability, and other use cases (Let's go a bit sci-fi and say your car lock will open for you as long as you prove you own the car's ERC-721).
>Presumably those spending limits and indeed ANY limits are user configurable with a token that could itself be stolen or just used by software instead of a person on the machine in question.
This stuff does exist and there's some really good documentation out there that's not just me rambling :) Changing or turning off the spending limits or whitelists comes with a user-defined waiting period, so even if a virus somehow accomplishes this feat you would still be notified and have a day or so to cancel the changes and recover your wallet. Your original example was a browser extension which cannot fake keyboard or mouse input to your wallet. It would need to be a real virus of some kind which is rare on desktops in today's world and basically impossible on mobile platforms. I'm not saying the risk is 0% but it's not like mass numbers of people are going to just get their crypto stolen willy nilly, especially if they use their phones like the majority of the people in the world do.
>Credit card transactions are tolerable because the financial sector takes in a huge chunk of the value of the economy and writes off losses out of that huge pile of money.
Credit cards will still exist in a crypto world. Banks will still exist too. You will be able to reverse those payments just like you can today even if the credit card company backs their operations with ETH/DAI/BTC instead of USD. On top of that, it's actually really easy to develop a payment system on top of Ethereum that contains the ability to reverse transactions for a period of time with complex logic such as different amounts of time for different merchants based on a calculated risk score. For end users this isn't much different at all in the short to medium term.