← Back to context

Comment by raincole

1 month ago

> Trust in software will continue to erode

> there is an increasing discontent growing towards opt-out telemetry

Really? That's news to me. What I observed is people giving up more and more privacy every year (or "delegating" their privacy to tech giants).

Absolutely! The important bit is that users have no choice in the matter. They're pushed into agreeing to whatever ToS and updating to whatever software version.

The backlash against Microsoft's Windows Recall should serve as a good indicator of just how deeply people have grown to distrust tech companies. But Microsoft can keep turning the screws, and don't you know it, a couple years from now everyone will be running Windows 11 anyways.

It's the same for Android. If you really want your Android phone to be truly private, you can root it and flash a custom ROM with microG and an application firewall. Sounds good! And now you've lost access to banking apps, NFC payments, games, and a myriad of other things, because your device no longer passes SafetyNet checks. You can play a cat-and-mouse game with breaking said checks, but the clock is ticking, as remote attestation will remove what remains of your agency as soon as possible. And all of that for a notably worse experience with less features and more problems.

(Sidenote: I think banking apps requiring SafetyNet passing is the dumbest thing on planet earth. You guys know I can just sign into the website with my mobile browser anyways, right? You aren't winning anything here.)

But most users are never going to do that. Most users will boot into their stock ROM, where data is siphoned by default and you have to agree to more data siphoning to use basic features. Every year, users will continue to give up every last bit of agency and privacy so as long as tech companies are allowed to continue to take it.

  • > Absolutely! The important bit is that users have no choice in the matter.

    If people don’t have a choice, then they’re not giving up privacy, like the person you’re agreeing with said, it’s being taken away.

    • Opt out is portrayed as a choice when it barely is. Because it is very tiresome to always research what avenues exist and explicitly opt put of them and then constantly having to review that option to make sure it isnt flipped in an update or another switch has appeared that you also need to opt out of.

      Maybe you need to set an environment variable. Maybe that variable changes. It is pretty exhausting so I can understand people giving up on it.

      Is that really giving up on it though? Or are they contorted to it?

      If you do anything on the radio without the users explicit consent you are actively user hostile. Blaming the user for not exercising his/her right because they didn't opt out is weird.

  • If you accept Android as an option, then GrapheneOS probably check a lot of your boxes on an OS level. GrapheneOS developers sit between you and Google and make sure that shit like this isn't introduced without the user's knowledge. They actively strip out crap that goes against users interests and add features that empower us.

    I find that the popular apps for basic operation from F-Droid do a very good job of not screwing with the user either. I'm talking about DAVx⁵, Etar, Fossify Gallery, K-9/Thunderbird, AntennaPod etc. No nonsense software that does what I want and nothing more.

    I've been running deGoogled Android devices for over a decade now for private use and I've been given Apple devices from work during all those years. I still find find the iOS devices to be a terrible computing experience. There's a feeling of being reduced to a mere consumer.

    GrapheneOS is the best mobile OS I've ever tried. If you get a Pixel device, it's dead simple to install via your desktop web browser[1] and has been zero maintenance. Really!

    [1] https://grapheneos.org/install/web

    • Running a custom ROM locks you out of almost all decent phone hardware on the market since most have locked bootloaders, and it locks you out of a ton of apps people rely on such as banking and money transfer apps. You must recognise that it's not a practical solution for most people.

      7 replies →

    • That's great... for the HN reader.

      However, how is that supposed to work for your significant other, or your mother, or your indifferent-to-technology friend?

      Don't get me wrong, I also strive to keep my device's information private but, at the same time, I realize this has no practical use for most users.

      3 replies →

  • Completely agree, just one minor point:

    > I think banking apps requiring SafetyNet passing is the dumbest thing on planet earth. You guys know I can just sign into the website with my mobile browser anyways, right?

    No, you're not. For logging in, you need a mobile app used as an authentication token. Do not pass go, do not collect $200... (The current state of affairs in Czechia, at least; you still _do_ have the option of not using the app _for now_ in most banks, using password + SMS OTP, but you need to pay for each SMS and there is significant pressure to migrate you from it. The option is probably going to be removed completely in future.)

    • Right now I don't think there's anything like this in the United States, at the very least. That said, virtually every bank here only seems to support SMS 2FA, which is also very frustrating.

      1 reply →

  • fwiw, on Android, you can install a custom certificate and have an app like AdGuard go beyond just DNS filtering, and actually filter traffic down to a request-content level. No root required. (iOS forbids this without jailbreaking though :/)

    • Both android and ios allow root certificates, but most apps nowadays use SSL pinning, so that's no longer an option, either.

One of the reasons is because telemetry and backdoors are invisible. If the phone was showing a message like "sending your data to Cupertino" then users were better aware of this. Sadly I doubt there will be a legal requirement to do this.

  • Anything is possible through lobbying for regulation and policy.

    It's the same way that bills come out to crack people's policy.

    Only people don't always know they can demand the opposite so it never gets messed with again, and instead get roped into fatigue of reacting to technology bills written by non-technology people.

Apple seems to be the best option here too. They seem to have put in a huge effort to provide features people demand (searching by landmarks in this case) without having to share your private data.

It would have been so much easier for them to just send the whole photo as is to a server and process it remotely like Google does.

> What I observed is people giving up more and more privacy every year (or "delegating" their privacy to tech giants).

Are people giving up their privacy? Looks to me it’s being taken without consent, via enormous legalese and techniques of exhaustion.

  • Totally.

    Individuals who grew up primarily as consumers of tech, also have consented to a relationship of being consumed, bought, and sold themselves as the product.

    Those who grew up primarily as creators with tech, have often experienced the difference.

    This creates a really big blind spot potentially.

Whether or not people in general are aware of this issue and care about it, I think it's pretty disingenuous to characterize people as willfully giving up their privacy because they own smartphone. When stuff like this is happening on both iOS and Android, it's not feasible to avoid this without just opting out of having a smartphone entirely, and representing as a binary choice of "choose privacy or choose not to care about privacy" is counterproductive, condescending, and a huge oversimplification.

  • Maybe not privacy in general but this is about location privacy.

    If you have a smartphone in your pocket, then, for better or worse, you're carrying a location tracker chip on your person because that's how they all work. The cell phone company needs to know where to send/get data, if nothing else.

    It seems disingenuous to put a tracker chip in your pocket and be up in arms that someone knows your location.

    Unless this kerfuffle is only about Apple.

Come on, being forced to give up privacy is eroding privacy and increasing discontent.

forced can also mean the whole no privacy by default and dark patterns everywhere.

Do you honestly believe people understand what they’re doing?

Nowhere in marketing materials or what passes for documentation on iOS we see an explanation of the risks and what it means for one’s identity to be sold off to data brokers. It’s all “our 950 partners to enhance your experience” bs.