Comment by jchw
1 month ago
Absolutely! The important bit is that users have no choice in the matter. They're pushed into agreeing to whatever ToS and updating to whatever software version.
The backlash against Microsoft's Windows Recall should serve as a good indicator of just how deeply people have grown to distrust tech companies. But Microsoft can keep turning the screws, and don't you know it, a couple years from now everyone will be running Windows 11 anyways.
It's the same for Android. If you really want your Android phone to be truly private, you can root it and flash a custom ROM with microG and an application firewall. Sounds good! And now you've lost access to banking apps, NFC payments, games, and a myriad of other things, because your device no longer passes SafetyNet checks. You can play a cat-and-mouse game with breaking said checks, but the clock is ticking, as remote attestation will remove what remains of your agency as soon as possible. And all of that for a notably worse experience with less features and more problems.
(Sidenote: I think banking apps requiring SafetyNet passing is the dumbest thing on planet earth. You guys know I can just sign into the website with my mobile browser anyways, right? You aren't winning anything here.)
But most users are never going to do that. Most users will boot into their stock ROM, where data is siphoned by default and you have to agree to more data siphoning to use basic features. Every year, users will continue to give up every last bit of agency and privacy so as long as tech companies are allowed to continue to take it.
> Absolutely! The important bit is that users have no choice in the matter.
If people don’t have a choice, then they’re not giving up privacy, like the person you’re agreeing with said, it’s being taken away.
Opt out is portrayed as a choice when it barely is. Because it is very tiresome to always research what avenues exist and explicitly opt put of them and then constantly having to review that option to make sure it isnt flipped in an update or another switch has appeared that you also need to opt out of.
Maybe you need to set an environment variable. Maybe that variable changes. It is pretty exhausting so I can understand people giving up on it.
Is that really giving up on it though? Or are they contorted to it?
If you do anything on the radio without the users explicit consent you are actively user hostile. Blaming the user for not exercising his/her right because they didn't opt out is weird.
If you accept Android as an option, then GrapheneOS probably check a lot of your boxes on an OS level. GrapheneOS developers sit between you and Google and make sure that shit like this isn't introduced without the user's knowledge. They actively strip out crap that goes against users interests and add features that empower us.
I find that the popular apps for basic operation from F-Droid do a very good job of not screwing with the user either. I'm talking about DAVx⁵, Etar, Fossify Gallery, K-9/Thunderbird, AntennaPod etc. No nonsense software that does what I want and nothing more.
I've been running deGoogled Android devices for over a decade now for private use and I've been given Apple devices from work during all those years. I still find find the iOS devices to be a terrible computing experience. There's a feeling of being reduced to a mere consumer.
GrapheneOS is the best mobile OS I've ever tried. If you get a Pixel device, it's dead simple to install via your desktop web browser[1] and has been zero maintenance. Really!
[1] https://grapheneos.org/install/web
Running a custom ROM locks you out of almost all decent phone hardware on the market since most have locked bootloaders, and it locks you out of a ton of apps people rely on such as banking and money transfer apps. You must recognise that it's not a practical solution for most people.
Graphene mitigates the locked bootloader issue by only supporting one line of phones (Pixel), which have unlocked bootloaders.
A large amount of work has been put into making Graphene specifically work with banking apps. Mine does, for instance.
4 replies →
> Running a custom ROM locks you out of almost all decent phone hardware on the market since most have locked bootloaders
GrapheneOS only works on Pixel devices. Pixel devices are fine. We have reached a point where just about every mid-tier device is fine, really. I run my devices until they are FUBAR or can't be updated due to EOL. EOL for Android (and GrapheneOS) is ~7 years from the release date now.
> it locks you out of a ton of apps people rely on such as banking and money transfer apps.
These can be installed and isolated using work or user profiles in GrapheneOS. Also as > You must recognise that it's not a practical solution for most people.
Of course I do. We can act on two levels. We (as a society) can work for regulation and we (computery people) can take direct action by developing and using software and hardware that works in the user's interest. One does not exclude the other.
[1]prmoustache
1 month ago
You don't need tons of choice, but sufficient availability of a decent enough choice. The google piexel line supported by grapheneos is one.
My budget didn't allow me to buy a brand new one but I could buy a second hand pixel 6a for 200€.
Having said that you can also use an older phone with /e/os or lineageos and avoid apps that tracks you by limiting to android apps without telemetry available on f-droid.
That's great... for the HN reader.
However, how is that supposed to work for your significant other, or your mother, or your indifferent-to-technology friend?
Don't get me wrong, I also strive to keep my device's information private but, at the same time, I realize this has no practical use for most users.
The solution is the general populace becoming more tech literate, much like I became more literate in the yellow pages 20 years ago.
The reality is these are no longer mere tools, they are instruments for conducting life. They are a prerequisite to just about any activity, much like driving in the US.
We expect each and every citizen to have an intimate understanding of driving, including nuances, and an understanding of any and all traffic laws. And we expect them to do it in fractions of a second. Because that is the cost of utilizing those instruments to conduct life.
You install it from them. Past the initial install they get OTA updates.
Having said that it doesn't prevent them to check the "enable network" option when installing apps.
We can act on two levels. We (as a society) can work for regulation and we (computery people) can take direct action by developing and using software and hardware that works in the user's interest. One does not exclude the other.
That said. You can order a Pixel with GrapheneOS pre-installed and Google Apps and services can be isolated.
As the GP already mentioned, F-Droid (as great as it is) won't help you access your bank account.
Completely agree, just one minor point:
> I think banking apps requiring SafetyNet passing is the dumbest thing on planet earth. You guys know I can just sign into the website with my mobile browser anyways, right?
No, you're not. For logging in, you need a mobile app used as an authentication token. Do not pass go, do not collect $200... (The current state of affairs in Czechia, at least; you still _do_ have the option of not using the app _for now_ in most banks, using password + SMS OTP, but you need to pay for each SMS and there is significant pressure to migrate you from it. The option is probably going to be removed completely in future.)
Right now I don't think there's anything like this in the United States, at the very least. That said, virtually every bank here only seems to support SMS 2FA, which is also very frustrating.
It's actually a real drag. I live in a rural area and the mobile signal is up and down. Sometimes I don't get SMSs for hours to a day late.
fwiw, on Android, you can install a custom certificate and have an app like AdGuard go beyond just DNS filtering, and actually filter traffic down to a request-content level. No root required. (iOS forbids this without jailbreaking though :/)
Both android and ios allow root certificates, but most apps nowadays use SSL pinning, so that's no longer an option, either.