Possibly... but the extension of this to Android and Apple is going to be the entire internet shuts you out. And everything else will be a giant Dead Internet crawling with bots.
The sites that require you to log in are precisely the same ones that are crawling with bots. The personal internet or "small web" is, and still will be, full of real content. There are also lots of bot websites that are trying to be small web, but since it's an actual social network and not a giant pool everyone pours stuff into, they don't get traction. If you do find a website that seems to be human but links to a thousand AIslop sites, you'll stop following that guy's links.
I have to see. As much as I don't like Murena and /e/OS, they seem to have some clout with the EU/EC. Given that they are using microG and also hit by this, they might be able to nudge the EC to act on this.
Also, personally I care less and less. As long as my banks and government apps work, I'll just not use somebody's service if they put up barriers like this.
The hardware attestation (which is used by strict Play Integrity) checks the signature on your OS. It is totally possible to allow signatures other than Google, but Play Integrity doesn't do that.
Companies could totally decide to use hardware attestation and accept systems signed not only by Google, but also other systems (like GrapheneOS). But they don't care because not enough users complain to them.
Users of alternative Androids typically silently move to another service or stop using it entirely. Which is understandable but doesn't help the cause.
Both are terrible for privacy so it comes down to which one has a nicer screen now. :(
I'd rather have Google check an Apple phone attestation than have Google check a Google phone attestation, and vice versa, though, because you can assume each company is trying to keep as much information private to themselves instead of giving it to the other. Google is probably just getting "yes it's an Apple phone" and some kind of temporary token, instead of my IMEI, IMSI, phone number, all signed in accounts, biometrics and so on.
Also, Apple sells themselves as a privacy company, but often pick (possibly intentionally) insecure defaults. E.g. you might use end-to-end encrypted chats, but by default iCloud backups are not end-to-end encrypted, so law enforcement can just request your backups/chats from Apple. If you are vigilant and enable Advanced Data Protection for E2E iCloud backups, it probably still doesn't matter because the people that you communicate with probably do not have ADP enabled.
Besides that, they are enshittifying in the same way as Google. Ads in Maps, Ads in applications that you get with the OS (Apple Creator Studio ads in Keynote, etc.), Ads in your system settings for Apple Fitness+ (really).
At least Pixel phones and soon some Motorola models have the option of installing GrapheneOS.
At least with an Android i have the option of Graphene, and have access to a terminal, and for now can sideload apps.
With apple there's no choices, so I'll continue to take my chances with Android
Possibly... but the extension of this to Android and Apple is going to be the entire internet shuts you out. And everything else will be a giant Dead Internet crawling with bots.
The sites that require you to log in are precisely the same ones that are crawling with bots. The personal internet or "small web" is, and still will be, full of real content. There are also lots of bot websites that are trying to be small web, but since it's an actual social network and not a giant pool everyone pours stuff into, they don't get traction. If you do find a website that seems to be human but links to a thousand AIslop sites, you'll stop following that guy's links.
1 reply →
I have to see. As much as I don't like Murena and /e/OS, they seem to have some clout with the EU/EC. Given that they are using microG and also hit by this, they might be able to nudge the EC to act on this.
Also, personally I care less and less. As long as my banks and government apps work, I'll just not use somebody's service if they put up barriers like this.
1 reply →
Can Graphene OS pass this kind of Google attestation challenge, though?
No.
The hardware attestation (which is used by strict Play Integrity) checks the signature on your OS. It is totally possible to allow signatures other than Google, but Play Integrity doesn't do that.
Companies could totally decide to use hardware attestation and accept systems signed not only by Google, but also other systems (like GrapheneOS). But they don't care because not enough users complain to them.
Users of alternative Androids typically silently move to another service or stop using it entirely. Which is understandable but doesn't help the cause.
Both are terrible for privacy so it comes down to which one has a nicer screen now. :(
I'd rather have Google check an Apple phone attestation than have Google check a Google phone attestation, and vice versa, though, because you can assume each company is trying to keep as much information private to themselves instead of giving it to the other. Google is probably just getting "yes it's an Apple phone" and some kind of temporary token, instead of my IMEI, IMSI, phone number, all signed in accounts, biometrics and so on.
> Apple's just as bad if not worse.
Could you justify that? Because to me it seems like Apple isn't doing anything even like this.
https://httptoolkit.com/blog/apple-private-access-tokens-att...
Also, Apple sells themselves as a privacy company, but often pick (possibly intentionally) insecure defaults. E.g. you might use end-to-end encrypted chats, but by default iCloud backups are not end-to-end encrypted, so law enforcement can just request your backups/chats from Apple. If you are vigilant and enable Advanced Data Protection for E2E iCloud backups, it probably still doesn't matter because the people that you communicate with probably do not have ADP enabled.
Besides that, they are enshittifying in the same way as Google. Ads in Maps, Ads in applications that you get with the OS (Apple Creator Studio ads in Keynote, etc.), Ads in your system settings for Apple Fitness+ (really).
At least Pixel phones and soon some Motorola models have the option of installing GrapheneOS.
Apple never allowed custom ROMs to begin with, so their device attestation feels more seamless: https://support.apple.com/en-us/102591