- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
You must log in or # to comment.
You can install Google Play Services as a sandboxed app on GrapheneOS. That’s not the issue. I believe the issue is that Google will use hardware attestation to check if the OS you’re running it on is Google-approved.
For a decade or two now, it’s been pretty much assumed that everyone has an internet-connected, camera-equipped, browser-capable device in their pocket. Restaurants, banks, hospitals, employers and even government offices use QR codes and websites to get you to their menus, forms or services.
If ID is being tied to my mobile spy device, then I need my mobile spy device to be a right and not a luxury. $40-50 for a few years of validity, internet access provided at no cost, even if slow. I can have my luxury phone be where I’m ‘anonymous’, but I want the government to subsidize the mobile spy device if it’s a mandatory expense. Even cheap phones cost a lot of money.
To be clear, I don’t want ID tied to my phone, but it’s gotten harder to exist without one, so it should be something we have access to with minimal friction.
Add food, water and shelter to that list, but you can’t ask for them without a web browser.
eww recaptcha,spyware piece of shit.
Most of the time, my phone’s browser is disabled. It keeps me from using my phone too much. I understand not everyone is in a position where they can do that though.
Lol, ok, I’m out
So, is there any information besides a screenshot?
This is really bad even just from the perspective of user behavior. Training people to scan QR codes from anything that looks like a captcha box is HORRIBLE for security.
“Thanks for scanning the code, just one more step! Please input your phone number, and type in the code you receive.”
Boom, account stolen.
true
It’s almost like they don’t really care about your security…
And the phone number thing is already happening too. Google, discord and probably other stuff already ask for a phone number to prove you are a human when they flag your account.
It’s a server setting. one of my oldest servers has enabled this and I haven’t chatted with anyone there anymore because I need to verify my phone first.
well, I guess i will stop using those websites from my /e/os fairphone
isn’t that like half the internet?
What they are doing is way worse tban what you understood.
These QR codes will show on your Desktop PC and you will need an Android phone or an iOS device with a logged in Google QR code app to get past it.
so they are not only tracking you, but they are trying to reconnect your records across multiple devices.
And through the VPN
Ayup that has been the holy grail of big tech.
They are most of the way there today. Make Identity Resolution inescapable. Bing bang boom.
It is more than just phones and lappys too. It’s everything. That smart TV. That fitness watch. That automobile. That streaming music service. The ebook reader you got as a birthday gift.
Your behavior across every single device is data gold. This is today’s reality.
Yep, data gold to sell to data brokers and investors so they can sell you shit that you don’t need and can’t even afford.
I wouldn’t scan shit from a website. Random QR codes are a security risk. Just won’t visit that website.
That’s why you have to use the special google app that will protect you from all these dangers*
*and also collect all your data, sell it to advertisers and forward it to US surveillance agencies (for your own protection of course).
Sad thing is, that argument works against so many ppl. “I can trust this app. It’s from Google!”
We(*) are tearing down personal computing. Brick by brick. The very idea of controling our own devs is getting lost. Replacing with Big Tech Feudalism.
(*) Not most of us here. But in the whole pop.
Guess I’m not going to Youtube, then.
I see a future where we have our mandated government ID shitphone for banking, corpo and government suchn’shit, and the laptop we access Anna’s, Yggdrasil and TOR with.
and the days go by!
Not exactly same as it ever was, but seems kinda 2007 to me. I doubt any Lemmy instance or i2p site will enforce Google’s QRcode spy-proxy.
My current GraphineOS phone will probably be my last smartphone. I’ll be moving to a dumb phone and a data hotspot connected to some type of cyberdeck. Will have that thing locked down, blocking known abusive companies like Google. Honestly could care less about using any service that touches them.
It’s not 2007. Devices are everywhere now, smartphones, TV’s etc. The social dimension (social pressure) and implications are very different now. Their power increases, amount of people caught in the loop is immense now. 2007 was all still fun and games.
Undoubtedly, and more still will be as corporate greed turns the internet into pay-per-view TV. We can’t help that.
Make your decision for yourself for what to do with your connections and your own devices. You are in control of at least that, if nothing else.
I am in no way condoning Google’s behavior, nor am I trying to normalize it. With that out of the way: maybe running Android Studio with an AVD might be a decent workaround. For now…
Is it bad I use this for steam login? I thought that was secure …
That would make the two of us. My Fairphone 3+ is still kicking well with /e/OS.
And nothing of value was lost. I’m over social media, over commercial apps, and maybe I’m over having a mobile phone, too.
If google requires me to permit other companies to leech all my personal data to be able to use anything on the Internet at all, I say we label Google, Microsoft, Apple as criminal organizations
I’m sorry, bit there have to be limits.
I. DO. NOT. WANT. TO. USE. ANYTHING. GOOGLE.
OR APPLE. OR MICROSOFT.
FUCK ALL THESE OLIGARCH COMPANIES INTO THE GROUND
I do not want my private data leeches and sold every day, I don’t even get paid for it
That and fine them to oblivion. Piece their companies into parts. Make it all open source for the OS’es. Give ownership of companies to all the people. Etc. Lots and lots that can be done
I almost came reading this rant. Thanks for bringing this so much more eloquently to the point.
That would only make me install Graphene even harder if I wasn’t already writing from a phone with it
This. Time to stand up to Google and completely boycott the surveillance tech that the US is deploying.
Hopefully this will push Linux Mobile development so that we are no longer completely bound to Android or iOS
They should be fined so hard for this shit.
Every company that uses these captcha service should also be fined so hard. This isnt just google here.
And every company that is relying on gsm or the apple pendant to verify anything.
A fine is brushed off in a quarter. They should be forced to split into seperate companies.
What you said and my comment response to the person we both responded to
And forced to open-source their OS’es. And have to make their communities owned by the people instead of corpos. We are all beyond pissed and done with their shit. Everyone get more people on board into the movement daily to be focused on getting things done together!! Keep each other in the fight with online and in-person communities
Let’s hope the EU prevents this from happening. We should be able to access every site we wish without Google’s permission.
We should all be encouraging Europeans to:
- Force Android and iOS to be given to the people to own and open-source the OS fully in EU with GPL license
- Fine them to oblivion if they do not cooperate
- If they try to double down then piece up their companies into parts
We all tired of their fucking shit. Everyone keep getting people active and informed on all this!! Together anything is possible!!
The EU is busily building the Fourth Reich, so don’t expect help from there.
LOL, whatever you’re taking, stop, it’s doing your brain in! :D
The ongoing battle against online privacy is a symptom of capitalism, the EU is a capitalist state. The only thing the EU would ever do against US-based capitalism is to gobble up those capital gains for themselves. It doesn’t matter if it happes or not, the privacy-issues for end-users would never be alleviated by the EU.
From what you’re saying, they would’ve already introduced all those capitalist methods of control the first time around.
Which they didn’t.
What gives?
Also: the EU is literally incapable of “gobbling up capital gains for themselves” because “themselves” doesn’t exist in this context - the EU is not a “State”. The member-states might (and some do).
I see you have no clue. You will learn, eventually.
Go ahead, teach me.
Yeah, sure, at a really slower pace than USA. Maybe in a century. They still care more for their citizens Trump ever did.
Please elaborate.
Fuck em. If websites use this, I don’t need to see their shit or patronize their business. Google can eat a dick.
Not noticed it and fuck those websites. Happy to boycott.
This does seem to work with sandboxed Google Play Services on GrapheneOS btw.
I scanned the demo QR code on Google’s talk page about it with sandboxed Play Services enabled and it gave me a custom popup asking if I’d like to verify.
and you can do it from a second profile which contains none of your data.
Unless you’re doing that from a separate device in a separate location then all you’re doing is giving them the data they need to link those two accounts
You’re right, you’re not going to achieve complete anonymity if you’re interacting with Google services in any way, but you can reduce the amount of information that they receive.
Sandboxed Google Play Services doesn’t have privileged access to location information, so it can’t pull your GPS location or Wifi Positioning information. It would only see a blank profile and doing this would allow for your primary profile to continue to not run Play Services.
Any malicious code which could be injected into the process would find itself in a sandbox, on a blank profile and isolated from the rest of the system.
Google would only see that you are authenticating from a profile without anything installed, from an unknown location and coming from whatever VPN endpoint that you’d like. They could possibly infer that the blank profile and your ‘real’ profile are different via browser fingerprinting. You can randomize a lot of fingerprinting datapoints with browser extensions, but avoiding browser fingerprinting is a whole other topic.
The ‘real’ privacy solution is to avoid anything that uses this version of recaptcha. However, if you have to use these services then you can still reduce the amount of information leaked via Play Services by using a blank profile to scan the QR codes.
You’re right, you’re not going to achieve complete anonymity if you’re interacting with Google services in any way, but you can reduce the amount of information that they receive.
its not even about complete anonymity. google has zero business in when I’m logging into my utilities company account, or other semi-governmental portals!
it literally is their business; they make millions of dollars off of it.
then that’s a problem we must solve. Because an adtech company should definitely not have any business in that.
it has been solved for approximately 2 billion people on this planet, but those answers are not friendly to profit-seeking institutions like google and the only remaining institutions that can stop it are captured by the likes of google
That’s assuming they know I have another account
