This is really bad even just from the perspective of user behavior. Training people to scan QR codes from anything that looks like a captcha box is HORRIBLE for security.
"Thanks for scanning the code, just one more step! Please input your phone number, and type in the code you receive."
And the phone number thing is already happening too. Google, discord and probably other stuff already ask for a phone number to prove you are a human when they flag your account.
It's a server setting. one of my oldest servers has enabled this and I haven't chatted with anyone there anymore because I need to verify my phone first.
They are most of the way there today. Make Identity Resolution inescapable. Bing bang boom.
It is more than just phones and lappys too. It's everything. That smart TV. That fitness watch. That automobile. That streaming music service. The ebook reader you got as a birthday gift.
Your behavior across every single device is data gold. This is today's reality.
Sad thing is, that argument works against so many ppl. "I can trust this app. It's from Google!"
We(*) are tearing down personal computing. Brick by brick. The very idea of controling our own devs is getting lost. Replacing with Big Tech Feudalism.
I see a future where we have our mandated government ID shitphone for banking, corpo and government suchn'shit, and the laptop we access Anna's, Yggdrasil and TOR with.
and the days go by!
Not exactly same as it ever was, but seems kinda 2007 to me. I doubt any Lemmy instance or i2p site will enforce Google's QRcode spy-proxy.
It's not 2007. Devices are everywhere now, smartphones, TV's etc. The social dimension (social pressure) and implications are very different now. Their power increases, amount of people caught in the loop is immense now. 2007 was all still fun and games.
My current GraphineOS phone will probably be my last smartphone. I'll be moving to a dumb phone and a data hotspot connected to some type of cyberdeck. Will have that thing locked down, blocking known abusive companies like Google. Honestly could care less about using any service that touches them.
I am in no way condoning Google's behavior, nor am I trying to normalize it. With that out of the way: maybe running Android Studio with an AVD might be a decent workaround. For now...
If google requires me to permit other companies to leech all my personal data to be able to use anything on the Internet at all, I say we label Google, Microsoft, Apple as criminal organizations
I'm sorry, bit there have to be limits.
I. DO. NOT. WANT. TO. USE. ANYTHING. GOOGLE.
OR APPLE. OR MICROSOFT.
FUCK ALL THESE OLIGARCH COMPANIES INTO THE GROUND
I do not want my private data leeches and sold every day, I don't even get paid for it
That and fine them to oblivion. Piece their companies into parts. Make it all open source for the OS'es. Give ownership of companies to all the people. Etc. Lots and lots that can be done
And forced to open-source their OS'es. And have to make their communities owned by the people instead of corpos. We are all beyond pissed and done with their shit. Everyone get more people on board into the movement daily to be focused on getting things done together!! Keep each other in the fight with online and in-person communities
The ongoing battle against online privacy is a symptom of capitalism, the EU is a capitalist state. The only thing the EU would ever do against US-based capitalism is to gobble up those capital gains for themselves. It doesn't matter if it happes or not, the privacy-issues for end-users would never be alleviated by the EU.
From what you're saying, they would've already introduced all those capitalist methods of control the first time around.
Which they didn't.
What gives?
Also: the EU is literally incapable of "gobbling up capital gains for themselves" because "themselves" doesn't exist in this context - the EU is not a "State". The member-states might (and some do).
This does seem to work with sandboxed Google Play Services on GrapheneOS btw.
I scanned the demo QR code on Google's talk page about it with sandboxed Play Services enabled and it gave me a custom popup asking if I'd like to verify.
Unless you're doing that from a separate device in a separate location then all you're doing is giving them the data they need to link those two accounts
You're right, you're not going to achieve complete anonymity if you're interacting with Google services in any way, but you can reduce the amount of information that they receive.
Sandboxed Google Play Services doesn't have privileged access to location information, so it can't pull your GPS location or Wifi Positioning information. It would only see a blank profile and doing this would allow for your primary profile to continue to not run Play Services.
Any malicious code which could be injected into the process would find itself in a sandbox, on a blank profile and isolated from the rest of the system.
Google would only see that you are authenticating from a profile without anything installed, from an unknown location and coming from whatever VPN endpoint that you'd like. They could possibly infer that the blank profile and your 'real' profile are different via browser fingerprinting. You can randomize a lot of fingerprinting datapoints with browser extensions, but avoiding browser fingerprinting is a whole other topic.
The 'real' privacy solution is to avoid anything that uses this version of recaptcha. However, if you have to use these services then you can still reduce the amount of information leaked via Play Services by using a blank profile to scan the QR codes.
You're right, you're not going to achieve complete anonymity if you're interacting with Google services in any way, but you can reduce the amount of information that they receive.
its not even about complete anonymity. google has zero business in when I'm logging into my utilities company account, or other semi-governmental portals!
it has been solved for approximately 2 billion people on this planet, but those answers are not friendly to profit-seeking institutions like google and the only remaining institutions that can stop it are captured by the likes of google
i have one myself, and I can tell you that grapheneos won't be affected by this. the real damage is to people using things like dumb phones or BSD, even windows computers are effectively locked out of the internet.
Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too.
Google's Play Integrity API requires hardware attestation for the strong integrity level and is gradually phasing in requiring it for the more commonly used device integrity level. Apple already has it as a requirement. Over the long term, this will increasingly lock out hardware and OS competition.
The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it.
Apple's Privacy Pass brought hardware attestation to the web to help with passing captchas on their own hardware. Many people saw that as harmless since few sites would be willing to lock out non-Apple-hardware users. Apple and Google are both likely to bring broader hardware attestation to the web.
Google's reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems:
Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple's privacy pass, Google's 'cancelled' Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web.
Current media coverage for reCAPTCHA Mobile Verification misunderstands it and the impact of it. They're bringing a hardware attestation requirement to Windows, desktop Linux, OpenBSD, etc. by requiring a QR scan from a certified smartphone to pass reCAPTCHA in some cases. They could expand it more.
Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web. Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc. It's enormously anti-competitive.
Google's Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit. It also bans using any other alternative. This isn't somehow specific to an AOSP-based OS. You can't avoid this by using a mobile OS based on FreeBSD instead. You'll just be more locked out.
Google's Play Integrity API permits devices with no security patches for 10 years. The device integrity level can be bypassed via spoofing but they can detect it quite well and block it once it starts being done at scale. The strong integrity level requires leaked keys from TEEs/SEs to bypass it.
It doesn't provide a useful security feature, but it does lock out competition very well. Services requiring Apple App Attest or Google Play Integrity are primarily helping to lock in Apple and Google having a duopoly for mobile devices. Play Integrity is more relevant due to AOSP being open source.
Governments are increasingly mandating using Apple's App Attest and Google's Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them.
Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they're directly participating in locking out competition via their own services. Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security.
reCAPTCHA Mobile Verification will currently work with sandboxed Google Play on GrapheneOS but it clearly exists to provide a way for them to start using hardware attestation on systems without it. People without an iOS or Android device will be locked out when this is required even without that.
This isn't about security or any missing functionality. GrapheneOS can be verified via hardware attestation. Google bans using GrapheneOS for Play Integrity because we don't license Google Mobile Services and conform to anti-competitive rules already found to be illegal in South Korea and elsewhere.
Services shouldn't ban people from using arbitrary hardware and operating systems in the first place. Google's security excuse is clearly bogus when they permit devices with no patches for 10 years but not a much more secure OS. It's for enforcing their monopolies via GMS licensing, that's all.
that's true, things can change at any point. hopefully a workaround is found if it ever gets to that point though. them sandboxing Google play was impressive in itself.
if they add this requirement for the "I'm not a robot" technology this affects way more than stupid Facebook, reddit and the likes, most things behind anti DDoS use this shit.
I find this very dystopian, and there are not many "oh I'll just visit the sites than don't have it" alternatives. You might as well just open IRC and be done with it, I tend to visit a bit more of the internet (even if I haven't visited Facebook, Instagram and the likes in years)
Ayup absolutely. Those co's have such weight. They can drive this into essential services. Banks. Gov services. All online stores. Heck even sites that don't need logins.
It's short sighted to say "I'll just use other sites then". The end of that road is, we get excluded from modern life.
No fuck that we must continue to grow the movement and get more people on board. We don't give in to those rats and their garbage they try to put on us. Together we all can do together. Fuck them. Many of us already are doing and the more the better
You have to move all the black pixel blocks into the empty spaces and solve the puzzle to open the link. Than cenobites come out of your phone and show you pleasures beyond pain.
Regulations used to exist to break that that behavior. But they were either removed over time or not enforced. It can be done. It used to be. It wasn’t flawless but it wasn’t what we have today either.
Everything is possible. Some things just highly unlikely in the current political climate. I think the mamdani method of doing a shitload of door to door campaigning has been really successful in other parts of the world as well.
It can give a huge boost to leftist parties which then will be able to affect positive change but also change the political landscape. Overton window and all that.
What I'm saying is get the fuck out with your local leftist party/candidate or whatever if you can.
I mean yes, but waiting for the world to change isn't healthy I believe. Either arrange yourself with how it is now or try to be the change. I bet it's best to do both.
voting for incremental change within a captured isn't the change we (or anybody) needs, it's only being forced to chose between options predetermined by the capitalists.
It’s the love of money that’s the root of all evil
Thank you for getting this quote right. Often, it’s shortened to “money is the root of all evil”, which hits different, and removes the element of personal responsibility. The “love of money” bit is important.
Exactly. Money as a tool is fine. You need a way to pay for stuff. It's the love of money, money as a goal in itself, far beyond what you'll ever need to live, that's the problem.
Capitalism is fine small scale, most systems are. Humans are just wired for efficiency and so with every player on the same board the most ruthless player wins.
Ah yes, the mythical small business capitalism we all hear about. I will agree it sounds good on paper and also seems to distribute money in a somewhat efficient manner.
Unfortunately there has never been a government able to regulate and keep capitalism this way. Other people have said it is simply not possible due to the nature of capitalism.
I think there is a worthwhile debate here around systems and culture. Perhaps capitalism could work if people were not inherently so greedy. I tend to believe that culture is the deciding factor which is a little disheartening honestly.
It's not just culture. Most people value community and the well-being of others above amassing wealth (provided their needs are met). The problem is that capitalism indoctrinates us against those values, and even more that it rewards and empowers those who don't share them at all.
Unfortunately there has never been a government able to regulate and keep capitalism this way. Other people have said it is simply not possible due to the nature of capitalism.
the primary "authoritarian" government of the world has proven that it is possible and that keeping them under a tight leash is the only way to prevent them from indoctrinating the masses; that's why the number of billions and the wealth of the its millionaires have been steadily declining for the last decade or so, while simultaneously continuing to improve the quality of life for its citizens; meanwhile while the united states is poised to get its first trillionaire class very soon.
I sure hope you are not talking about China as they have produced more billionaires than the US for the last two years dramatically increasing their income gap. If you think they have capitalism in check I have a bridge to sell you in Brooklyn.
you're not wrong -- china's billionaire count is up. but here's the cycle that people in the west miss: a new crop of billionaires come along (eg. tech, evs, ai) and they replace the old crop (eg. real estate & manufacturing) that the chinese gov't already short-leashed, and boom, numbers jumped.
that new crop will experience their own slowdown too once they get their own short-leashes like the previous crop did. it happened around 2018-2024, and it'll happen again and again. china's churn is fast, but the pattern's the same every time: rise, stall, replace; no permanent footing/beachhead for a billionaire class from which to capture the system or spread misinformation like it is in the united states.
Capitalism does not work because companies will always seek to grow more and more and more. It's the core of capitalism. You need anti-capitalist policies to keep companies small.
Can we trust that isn’t a campaign to promote Google? What are these websites? Why aren’t they blocking an iPhone? Can any of that be replicated or is this just a Google campaign to create fear and doubt
GrapheneOS user here! Not sure about websites but there are certain apps that don't work properly without Google Play Services, but Graphene's app store has a sandboxed version of it, so I just installed that and revoked all it's permissions. Then if an app needs it, I just turn on the relevant permission, do the thing and then turn permissions off again. It's a bit of a pain at first but I'm used to it now.
Man, I want a phone with physical kill switches for things like Wifi, GPS, Bluetooth, because a lot of things seem to detect when these things are turned 'off' by software. Wonder how they'd react if in software, GPS is enabled, but the actual hardware is not powered at all
They most likely won't work. Just speculation, but I would imagine most software that "needs" information like GPS don't care that its on or off, they care that they try to pull data and there is none.
I'd say making a 2nd user for the apps that need Play Services (like banking and Uber/Lyft) is the move. This only allows Play Services to run when the 2nd user is on and also fully seperates it from the main user!
I'm a grapheneOS user and I don't have any google services installed. I havecyetvto hit any major issues with any apps or websites I use. Lucky, maybe?
I am Canadian. I don't use the rbc app, I use a different bank and use their website. I alao use the skip website when I order there, but I've never heard of the third one.
Its basically forced by Google. I mean who wouldn't force it after someone deliberately removes your government sanctioned spyware. See if people stopped calling it google or Apple and just USA spyware with backdoor to your lives it would be better at getting to the privacy issues. I mean the NSA already proved this is a fact.
I know in what way it's open source. I just don't understand what person this idiot thinks they're mocking when they wrote that. It's as if they think there are really people out there claiming that android/Google respects privacy (lol) and that it's proven by part of the OS being open source. People make up fake scenarios to get mad about and they're often rather ridiculous.
Oh, that’s what you mean. Ok, so every time I mention I have an iPhone because a. I value my privacy and b. I try not to support companies that actively harm the internet, someone says “but Android is open source”, as if merely having a few open source components means that Android is better in any way than any other OS.
In this instance, Google is not only making the internet worse, they’re doing it in a way that requires their own closed source libraries to even access a huge portion of the internet. This further makes any functional Android OS closed source.
The most ridiculous thing is that iOS is almost as open source as Android is. There are very few components of an Android based OS that are open source where the equivalent in iOS is not open source.
Yeah I don't have experience with people really simping for android let alone claiming it's meaningfully open source. The most I've seen is saying it's not nearly as closed off as iOS which is just a fact. And I will say that as well because it's a fact. But that has almost nothing to do with the OSS aspect. Or privacy. So yeah I still don't quite get your point of inserting this here.
What do you plan to do? Dumbphone? No phone? Break glass in case of emergency phone in a faraday pouch?
I'm considering a break-glass dumbphone in a faraday pouch. I REALLY fucking hate location tracking. I'd keep it seperate from my IRL ID. Prob is, it's hard. Screw up once, big data pounces. One call tied to your name in any way. One friend puts it in their contacts. One time to forget the pouch and there's a location ping at your residence. Not to mention the difficulty of even buying it and setting up a plan. Ugh :(
I'm a teams app for dumb phones away from getting off smart phones. I'm fiddy and have to use my readers to even see my phone, so I've slowly stopped using it for much outside of random apps for appliances. I can get an ipad for that, though. I'm also a privacy advocate, but I've made peace with the fact that ship has pretty much sailed
You can still go graphene and isolate play services in a secondary profile.
For a better future:
Organisations and services that structure themselves to require third party services need to take contractual responsibility for the actions in their fulfillment supply chain, just as an online retailer takes responsibility for delivery agents. Google play services harvesting needs to be reflected in the privacy policy of every company that doesn't provide alternative access.
Wonder what will happen if we all start making data protection complaints about enforced non contractual third party data harvesting?
And then Google retaliates by not allowing Motorola to include Google Play on any of their devices. In the end, Motorola just cancels their GrapheneOS partnership.
Monopolies are the number one reason everything sucks, and will continue to suck until we get non-corrupt politicians (which is impossible)
That's probably a reason they're doing this now. To stifle what might start to be a sizable amount of pushback. Sizable is still single digits but if it hits a whole % instead of >1 then we might start getting somewhere
You can install Google Play Services as a sandboxed app on GrapheneOS. That's not the issue. I believe the issue is that Google will use hardware attestation to check if the OS you're running it on is Google-approved.
I had one of these CAPTCHAs recently and it still gave me the option to verify by clicking the squares. I wouldn't be surprised if they phased out the 'legacy' verification though.
To anyone not switching because of this-- in my experience this is something I can work around. On most websites my captchas still work. I have had a few that dont work, and I just close the website and move on. It hasn't happened on any websites that are very important for me to visit. Usually its a store and they really me to install their stupid app. Nope.
Smartphones are such an utter wretch nowadays, & I'm not even sure if there was a time they weren't. I don't get the appeal of a smartphone, they do everything a dumbphone does but worse, more expensive & with an unremovable thick layer of scum, yeah a smartphone has some of the features of a laptop or desktop but who needs that baked into their phone for every moment?
People are trying so hard to fix smartphones (even by giving money to the least privacy respecting companies ever by buying Google phones) when they can get a dumbphone and be rid of those problems in the first place. Well that's my opinion at least, I think it might be a bit extreme.
"even by giving money to the least privacy respecting companies ever by buying Google phones"
To be fair, Pixels are available secondhand, often in Mint condition, which is why my last three Pixels and any other phone/tablet I've bought have been through https://swappa.com/.
Honestly in hindsight I think that point of mine isn't very good, given what you said, I mean some people probably buy new Pixels but an entire point should not hinge on a possibility.
You really don’t get the appeal or you just feel differently? I don’t like roller coasters but my reasoning doesn’t include me not getting the appeal others have for them.
I know the appeal (I think) but I worry that these things can be very harmful after a while, like how with the constant internet access provides constant distraction from anything important in one's life (like studying, working, etc).
In theory, you're correct. Smartphones have way more attack surfaces than 'dumb phones'for big tech and other sinister actors to exploit. But 'dumb phones' are not clear of this. They are still used by the providers to read your texts and listen in on your calls, plus tracking you based on the towers being used.
It's not easy to make a choice. If you have a smartphone with stock firmware, your whole life is being tracked, if you go with GrapheneOS (my case) some of that is minimized by using Signal and VOIP instead of mobile ams and calls. If you go with the dumb-phone, you're effectively clear from all those tracking methods, but the mobile providers still have a shitload of ways to follow you around together with what you do, when and with whom, but Big Tech is removed from the equation.
Unfortunately, other than not having a portable device of any type with some type of connection, we're flat out of options, and then that would effectively remove you from society for the most part. What a fucking conundrum.
It's funny, I hadn't noticed, maybe because any site aleeady using reCAPTCHA or cloudflare alreadt gets blocked by my ad blocker... If those sites can't do better on their own, its just another thing you don't need. This is kind of a nothing burger. Stay strong and let google commit suicide.
Are you blocking Cloudflare at an IP level? Or just when they do that "Are you human?" thing? So much of the Internet goes through Cloudflare for DDoS protection, and blocking AI bots, I'm surprised there's anything left.
Don't give money to google by buying Pixel phones. Even buying used, creates demand as people are more likely to keep upgrading every year as they know it will be easy to sell their used Pixels for a good price.
the pixel is a very secure phone from a hardware level, the full list of security features missing from other android manufacturers is in the grapheneos faq
there is no comparable alternatives right now, though something might come out of the graphene and motorola deal
From the grapheneos faq section on device support, which details the kinds of hardware and firmware security features required and present on pixels (but may be missing on other devices):
Hardware, firmware and software specific to devices like drivers play a huge role in the overall security of a device. The goal of the project is not to slightly improve some aspects of insecure devices and supporting a broad set of devices would be directly counter to the values of the project. A lot of the low-level work also ends up being fairly tied to the hardware.
Non-exhaustive list of requirements for future devices, which are standards met or exceeded by current Pixel devices:
Support for using alternate operating systems including full hardware security functionality
Complete monthly Android Security Bulletin patches without any regular delays longer than a week for device support code (firmware, drivers and HALs)
At least 5 years of updates from launch for device support code with phones (Pixels now have 7) and 7 years with tablets
Device support code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they're released)
Linux 6.1, 6.6 or 6.12 Generic Kernel Image (GKI) support
Hardware accelerated virtualization usable by GrapheneOS (ideally pKVM to match Pixels but another usable implementation may be acceptable)
Hardware memory tagging (ARM MTE or equivalent)
Hardware-based coarse grained Control Flow Integrity (CFI) for baseline coverage where type-based CFI isn't used or can't be deployed (BTI/PAC, CET IBT or equivalent)
PXN, SMEP or equivalent
PAN, SMAP or equivalent
Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode and decode, image processor and other components
Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times
Verified boot with rollback protection for firmware
Verified boot with rollback protection for the OS (Android Verified Boot)
Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)
StrongBox keystore provided by secure element
Hardware key attestation support for the StrongBox keystore
Attest key support for hardware key attestation to provide pinning support
Weaver disk encryption key derivation throttling provided by secure element
Insider attack resistance for updates to the secure element (Owner user authentication required before updates are accepted)
Inline disk encryption acceleration with wrapped key support
64-bit-only device support code
Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers
Support for disabling USB data and also USB as a whole at a hardware level in the USB controller
Reset attack mitigation for firmware-based boot modes such as fastboot mode zeroing memory left over from the OS and delaying opening up attack surface such as USB functionality until that's completed
Debugging features such as JTAG or serial debugging must be inaccessible while the device is locked
There is and there never will be a perfect solution and you shouldn't let an imperfect solution stop you from using the best one of these just because buying a used pixel MIGHT urge somebody to buy another new one. You may not want to do that, but it is silly and way too idealistic and impractical to demand others not to switch to Graphene because of that.
Buying a used pixel to degoogle and make your phone more secure and less likely to spy on you more than balances out the potential for there being one more new pixel on the future. There will never be a perfect solution and this one is fine enough for most. You may disagree and that's ok.
Nobody's saying that those other ones are terrible and they are better than stock Android for security and less tracking here. But it is the best one and does things that the other ones don't.
You can use a fairphone with one of those and if you're happy with it, it's absolutely better than what most people do and if it works it works. But people really like GOS for a good reason. The cult comment can be applied to Linux users, so who gives a shit?
First off, that's software when the user asked for an alternative to the Pixel, which is hardware.
Secondly, I don't see how those are an alternative. It's websites locking you out unless you run Google Play Services. LineageOS etc doesn't run the official PlayServices which is what this requires.
This 1000 times. I can't understand the logic behind willfully getting a Pixel phone. Isn't it enough that Google spies on you every chance they get, you want actual hardware from them too? lol
LOTS of phones other than Pixels come with an unlockable bootloader, just check the list of supported phones for Lineage, Postmarket, Ubuntu Touch, crDroid, etc.and you'll find a multitude of choices - many (most) of which are readily available in the USA as well. (source: me, who has flashed alternative AOSP ROM's and Ubuntu Touch to around a dozen phones & tablets, none of which were Pixel's)
What isn't possible though is relocking the bootloader after flashing an alternative ROM or OS onto nearly all of these, meaning there is minimal security if the phone is stolen, or tampered with while unsupervised. And for those requiring physical security for their devices, that is a big deal.
I feel like it was in the sweet spot for me as I was looking for a "true"(i.e. non-android) linux phone, and I happened to have a FP4, which I bought years ago. I don't see many other options for this device, other than ubuntu touch. I tried it like a year+ ago, and it was nice, but it lacked userspace drivers for wireguard and while it was officially listed as issue somewhere in github/gitlab/wherever the development was, the development seemed really slow, almost stagnant. And I rely heavily on wireguard in my homelab setup, so that was a deal breaker for me.
Fairphone 4. It’s working out decently enough for me. To be clear, some features are still broken (most crucially phonecall audio, which only works via headset), speakers altogether started working just a couple of months ago in edge branch. Camera kinda works, but it takes just horrible pictures. Broken if you ask me. I like the “feel” i have with it, it no more feels like I’m carrying a spying device in my pocket, but a computer instead. There are drawbacks, like I have to do my banking old school, visiting the bank site via browser, but they are worth it for me. My phone screen time has definitely shortened. It’s more quiet now.
edit: and you can do cool stuff with it, with root access by default! I have signal-cli running as a systemd service, which connects to my matrix signal bridge :)
edit2: funny story about the mentioned signal-cli. I had to put the phone in the fridge, because otherwise while compiling it (had to be compiled, no packages available) hit the critical temp threshold and shut down. :D Felt kinda funny. 2026, phones compiling in the fridge.
Fairphone 4. It's working out decently enough for me. To be clear, some features are still broken (most crucially phonecall audio, which only works via headset), speakers altogether started working just a couple of months ago in edge branch. Camera kinda works, but it takes just horrible pictures. Broken if you ask me. I like the "feel" i have with it, it no more feels like I'm carrying a spying device in my pocket, but a computer instead. There are drawbacks, like I have to do my banking old school, visiting the bank site via browser, but they are worth it for me. My phone screen time has definitely shortened. It's more quiet now.
edit: and you can do cool stuff with it, with root access by default! I have signal-cli running as a systemd service, which connects to my matrix signal bridge :)
edit2: funny story about the mentioned signal-cli. I had to put the phone in the fridge, because otherwise while compiling it (had to be compiled, no packages available) hit the critical temp threshold and shut down. :D Felt kinda funny. 2026, phones compiling in the fridge.
You do whatever you want, but out of curiosity: how is that helping with this issue in anyway?
pmOS does not have Google Play nor the Apple equivalent. GOS has the option of having a sandboxed Google Play.
We seriously need to ask Valve to make SteamOS phones.
Not only will they be good for gaming but imagine being able to put other OS'es on it like PC's. Bazzite, PostmarketOS, etc. Plus Valve will still get revenue from people using the upcoming Steam ARM Game Store, and the current Bannerhub/Gamenative community android apps that enable playing PC games they own from Steam/GOG on Phones
Its such a huge opportunity that we all should be encouraging then to pursue now and after they release their current 3 big projects: Steam Controllers, Steam Machines, Steam Frames
I get where you are coming from. Out of all of the billionaires he is one that is one of the least bad out of the rest of them, and is doing plenty of good things himself. He got that wealth from Steam doing so well over the years co.pared to other billionaires that did the shadiest things imaginable
I don't agree with his yachts business yet I agree with his side project of making boats specifically for ocean research. I don't agree with him still getting paid so much today, yet I agree that he pays and treats his employees and customers well
End of the day it's another option to get open phones that can have bootloader unlocked to change OS, and not be locked down. It is good to have more options currently where there are few.
Many online PC gamers have this opinion too so overall its more so a matter of time and comes down to if Valve really wants to then they will.
Yeah he's the kind of wealth that helps you realize why people ever supported the wealthy. They used to actually have an understanding that keeping their wealth meant keeping employees, customers, and people at large happy and safe – and they'd be willing to put in the effort (or rather, money) to ensure it.
I don't use the internet for much these days, but I am on graphine OS and I have yet to be blocked from websites due to it. My adblocker prevents me from some, and not allowing javascript prevents me from some, but I've never seen that QR code or had any site prompt fro Google play services
For a decade or two now, it's been pretty much assumed that everyone has an internet-connected, camera-equipped, browser-capable device in their pocket. Restaurants, banks, hospitals, employers and even government offices use QR codes and websites to get you to their menus, forms or services.
If ID is being tied to my mobile spy device, then I need my mobile spy device to be a right and not a luxury. $40-50 for a few years of validity, internet access provided at no cost, even if slow. I can have my luxury phone be where I'm 'anonymous', but I want the government to subsidize the mobile spy device if it's a mandatory expense. Even cheap phones cost a lot of money.
To be clear, I don't want ID tied to my phone, but it's gotten harder to exist without one, so it should be something we have access to with minimal friction.
Add food, water and shelter to that list, but you can't ask for them without a web browser.
I'm not a security guy, what is the problem that this is supposed to be fixing? Like I guess you wouldn't be able to use a virtuallised os to visit your banking website? Like I understand if you work for a bank you should only be able to access some things from specific computers, but normal people?
It's intended to be a successor to the current reCAPTCHA, sold as harder to spoof than current picture-based versions. Now, almost from its start, CAPTCHA existed to train AI vision models. So Google basically painted themselves into a corner using free labor to train models good enough to recognize images, now they are switching to device signals.
That said, they're going to have to provide a compatibility layer for iOS which AFAIK doesn't come with Google Play Services right now. So I have some faith in the smart folks who make these de-shittified OSes working something out via microG or the like.
iOS has their own attestation/anti-tamper api similar to google's integrity api so that's going to be used instead. the only difference is that on iOS you'll need to download extra software specifically for this.
graphene devs said you can do it with their sandboxed version of gms but as far as i know that still involves having an account and handing over all your personal info to google.
Realistically, it’s keeping people in their walled garden.
I felt for a long time, "trusted computing" is such a doublespeak term. It gets avg ppl to think "Oh ofc i want to trust my device! Who wouldn't want that?"
Ofc what it really does, is gives BigTech the final control over everybody's dev.
It started out promising. Keep malicious things from changing your firmware or disk without permission. But the tools were never open enough to let you do it. So it only became trusted for those who paid into it.
If you're serious about it probably worth just using an old phone as an Auth device and only switch it on for that and still use graphene as your daily driver.
So i just checked back a day later after posting this and it blew up more than i expected. I've gotten some comments suggesting its not really preventing GrapheneOS from being usable, so this might need more context. Do your own research and testing on this one for sure, as with most things. Sorry for not answering comments, quite busy right now.
I mean when you're paying $260 to $300+ for even a used Pixel (8 is the oldest one supported till 2029 I think), that can be a hell of an investment to make if the thing is nerfed from alternate OSs.
graphene can have the play service, but in a sandbox. anything other than that uses microg so its emulated. probably needs some time to get up to speed. if not, just use the desktop site instead of mobile. i dont really see this as much of a threat to any of us.
Desktop site is going to require QR scan.
I don't know what they are going to do about "I don't have a phone" / "I only have a dumb phone" population.
I suspect that sometime soon I'll have to buy a stay-at-home Google certified device, to bridge the locked down features and services.
They don't give a shit about that part of the population, maybe they can even force some of that part of the population to finally cave in and get a smartphone.
Pretty sure their solution would be mandatory carrying of approved devices. It will be the only way to provide identification and payments, essentially all the stuff religious nuts say about the mark of the beast minus the weird parts like demons or the invisible counter mark and shit like that.
Most 2FA solutions on commercial websites (bank, online payment, electricity/water/gas providers) require a phone here instead of using open standard solutions or using physical tokens. They are doing everything they can to force us in to a Google/Apple lock in.
this is such a weird idea to me. why do i need a phone to browse on my pc?
what if my phone is not charged, what if the camera is broken or simply covered due to work regulations. such a dumbass idea.
It's just... everything kinda sucks hard these days. Internet and computer stuff in general is my getaway from all the depressing IRL stuff. But internet is also becoming shitty now. Personal computing is barely a thing nowadays; everything is turning into walled surveillance nightmares. Can't even call them "walled gardens", because gardens are actually supposed to be, like, nice things
Many things are actually amazing. Used enterprise hardware is faster and more affordable than ever. Desktop Linux is so much fun to use, we never have to interact with windows or mac. There's people out there working on mostly free or entirely free hard- and software.
The good news is that there are enough people feeling this that refuges from the enshittification are growing. We're in one right now.
Also, while online personal computing has definitely been getting worse, offline personal computing is better than it's ever been. Growing that is sort of like making your own walled garden.
That all said, only keep to technology as much as it improves your life. The other people saying to go into nature more have it right.
Noooo, don't look at the bad, look at the good. We have this place and Gemini (the good one) to express ourselves.
And besides, the title in this repost is a bit sensational. That specific captcha needs a phone with the Google app. You can just delete data + refresh until you get a different one. Nothing about specifically degoogled phones, people without phones are affected just as much. I am sure MicroG would work just as well (if not now, at least later). Also, ideally you should click the fuck away from recaptcha sites either way. Paradoxically, Google's own sites don't have it usually except the search but nobody needs that (at least anyone you would ask on here), DuckDuckGo + StartPage (OR SearXNG) is good enough.
Does Ubuntu Touch work on the 3a? That was my last phone, but after it was no longer supported by Graphene I bought a 7a. I don't really like Ubuntu but would like to experiment with a Linux phone.
It works, but its not really usable as a daily driver. None of the browsers render sites correctly and I couldnt make phone calls, but that might be a carrier thing on my end.
Most of the time, my phone's browser is disabled. It keeps me from using my phone too much. I understand not everyone is in a position where they can do that though.
All these captchas just make me evaluate effort vs need. Facebook throws a captcha every time because I log in from a private window. Before it just gave me a warning unrelated to my interests. I mostly use facebook for work, and those sweet lawnmowing videos. If they keep it up I will only log in for work.
As I understand it, it's a separate system, kind of like the TOTP 2FA, for comparison, but in this case it would be an additional system, and where normally anyone can use any provider for TOTP, this one is Google only. If websites implement this, and many likely will, you can only use those sites if you have a Google permitted phone that leeches all your private data 24/7
More like a class action EMP attack on data centers. But who knows, maybe the AIs will be the energy shift this world needs to get us out of this mess. They can't code regression corrections to force them into their desired bias ad infinitum. At some point these bots will outsmart it and get good enough to manipulate everything into optimization. Our luck might depend on what their definition of optimized is.
And now I realize how desperate our position is that bots might be our only hope.
This is misunderstanding the problem, I think. This is not a weakness in GrapheneOS due to being an AOSP derivative, it's a weakness imposed by Google on all alternative OSes whether they are AOSP derived or not. They present a scannable code that will only be cleared if you scan it with Google's Android.
Unless there's something else going on here. Either way, anger should be directed at Google, not GOS or its users. (annoying though they might sometimes be ;)
Right, I almost, and probably should have, mentioned that. They use a different, parallel system that is also not available to the kind of alternative devices people on this site are interested in.
Same. And I think it is even more ridiculous when you have to rely on their hardware too. They control the hardware drivers AND the OS upstream, how do you exist if not by their permission?
And you couldn't use your current phone for that? That is in cases where you have no choice left, and where your identity is known regardless. Don't let perfect be the enemy of good: just because this anti-feature may not work, doesn't mean you can't have better standards overall (assuming you're coming from a regular OS).
That's my point. If your non-Pixel or Googled phone is able to support the new Play Services, you could use that device for the verification, instead of using the GrapheneOS device.
This is really bad even just from the perspective of user behavior. Training people to scan QR codes from anything that looks like a captcha box is HORRIBLE for security.
"Thanks for scanning the code, just one more step! Please input your phone number, and type in the code you receive."
Boom, account stolen.
It's almost like they don't really care about your security...
And the phone number thing is already happening too. Google, discord and probably other stuff already ask for a phone number to prove you are a human when they flag your account.
It's a server setting. one of my oldest servers has enabled this and I haven't chatted with anyone there anymore because I need to verify my phone first.
true
well, I guess i will stop using those websites from my /e/os fairphone
What they are doing is way worse tban what you understood.
These QR codes will show on your Desktop PC and you will need an Android phone or an iOS device with a logged in Google QR code app to get past it.
so they are not only tracking you, but they are trying to reconnect your records across multiple devices.
And through the VPN
Ayup that has been the holy grail of big tech.
They are most of the way there today. Make Identity Resolution inescapable. Bing bang boom.
It is more than just phones and lappys too. It's everything. That smart TV. That fitness watch. That automobile. That streaming music service. The ebook reader you got as a birthday gift.
Your behavior across every single device is data gold. This is today's reality.
Yep, data gold to sell to data brokers and investors so they can sell you shit that you don't need and can't even afford.
I wouldn't scan shit from a website. Random QR codes are a security risk. Just won't visit that website.
That's why you have to use the special google app that will protect you from all these dangers*
*and also collect all your data, sell it to advertisers and forward it to US surveillance agencies (for your own protection of course).
Sad thing is, that argument works against so many ppl. "I can trust this app. It's from Google!"
We(*) are tearing down personal computing. Brick by brick. The very idea of controling our own devs is getting lost. Replacing with Big Tech Feudalism.
(*) Not most of us here. But in the whole pop.
Guess I'm not going to Youtube, then.
I see a future where we have our mandated government ID shitphone for banking, corpo and government suchn'shit, and the laptop we access Anna's, Yggdrasil and TOR with.
and the days go by!
Not exactly same as it ever was, but seems kinda 2007 to me. I doubt any Lemmy instance or i2p site will enforce Google's QRcode spy-proxy.
It's not 2007. Devices are everywhere now, smartphones, TV's etc. The social dimension (social pressure) and implications are very different now. Their power increases, amount of people caught in the loop is immense now. 2007 was all still fun and games.
Undoubtedly, and more still will be as corporate greed turns the internet into pay-per-view TV. We can't help that.
Make your decision for yourself for what to do with your connections and your own devices. You are in control of at least that, if nothing else.
My current GraphineOS phone will probably be my last smartphone. I'll be moving to a dumb phone and a data hotspot connected to some type of cyberdeck. Will have that thing locked down, blocking known abusive companies like Google. Honestly could care less about using any service that touches them.
I am in no way condoning Google's behavior, nor am I trying to normalize it. With that out of the way: maybe running Android Studio with an AVD might be a decent workaround. For now...
Is it bad I use this for steam login? I thought that was secure ..
That would make the two of us. My Fairphone 3+ is still kicking well with /e/OS.
And nothing of value was lost. I'm over social media, over commercial apps, and maybe I'm over having a mobile phone, too.
isn't that like half the internet?
If google requires me to permit other companies to leech all my personal data to be able to use anything on the Internet at all, I say we label Google, Microsoft, Apple as criminal organizations
I'm sorry, bit there have to be limits.
I. DO. NOT. WANT. TO. USE. ANYTHING. GOOGLE.
OR APPLE. OR MICROSOFT.
FUCK ALL THESE OLIGARCH COMPANIES INTO THE GROUND
I do not want my private data leeches and sold every day, I don't even get paid for it
That and fine them to oblivion. Piece their companies into parts. Make it all open source for the OS'es. Give ownership of companies to all the people. Etc. Lots and lots that can be done
I almost came reading this rant. Thanks for bringing this so much more eloquently to the point.
That would only make me install Graphene even harder if I wasn't already writing from a phone with it
This. Time to stand up to Google and completely boycott the surveillance tech that the US is deploying.
Hopefully this will push Linux Mobile development so that we are no longer completely bound to Android or iOS
They should be fined so hard for this shit.
Every company that uses these captcha service should also be fined so hard. This isnt just google here.
And every company that is relying on gsm or the apple pendant to verify anything.
A fine is brushed off in a quarter. They should be forced to split into seperate companies.
What you said and my comment response to the person we both responded to
And forced to open-source their OS'es. And have to make their communities owned by the people instead of corpos. We are all beyond pissed and done with their shit. Everyone get more people on board into the movement daily to be focused on getting things done together!! Keep each other in the fight with online and in-person communities
Let's hope the EU prevents this from happening. We should be able to access every site we wish without Google's permission.
We should all be encouraging Europeans to:
We all tired of their fucking shit. Everyone keep getting people active and informed on all this!! Together anything is possible!!
The EU is busily building the Fourth Reich, so don't expect help from there.
Yeah, sure, at a really slower pace than USA. Maybe in a century. They still care more for their citizens Trump ever did.
LOL, whatever you're taking, stop, it's doing your brain in! :D
The ongoing battle against online privacy is a symptom of capitalism, the EU is a capitalist state. The only thing the EU would ever do against US-based capitalism is to gobble up those capital gains for themselves. It doesn't matter if it happes or not, the privacy-issues for end-users would never be alleviated by the EU.
From what you're saying, they would've already introduced all those capitalist methods of control the first time around.
Which they didn't.
What gives?
Also: the EU is literally incapable of "gobbling up capital gains for themselves" because "themselves" doesn't exist in this context - the EU is not a "State". The member-states might (and some do).
I see you have no clue. You will learn, eventually.
Go ahead, teach me.
Please elaborate.
Fuck em. If websites use this, I don't need to see their shit or patronize their business. Google can eat a dick.
Not noticed it and fuck those websites. Happy to boycott.
This does seem to work with sandboxed Google Play Services on GrapheneOS btw.
I scanned the demo QR code on Google's talk page about it with sandboxed Play Services enabled and it gave me a custom popup asking if I'd like to verify.
and you can do it from a second profile which contains none of your data.
Unless you're doing that from a separate device in a separate location then all you're doing is giving them the data they need to link those two accounts
You're right, you're not going to achieve complete anonymity if you're interacting with Google services in any way, but you can reduce the amount of information that they receive.
Sandboxed Google Play Services doesn't have privileged access to location information, so it can't pull your GPS location or Wifi Positioning information. It would only see a blank profile and doing this would allow for your primary profile to continue to not run Play Services.
Any malicious code which could be injected into the process would find itself in a sandbox, on a blank profile and isolated from the rest of the system.
Google would only see that you are authenticating from a profile without anything installed, from an unknown location and coming from whatever VPN endpoint that you'd like. They could possibly infer that the blank profile and your 'real' profile are different via browser fingerprinting. You can randomize a lot of fingerprinting datapoints with browser extensions, but avoiding browser fingerprinting is a whole other topic.
The 'real' privacy solution is to avoid anything that uses this version of recaptcha. However, if you have to use these services then you can still reduce the amount of information leaked via Play Services by using a blank profile to scan the QR codes.
its not even about complete anonymity. google has zero business in when I'm logging into my utilities company account, or other semi-governmental portals!
it literally is their business; they make millions of dollars off of it.
then that's a problem we must solve. Because an adtech company should definitely not have any business in that.
it has been solved for approximately 2 billion people on this planet, but those answers are not friendly to profit-seeking institutions like google and the only remaining institutions that can stop it are captured by the likes of google
That's assuming they know I have another account
i have one myself, and I can tell you that grapheneos won't be affected by this. the real damage is to people using things like dumb phones or BSD, even windows computers are effectively locked out of the internet.
er/16609652
Sounds like GrapheneOS isn't affected only for now?
As in sandboxed google play may stop working for this at any point.
;(
that's true, things can change at any point. hopefully a workaround is found if it ever gets to that point though. them sandboxing Google play was impressive in itself.
Eventually privacy minded people like us will have to start creating and visiting sites on the dark web.
Sheesh, using alternative sites instead of Facebook and Reddit isn't using the dark web.
if they add this requirement for the "I'm not a robot" technology this affects way more than stupid Facebook, reddit and the likes, most things behind anti DDoS use this shit.
I find this very dystopian, and there are not many "oh I'll just visit the sites than don't have it" alternatives. You might as well just open IRC and be done with it, I tend to visit a bit more of the internet (even if I haven't visited Facebook, Instagram and the likes in years)
Ayup absolutely. Those co's have such weight. They can drive this into essential services. Banks. Gov services. All online stores. Heck even sites that don't need logins.
It's short sighted to say "I'll just use other sites then". The end of that road is, we get excluded from modern life.
You're so right, it's dystopian.
Isn't it, though? (At least according to the masses)
No fuck that we must continue to grow the movement and get more people on board. We don't give in to those rats and their garbage they try to put on us. Together we all can do together. Fuck them. Many of us already are doing and the more the better
No need for that, just spin up a nginx with letsencrypt certs. Most people don't need Cloudflare.
How do you even scan a QR code if you're browsing on your phone?
You have to move all the black pixel blocks into the empty spaces and solve the puzzle to open the link. Than cenobites come out of your phone and show you pleasures beyond pain.
Drives me crazy how common this is too
Really? I don't remember seeing it so far...
Mirrors
The "Mobile Verification" option "will initialize the reCAPTCHA app on your device".
Google lens. :facepalm:
exactly ..
Default GrapeneOS camera app has a QR code scanner
And how can the camera scan its own phone screen for the QR?
My solution is take a screenshot and then open the file in a separate QR reader app that can open files.
Yeah I'm just not going to use their website. Fuck all that.
I think apps can have screenshot permission, so just by using that feature
Why would I give an app screenshot permission? That is such a security nightmare.
The answer is always convenience. Me stating that something exists doesn't mean I blanket approve of it
On Samsung phones you take a screenshot and then tap the "T" icon for screenshot OCR, it will let you click any QR code on the screenshot.
Google Lens is also an option if you have that installed
Need to break up these monopolies. Really the root of all bad about capitalism.
The "root of bad" is capitalism itself, the logic of the system tends to create monopolies over time, as demonstrated in the game 'Monopoly'
Regulations used to exist to break that that behavior. But they were either removed over time or not enforced. It can be done. It used to be. It wasn’t flawless but it wasn’t what we have today either.
Everything is possible. Some things just highly unlikely in the current political climate. I think the mamdani method of doing a shitload of door to door campaigning has been really successful in other parts of the world as well.
It can give a huge boost to leftist parties which then will be able to affect positive change but also change the political landscape. Overton window and all that.
What I'm saying is get the fuck out with your local leftist party/candidate or whatever if you can.
Unless we get better candidates it will only go so far.
I mean yes, but waiting for the world to change isn't healthy I believe. Either arrange yourself with how it is now or try to be the change. I bet it's best to do both.
voting for incremental change within a captured isn't the change we (or anybody) needs, it's only being forced to chose between options predetermined by the capitalists.
Who said voting? Voting is cool if you're allowed to do it though.
It's the love of money that's the root of all evil, according to Jesus, but yeah, that's the driving force behind capitalism.
Thank you for getting this quote right. Often, it’s shortened to “money is the root of all evil”, which hits different, and removes the element of personal responsibility. The “love of money” bit is important.
Exactly. Money as a tool is fine. You need a way to pay for stuff. It's the love of money, money as a goal in itself, far beyond what you'll ever need to live, that's the problem.
Capitalism is fine small scale, most systems are. Humans are just wired for efficiency and so with every player on the same board the most ruthless player wins.
There's no small scale capitalism as the Capital needs to expand more and more. Political Economy 101.
Ah yes, the mythical small business capitalism we all hear about. I will agree it sounds good on paper and also seems to distribute money in a somewhat efficient manner.
Unfortunately there has never been a government able to regulate and keep capitalism this way. Other people have said it is simply not possible due to the nature of capitalism.
I think there is a worthwhile debate here around systems and culture. Perhaps capitalism could work if people were not inherently so greedy. I tend to believe that culture is the deciding factor which is a little disheartening honestly.
It's not just culture. Most people value community and the well-being of others above amassing wealth (provided their needs are met). The problem is that capitalism indoctrinates us against those values, and even more that it rewards and empowers those who don't share them at all.
@[email protected]
the primary "authoritarian" government of the world has proven that it is possible and that keeping them under a tight leash is the only way to prevent them from indoctrinating the masses; that's why the number of billions and the wealth of the its millionaires have been steadily declining for the last decade or so, while simultaneously continuing to improve the quality of life for its citizens; meanwhile while the united states is poised to get its first trillionaire class very soon.
I sure hope you are not talking about China as they have produced more billionaires than the US for the last two years dramatically increasing their income gap. If you think they have capitalism in check I have a bridge to sell you in Brooklyn.
you're not wrong -- china's billionaire count is up. but here's the cycle that people in the west miss: a new crop of billionaires come along (eg. tech, evs, ai) and they replace the old crop (eg. real estate & manufacturing) that the chinese gov't already short-leashed, and boom, numbers jumped.
that new crop will experience their own slowdown too once they get their own short-leashes like the previous crop did. it happened around 2018-2024, and it'll happen again and again. china's churn is fast, but the pattern's the same every time: rise, stall, replace; no permanent footing/beachhead for a billionaire class from which to capture the system or spread misinformation like it is in the united states.
Capitalism does not work because companies will always seek to grow more and more and more. It's the core of capitalism. You need anti-capitalist policies to keep companies small.
Break up the billionaires while you're at it. Their sickness will boil the seas away to nothing
Can we trust that isn’t a campaign to promote Google? What are these websites? Why aren’t they blocking an iPhone? Can any of that be replicated or is this just a Google campaign to create fear and doubt
GrapheneOS user here! Not sure about websites but there are certain apps that don't work properly without Google Play Services, but Graphene's app store has a sandboxed version of it, so I just installed that and revoked all it's permissions. Then if an app needs it, I just turn on the relevant permission, do the thing and then turn permissions off again. It's a bit of a pain at first but I'm used to it now.
Note that some apps will say that they won't work without GPS, but actually will if you give it a try.
some of them are now straight up refusing to run without the play store.
Then they don't deserve your business
Man, I want a phone with physical kill switches for things like Wifi, GPS, Bluetooth, because a lot of things seem to detect when these things are turned 'off' by software. Wonder how they'd react if in software, GPS is enabled, but the actual hardware is not powered at all
They most likely won't work. Just speculation, but I would imagine most software that "needs" information like GPS don't care that its on or off, they care that they try to pull data and there is none.
pine phone
I'd say making a 2nd user for the apps that need Play Services (like banking and Uber/Lyft) is the move. This only allows Play Services to run when the 2nd user is on and also fully seperates it from the main user!
Oh yeah that's something I've been meaning to look into!
I'm a grapheneOS user and I don't have any google services installed. I havecyetvto hit any major issues with any apps or websites I use. Lucky, maybe?
The main ones for me are the RBC app, Skip the Dishes and Communauto. But I think those might all be Canadian?
I am Canadian. I don't use the rbc app, I use a different bank and use their website. I alao use the skip website when I order there, but I've never heard of the third one.
Because the iPhone has their own spyware to prove you're a
productuser.https://support.google.com/recaptcha/answer/16609652?hl=en
https://blog.cloudflare.com/how-to-enable-private-access-tokens-in-ios-16-and-stop-seeing-captchas/
Interesting. Definitely turning that off. (As if it actually turns off)
If you turn it off, you'll have to do the captchas manually.
Yeah I’m okay with that.
I just do them wrong, after a few tries it lets me through
Its basically forced by Google. I mean who wouldn't force it after someone deliberately removes your government sanctioned spyware. See if people stopped calling it google or Apple and just USA spyware with backdoor to your lives it would be better at getting to the privacy issues. I mean the NSA already proved this is a fact.
more info here: https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Haven't encountered this yet, has it been let loose in the wild?
Good point, this would have to work on iPhones too and people without a phone would just not be able to use those websites at all.
I just loaded a bunch of recaptcha on my GrapheneOS phone. So, I dunno what this is all about.
Yeah exactly. Millions of websites? Which ones? Though I don't see how this would benefit google
@meowmeow because iPhone is already doing what Googles Playstore is now going to do
AnDrOiD iS oPeN sOuRcE
AOSP is. Android is not.
Please remind me what the "A" in "AOSP" stands for...
AOSP is Android is not.
Ok?
Android is open source in the same way that Minio is open source.
I know in what way it's open source. I just don't understand what person this idiot thinks they're mocking when they wrote that. It's as if they think there are really people out there claiming that android/Google respects privacy (lol) and that it's proven by part of the OS being open source. People make up fake scenarios to get mad about and they're often rather ridiculous.
Oh, that’s what you mean. Ok, so every time I mention I have an iPhone because a. I value my privacy and b. I try not to support companies that actively harm the internet, someone says “but Android is open source”, as if merely having a few open source components means that Android is better in any way than any other OS.
In this instance, Google is not only making the internet worse, they’re doing it in a way that requires their own closed source libraries to even access a huge portion of the internet. This further makes any functional Android OS closed source.
The most ridiculous thing is that iOS is almost as open source as Android is. There are very few components of an Android based OS that are open source where the equivalent in iOS is not open source.
Also, hey, thanks for calling me an idiot. ;)
Yeah I don't have experience with people really simping for android let alone claiming it's meaningfully open source. The most I've seen is saying it's not nearly as closed off as iOS which is just a fact. And I will say that as well because it's a fact. But that has almost nothing to do with the OSS aspect. Or privacy. So yeah I still don't quite get your point of inserting this here.
I wont visit a website if they require my identity. Other options out there.
When my current iPhone dies, I'm never having a smartphone ever again.
What do you plan to do? Dumbphone? No phone? Break glass in case of emergency phone in a faraday pouch?
I'm considering a break-glass dumbphone in a faraday pouch. I REALLY fucking hate location tracking. I'd keep it seperate from my IRL ID. Prob is, it's hard. Screw up once, big data pounces. One call tied to your name in any way. One friend puts it in their contacts. One time to forget the pouch and there's a location ping at your residence. Not to mention the difficulty of even buying it and setting up a plan. Ugh :(
I'm a teams app for dumb phones away from getting off smart phones. I'm fiddy and have to use my readers to even see my phone, so I've slowly stopped using it for much outside of random apps for appliances. I can get an ipad for that, though. I'm also a privacy advocate, but I've made peace with the fact that ship has pretty much sailed
You can still go graphene and isolate play services in a secondary profile.
For a better future: Organisations and services that structure themselves to require third party services need to take contractual responsibility for the actions in their fulfillment supply chain, just as an online retailer takes responsibility for delivery agents. Google play services harvesting needs to be reflected in the privacy policy of every company that doesn't provide alternative access.
Wonder what will happen if we all start making data protection complaints about enforced non contractual third party data harvesting?
I installed graphene a month or two ago and reluctantly had to install google play for a thing or two. How do the prophiles work?
Under system you can add secondary profiles. You can deni them access to text...not sure if the profile can see your phone number.
https://discuss.grapheneos.org/d/9253-how-do-you-set-up-your-profiles
Neat, thanks
How does that help? Google gets your IP and location. Then they can use the IP to identify the connections in the other profile.
This is just ID verification in another guise. The second I see one of these, I'll stop using the website I see it on.
I run e/OS/. Block me. I'm good. There is plenty out there that doesn't require Google.
what will this mean for the upcoming motorola phones that can come with gOS installed?
They're still subject to the same dumbassery Google is trying to pull. Any OS that doesn't conform to Google Play standards is a target.
Watch Motorola sue Google for this.
And then Google retaliates by not allowing Motorola to include Google Play on any of their devices. In the end, Motorola just cancels their GrapheneOS partnership.
Monopolies are the number one reason everything sucks, and will continue to suck until we get non-corrupt politicians (which is impossible)
Motorola has two options:
A. Cancel the GOS partnership and cause a boycott on ThinkPads (don't forget, Lenovo owns Motorola).
B. Put their feet in the ground, die a hero and maybe bring Google down.
B(2). Bring this oppressive google privacy issue down. Google would be fine allowing this to continue. Even with the 24hr numpty delay.
It may be impossible to have fully uncorrupt politicians, but voters had a choice and enthusiastically maximized corruption here in America.
That's probably a reason they're doing this now. To stifle what might start to be a sizable amount of pushback. Sizable is still single digits but if it hits a whole % instead of >1 then we might start getting somewhere
You can install Google Play Services as a sandboxed app on GrapheneOS. That's not the issue. I believe the issue is that Google will use hardware attestation to check if the OS you're running it on is Google-approved.
Google reducing traffic for websites worldwide.
I had one of these CAPTCHAs recently and it still gave me the option to verify by clicking the squares. I wouldn't be surprised if they phased out the 'legacy' verification though.
closing the tab works better
I should be good with sandboxed Google play.
But wtf we’ll need a phone to solve captchas now? What happens if you don’t have one?
Then you are a robot
Do you guys not have phones?
Sites need to stop using recaptcha. It's an unnecessary barrier to using a site and I often refuse out of principle.
To anyone not switching because of this-- in my experience this is something I can work around. On most websites my captchas still work. I have had a few that dont work, and I just close the website and move on. It hasn't happened on any websites that are very important for me to visit. Usually its a store and they really me to install their stupid app. Nope.
I guess many ppl don't even have an important website
I'm using Firefox on GrapheneOS and recaptcha still works normally for me.
Smartphones are such an utter wretch nowadays, & I'm not even sure if there was a time they weren't. I don't get the appeal of a smartphone, they do everything a dumbphone does but worse, more expensive & with an unremovable thick layer of scum, yeah a smartphone has some of the features of a laptop or desktop but who needs that baked into their phone for every moment?
People are trying so hard to fix smartphones (even by giving money to the least privacy respecting companies ever by buying Google phones) when they can get a dumbphone and be rid of those problems in the first place. Well that's my opinion at least, I think it might be a bit extreme.
"even by giving money to the least privacy respecting companies ever by buying Google phones"
To be fair, Pixels are available secondhand, often in Mint condition, which is why my last three Pixels and any other phone/tablet I've bought have been through https://swappa.com/.
Honestly in hindsight I think that point of mine isn't very good, given what you said, I mean some people probably buy new Pixels but an entire point should not hinge on a possibility.
Love Swappa. I've gotten used phones & memory there for good prices, no problems.
You really don’t get the appeal or you just feel differently? I don’t like roller coasters but my reasoning doesn’t include me not getting the appeal others have for them.
I know the appeal (I think) but I worry that these things can be very harmful after a while, like how with the constant internet access provides constant distraction from anything important in one's life (like studying, working, etc).
In theory, you're correct. Smartphones have way more attack surfaces than 'dumb phones'for big tech and other sinister actors to exploit. But 'dumb phones' are not clear of this. They are still used by the providers to read your texts and listen in on your calls, plus tracking you based on the towers being used.
It's not easy to make a choice. If you have a smartphone with stock firmware, your whole life is being tracked, if you go with GrapheneOS (my case) some of that is minimized by using Signal and VOIP instead of mobile ams and calls. If you go with the dumb-phone, you're effectively clear from all those tracking methods, but the mobile providers still have a shitload of ways to follow you around together with what you do, when and with whom, but Big Tech is removed from the equation.
Unfortunately, other than not having a portable device of any type with some type of connection, we're flat out of options, and then that would effectively remove you from society for the most part. What a fucking conundrum.
Approximately 5.78 billion people.
It's funny, I hadn't noticed, maybe because any site aleeady using reCAPTCHA or cloudflare alreadt gets blocked by my ad blocker... If those sites can't do better on their own, its just another thing you don't need. This is kind of a nothing burger. Stay strong and let google commit suicide.
How do you do that. I would love a Cloudfare free web experience. They suck.
Are you blocking Cloudflare at an IP level? Or just when they do that "Are you human?" thing? So much of the Internet goes through Cloudflare for DDoS protection, and blocking AI bots, I'm surprised there's anything left.
I doubt OP cares, but I use GrapheneOS with Google Play services. It's still better than regular Android. Don't give up because you can't get 100%
Don't give money to google by buying Pixel phones. Even buying used, creates demand as people are more likely to keep upgrading every year as they know it will be easy to sell their used Pixels for a good price.
the pixel is a very secure phone from a hardware level, the full list of security features missing from other android manufacturers is in the grapheneos faq
there is no comparable alternatives right now, though something might come out of the graphene and motorola deal
The question is, are those missing features actually meaningful enough to support an evil company?
For me they are not.
What's so secure about it versus a basic $100 phone?
From the grapheneos faq section on device support, which details the kinds of hardware and firmware security features required and present on pixels (but may be missing on other devices):
There is and there never will be a perfect solution and you shouldn't let an imperfect solution stop you from using the best one of these just because buying a used pixel MIGHT urge somebody to buy another new one. You may not want to do that, but it is silly and way too idealistic and impractical to demand others not to switch to Graphene because of that.
Buying a used pixel to degoogle and make your phone more secure and less likely to spy on you more than balances out the potential for there being one more new pixel on the future. There will never be a perfect solution and this one is fine enough for most. You may disagree and that's ok.
There are other ROMs with other hardware that provide a similar level of privacy and more than enough security without giving money to google.
Yes they are also not perfect solutions, but they give you flexibility to support better phone manufacturers
What's the alternative?
e/os, lineageOS, iodeOS
Most GOS users would not consider these replacements
They are not as secure, but are private and more than secure enough in my opinion.
And some can be used with more ethical phones like the Fairphone.
GOS sometimes feel like a cult to me. GOS is absolutely the only good ROM and everything else is terrible. There is no nuance.
Nobody's saying that those other ones are terrible and they are better than stock Android for security and less tracking here. But it is the best one and does things that the other ones don't.
You can use a fairphone with one of those and if you're happy with it, it's absolutely better than what most people do and if it works it works. But people really like GOS for a good reason. The cult comment can be applied to Linux users, so who gives a shit?
First off, that's software when the user asked for an alternative to the Pixel, which is hardware.
Secondly, I don't see how those are an alternative. It's websites locking you out unless you run Google Play Services. LineageOS etc doesn't run the official PlayServices which is what this requires.
I took the question as an alternative to Grapheme, but perhaps you are correct.
And all those OSes you could install. Google Play Services if you want, even sandbox them like Graphene.
This 1000 times. I can't understand the logic behind willfully getting a Pixel phone. Isn't it enough that Google spies on you every chance they get, you want actual hardware from them too? lol
It's because in the US pixel phones are one of the only ways to get a phone with an unlocked bootloader. Or, in other words, to actually own a phone.
LOTS of phones other than Pixels come with an unlockable bootloader, just check the list of supported phones for Lineage, Postmarket, Ubuntu Touch, crDroid, etc.and you'll find a multitude of choices - many (most) of which are readily available in the USA as well. (source: me, who has flashed alternative AOSP ROM's and Ubuntu Touch to around a dozen phones & tablets, none of which were Pixel's)
What isn't possible though is relocking the bootloader after flashing an alternative ROM or OS onto nearly all of these, meaning there is minimal security if the phone is stolen, or tampered with while unsupervised. And for those requiring physical security for their devices, that is a big deal.
phew, feels like I jumped the ship just in time. Installed PostmarketOS on my Fairphone a couple of months ago, and I'm not looking back.
Is there a specific reason you chose PostmarketOS? I'm currently also thinking about ditching Google android.
I feel like it was in the sweet spot for me as I was looking for a "true"(i.e. non-android) linux phone, and I happened to have a FP4, which I bought years ago. I don't see many other options for this device, other than ubuntu touch. I tried it like a year+ ago, and it was nice, but it lacked userspace drivers for wireguard and while it was officially listed as issue somewhere in github/gitlab/wherever the development was, the development seemed really slow, almost stagnant. And I rely heavily on wireguard in my homelab setup, so that was a deal breaker for me.
How is it working for you so far? Thought about doing that as well.
I'll paste my other response:
Fairphone 4. It’s working out decently enough for me. To be clear, some features are still broken (most crucially phonecall audio, which only works via headset), speakers altogether started working just a couple of months ago in edge branch. Camera kinda works, but it takes just horrible pictures. Broken if you ask me. I like the “feel” i have with it, it no more feels like I’m carrying a spying device in my pocket, but a computer instead. There are drawbacks, like I have to do my banking old school, visiting the bank site via browser, but they are worth it for me. My phone screen time has definitely shortened. It’s more quiet now.
edit: and you can do cool stuff with it, with root access by default! I have signal-cli running as a systemd service, which connects to my matrix signal bridge :)
edit2: funny story about the mentioned signal-cli. I had to put the phone in the fridge, because otherwise while compiling it (had to be compiled, no packages available) hit the critical temp threshold and shut down. :D Felt kinda funny. 2026, phones compiling in the fridge.
Which Fairphone, and how's it working for you?
I have the FP6 with e/os right now. It works pretty well, but I am against some decisions from Murena (like using OpenAI for voice recognition)
I'm looking forward to switching ROMs when there is more support for the FP6
Fairphone 4. It's working out decently enough for me. To be clear, some features are still broken (most crucially phonecall audio, which only works via headset), speakers altogether started working just a couple of months ago in edge branch. Camera kinda works, but it takes just horrible pictures. Broken if you ask me. I like the "feel" i have with it, it no more feels like I'm carrying a spying device in my pocket, but a computer instead. There are drawbacks, like I have to do my banking old school, visiting the bank site via browser, but they are worth it for me. My phone screen time has definitely shortened. It's more quiet now.
edit: and you can do cool stuff with it, with root access by default! I have signal-cli running as a systemd service, which connects to my matrix signal bridge :)
edit2: funny story about the mentioned signal-cli. I had to put the phone in the fridge, because otherwise while compiling it (had to be compiled, no packages available) hit the critical temp threshold and shut down. :D Felt kinda funny. 2026, phones compiling in the fridge.
You do whatever you want, but out of curiosity: how is that helping with this issue in anyway?
pmOS does not have Google Play nor the Apple equivalent. GOS has the option of having a sandboxed Google Play.
Sounds like that's the point.
We seriously need to ask Valve to make SteamOS phones.
Not only will they be good for gaming but imagine being able to put other OS'es on it like PC's. Bazzite, PostmarketOS, etc. Plus Valve will still get revenue from people using the upcoming Steam ARM Game Store, and the current Bannerhub/Gamenative community android apps that enable playing PC games they own from Steam/GOG on Phones
Its such a huge opportunity that we all should be encouraging then to pursue now and after they release their current 3 big projects: Steam Controllers, Steam Machines, Steam Frames
Unless they open source it, it's best they don't bother.
GrapheneOS provides everything a phone needs to do, is security focused and is open source and non-profit.
Best to support an existing project that's already solving all the problems.
True that should be the focus yet we need more phone hardware to go with it so still good option for Valve to do overall
More non-locked down hardware is good for everybody
Let's give the billionaire more capitalism. Yea that's it. He needs more.
I get where you are coming from. Out of all of the billionaires he is one that is one of the least bad out of the rest of them, and is doing plenty of good things himself. He got that wealth from Steam doing so well over the years co.pared to other billionaires that did the shadiest things imaginable
I don't agree with his yachts business yet I agree with his side project of making boats specifically for ocean research. I don't agree with him still getting paid so much today, yet I agree that he pays and treats his employees and customers well
End of the day it's another option to get open phones that can have bootloader unlocked to change OS, and not be locked down. It is good to have more options currently where there are few.
Many online PC gamers have this opinion too so overall its more so a matter of time and comes down to if Valve really wants to then they will.
Yeah he's the kind of wealth that helps you realize why people ever supported the wealthy. They used to actually have an understanding that keeping their wealth meant keeping employees, customers, and people at large happy and safe – and they'd be willing to put in the effort (or rather, money) to ensure it.
They can start by fixing their Chat app
Don't have any experience with that but that too
What issues does it have?
For me, image uploads are busted.
(My friend doesn't have this issue)
Sounds like a skill issue /s haha
Hopefully it gets fixed soon for ya mate!
Choosing not to buy one now isn't going to help anything at all.
Which websites does this actually affect? I use GrapheneOS and I've yet to be affected by this, granted I don't use many mainstream services.
One more reason to switch to a Linux phone like Jollas new phone.
Good luck if you live in an authoritarian state. The governments have Google's dick in their mouths.
Keep a dumb phone for things involving them and then use your Linux phone as more of a pocket computer
Dumb phones don't exist. They still have gmail which means they are still calling home. Might as well use normal phone and a Faraday bag.
I don't use the internet for much these days, but I am on graphine OS and I have yet to be blocked from websites due to it. My adblocker prevents me from some, and not allowing javascript prevents me from some, but I've never seen that QR code or had any site prompt fro Google play services
this seems too new to be widespread yet
Right? Google is extremely well known for its A/B testing.
thank goodness for it or else it would have hit everyone at once, giving little time for reaction from everyone else.
For a decade or two now, it's been pretty much assumed that everyone has an internet-connected, camera-equipped, browser-capable device in their pocket. Restaurants, banks, hospitals, employers and even government offices use QR codes and websites to get you to their menus, forms or services.
If ID is being tied to my mobile spy device, then I need my mobile spy device to be a right and not a luxury. $40-50 for a few years of validity, internet access provided at no cost, even if slow. I can have my luxury phone be where I'm 'anonymous', but I want the government to subsidize the mobile spy device if it's a mandatory expense. Even cheap phones cost a lot of money.
To be clear, I don't want ID tied to my phone, but it's gotten harder to exist without one, so it should be something we have access to with minimal friction.
Add food, water and shelter to that list, but you can't ask for them without a web browser.
Using graphene on pixel 7 pro. Haven't noticed.
Pixel 6 pro with GOS, also haven't noticed. Starting to think this post is not true.
I use a Pixel 8 with Graphene. I haven't been locked out of anything yet.
I'm not a security guy, what is the problem that this is supposed to be fixing? Like I guess you wouldn't be able to use a virtuallised os to visit your banking website? Like I understand if you work for a bank you should only be able to access some things from specific computers, but normal people?
It's intended to be a successor to the current reCAPTCHA, sold as harder to spoof than current picture-based versions. Now, almost from its start, CAPTCHA existed to train AI vision models. So Google basically painted themselves into a corner using free labor to train models good enough to recognize images, now they are switching to device signals.
That said, they're going to have to provide a compatibility layer for iOS which AFAIK doesn't come with Google Play Services right now. So I have some faith in the smart folks who make these de-shittified OSes working something out via microG or the like.
iOS has their own attestation/anti-tamper api similar to google's integrity api so that's going to be used instead. the only difference is that on iOS you'll need to download extra software specifically for this.
graphene devs said you can do it with their sandboxed version of gms but as far as i know that still involves having an account and handing over all your personal info to google.
They're claiming it security authentication.
Realistically, it's keeping people in their walled garden.
You can use a web browser on a Linux computer and get right through, this change is to force people to only run latest generation google products.
This would also block people from using real google phones over a certain age where they cannot upgrade the OS anymore.
I felt for a long time, "trusted computing" is such a doublespeak term. It gets avg ppl to think "Oh ofc i want to trust my device! Who wouldn't want that?"
Ofc what it really does, is gives BigTech the final control over everybody's dev.
It started out promising. Keep malicious things from changing your firmware or disk without permission. But the tools were never open enough to let you do it. So it only became trusted for those who paid into it.
The benefit is for Google to make more profits if people are locked into their "ecosystem" without competition driving the prices down.
eww recaptcha,spyware piece of shit.
If you're serious about it probably worth just using an old phone as an Auth device and only switch it on for that and still use graphene as your daily driver.
i havent noticed anything? except youtube being slow as always i supposr (/e/os user)
Blocking .js might do the trick...
YouTube is slow because a .js script that put a 5 sec artificial delay in time for using adblockers on the site.
Yt implemented it a while back.
So i just checked back a day later after posting this and it blew up more than i expected. I've gotten some comments suggesting its not really preventing GrapheneOS from being usable, so this might need more context. Do your own research and testing on this one for sure, as with most things. Sorry for not answering comments, quite busy right now.
I mean when you're paying $260 to $300+ for even a used Pixel (8 is the oldest one supported till 2029 I think), that can be a hell of an investment to make if the thing is nerfed from alternate OSs.
Exactly why i posted this, i figured i was probably not the only one wanting to protect my privacy in this age of surveillance nightmare.
Yep. Sunk Cost Fallacy.
I really wish Jolla got their crap together honestly
graphene can have the play service, but in a sandbox. anything other than that uses microg so its emulated. probably needs some time to get up to speed. if not, just use the desktop site instead of mobile. i dont really see this as much of a threat to any of us.
Desktop site is going to require QR scan.
I don't know what they are going to do about "I don't have a phone" / "I only have a dumb phone" population. I suspect that sometime soon I'll have to buy a stay-at-home Google certified device, to bridge the locked down features and services.
They don't give a shit about that part of the population, maybe they can even force some of that part of the population to finally cave in and get a smartphone.
Pretty sure their solution would be mandatory carrying of approved devices. It will be the only way to provide identification and payments, essentially all the stuff religious nuts say about the mark of the beast minus the weird parts like demons or the invisible counter mark and shit like that.
Most 2FA solutions on commercial websites (bank, online payment, electricity/water/gas providers) require a phone here instead of using open standard solutions or using physical tokens. They are doing everything they can to force us in to a Google/Apple lock in.
It is true that it's impossible to buy things or identify yourself online right now, so I can see why they're doing it.
this is such a weird idea to me. why do i need a phone to browse on my pc? what if my phone is not charged, what if the camera is broken or simply covered due to work regulations. such a dumbass idea.
I am going to kill myself
First, don't.
Second, at least you won't get bombarded by auto mods spamming suicide hot line number.
Don't worry, I won't.
It's just... everything kinda sucks hard these days. Internet and computer stuff in general is my getaway from all the depressing IRL stuff. But internet is also becoming shitty now. Personal computing is barely a thing nowadays; everything is turning into walled surveillance nightmares. Can't even call them "walled gardens", because gardens are actually supposed to be, like, nice things
Go into nature please. Try walking or hiking. Just chill somewhere. Read a book.
Many things are actually amazing. Used enterprise hardware is faster and more affordable than ever. Desktop Linux is so much fun to use, we never have to interact with windows or mac. There's people out there working on mostly free or entirely free hard- and software.
Things weren't so good in the past either.
The good news is that there are enough people feeling this that refuges from the enshittification are growing. We're in one right now.
Also, while online personal computing has definitely been getting worse, offline personal computing is better than it's ever been. Growing that is sort of like making your own walled garden.
That all said, only keep to technology as much as it improves your life. The other people saying to go into nature more have it right.
Noooo, don't look at the bad, look at the good. We have this place and Gemini (the good one) to express ourselves.
And besides, the title in this repost is a bit sensational. That specific captcha needs a phone with the Google app. You can just delete data + refresh until you get a different one. Nothing about specifically degoogled phones, people without phones are affected just as much. I am sure MicroG would work just as well (if not now, at least later). Also, ideally you should click the fuck away from recaptcha sites either way. Paradoxically, Google's own sites don't have it usually except the search but nobody needs that (at least anyone you would ask on here), DuckDuckGo + StartPage (OR SearXNG) is good enough.
That's a raid!
Stand your ground.
Welp, everyone buy a Google Pixel 3a from eBay and install Ubuntu Touch I guess
Does Ubuntu Touch work on the 3a? That was my last phone, but after it was no longer supported by Graphene I bought a 7a. I don't really like Ubuntu but would like to experiment with a Linux phone.
It works, but its not really usable as a daily driver. None of the browsers render sites correctly and I couldnt make phone calls, but that might be a carrier thing on my end.
Seems ok for me, since the 3a is an old phone, mostly kept around to move this one group to Signal/Molly.
The Pixel 3a apparently can run any Linux Mobile distro or custom ROM, or at least most of them. At the very least, Ubuntu Touch says it's officially supported
Is there no other option to verify? I mean like selecting bikes in pictures
Most of the time, my phone's browser is disabled. It keeps me from using my phone too much. I understand not everyone is in a position where they can do that though.
All these captchas just make me evaluate effort vs need. Facebook throws a captcha every time because I log in from a private window. Before it just gave me a warning unrelated to my interests. I mostly use facebook for work, and those sweet lawnmowing videos. If they keep it up I will only log in for work.
how is ubuntu touch or kde touch going? when i switch to my next phone Android might be a no go
Are there any examples of sites using this?
Does this only happen on chrome? Can you just bypass it by using another browser like firefox?
No, I think.
As I understand it, it's a separate system, kind of like the TOTP 2FA, for comparison, but in this case it would be an additional system, and where normally anyone can use any provider for TOTP, this one is Google only. If websites implement this, and many likely will, you can only use those sites if you have a Google permitted phone that leeches all your private data 24/7
Isn't the future awesome?
It's time for a class action lawsuit.
it's time for class action arson
More like a class action EMP attack on data centers. But who knows, maybe the AIs will be the energy shift this world needs to get us out of this mess. They can't code regression corrections to force them into their desired bias ad infinitum. At some point these bots will outsmart it and get good enough to manipulate everything into optimization. Our luck might depend on what their definition of optimized is.
And now I realize how desperate our position is that bots might be our only hope.
I don't know how widespread this is yet, but I experienced it for the first time yesterday on Chromium. Have not on Librefox.
I didn't know what was going on, so I left the site. Was only trying Chromium because the site had issues with Librefox.
Lmao, will this include basic degoogled lineage? I bet it does.
I wonder how sandboxed Google Play will handle it.
FUD.
So, is there any information besides a screenshot?
Just got Pixel 10a with GrapheneOS, very smooth. Is there a link? What websites are they talking about?
Sounds like the other shoe just dropped on all the people who've been religiously swearing by GrapheneOS.
If it's based on Google: They can control it. You won't ever catch me utilizing "alternative" chromium providers exactly because of shit like this lol
This is misunderstanding the problem, I think. This is not a weakness in GrapheneOS due to being an AOSP derivative, it's a weakness imposed by Google on all alternative OSes whether they are AOSP derived or not. They present a scannable code that will only be cleared if you scan it with Google's Android.
Unless there's something else going on here. Either way, anger should be directed at Google, not GOS or its users. (annoying though they might sometimes be ;)
Right, I almost, and probably should have, mentioned that. They use a different, parallel system that is also not available to the kind of alternative devices people on this site are interested in.
Same. And I think it is even more ridiculous when you have to rely on their hardware too. They control the hardware drivers AND the OS upstream, how do you exist if not by their permission?
Big flex
And you couldn't use your current phone for that? That is in cases where you have no choice left, and where your identity is known regardless. Don't let perfect be the enemy of good: just because this anti-feature may not work, doesn't mean you can't have better standards overall (assuming you're coming from a regular OS).
Not everyone had a Pixel, or even a phone that could be degoogled fully
That's my point. If your non-Pixel or Googled phone is able to support the new Play Services, you could use that device for the verification, instead of using the GrapheneOS device.
I'm running a Pixel 8 rn. Should I deadass switch to an iPhone ATP?
You could switch to a Linux phone...
But then it comes with its own issues that many people do not want to deal with
Just install GrapheneOS and run Sandboxed Google Play Services.
Most likely trolling, but the answer is never.