- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
You must log in or # to comment.
For a decade or two now, it’s been pretty much assumed that everyone has an internet-connected, camera-equipped, browser-capable device in their pocket. Restaurants, banks, hospitals, employers and even government offices use QR codes and websites to get you to their menus, forms or services.
If ID is being tied to my mobile spy device, then I need my mobile spy device to be a right and not a luxury. $40-50 for a few years of validity, internet access provided at no cost, even if slow. I can have my luxury phone be where I’m ‘anonymous’, but I want the government to subsidize the mobile spy device if it’s a mandatory expense. Even cheap phones cost a lot of money.
To be clear, I don’t want ID tied to my phone, but it’s gotten harder to exist without one, so it should be something we have access to with minimal friction.
Add food, water and shelter to that list, but you can’t ask for them without a web browser.
Lol, ok, I’m out
This is really bad even just from the perspective of user behavior. Training people to scan QR codes from anything that looks like a captcha box is HORRIBLE for security.
“Thanks for scanning the code, just one more step! Please input your phone number, and type in the code you receive.”
Boom, account stolen.
It’s almost like they don’t really care about your security…
And the phone number thing is already happening too. Google, discord and probably other stuff already ask for a phone number to prove you are a human when they flag your account.
It’s a server setting. one of my oldest servers has enabled this and I haven’t chatted with anyone there anymore because I need to verify my phone first.
true
well, I guess i will stop using those websites from my /e/os fairphone
That would make the two of us. My Fairphone 3+ is still kicking well with /e/OS.
And nothing of value was lost. I’m over social media, over commercial apps, and maybe I’m over having a mobile phone, too.
If google requires me to permit other companies to leech all my personal data to be able to use anything on the Internet at all, I say we label Google, Microsoft, Apple as criminal organizations
I’m sorry, bit there have to be limits.
I. DO. NOT. WANT. TO. USE. ANYTHING. GOOGLE.
OR APPLE. OR MICROSOFT.
FUCK ALL THESE OLIGARCH COMPANIES INTO THE GROUND
I do not want my private data leeches and sold every day, I don’t even get paid for it
That and fine them to oblivion. Piece their companies into parts. Make it all open source for the OS’es. Give ownership of companies to all the people. Etc. Lots and lots that can be done
I almost came reading this rant. Thanks for bringing this so much more eloquently to the point.
They should be fined so hard for this shit.
Every company that uses these captcha service should also be fined so hard. This isnt just google here.
And every company that is relying on gsm or the apple pendant to verify anything.
A fine is brushed off in a quarter. They should be forced to split into seperate companies.
What you said and my comment response to the person we both responded to
And forced to open-source their OS’es. And have to make their communities owned by the people instead of corpos. We are all beyond pissed and done with their shit. Everyone get more people on board into the movement daily to be focused on getting things done together!! Keep each other in the fight with online and in-person communities
Let’s hope the EU prevents this from happening. We should be able to access every site we wish without Google’s permission.
We should all be encouraging Europeans to:
- Force Android and iOS to be given to the people to own and open-source the OS fully in EU with GPL license
- Fine them to oblivion if they do not cooperate
- If they try to double down then piece up their companies into parts
We all tired of their fucking shit. Everyone keep getting people active and informed on all this!! Together anything is possible!!
The EU is busily building the Fourth Reich, so don’t expect help from there.
LOL, whatever you’re taking, stop, it’s doing your brain in! :D
The ongoing battle against online privacy is a symptom of capitalism, the EU is a capitalist state. The only thing the EU would ever do against US-based capitalism is to gobble up those capital gains for themselves. It doesn’t matter if it happes or not, the privacy-issues for end-users would never be alleviated by the EU.
From what you’re saying, they would’ve already introduced all those capitalist methods of control the first time around.
Which they didn’t.
What gives?
Also: the EU is literally incapable of “gobbling up capital gains for themselves” because “themselves” doesn’t exist in this context - the EU is not a “State”. The member-states might (and some do).
I see you have no clue. You will learn, eventually.
Go ahead, teach me.
Yeah, sure, at a really slower pace than USA. Maybe in a century. They still care more for their citizens Trump ever did.
Please elaborate.
Not noticed it and fuck those websites. Happy to boycott.
How do you even scan a QR code if you’re browsing on your phone?
You have to move all the black pixel blocks into the empty spaces and solve the puzzle to open the link. Than cenobites come out of your phone and show you pleasures beyond pain.
Drives me crazy how common this is too
Really? I don’t remember seeing it so far…
The “Mobile Verification” option “will initialize the reCAPTCHA app on your device”.
Mirrors
Google lens. :facepalm:
exactly …
Default GrapeneOS camera app has a QR code scanner
And how can the camera scan its own phone screen for the QR?
My solution is take a screenshot and then open the file in a separate QR reader app that can open files.
I think apps can have screenshot permission, so just by using that feature
Why would I give an app screenshot permission? That is such a security nightmare.
The answer is always convenience. Me stating that something exists doesn’t mean I blanket approve of it
This does seem to work with sandboxed Google Play Services on GrapheneOS btw.
I scanned the demo QR code on Google’s talk page about it with sandboxed Play Services enabled and it gave me a custom popup asking if I’d like to verify.
and you can do it from a second profile which contains none of your data.
Unless you’re doing that from a separate device in a separate location then all you’re doing is giving them the data they need to link those two accounts
You’re right, you’re not going to achieve complete anonymity if you’re interacting with Google services in any way, but you can reduce the amount of information that they receive.
Sandboxed Google Play Services doesn’t have privileged access to location information, so it can’t pull your GPS location or Wifi Positioning information. It would only see a blank profile and doing this would allow for your primary profile to continue to not run Play Services.
Any malicious code which could be injected into the process would find itself in a sandbox, on a blank profile and isolated from the rest of the system.
Google would only see that you are authenticating from a profile without anything installed, from an unknown location and coming from whatever VPN endpoint that you’d like. They could possibly infer that the blank profile and your ‘real’ profile are different via browser fingerprinting. You can randomize a lot of fingerprinting datapoints with browser extensions, but avoiding browser fingerprinting is a whole other topic.
The ‘real’ privacy solution is to avoid anything that uses this version of recaptcha. However, if you have to use these services then you can still reduce the amount of information leaked via Play Services by using a blank profile to scan the QR codes.
You’re right, you’re not going to achieve complete anonymity if you’re interacting with Google services in any way, but you can reduce the amount of information that they receive.
its not even about complete anonymity. google has zero business in when I’m logging into my utilities company account, or other semi-governmental portals!
it literally is their business; they make millions of dollars off of it.
then that’s a problem we must solve. Because an adtech company should definitely not have any business in that.
it has been solved for approximately 2 billion people on this planet, but those answers are not friendly to profit-seeking institutions like google and the only remaining institutions that can stop it are captured by the likes of google
That’s assuming they know I have another account
Eventually privacy minded people like us will have to start creating and visiting sites on the dark web.
Sheesh, using alternative sites instead of Facebook and Reddit isn’t using the dark web.
if they add this requirement for the “I’m not a robot” technology this affects way more than stupid Facebook, reddit and the likes, most things behind anti DDoS use this shit.
I find this very dystopian, and there are not many “oh I’ll just visit the sites than don’t have it” alternatives. You might as well just open IRC and be done with it, I tend to visit a bit more of the internet (even if I haven’t visited Facebook, Instagram and the likes in years)
Ayup absolutely. Those co’s have such weight. They can drive this into essential services. Banks. Gov services. All online stores. Heck even sites that don’t need logins.
It’s short sighted to say “I’ll just use other sites then”. The end of that road is, we get excluded from modern life.
You’re so right, it’s dystopian.
Isn’t it, though? (At least according to the masses)
No fuck that we must continue to grow the movement and get more people on board. We don’t give in to those rats and their garbage they try to put on us. Together we all can do together. Fuck them. Many of us already are doing and the more the better
No need for that, just spin up a nginx with letsencrypt certs. Most people don’t need Cloudflare.
Can we trust that isn’t a campaign to promote Google? What are these websites? Why aren’t they blocking an iPhone? Can any of that be replicated or is this just a Google campaign to create fear and doubt
GrapheneOS user here! Not sure about websites but there are certain apps that don’t work properly without Google Play Services, but Graphene’s app store has a sandboxed version of it, so I just installed that and revoked all it’s permissions. Then if an app needs it, I just turn on the relevant permission, do the thing and then turn permissions off again. It’s a bit of a pain at first but I’m used to it now.
Note that some apps will say that they won’t work without GPS, but actually will if you give it a try.
some of them are now straight up refusing to run without the play store.
Then they don’t deserve your business
Man, I want a phone with physical kill switches for things like Wifi, GPS, Bluetooth, because a lot of things seem to detect when these things are turned ‘off’ by software. Wonder how they’d react if in software, GPS is enabled, but the actual hardware is not powered at all
pine phone
They most likely won’t work. Just speculation, but I would imagine most software that “needs” information like GPS don’t care that its on or off, they care that they try to pull data and there is none.
I’d say making a 2nd user for the apps that need Play Services (like banking and Uber/Lyft) is the move. This only allows Play Services to run when the 2nd user is on and also fully seperates it from the main user!
Oh yeah that’s something I’ve been meaning to look into!
I’m a grapheneOS user and I don’t have any google services installed. I havecyetvto hit any major issues with any apps or websites I use. Lucky, maybe?
The main ones for me are the RBC app, Skip the Dishes and Communauto. But I think those might all be Canadian?
I am Canadian. I don’t use the rbc app, I use a different bank and use their website. I alao use the skip website when I order there, but I’ve never heard of the third one.
Because the iPhone has their own spyware to prove you’re a
productuser.
https://support.google.com/recaptcha/answer/16609652?hl=en
https://blog.cloudflare.com/how-to-enable-private-access-tokens-in-ios-16-and-stop-seeing-captchas/Interesting. Definitely turning that off. (As if it actually turns off)
If you turn it off, you’ll have to do the captchas manually.
Yeah I’m okay with that.
I just do them wrong, after a few tries it lets me through
Its basically forced by Google. I mean who wouldn’t force it after someone deliberately removes your government sanctioned spyware. See if people stopped calling it google or Apple and just USA spyware with backdoor to your lives it would be better at getting to the privacy issues. I mean the NSA already proved this is a fact.
Haven’t encountered this yet, has it been let loose in the wild?
Good point, this would have to work on iPhones too and people without a phone would just not be able to use those websites at all.
I just loaded a bunch of recaptcha on my GrapheneOS phone. So, I dunno what this is all about.
Yeah exactly. Millions of websites? Which ones? Though I don’t see how this would benefit google
@meowmeow because iPhone is already doing what Googles Playstore is now going to do
Need to break up these monopolies. Really the root of all bad about capitalism.
The “root of bad” is capitalism itself, the logic of the system tends to create monopolies over time, as demonstrated in the game ‘Monopoly’
Regulations used to exist to break that that behavior. But they were either removed over time or not enforced. It can be done. It used to be. It wasn’t flawless but it wasn’t what we have today either.
It’s the love of money that’s the root of all evil, according to Jesus, but yeah, that’s the driving force behind capitalism.
Capitalism is fine small scale, most systems are. Humans are just wired for efficiency and so with every player on the same board the most ruthless player wins.
There’s no small scale capitalism as the Capital needs to expand more and more. Political Economy 101.
Capitalism does not work because companies will always seek to grow more and more and more. It’s the core of capitalism. You need anti-capitalist policies to keep companies small.
Ah yes, the mythical small business capitalism we all hear about. I will agree it sounds good on paper and also seems to distribute money in a somewhat efficient manner.
Unfortunately there has never been a government able to regulate and keep capitalism this way. Other people have said it is simply not possible due to the nature of capitalism.
I think there is a worthwhile debate here around systems and culture. Perhaps capitalism could work if people were not inherently so greedy. I tend to believe that culture is the deciding factor which is a little disheartening honestly.
It’s not just culture. Most people value community and the well-being of others above amassing wealth (provided their needs are met). The problem is that capitalism indoctrinates us against those values, and even more that it rewards and empowers those who don’t share them at all.
Unfortunately there has never been a government able to regulate and keep capitalism this way. Other people have said it is simply not possible due to the nature of capitalism.
the primary “authoritarian” government of the world has proven that it is possible and that keeping them under a tight leash is the only way to prevent them from indoctrinating the masses; that’s why the number of billions and the wealth of the its millionaires have been steadily declining for the last decade or so, while simultaneously continuing to improve the quality of life for its citizens; meanwhile while the united states is poised to get its first trillionaire class very soon.
I sure hope you are not talking about China as they have produced more billionaires than the US for the last two years dramatically increasing their income gap. If you think they have capitalism in check I have a bridge to sell you in Brooklyn.
you’re not wrong – china’s billionaire count is up. but here’s the cycle that people in the west miss: a new crop of billionaires come along (eg. tech, evs, ai) and they replace the old crop (eg. real estate & manufacturing) that the chinese gov’t already short-leashed, and boom, numbers jumped.
that new crop will experience their own slowdown too once they get their own short-leashes like the previous crop did. it happened around 2018-2024, and it’ll happen again and again. china’s churn is fast, but the pattern’s the same every time: rise, stall, replace; no permanent footing/beachhead for a billionaire class from which to capture the system or spread misinformation like it is in the united states.
Break up the billionaires while you’re at it. Their sickness will boil the seas away to nothing
AnDrOiD iS oPeN sOuRcE
Ok?
Android is open source in the same way that Minio is open source.
I know in what way it’s open source. I just don’t understand what person this idiot thinks they’re mocking when they wrote that. It’s as if they think there are really people out there claiming that android/Google respects privacy (lol) and that it’s proven by part of the OS being open source. People make up fake scenarios to get mad about and they’re often rather ridiculous.
Oh, that’s what you mean. Ok, so every time I mention I have an iPhone because a. I value my privacy and b. I try not to support companies that actively harm the internet, someone says “but Android is open source”, as if merely having a few open source components means that Android is better in any way than any other OS.
In this instance, Google is not only making the internet worse, they’re doing it in a way that requires their own closed source libraries to even access a huge portion of the internet. This further makes any functional Android OS closed source.
The most ridiculous thing is that iOS is almost as open source as Android is. There are very few components of an Android based OS that are open source where the equivalent in iOS is not open source.
Also, hey, thanks for calling me an idiot. ;)
Yeah I don’t have experience with people really simping for android let alone claiming it’s meaningfully open source. The most I’ve seen is saying it’s not nearly as closed off as iOS which is just a fact. And I will say that as well because it’s a fact. But that has almost nothing to do with the OSS aspect. Or privacy. So yeah I still don’t quite get your point of inserting this here.
When my current iPhone dies, I’m never having a smartphone ever again.
What do you plan to do? Dumbphone? No phone? Break glass in case of emergency phone in a faraday pouch?
I’m considering a break-glass dumbphone in a faraday pouch. I REALLY fucking hate location tracking. I’d keep it seperate from my IRL ID. Prob is, it’s hard. Screw up once, big data pounces. One call tied to your name in any way. One friend puts it in their contacts. One time to forget the pouch and there’s a location ping at your residence. Not to mention the difficulty of even buying it and setting up a plan. Ugh :(
I’m a teams app for dumb phones away from getting off smart phones. I’m fiddy and have to use my readers to even see my phone, so I’ve slowly stopped using it for much outside of random apps for appliances. I can get an ipad for that, though. I’m also a privacy advocate, but I’ve made peace with the fact that ship has pretty much sailed
