fuck offffff
Reason n+1 for me being thankful for switching to GrapheneOS.
How’s the app support? I want to switch if/when the Motorola phones come out, but I’m wondering how many of my apps/services I’ll have to abandon.
Almost everything just works after installing sandboxed Google Play Services. For a few apps you have to tweak a setting to turn off some of GrapheneOS’s exploit protections. But I’ve found very few that refuse to run, and nothing indispensable. If you don’t like your main profile having Play Services you can set them up under a second profile or a private area and keep the apps that use them away from your main profile.
The other thing that might be a dealbreaker for you is no contactless payments with things like google wallet will work. But you could always just attach your credit card to the back of your phone and :tada: it works again lol
Contactless payments technically work fine, just not via Google Wallet. Banks that have their own tap to pay app usually don’t have that problem.
You must be lucky to have such banks in your country.
There’s several EU countries that do. Some of them as part of a push for sovereignty, but most, I think, cause they developed their solutions before Google Wallet was enabled in that country.
There was no work profile support when I last tried to convert. deal breaker, atm.
That has been working fine for years at this point.
me and the other folks trying to get this working disagree. there are several threads about it on the GOS forum.
Yeah, I was thinking of separate profiles in general, and had never encountered the concept of an employer controlled separate profile. When I needed a device for something work related, I usually got issued a phone.
Those were the days…I used to have a personal phone, corporate phone and a site phone! The multi phone inconvenience was real…
Just grab an app like Shelter.
0% of the apps/methods available at the time worked with my employers setup. I did everything except the adb method. ended up getting a crap phone for work. it just sits on my desk anyway.
Oh, you mean a profile set up by your employer. Actually, dunno whether that works. I never let any employer touch a personal device.
that is the point of the work profile when used as the non-primary profile.
same phone; but work profile cannot see or interact with the primary profile or configure the device. if the corporate account is used as the primary, they can wipe the phone remotely.
Some bank apps may not work, but you can check by searching for you bank name + GrapheneOS
I found this list helpful: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
I also found that one of the ones I use would only work in the Owner profile with Gplay services so the secondary profile wasn’t an option for it.
I switched a few months ago and overall its been an excellent experience. Some pitfalls though:
- Banking apps may not work, Santander in the UK for example but I’m going to transfer away from them
- Contactless pay through google wallet doesn’t work, I couldn’t find a way to attach a card to the back of my phone and also keep pixel snap usable so I bought a small pixel snap wallet that works nicely
- Recently Volkswagen and vw group enabled google play attestation for their app and not hardware attestation, so my cars app no longer works. This is probably the most frustrating for me because as an EV owner there’s no other way to track the charge of your car other than via the app. This is particularly annoying when using public charge points and you can’t track the charge progress when walking away from the car. First world problem, I can just leave it alone and let it charge without keeping an eye on it but that’s annoying to me, I’m sure I’ll get over it.
- Because of the above, I’m concerned other apps may start to follow suit. For example “too good to go” in the UK is “not compatible” with my device from the play store because it doesn’t pass the play attestation… Hopefully it’s not a trend.
Overall though I would highly recommend. All the other main features work flawlessly.
One of my banking apps enabled Google Play attestation. It’s really infuriating. I don’t understand the point either - AFAIK all apps need to be signed with the dev’s private key anyway, don’t they? If they are then why would anyone care where I downloaded it from?
Take a look at OVMS (open vehicle monitoring system). I use it since I have an EV because I don’t want to pay for “connected services”.
I’ve had zero apps not work, including my banking apps.
Amazing for me tbh. I only had to give up contactless payment since my bank switched to google wallet and I have 0 google apps on my phone. Obtanium and Aurora store are life savers.
I am yet to find any app that doesn’t work.
Doesn’t help if someone you’re talking to has it on. And unlike Zuck’s stupid glasses you won’t even be able to know unless you ask every single person you talk to first. This sucks.
It’s probably illegal in Germany and some other EU countries. Not that that always stops Big Tech. But this one, at least in Germany, could land the user some jail time.
It’s illegal in parts of the US too
You still gave your money to Google for the phone…
No, I gave it to the person who resold the phone at a lower cost than what I would’ve paid to get it from Don’t Be Evil Inc.
What a useless and irrelevant comment that adds less than nothing to the conversation.
Welcome to your “I only buy vintage tech” era.
Mine started when 3.5 mm audio jacks started disappearing. We all draw a line.
Well there are adapter cables USB-C to 3.5mm. On my previous phone in my car I used a splitting cable to power it while using the 3.5mm as input to the car radio. However on my new phone Samsung decided to not support it anymore -.-
I’m going off memory here, but I think this was an issue way back with some phones having DAC hardware built in, and others skipping that hardware in exchange for requiring dongles that included such?
Maybe you just need to find a new dongle? Hopefully that helps and sorry if it doesn’t, but I’d rather just have a headphone jack back and skip all the complications…
They don’t always work good. I’ve tried many even Apple versions. It’s finicky somewhat for the audio to pickup like in a car with an aux to the adapter to phone usbc. They do work. Just not perfect. Still prefer 3.5mm jacks and wired headphones. Wireless junk has almost always been a scam to me. Batteries and bluetooth wear out.
I agree but we all carry spy devices with us, it’s too late.
Motorola needs to release those GrapheneOS compatible phones now 💀
Hopefully also as a supported option to the existing phones. I’ve got a Fold and switching is sounding pretty good right now…
The people who called me crazy because “there’s no way your phone can be listening in on you all the time” are the same people who are going to be the most excited about this “feature”
How did these people expect “Hey Siri” / “Hey Google” to work?
Im a perfect world, as they claim, its a secondary system listening that isn’t recording or transmitting anything, and is meant to be low power. If it hears the wake up word, it wakes up the other mic and starts recording.
Thats how they claim the smart speakers work anyway.
This would be different.
It can’t hear if it isn’t already listening.
“How they claim?” Is there no way to confirm that?
They ship with proprietary code, this would be the point of open source.
In practice in my experience, every company is at least skirting the law regarding privacy, and I never worked for one big enough that could lobby itself out of a fine.
would this not be detectable by tracking the data sent through your network?
I used to run forensic network capture and analysis tools.
First thing, traffic is encrypted. All you will see is a blob of traffic passing through. You used to see hostnames with TLS, but now with quic, you see nothing. This makes it hard.
You could root the phone and install a root ca certificate for a decrypting proxy, you might see more, but the data itself (not just the transport protocol) could be encoded or even encrypted within the network encapsulation.
Next, you’d have to reverse engineer the protocol if they’re using something nonstandard. Also, malware can often be set up to “behave” when it can detect analysis. I’m all but certain Google would do this.
Maybe you could do statistical analysis of the traffic and attempt to baseline normal vs when it’s transmitting audio. It would be a bit of a blind guess at best.
If I had more time, I’d love to try it. I have an old pixel7 pro. Maybe I can sort something out.
People have already done that and shown that no the device isn’t listening to you 24/7 and sending all your data out. There are plenty of papers on the subject, and it makes sense. Why record, decode and analyze all audio when your digital footprint is so much easier to compile and analyze. People aren’t random, so it’s easy to put them into statistical buckets of how to target them. Here is one reference paper (of many): https://recon.meddle.mobi/papers/panoptispy18pets.pdf
If its real time monitoring you, but not if its logging data to send later when it would be expected to be doing so.
Audio doesnt take up much space.
Even if it was open source, you’d need to be able to verify what they ship matches the specs. Allowing you to flash whatever you want onto it helps, but you still need to validate the hardware.
I have a memory of people black boxing it and seeing power usage and network traffic that supported the claims but that was a snapshot in time and as others note its all proprietary.
It takes a lifetime to build a good reputation, but you can lose it in a minute.
You look for network traffic. You might not be able to see inside the packets, but you can know when they’re sending packets, and how many. As far as I know, voice assistant systems that claim to use a secondary local circuit to detect calls are telling the truth.
That’s kind of what I was wondering, I figured this as well as a way to track that it is at least sending data at unusual times. Someone else in this thread explained that actually determining what that data is would be difficult yeah: https://lemmy.world/post/48510943/24408747
I don’t know enough about system security or forensics to evaluate this, but it does make sense based on what I know.
The consensus so far seems to be that they don’t collect as much data as people think, partly because they can’t process all of it, and partly because educated guesses are good enough to target ads often enough.
I dont know. You’d need to reverse engineer the hardware and software to be confident, and could a OTA update then sneak a bypass in anyway?
Edit: i think Amazon might have abandoned this as well and always records on echos now too.
Doesn’t need to track you all the time to know exactly who you are and what you’re up to.
Continuously monitoring is such a waste of their resources, they already know everything about you, they just need to check in now and then to make sure you’re buying the correct t-shirts.
Fucking yikes
Constant surveillance 😡
Audio memories 😍
BIG BROTHER IS
WATCHING YOU
HELPING YOU REMEMBER YOUR IMPORTANT CONVERSATIONS
I already get “random” ads for things that were only part of a verbal conversation that happened to be near the phone.
What I want is a physical kill switch for the mic and camera, less surveillance not more.
That’s been happening for well over a decade now, and while “respectable security researchers” call it bullshit… there’s simply too much anecdotal evidence for it to happen organically.
The reality is they don’t need to listen.
They have so much data on users.
- how old you are
- where you are
- what you last bought
- when you just bought it
- who you are near
- what they bought
- what the people around you are searching and what ads they are seeing
- what is being bought and sold by everyone around you
- when you sleep
- what you eat
- the things you are chatting about on MMS
- where you go
- when you’re home and when and where you work
It just goes on and on and on.
People think they are unique but they are not as unique as they think.
NONE of that data can predict a random occurrence discussion that goes in a specific direction.
A great example is something that happened to me in 2015. One night I was out with friends, and one of them had a really bad panic attack. The next day I was discussing it with a colleague during a smoke break, who recommended he gets a clip-on pulse oximeter. No searches, nothing, literally just a half minute detour in our chat. I repeat, nothing was typed in or looked up or in any way entered into any computer intentionally.
Five minutes later we’re sitting in front of our respective computers and I start getting ads for the very thing. Mind you, we’re still at a point where nothing noted during this discussion was entered into any computer. Explain this.
Did anyone you were with the night of the panic attack search for what to do? Or texted anyone about it?
They can link you to other people by networks or nearby devices. Especially if you’re frequently around those people.
It would have been more concerning if your coworker got the ads.
Nope, as only ~4 people remained at that point, and they wouldn’t even be thinking of researching this topic.
“who you are near” does.
Someone that has recently purchased something might talk about it.
Someone that has commented on a news article might talk about it.
Someone has a panic attack and googles what to do about it.Huh, and that’s 2015, before pulseoxen were common household medical supplies like thermometers.
Something smells fucky for sure
You’re right that they don’t need to, but in reality they do whether they announce it or not.
In 2017 I tested this at home alone in my apartment in by myself using my smarphone by finding a site with lots of banner ads, monologing next to my phone about a topic with no relation to my current life at the time for about a minute, then refreshing the page. To my horror, the exact thing I was monologing about showed up on every single banner ad. Nothing in my life was going on related to that topic and the only thing connecting me and the topic was my own vocal words.
That was the moment I decided to avoid Google/big tech for the rest of my life.
Okay but how does all of that
Tell them I’m in the market for a toilet seat?
And then forget to tell them - I only need 1 toilet seat?
that’s an easy one.
google is an ad company, their main customers are the people who buy ads, pretending you need a toilet seat let’s them charge toilet seat makers more to “target” you
All the toilets in your building / neighborhood were installed all the same time and your need for a toilet seat likely matches the average lifespan of that item. They see this, they see you bought a toilet seat.
They don’t sell ads directly for you though. The do sell ads to people your age in your location that might need a toilet seat. They might also know that that item has a high return rate. On the chance you return it they want to sell the opportunity to advertise to you for more to potential customers (ad buyers)
It just goes on and on.
Except they think I’m a 65 year old radiological oncologist in Florida named [my name]. First off, my name is unusual enough that I used to keep tabs on all 13 of us. (you get really bored in the hospital unless you give yourself something to do) None of us work in medicine (well I offer some medical CPEs but that’s education, not medicine) I’ve lived in the hospital I guess. None of us live in Florida. The most famous of us used to be a hockey player, but he hasn’t done shit lately. He’s been to Florida. I’m sure. There’s a hickey team there in Miami, right?
I have been getting ads for stents and sutures and clips and bullshit like isn’t this supposed to be the dude who aims the radiation gun and burns out the cancer? For 25 godsdamned years. How long has goggle existed? That long. I don’t know how I fucked their profile of me but I managed it somehow.
I always wonder whether we’re getting it backwards.
Like, did you see ads for kayaks because you had that conversation about kayaking, or did you have the conversation because an ad company/social network decided it was time for you to get into kayaking?
It may not even be that they advertised kayaking to you. They may just have a very good model of your behaviour that predicts you’re likely to be interested in kayaking.
Honestly this is scarier, and harder to understand. But I suspect it to be the case
I’m figuring it’s smart TVs and smart speakers, not the phones
I have one smart TV and a few streaming devices, none of which have microphones. Yes that includes the remotes. I have zero smart speakers even plugged in to power.
I do have one smart phone with a least one microphone though.
It’s not all that exciting. If the person you had the conversation with searches for the thing and they’re in proximity or on the same network, they can link you to them.
Except as I said NOBODY looked up the term. How many times and in how many forms do I have to state that the MENTION of pulse oximeters was: verbal only, in no way entered into a computer before I started getting the adverts?
The discussion itself wasn’t even that long, colleague asked why I looked so tired, I told him how the previous night we had to call an ambulance and sort the guy out, colleague said “maybe he should get a cheap pulse oximeter, it can be helpful to predict attacks and handle them without a call [for an ambulance]”, and that was it. Topic was dropped.
And no, mutual friends didn’t look it up either as they didn’t care much for the guy (tbf it was a super toxic community I’m glad I’ve left behind).
Except that doesn’t happen.
Yes, it does
OK buddy, you can win the internet argument if it’s that important to you. Just completely gloss over what I was telling you actually occurs so you can be right. 🙄
Are you familiar with ultrasonic cross-device tracking?
It’s an actual technology that’s in use in some places we know of and likely a lot more that we don’t, because who in marketing/advertising WOULDN’T leverage that power if it was an easily accomplished thing?
Should be legally mandated in the surveillance environment we are in.
Even though it’s not technically physical, GrapheneOS does have switches for both the camera and mic that disable them at the system level.
So if you answer a call, for example, you’re prompted to unblock the mic because the phone app is requesting to use the mic.
I’m pretty sure fairphone has that hardwired killswitch
Sadly no, the physical switch recently introduced with FP 6 is by default to activate a distraction-free mode. It can be changed to other features that do not include mic/camera. Furthermore, it implies it’s all software managed, nowhere close to the security of real physical kill switch for mic and camera. https://support.fairphone.com/hc/en-us/articles/27533345946258-Switch-button-Settings
If a song isn’t recognized, a short digital fingerprint may be sent to Google to securely search the cloud. Background conversations and audio are never sent to Google.
And, of course, Google will honor this and any other setting, as always, right? Right?
As soon as they got away with “federated learning” (basically use your phone to train ai then just phone the results home rather than your data) 🤢 they knew they could just keep pushing and pushing and pushing until they have it all
If you’ve got an android, go into your phone’s dev options and try to turn off Google’s location tracking service, or the one that tracks screen inputs, or the one that checks what wifi networks are around you.
They’ve been dishonourable from day 1 :C
That’s such bs short digital fingerprint is anything compressed and encrypted
Interesting how the majority of the comments refer to you being monitored on your own phone, ignoring that you will be monitored on everyone else’s phone as well.

Probably something people aren’t thinking about. How would this even work in two party consent states/countries?
The same way slopgen cleverly went around seemingly unbendable coryright laws: by ignoring the shit out of it, and half-scaring half-bribing the governments and the public to allow them to do whatever the fuck they want.
By
bribinglobbying local politicians. As always, laws are only real when they’re enforced.
Much like how Facebook includes non-users in their social graph.
Illegal in Germany. You may not record conversations, if you try to enter something like that as evidence you’ll get punished as well.
I suspect there are many countries with laws like that, and if your phone actually disables the feature when you enter them or just let’s you hang to dry…
I wonder if there’s a legal loophole here? Specifically this works by transcribing “important conversations” into text, it’s not actually storing .mp3 recordings. Obviously still disgusting and I hate it.
The legal loophole is Google can afford to pay the fine. They make more money breaking ze law than they do following they law
This right here. Companies like Google effectively have infinite money and it’s not a big deal for them to pay off the (usually miniscule) fines that they get hit with.
No, the user breaks this law, not the manufacturer. So the loophole for google is, they don’t care about you.
Not a lawyer, but as far as I got it, the storing isn’t the punishable part, the recording is.
You can’t have security cameras filming public spaces (like the road in front of your house). Even if its dummies, as people couldn’t tell the difference whether the camera actually films them or not.
Illegal in parts of the U.S. as well
if you try to enter something like that as evidence you’ll get punished as well.
They’ll just use parallel construction
No need to, there is no fruit of the poisonous tree in German law. Police can strip search you in bright daylight on a crowded square for no reason - clearly illegal, bit what they find will be used to proscute you. The officers will be punished as well, at most with a stern talking to.
Honestly, I thought they already did that.
One of my motivations for becoming more privacy minded, was the amount of times a subject of conversation was delivered through an algorithm later.
It was creepy, talk about hose pipes> receive hosepipe content/ads.
I think so but now it’s being marketed as a feature which is nauseating.
My creepiest experience was shopping at Lowe’s and then getting recommendations on Amazon that night for drill bits and cabinet door handles. The thing is, I had purchased some drill bits at Lowe’s so OK, but I had only stopped and looked at the cabinet door handles.
Your phone told advertisers you were located at Lowe’s using GPS. Then your credit card company told advertisers you bought drill bits. If you looked up any cabinet door handles in the past, that data was given to advertisers too. They put all those pieces together to serve you more ads on drill bits and cabinet door handles.
I’m sure there’s more than a little Baader-Meinhof happening. I did expand my privacy a bit; pihole, searxng, some other stuff and I notice it less now. Or I think I do, humans are notoriously bad at this.
A lot of stores keep track of which aisles you spend more time in, that information is then shared with their “partners” (ad networks). By the time you made it home, they had already shared that you bought bits and that your device spent a while looking at cabinet hardware.
I have such a hard time believing it’s not a phenomenon. I know coincidences happen, but mannn
I’ve been advertised things that my wife has talked to me about that i otherwise have no interest in. I absolutely believe my phone is listening.
Your wife probably searched them online. The advertisers got your public IP address to display ads of what was searched. It’s so subtle and people leave digital bread crumbs everywhere that it gives the appearance that the phone is listening to you.
Truth be told it’s more processing power and work to stream and auto transcribe everyone’s audio from their phone. It’s effortless to just scoop up all search and purchase data.
Yeah there’s a “now playing” feature that will recognize music being played nearby, which I have found useful many times.
An AI note taker could actually be useful for some applications, like a meeting summary or play-by-play for a d&d session. It’s just all the other stuff about AI that makes it shitty.
Sure. If you actively turn it on, and all involved know it’s on. But this is always active as far as I’m aware.
I’m guessing it’ll be toggle off, and it’ll toggle itself back on every update.
In other words, they’re taking your data for their use all the time, and sometimes they’ll share your data with you.
You can have it off and just use the “song search” on the top menu, but yeah. I assume it just keeps itself activated even if you disable it, they just try to be less blatant about catering to you.
Anecdotally, I’ve only had lime 2 instances of “google was definitely listening to show me this ad” in the 6 years I’ve had pixels, and I’ve seen just as many instances with other phone types. You truly have to go out of your way to avoid the surveillance.
Um, oh fuck no.
The reams of personally-identifiable information that will leak is insane.
We’re not allowed to have Siri and Alexa listening when we’re working, lest a stray word on a phone call from the home office risks a privacy breach.
I saw this title and immediately said “fuck off” then clicked, and …glad to see OP sharing my immediate sentiment.
Aaaand it’s Niantic all over again.
Any soviet officials still alive must be going crazy: “wait, they actually pay to be surveilled???”
I’d trust talking revolution with a soviet commissar more than I’d ever trust a modern day company listening in on my everyday everything.
I got banned from Reddit for:
- Saying Peter Thiel should be turned into soup.
- Saying Peter Th-iel should be turned into soup.
- Explaining to someone that I had two warnings about saying Peter Thiel should be turned into soup, which was then deleted and replaced with “user is banned for this post”
They’re scared. You hear me, Peter? I’m coming for you with carrots and onions.
Yes reddit is controlled by the epstein class we all know this
Soylent green is made of Peter Thiel!
I feel like that would be Soylent Putrid Brown or Boyblood Red
Mirepoix du Thiel
This guy cooks
Fucking Reddit.



























