24 hours
You must log in or register to comment.
- kepix@lemmy.worldEnglish24 minutes
graphene can have the play service, but in a sandbox. anything other than that uses microg so its emulated. probably needs some time to get up to speed. if not, just use the desktop site instead of mobile. i dont really see this as much of a threat to any of us.
- 39 seconds
This is just ID verification in another guise. The second I see one of these, I’ll stop using the website I see it on.
26 minutesi havent noticed anything? except youtube being slow as always i supposr (/e/os user)
- 2 hours
To anyone not switching because of this-- in my experience this is something I can work around. On most websites my captchas still work. I have had a few that dont work, and I just close the website and move on. It hasn’t happened on any websites that are very important for me to visit. Usually its a store and they really me to install their stupid app. Nope.
- 4 hours
Don’t give money to google by buying Pixel phones. Even buying used, creates demand as people are more likely to keep upgrading every year as they know it will be easy to sell their used Pixels for a good price.
the pixel is a very secure phone from a hardware level, the full list of security features missing from other android manufacturers is in the grapheneos faq
there is no comparable alternatives right now, though something might come out of the graphene and motorola deal
- 1 hour
First off, that’s software when the user asked for an alternative to the Pixel, which is hardware.
Secondly, I don’t see how those are an alternative. It’s websites locking you out unless you run Google Play Services. LineageOS etc doesn’t run the official PlayServices which is what this requires.
- 2 hours
How is that an alternative? You still have to buy Android phones and they’re wayyyy less secure
- 3 hours
So i just checked back a day later after posting this and it blew up more than i expected. I’ve gotten some comments suggesting its not really preventing GrapheneOS from being usable, so this might need more context. Do your own research and testing on this one for sure, as with most things. Sorry for not answering comments, quite busy right now.
I mean when you’re paying $260 to $300+ for even a used Pixel (8 is the oldest one supported till 2029 I think), that can be a hell of an investment to make if the thing is nerfed from alternate OSs.
- 5 hours
If you’re serious about it probably worth just using an old phone as an Auth device and only switch it on for that and still use graphene as your daily driver.
A Motorola phone soon shipping with GrapheneOS isn’t just a rumor but it doesn’t help with the problem of Google making their very popular robot detection service classify deGoogled Android users as non-human.
- rumba@lemmy.zipEnglish1 hour
You know what does fix that? boycotting sites that use their protection.
There are alternatives.
i generally agree, although for some reCaptcha-using websites there actually aren’t alternatives. eg many governments, healthcare providers, public utilities, etc are using it :(
- 5 hours
I’m not a security guy, what is the problem that this is supposed to be fixing? Like I guess you wouldn’t be able to use a virtuallised os to visit your banking website? Like I understand if you work for a bank you should only be able to access some things from specific computers, but normal people?
- rumba@lemmy.zipEnglish1 hour
They’re claiming it security authentication.
Realistically, it’s keeping people in their walled garden.
You can use a web browser on a Linux computer and get right through, this change is to force people to only run latest generation google products.
This would also block people from using real google phones over a certain age where they cannot upgrade the OS anymore.
- 1 hour
Realistically, it’s keeping people in their walled garden.
I felt for a long time, “trusted computing” is such a doublespeak term. It gets avg ppl to think “Oh ofc i want to trust my device! Who wouldn’t want that?”
Ofc what it really does, is gives BigTech the final control over everybody’s dev.
- 4 hours
It’s intended to be a successor to the current reCAPTCHA, sold as harder to spoof than current picture-based versions. Now, almost from its start, CAPTCHA existed to train AI vision models. So Google basically painted themselves into a corner using free labor to train models good enough to recognize images, now they are switching to device signals.
That said, they’re going to have to provide a compatibility layer for iOS which AFAIK doesn’t come with Google Play Services right now. So I have some faith in the smart folks who make these de-shittified OSes working something out via microG or the like.
- 4 hours
The benefit is for Google to make more profits if people are locked into their “ecosystem” without competition driving the prices down.
phew, feels like I jumped the ship just in time. Installed PostmarketOS on my Fairphone a couple of months ago, and I’m not looking back.
- 37 minutes
You do whatever you want, but out of curiosity: how is that helping with this issue in anyway?
pmOS does not have Google Play nor the Apple equivalent. GOS has the option of having a sandboxed Google Play. - 4 hours
Which Fairphone, and how’s it working for you?
I have the FP6 with e/os right now. It works pretty well, but I am against some decisions from Murena (like using OpenAI for voice recognition)
I’m looking forward to switching ROMs when there is more support for the FP6
- 2 hours
Fairphone 4. It’s working out decently enough for me. To be clear, some features are still broken (most crucially phonecall audio, which only works via headset), speakers altogether started working just a couple of months ago in edge branch. Camera kinda works, but it takes just horrible pictures. Broken if you ask me. I like the “feel” i have with it, it no more feels like I’m carrying a spying device in my pocket, but a computer instead. There are drawbacks, like I have to do my banking old school, visiting the bank site via browser, but they are worth it for me. My phone screen time has definitely shortened. It’s more quiet now.
edit: and you can do cool stuff with it, with root access by default! I have signal-cli running as a systemd service, which connects to my matrix signal bridge :)
edit2: funny story about the mentioned signal-cli. I had to put the phone in the fridge, because otherwise while compiling it (had to be compiled, no packages available) hit the critical temp threshold and shut down. :D Felt kinda funny. 2026, phones compiling in the fridge.
Is there a specific reason you chose PostmarketOS? I’m currently also thinking about ditching Google android.
- 2 hours
I feel like it was in the sweet spot for me as I was looking for a “true”(i.e. non-android) linux phone, and I happened to have a FP4, which I bought years ago. I don’t see many other options for this device, other than ubuntu touch. I tried it like a year+ ago, and it was nice, but it lacked userspace drivers for wireguard and while it was officially listed as issue somewhere in github/gitlab/wherever the development was, the development seemed really slow, almost stagnant. And I rely heavily on wireguard in my homelab setup, so that was a deal breaker for me.
- 2 hours
I’ll paste my other response:
Fairphone 4. It’s working out decently enough for me. To be clear, some features are still broken (most crucially phonecall audio, which only works via headset), speakers altogether started working just a couple of months ago in edge branch. Camera kinda works, but it takes just horrible pictures. Broken if you ask me. I like the “feel” i have with it, it no more feels like I’m carrying a spying device in my pocket, but a computer instead. There are drawbacks, like I have to do my banking old school, visiting the bank site via browser, but they are worth it for me. My phone screen time has definitely shortened. It’s more quiet now.
edit: and you can do cool stuff with it, with root access by default! I have signal-cli running as a systemd service, which connects to my matrix signal bridge :)
edit2: funny story about the mentioned signal-cli. I had to put the phone in the fridge, because otherwise while compiling it (had to be compiled, no packages available) hit the critical temp threshold and shut down. :D Felt kinda funny. 2026, phones compiling in the fridge.
- 8 hours
I should be good with sandboxed Google play.
But wtf we’ll need a phone to solve captchas now? What happens if you don’t have one?
- 7 hours
We seriously need to ask Valve to make SteamOS phones.
Not only will they be good for gaming but imagine being able to put other OS’es on it like PC’s. Bazzite, PostmarketOS, etc. Plus Valve will still get revenue from people using the upcoming Steam ARM Game Store, and the current Bannerhub/Gamenative community android apps that enable playing PC games they own from Steam/GOG on Phones
Its such a huge opportunity that we all should be encouraging then to pursue now and after they release their current 3 big projects: Steam Controllers, Steam Machines, Steam Frames
- 5 hours
I get where you are coming from. Out of all of the billionaires he is one that is one of the least bad out of the rest of them, and is doing plenty of good things himself. He got that wealth from Steam doing so well over the years co.pared to other billionaires that did the shadiest things imaginable
I don’t agree with his yachts business yet I agree with his side project of making boats specifically for ocean research. I don’t agree with him still getting paid so much today, yet I agree that he pays and treats his employees and customers well
End of the day it’s another option to get open phones that can have bootloader unlocked to change OS, and not be locked down. It is good to have more options currently where there are few.
Many online PC gamers have this opinion too so overall its more so a matter of time and comes down to if Valve really wants to then they will.
- 58 minutes
Yeah he’s the kind of wealth that helps you realize why people ever supported the wealthy. They used to actually have an understanding that keeping their wealth meant keeping employees, customers, and people at large happy and safe – and they’d be willing to put in the effort (or rather, money) to ensure it.
- 15 hours
i have one myself, and I can tell you that grapheneos won’t be affected by this. the real damage is to people using things like dumb phones or BSD, even windows computers are effectively locked out of the internet.
- 5 hours
Sounds like GrapheneOS isn’t affected only for now?
As in sandboxed google play may stop working for this at any point.
;(
- 14 hours
Apple and Google are gradually expanding their use of hardware-based attestation. They’re convincing a growing number of services to adopt it. Google’s Play Integrity API and Apple’s App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too.
Google’s Play Integrity API requires hardware attestation for the strong integrity level and is gradually phasing in requiring it for the more commonly used device integrity level. Apple already has it as a requirement. Over the long term, this will increasingly lock out hardware and OS competition.
The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it.
Apple’s Privacy Pass brought hardware attestation to the web to help with passing captchas on their own hardware. Many people saw that as harmless since few sites would be willing to lock out non-Apple-hardware users. Apple and Google are both likely to bring broader hardware attestation to the web.
Google’s reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems:
er/16609652
Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple’s privacy pass, Google’s ‘cancelled’ Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web.
Current media coverage for reCAPTCHA Mobile Verification misunderstands it and the impact of it. They’re bringing a hardware attestation requirement to Windows, desktop Linux, OpenBSD, etc. by requiring a QR scan from a certified smartphone to pass reCAPTCHA in some cases. They could expand it more.
Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web. Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc. It’s enormously anti-competitive.
Google’s Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit. It also bans using any other alternative. This isn’t somehow specific to an AOSP-based OS. You can’t avoid this by using a mobile OS based on FreeBSD instead. You’ll just be more locked out.
Google’s Play Integrity API permits devices with no security patches for 10 years. The device integrity level can be bypassed via spoofing but they can detect it quite well and block it once it starts being done at scale. The strong integrity level requires leaked keys from TEEs/SEs to bypass it.
It doesn’t provide a useful security feature, but it does lock out competition very well. Services requiring Apple App Attest or Google Play Integrity are primarily helping to lock in Apple and Google having a duopoly for mobile devices. Play Integrity is more relevant due to AOSP being open source.
Governments are increasingly mandating using Apple’s App Attest and Google’s Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them.
Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they’re directly participating in locking out competition via their own services. Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security.
reCAPTCHA Mobile Verification will currently work with sandboxed Google Play on GrapheneOS but it clearly exists to provide a way for them to start using hardware attestation on systems without it. People without an iOS or Android device will be locked out when this is required even without that.
This isn’t about security or any missing functionality. GrapheneOS can be verified via hardware attestation. Google bans using GrapheneOS for Play Integrity because we don’t license Google Mobile Services and conform to anti-competitive rules already found to be illegal in South Korea and elsewhere.
Services shouldn’t ban people from using arbitrary hardware and operating systems in the first place. Google’s security excuse is clearly bogus when they permit devices with no patches for 10 years but not a much more secure OS. It’s for enforcing their monopolies via GMS licensing, that’s all.
