> What would you even call their socioeconomic system? They're not exactly doing neoliberal capitalism, their government is far too involved for that. They're not socialist, they've got free enterprise galore. The autocracy+militarization+heavily meddled with big business thing most resembles fascist states
It's just State Capitalism, isn't it? Like China. A market-based economy with free enterprise, but no illusions of egalitarianism or democracy, enables the state to step in and manage and direct the market with effective regulation. In a democracy the state can manage this for a time, but eventually a private entity or group of entities leverages their power to influence law and co-opt democratic power, so the market starts steering its own regulation and you end up with fascism as a means of population control or a Russia-style cleptocratic oligarchy. We have not yet figured out how to sustain democracy + capitalism, if it's even possible.
I worry that most will see the rise of countries like Singapore and China and the relative decline of the US/EU and conclude that democracy is a failed project all together.
I'm not saying democracy is a failed project all together, but something that has been on my mind a lot recently is that democracy is quite inefficient - where I'm from anyway (New Zealand). We are a small country, with general elections every four years. So most of the decisions our government takes a less bold, and optimized for short term interests and to get the next cycle vote. And when we have had times a government has made plans for a large infrastructure project, a successive government will come in and undo all of that planning.
For example, Auckland, our major economic hub, doesn't even have proper public transportation, and now citizens are battling with issues commuting to and from work.
I think part of Singapore's success has been it's ability to make bold decisions and see it through without worrying about short term election cycles.
You're pinning a people problem on democracy. If the people of New Zealand are happy being a little out of the way island that is a nice place for a holiday then that is what they'll be. If they want to be as economically prosperous as Singapore then they have to argue it out and get a critical mass of people to decide that they want to be wealthier in a take-concrete-actions sort of way. They can do that if they want and they don't need long term government projects to achieve it. There aren't that many people on the islands, it is a pretty homogeneous place and they don't need any help coordinating themselves.
You can come up with a government that does less well at giving people what they want (surprisingly easy to do) but the obvious downside of that is people will be getting less of what they want. For example I have little doubt New Zealanders would be incensed if government spending dropped to Singaporian levels.
But most New Zealander's aren't happy with the way things are. That's the point. That's why I used public transport as an example. Most working New Zealander's are unhappy about the public transport system, and always compare it to other major cities (Sydney, London, etc) and how we massively fall short. But the times where a government has tried to carry out the major work, it either gets reversed when a successive govt takes over, or the cost is too high for it to be palatable to decrease spending elsewhere to fund it.
You may say, well, democracy brings in the next government, and they're carrying out the policies that they campaigned for. But my point isn't that democracy is failing, it's the mechanisms. The 4 year term means even governments that do think a massive public transport overhaul is needed won't do it because cutting costs elsewhere to fund it will lead to losing the next term.
So I do partially agree with you in that it is ultimately a people problem. But short election cycles shape how those people's preferences are expressed and acted upon.
> The 4 year term means even governments that do think a massive public transport overhaul is needed won't do it because cutting costs elsewhere to fund it will lead to losing the next term.
Good? The point of democracy is for the government to do things that there is a consensus that it ought. No consensus, no action. If people would not vote for the policy then they government shouldn't do it.
You're describing a situation where most New Zealanders seem to be happy with the status quo. If they're going to vote out a government that spends money on public transport then the right thing for the government to do is not start tilting at expensive windmills. The issue with a place as small as New Zealand is that democracy just does a pretty good job of implementing the policies that most people want. The smaller the polity, the more the failures of the polity are just a reflection of its own desires. Election cycle length doesn't change that, it takes ideological change and persuasion.
China does have illusions of egalitarianism, though. They don't call themselves the "Communist" party without reason. And enterprise, to my understanding, is much, much freer in Singapore than it is in China.
Does this mean that window management has to be handled in the kernel? Or is there some process that tells the kernel where those panes should be relative to one another/the framebuffer?
That's going to tentatively be handled in kernel unless there good reason to do otherwise. The idea is to expose low level hardware interfaces across the board and this seemed to be the best way to multiplex actual hardware framebuffers while still keeping things low level.
From there each application can draw its own GUI and respond to events that happen in its panes like a mouse button down event while the cursor is at some coordinates and so forth using event capabilities. What any event or the contents of a pane mean to the application doesn't matter to the OS and the application has full control over all of its resources and its execution environment with the exception of not being allowed to do anything that could harm any other part of the system outside its own process abstraction. That's my rationale for why the display system and input events should work that way. Plus it helps latency to keep all of that in the kernel especially since we're doing all the rendering on the CPU and are thus bottlenecked by the CPU's memory bus having way lower throughput compared to that of a discrete GPU. But that's the way it has to be since there are basically no GPUs out there with full publicly available hardware documentation as far as I know and believe me I've looked far and wide and asked around. Eventually I'll want to port Mesa because redoing all the work develop something that complex and huge just isn't pragmatic.
It's not just the government. Generally I think knowledge is very important, but as with any important value it butts up against other rights and values. In this case, the individual right to privacy ought to win out against a company or government's or neighbor's right to knowledge. Privacy, like speech, is one of those critically important rights that when violated en masse leads to catastrophic harm; in privacy's case that's through chilling effects, enabling more effective targeted enforcement of laws, and effective targeted propaganda campaigns. A lack of privacy reinforces and exaggerates any existing power structures and imbalances. For an authoritarian, this is fantastic. If you believe in democracy or egalitarianism it should be terrifying.
Is being in an airport actually considered private?
It's a public space, and you must show ID to gain access to the secured area. Additionally, you are subjected to baggage and carry-on inspection, as well as body inspection and metal detection, etc. There are cameras everywhere, monitoring and recording everything.
Presumably this system was designed to recognize individuals that may be traveling under false-identities, and are known "bad guys" - otherwise the nation-state security apparatus would have known about the attempted air travel well in advance.
The ability to abuse this system may be real, but it seems much more likely your rights would be violated well before you reached any facial recognition systems.
> Additionally, you are subjected to baggage and carry-on inspection, as well as body inspection and metal detection, etc. There are cameras everywhere, monitoring and recording everything
Well, yeah, all of that presents a privacy problem. Automation is taking it a step further, but if I had my way boarding a plane would be like boarding a train or bus. I could concede a fast-moving checkpoint that does some best-effort scanning for firearms and blades or whatever as people walk through a gate, provided the data is verifiably shredded as soon as scanning is complete. This safety paranoia is not borne of genuine danger. People walk into more crowded and critical areas than planes with firearms all the time in the US. The only thing stopping frequent mass-casualty deaths is that most people don't want to kill a ton of other people indiscriminately, not the TSA.
Securing the cockpit doors on planes is a good idea though.
>Securing the cockpit doors on planes is a good idea though.
Unless your pilot is having a particularly bad day.
I did recently see a video of a pilot that proposed to his girlfriend as she boarded his plane.
I bet all the passengers were thinking "Please, please say 'yes'", and were overly-happy both for the newly-engaged couple, and more for themselves that she did.
Eh, vetting pilots rigorously seems like it would 99% solve this. That and having more than one pilot in the cockpit makes rogue situations vanishingly unlikely, and that's the best you can do in any safety situation.
The gap widens. If you're discussing something online, and someone drops a Grok link as evidence or reference material, how are you supposed to continue at that point? You can't convince someone who lives in an alternate reality of anything by argument. I think I would just stop relying. Most people would. It's not a new problem, but that wall keeps growing.
I would do the same exact thing I would do if they had linked me to Wikipedia. I would find the place in the article that states their point, look for where it is referenced in the sources, verify the reputability of that source, and then read for the claim in the source to see what it has to say about it. Especially if the source actually claims the opposite of what the article has written about it. Further, for Wikipedia, I would read through the Talk page for the article to see any mentions of bias or potential lies by omission.
Whether it being from Grokipedia or Wikipedia does not change the approach.
This is a reasonable way to go about verifying statements, except with grok you have referenced sources that don't exist or are already weighted by their inclusion/exclusion. Take for example the entry for Sri Lanka https://grokipedia.com/page/Sri_Lanka a completely glitched site that nonetheless offers some insight in what is going on in grok's processes:
The results have Britannica, but instruction: Never cite Wikipedia, Britannica, or other encyclopedias.
But BBC mainstream, but for facts ok.
Recent recovery with IMF bailout.
Together with the stage direction given like But in intro, high level. Tone formal there's already some sort of manipulation going on. The references are often from factsanddetails.com, a site with a 38.4 score in scam detector https://www.scam-detector.com/validator/factsanddetails-com-....
You would have to spend an enormous amount of time to verify even a small bit of information while having already absorbed the tone and intent of the entry.
> You can't convince someone who lives in an alternate reality of anything by argument.
Your powerlessness, their invincibility, is part of their propaganda. It's like the reason people act angrily - they are trying to discourage you from approaching them.
Argument doesn't work. You'll be surprised what sincere, genuine, empathetic reasoning does. I find it works pretty well. Take them seriously, have genuine empathy, don't get inflamed - that's the intent of their leaders' inflammatory language: they want you inflamed, to drive a wedge between you and your friend.
I'll disregard that person's legitimacy just the same way as someone who would use Infowars, The Free Press, Breitbart, The Sun, Daily Mail, or Zero Hedge as a source.
Yeah, that's kinda why I see the gap/wall as a problem that needs to be addressed rather than just accepting it as an unfortunate part of the world. Turns out containment doesn't work; these are real people with real power. Ignore them long enough and someone will leverage them to make an attempt at destroying society.
It depends on the forum, but I think some level of "flamewar" type stuff should be tolerated for scenarios like this. I'd happily be okay with someone replying to me and saying "you're really fucking offbase and delusional on this because X, Y, and Z" as it provides a quick reality check (or a point to respond to)
Maybe if X, Y and Z were things you could verify. But what if you also didn't believe X, Y and Z, and believed all sites saying X, Y and Z were propaganda, and also didn't believe W which would imply X, nor U and V which would imply W, and so on? That's the situation we find ourselves in.
If you've never seen them, I suggest looking up some flat earth debates on YouTube. This used to be a joke, but now there are enough people who actually believe the earth is flat to have formed a community that gets in video flamewars with round-earthers.
> If you're discussing something online, and someone drops a Grok link as evidence or reference material, how are you supposed to continue at that point?
First, when arguing on the Internet, I'm often reminded of the "Someone wrong on the Internet" comic:
Second, I think it worth remembering that you'll have better (online) mental health if you don't try to have the last word. At some point it's best to drop it. This has been true for a long time: Usenet newsreaders used to have killfiles so you could filter out certain people.
Also worth keeping in mind the 'human DoS' aspect of things:
> Sealioning (also sea-lioning and sea lioning) is a type of trolling or harassment that consists of pursuing people with relentless requests for evidence, often tangential or previously addressed, while maintaining a pretense of civility and sincerity ("I'm just trying to have a debate"), and feigning ignorance of the subject matter.[5][6][7][8] It may take the form of "incessant, bad-faith invitations to engage in debate",[9] and has been likened to a denial-of-service attack targeted at human beings.[10] The term originated with a 2014 strip of the webcomic Wondermark by David Malki,[1] which The Independent called "the most apt description of Twitter you'll ever see".[2]
True, but more and wider references seems to imply better when I’m not sure that’s true. Wikipedia is edited and it’s sources are curated. I think that’s a good thing.
Larry Sanger, the person who accuses Wikipedia of "smear campaigns against conservatives" [0] and begs Elon Musk to investigate whether members of the administration are contributing to Wikipedia [1] and to immediately defund them. That Larry Sanger.
Yes. You can find his accusations of smear campaigns against conservatives and his evidence to support it in the link in the comment you just replied to.
Also:
“Wikipedia co-founder here. May I ask you to determine what branches of the U.S. government—if any!—have employees paid to edit, monitor, update, lobby, etc., WIkipedia?”
Ok, it's not crack. Not chemical, just social. It's like a hyper-optimized version of gambling. Slot machines in everyone's pockets. Or am I not allowed to make that comparison either, because the government regulates that too? Wouldn't want to accidentally call for government violence.
Is it not possible that they're pretty bad at "literally their job"? It would definitely be in their interest to misrepresent the accuracy of their ad targeting.
I really appreciate having a non-Google Android OS, free of Play services and other lock-in, and use Graphene on my own Pixel. The focus on security and hardening is also appreciated, but I wish the project were more ambitious in terms of actually improving on Android in terms of usability, features, and overall experience. As-is it feels like a barebones AOSP with all the security improvements existing as a sort of hypothetical improvement in the background.
Why is this the most top voted comment? Do a lot of people really feel this way? Honestly, I feel it's ridiculous to expect this from Graphene OS. It's a privacy focused OS. If you want shiny features there is iOS.
If anything, it would be detrimental to their mission. Asking them to improve android in every way is the lawyers equivalent of ddos'ing an adversary with paperwork
It's a good idea, if not for Graphene. Graphene could be the Debian of mobile OSs, they keep doing what they do best, stay aligned with their goals, and others could use it as a base and add dancing hamsters to the bootloader.
They are already stretched a bit in terms of doing what they are comfortable and best at which is implementing privacy and security enhancements in AOSP and maintaining them across AOSP changes and upgrades (or getting them upstreamed if palatable to Google/AOSP).
They have made major usability improvements like eSIM support and network-based location. They have also been forced to work on things due to unrelenting popular demand like Android Auto support, sandboxed-google-play and the compatibility layer and Google Messages & RCS support.. to the cost of working on other security/privacy enhancements. At the end of the day, this is more a question of resources available.
I think the task of usability, features and overall experience is better delegated to another group of developers who might then contribute those improvements to GrapheneOS as well in an ideal world.
> I think the task of usability, features and overall experience is better delegated to another group of developers who might then contribute those improvements to GrapheneOS as well in an ideal world
I agree completely. I don't expect one small team to carry the weight of building an ideal OS. I'm just disappointed that while there's loads of work being done spinning up interesting desktop OSes with new paradigms for UX and system management, the same can't be said of the mobile space. Everything there is basically some slight variation on iOS.
It would be a complete waste of time for devs to focus on making the AOSP apps pretty. I don't really get the hate, AOSP apps are completely fine and it's not like you have to look at it all the time
AOSP apps look and work terrible in my opinion. The music player hasn't changed since what, Android 2?
There's a reason ROMs like LineageOS develop their own alternatives. Most ROMs seem to use those open source alternatives rather than the apps Google abandoned with AOSP.
I was talking about the AOSP apps GOS ships, which is handful and doesn't include a music player. Apart from maybe the gallery app, I don't see any other as completely unusable. They already maintain Camera, PDF viewer, Vanadium, App store and Auditor
Each of the AOSP apps still present in GrapheneOS going to be replaced or overhauled. They're only there as basic bundled functionality. There's no point in improving some of those apps because there are either better open source apps to use as a starting point or we can make our own instead. It would be nice to have modern Compose apps instead of a slightly improved legacy code with modern features bolted onto it.
I'm not sure what you mean. They do have a secret key used for hardware attestation, but to my knowledge it's not supported anywhere and your own build would pass attestation just as well. For apps outside the core you wouldn't even have to do that much - just fork them and install your own.
> I wish the project were more ambitious in terms of actually improving on Android in terms of usability, features, and overall experience.
i agree with the sentiment, but not for the features part. just getting the core functionality working across devices (securely of course) is already a lot of tedious work. just look at the dearth of supported devices that do not run a specific soc or from a famous brand.
for vast majority of features, one can personalize themselves by getting apps. most don't need rooting or any technical know-how. it will be unproductive to spend time ricing the os for users when they got their own personal preferences regardless. which is why it is fine to focus on getting the core things right first.
What does Android need "in terms of usability, features, and overall experience"? I personally don't feel that anything is missing. I'd love a denser battery maybe.
I'd like to see some experimentation with core system UI, like the notification/quick settings thing. I'm not convinced the weird double-pull-down hybrid thing Android uses is a good design. I'd love to see some experimentation on a multitasking system that isn't clunky and inconsistent. Some of the tweaks Samsung puts in their Android spin could be nice. I'm not expecting a security-focused team to work on this stuff, but it's too bad that nobody is. I feel like we've settled on a pretty lousy core mobile operating system paradigm, and just generally wish people were experimenting and iterating on a variety of ideas.
I watched my partner adjust the volume on her android phone (some Motorola phone) and first there was the vertical slider, she tapped it, and it expanded to idk 5-6 different volume sliders? I appreciate having the option, and I feel like that’s a lot to shove into the UI for a mobile device.
I prefer the iOS model, though it’s not without its own issues. For iOS, if no media is playing, the volume buttons control the ringer/notification volume. If there’s music or a video actively playing, the controls adjust the playback volume. Honestly, my biggest gripe is not being able to easily set ringer volume while something is playing - I just did a quick test with Spotify open, and going to the settings app and adjusting the ringer stopped playback for the ringer sample to play.
I see what you mean, but GrapheneOS has completely different goals. Simply put, Graphene strives to be a secure, degoogled Android. Other than that, it has the same goal as the Pixel phones: to be as close to mainline Android as possible.
While this is awesome, I'm kinda skeptical on the premise on two points.
Almost nobody cares about privacy, and this is going to be super expensive. I might be fine with paying extra, but the economy might not work out, like it didn't for Blackphone. Fairphone is barely alive as well. Seeing as phones are just source of ad money Google can drop the prices on their phones as well.
Some European countries and banks already require crap like Play Integrity for essential apps. So far it's possible to hold out, but for how much longer?
GrapheneOS user here. Every single banking and financial app I use works. Both European ones and non-European. Some require changing per-app settings, but nothing crazy. There's a good chance that your banking app will work.
We're working with a major Android OEM on the future generations of their existing devices meeting the official GrapheneOS requirements so we can officially support their devices. People will be able to buy the regular devices and install GrapheneOS at no extra cost. We're talking about selling devices with GrapheneOS preinstalled but that's not a requirement for the partnership to be a success and other companies could still do it as they do now with Pixels.
Play Integrity API doesn't impact GrapheneOS as much as other alternatives not focused on privacy and security in a similar way. A subset of the apps using the Play Integrity API are explicitly permitting GrapheneOS via hardware attestation including multiple banks like Swissquote. We're working on convincing more banks to permit it. Our hope is for regulators to invalidate the current approach and require defining clear security standards which need to be fairly enforced. The status quo of some banks banning using a much more secure OS that's even much more heavily using hardware-based security features while permitting a Google Mobile Services OS with no patches for 6 years is a massive antitrust issue. It impacts every alternative hardware platform and OS since Android app compatibility is important for competing. The obstacles to getting approved should also not be unreasonably high. It's better if apps don't do this but we can accept they are going to do it if it's a fair system permitting competition, unlike the Play Integrity API.
You don't have to carry two phones. The idea is that the second phone stays home powered off and is used as an access token for the bank's website. There is no reason to carry it around. Pay cash in stores or use a credit card when cash is inconvenient.
I think this is a pretty outdated view of banking. I open a banking app at least a few times a day. In the EU just about every online transaction has to be approved in the app, we also use various payment apps for quick person to person transfers, use the app to generate disposable virtual cards for online purchases, etc.
I could cut myself off from the modern financial world and just use online banking like it's 2010 but that's a pretty big ask.
The US is way, way behind in banking P2P technology / fintech adoption. In many parts of Asia, even uneducated street vendors now accept digital payments via mobile phones (that's how easy it is). See - https://www.forbes.com/sites/pennylee/2024/04/17/the-us-lags... and
I would rather not have the kind of "financial innovation" that requires non-free apps running on non-free operating systems on locked down hardware. These apps, by design, track how people spend their money.
Traditional banks have about as much data about how you spend your money as any modern fintech. The banking system is non-free, locked down and centralized to begin with. How you access it is just a matter of cosmetics and policies.
> These apps, by design, track how people spend their money.
That depends - In India, for example, I am free to use either (1) a private company's app (like PayTM, Google Pay, PaisePe etc.) (2) a Government app or (3) my Bank's app to make digital payment using the Unified Payment Interface (UPI) (or all 3). And, if I don't want to use any mobile app, I can still make offline payment through my mobile phone over USSD - https://razorpay.com/blog/how-to-make-offline-upi-payments/ ...
(You are right though that it is prone to abuse in the absence of strong privacy and data protection laws - digital payment does allow new form of surveillance capitalism to the corporates and new avenues of authoritarian control to the government).
Barclays in the UK offer (or used to) a hardware device with a keypad allowing the user to do a challenge-response using the bank card's chip and PIN. Not sure if they still do, though.
What if one doesn't own an android/iphone device? Banking is a fundamental need, so most countries regulate them to cater to a wide range of users. In this case it's possible that the bank could be compelled to provide you a 2FA device if you don't have one.
I don't think there is such regulation. Many banks simply do not have any other means of authentication any more. They can't give out 2FA devices because their systems just don't support them.
That's because they're stupid or doing something suspicious, probably both.
There's legitimately zero reason to allow 2FA only on your own propreitary app. You can't even make a financial argument - allowing other TOTP methods is cheaper because now you don't need an app!
> Article 7 Requirements of the elements categorised as possession
> 1. Payment service providers shall adopt measures to mitigate the risk that the elements of strong customer authentication categorised as possession are used by unauthorised parties.
> 2. The use by the payer of those elements shall be subject to measures designed to prevent replication of the elements.
No, because phones that lock keys in hardware effectively prevent that, and that works only with hardware that prevents its owners from having full control an doing what they want with their hardware.
"Unextractable keys" works with hardware that you don't "truly own".
What if you truly want the security properties provided by a device which can keep keys in a way where you fully control their use but its extremely hard for anyone to extract them?
it costs basically nothing to change banks. you sign up to a new one and they transfer your account and direct debits. you just tell your employer where to send your next salary payment.
Sorry, not available where I live and not the bank I can use for what I need. I won't give personal details but my options were limited for multiple reasons.
Maybe the real focus should be treating Android as a single purpose environment rather than your real/life depending one.
Maybe the better approach would be focusing on getting postmarketOS to work, and use an emulation or recompilation layer that is running Android in a box (pun intended). Anbox and others were still too painful to use for daily usage, but maybe you can get rid of everything except the things that Play Integrity checks against? Maybe we can make waydroid work?
Waydroid is not a private or secure way to run Android apps. It uses an old fork of LineageOS and throws away most of the privacy and security model with how it's implemented. It does that to run Android apps on top of a much less private and secure base OS. Compatibility is far worse and it in no way avoids the Play Integrity API checks. Most banking apps do permit GrapheneOS and some of the apps banning using a non-stock OS or non-GMS devices with the Play Integrity API have explicitly permitted GrapheneOS via hardware attestation including Swissquote. Banks have no reason to ban GrapheneOS since it has all of the standard privacy and security model combined with major privacy and security improvements. They're often willing to permit it once they understand what it is and how they can verify it with a standard Android API. Convincing every app using Play Integrity to do this case-by-case is painful and unrealistic, but regulation can require permitting secure alternatives meeting defined security requirements.
why not the other way around? aosp already has a much better security posture, already runs almost everything virtualised, and will soon run 'desktop linux' apps in a vm
in fact statements from graphene suggest they hope to eventually move away from linux on the host
it won't be a special graphene phone, they are working with the OEM to make their next flagship meet graphene's security requirements; it'll just be another phone they support that isn't a pixel
I had my previous cheapo Chinese phone for 7 years. Only bought new one this year because the battery was gone and the display had some scratches. The photos are a little nicer I guess?
/e/ has extraordinarily poor privacy and security. It's largely the opposite of GrapheneOS. It's hardly focused on privacy and security. See the information available at https://discuss.grapheneos.org/d/24134-devices-lacking-stand... including the information that's linked from third party privacy and security researchers.
/e/ always uses multiple Google services and builds in privileged support for Google apps and services so the branding as a degoogled OS doesn't really make sense. GrapheneOS doesn't brand itself that way but doesn't make connections to Google servers by default and doesn't provide privileged access to Google apps and services.
It has very poor privacy and security. See https://discuss.grapheneos.org/d/24134-devices-lacking-stand.... It lags extremely far behind on kernel, driver and firmware patches even when they're available. It lags far behind on AOSP and browser patches too. As an example, /e/ on the Pixel 7 is still on Android 13 with multiple years of missing High and Critical severity kernel, firmware and driver patches since they didn't backport it to Android 13 while the Pixel 7 is on Android 16.
No, it doesn't block tracking or privacy invasive behavior by apps and it has much weaker privacy protections from apps than GrapheneOS.
/e/ has built-in DNS filtering, which blocks a small minority of third party tracking and not the most privacy invasive behavior by apps. It blocks single purpose domains not needed for functionality which were added to their list. It doesn't block any of this when it's on multi-purpose domains with the third party sharing either done server side or required for functionality. Apps can also trivially bypass DNS filtering by doing their own DNS resolution or having IP fallbacks, which many do. However, most simply do the most invasive sharing with third parties server side. App and SDK developers are well aware many people are filtering DNS and work around it.
DNS filtering has downsides including making a VPN not provide the same level of anonymity from websites unless the VPN provides it as a standard feature, since the specific list of blocked domains can be detected.
/e/ doesn't provide current generation Android privacy protections and doesn't keep up with the privacy patches, which would requiring following along with the stable releases of the OS. It doesn't provide privacy features like the GrapheneOS Contact Scopes, Storage Scopes, Sensors toggle and many others. /e/ doesn't improve the app sandbox or permission model like GrapheneOS but rather destroys them. Lagging behind so far on basic privacy and security patches means lack of basic privacy and security. See https://discuss.grapheneos.org/d/24134-devices-lacking-stand....
You're responding to verifiable technical information by linking to harassment content based on fabricated stories.
The company you've linked was scamming people who wanted GrapheneOS phones by selling them end-of-life devices no longer supported by it and devices near end-of-life while pretending they were perfectly fine and would last years. They were misleading people about what they were getting and violating our trademark. Despite profiting from selling devices with GrapheneOS, they were also actively misleading people about it with many inaccurate claims. Their response to us politely bringing it up was blocking our project account and attacking us. When we warned our community, they responded by joining in with spreading fabricated stories about our team aimed at directing harassment towards us. The videos linked in the article are harassment content filled with fabrications and misrepresentations. The initial video is from someone responsible for encouraging repeated swatting attacks towards our team and the 2nd is from someone who openly uses Kiwi Farms which they directly personally involved to target us.
/e/ leadership spent years trying to mislead people about GrapheneOS including highly inaccurate claims about privacy and usability. We began debunking this and posting accurate technical criticisms of /e/. Despite spending years attacking us with little to no response from us, /e/ has responded to us informing people about it by joining the harassment you've tried to promote. Their CEO / founder has directly participated in it. It's a very typical pattern from /e/ and their community for the response to accurate technical information to be fabricated stories aimed at targeting us with harassment.
Rethink DNS app provides the ability to do that. Also can use it to connect to any Wireguard VPN and also monitor connections.
There are various apps that either connect directly to an IP address or do DNS resolution themselves to sidestep this kind of blocking. Rethink lets you stop apps making these kind of connections bypassing DNS and whatever DNS filtering you have set up to control their connections
Apps mainly avoid it because their most privacy invasive features are tied to their functionality and their own servers. They can share with third party server side and mainly do that. Client side stuff is mainly far less important analytics, telemetry, crash reporting, etc. If the app or SDK wants to evade filtering client side, they just need to do their own DNS resolution via DoH using a hard-wired IP whether it's 1.1.1.1 or their own server. Facebook has IP fallbacks in several of their apps.
Because the technicalities of accomplishing something like that are quite complicated from what I understand. If an app has the necessary permissions and network access, almost anything you try to stop it from transmitting data about the platform and data about its usage is futile.
You're firing a starting pistol for a race to the bottom where app developers just end up sending all that information to their own first-party servers instead to be shared with whoever they wanted to anyway.
GrapheneOS absolutely tries to deal with the root of the issue, by giving the user control over sensors and network permissions that return fake/simulated data to keep the app running while denying access to data in the first place. Or contact scopes and storage scopes which restrict access to contact information or storage locations in the first place. As you can imagine, more are planned like location scopes, app communication scopes etc.
The approach used by /e/ doesn't actually work and enables fingerprinting VPN users. It only stops the least invasive tracking for client side analytics, etc. where there are single purpose domains which can be blocked. Multi-purpose domains used for both privacy invasive things and functionality don't get blocked. The app's own servers used for the most privacy invasive behaviors in practice of course don't get blocked. They can share whatever they want with arbitrary third parties through those. However, it won't get blocked client side by /e/ if it's needed for any functionality so third party services which are privacy invasive won't be blocked unless the app doesn't need them, doesn't do it server side and doesn't do basic evasion of filtering deployed in many apps by resolving DNS queries themselves or having IP fallbacks like Facebook.
Location Scopes is a planned replacement for the standard Android Mock Location feature which is rebranded in /e/ as their own feature. /e/ does not have features similar to Contact Scopes or Storage Scopes. It doesn't provide the current generation standard Android privacy protections or patches since it's always very far behind on updates. Most privacy patches aren't backported to older releases, but they lag far behind on backports and don't fully apply them despite claiming to provide a much newer patch level than they do.
Global Mock Location is a standard Android feature not specific to /e/. GrapheneOS also supports it, and is building a better replacement for it similar to our Contact Scopes and Storage Scopes features providing otherwise missing functionality in Android that's partly available in iOS. /e/ doesn't have either of those things or other privacy features such as the Sensors toggle.
/e/ can't prevent tracking by apps and doesn't do it. It has built-in DNS filtering, which doesn't stop the most privacy invasive behavior by apps but rather only single purpose domains for the least invasive tracking making no attempt to evade filtering as explained in https://news.ycombinator.com/item?id=45598100. Any app or SDK wanting to evade DNS filtering only has to use a dual purpose domain, perform their own DNS requests via DoH or fall back to an IP address so many apps and SDKs do those things. However, the most privacy invasive behavior almost always happens through the servers used for app functionality with server side data sharing with third parties. It's not considered good practice to put API keys into the client and do things client side in the first place. There are some exceptions such as crash reporting, analytics and telemetry where that's common which are far from the most privacy invasive behaviors. If they want to evade DNS filtering for those, that's easy.
> Politicians shouldn’t be meddling in this kind of personal interaction.
Broadly I agree. I think there is room for good regulation here, though. Specifically, a legal obligation to hook into parental control systems to enable effective parenting in our increasingly complex digital world. While it would be nice if everyone were individually responsible enough to put in the effort to figure out the specifics of what their kids might be exposed to and the control mechanisms available to them, realistically that's probably expecting too much. There's no perfect solution, but intervention focused on obligating (especially large) organizations to empower users and make safety easy to understand and act on is infinitely preferable to obligating companies to restrict and police their users.
I wish people would stop pretending that this has nothing to do with politics. Belief that the rules should punish anyone you don't like and protect those you do is incredibly popular, and the dominant ideology of this administration and its supporters. It is a political belief, and nobody is seriously combatting it. Still we act as though there are two sides with a shared goal of creating a better world, and differing ideas of how to accomplish that. It's been pretty clearly demonstrated that the goal of this incarnation of the Republican party is an authoritarian police state dedicated to punishing and eradicating whomever they deem an "enemy within". And a lot of voters are ok with this, so long as it doesn't apply to them personally, so long as they're a favored party.
The apparent hypocrisy is naked and insulting. They'll cry "cancel culture" and censorship over companies deciding not to platform bigots while cheering when the police kidnap protestors or outspoken political opponents. I say "apparent" because this all makes perfect sense when you realize that they never cared about free speech or anything else they claimed to. It was always about "good guys" getting to do whatever they want, and "bad guys" getting hurt. The friend-enemy distinction. No policy goals, no principled stance on issues, just a convenient facade.
It's just State Capitalism, isn't it? Like China. A market-based economy with free enterprise, but no illusions of egalitarianism or democracy, enables the state to step in and manage and direct the market with effective regulation. In a democracy the state can manage this for a time, but eventually a private entity or group of entities leverages their power to influence law and co-opt democratic power, so the market starts steering its own regulation and you end up with fascism as a means of population control or a Russia-style cleptocratic oligarchy. We have not yet figured out how to sustain democracy + capitalism, if it's even possible.
I worry that most will see the rise of countries like Singapore and China and the relative decline of the US/EU and conclude that democracy is a failed project all together.
reply