this post was submitted on 07 Jun 2025

99 points (99.0% liked)

Privacy

38612 readers

198 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

What is the future of Google Play Intergrity APIs (and similar concepts)? Do you think we can find a way to bypass these, or is the future of the digital world just authoritarian and dystopian? (sh.itjust.works)

submitted 2 days ago by throwawayacc0430@sh.itjust.works to c/privacy@lemmy.ml

63 comments fedilink hide all child comments

(page 2) 14 comments

sorted by: hot top controversial new old

[–] Nicro@discuss.tchncs.de 20 points 2 days ago (6 children)

Well the idea of having attestation isn't the problem. The problem is that apps requiring attestation (banks, insurance providers, ID-systems) use the most convenient solution. Slapping on Googles prebuild attestation. Graphene for example, provides alternative attestation for their OS and offers docs for anyone to implement a more fitting set of checks.

There are two approaches here: If you're upset that your hacked-to-bits, rooted, unlocked and/or unencrypted device is failing checks: I'd say, tough luck. Until we can create provably untampered app-containers, that level of access genuinely breaks TOS on apps and regulations on handling personal data. Breaking those checks is then breaking those compliances in an unsafe way.

If you believe your setup is actually secure and compliant, just not in a way the allmighty Google intended: Try and get an attestation module for your setup. Fight for these apps to accept non-Google attestation and fight for devices that don't artificially limit what can pass as secure.

load more comments (6 replies)

[–] warmaster@lemmy.world 6 points 2 days ago (12 children)

It's a rat race. You can only win by not playing.

load more comments (12 replies)

[–] BenchpressMuyDebil@szmer.info 11 points 2 days ago (2 children)

I switched to a feature phone that has nothing to do with Android for calling (Mocor RTOS) because I'm tired of fighting Android for the moment. I keep an unrooted smartphone at home for online banking. Kinda extreme but that's one way.

[–] monovergent@lemmy.ml 4 points 1 day ago (2 children)

Can relate. I have a phone with stock Android and a removable battery for anything won't or I'd rather not have on my primary GrapheneOS phone. I only ever plug in the battery as needed and when I'm settled at the safety of my desk.

load more comments (2 replies)

[–] throwawayacc0430@sh.itjust.works 4 points 2 days ago* (last edited 2 days ago) (1 children)

I personally don't know how a non-smartphone is better is terms of privacy. Can you explain?

AFAIK, they have the same level of spying, just more restrictions and less features.

[–] monovergent@lemmy.ml 5 points 1 day ago

Common vulnerabilities: Tracking by carrier, including cell tower triangulation, SMS, and call logs.

Non-smartphone specific vulnerabilities: Lack of security updates. However, the data to be exfiltrated from a non-smartphone is limited. If it's only call logs and text messages, everything's already compromised by virtue of the carrier. So the level of concern will vary with your threat model.

Smartphone-specific vulnerabilities: Tracking by apps, manufacturer, OS vendor, or just about anything that can take advantage of the smartphone's computing power. More data to be exfiltrated if it falls to a security vulnerability.

Smartphone-specific advantages: Can be run Wi-Fi only to avoid tracking by carrier.

[–] NotProLemmy@lemmy.ml -4 points 2 days ago (4 children)

Big tech can't win because you can't force the internet to do something.

[–] ashaman2007@lemm.ee 21 points 2 days ago

Depends on what your definition of winning is. If we reach a state where it is literally impossible to run your own software without heavy hardware modification, which would exclude 99.9% of users, that would be like big tech winning in my book. That's why right to repair is important, and we probably also need laws to prevent OEMs from disallowing the use of alternate OS.

[–] LandedGentry@lemmy.zip 14 points 2 days ago

They don’t need to make us do anything. They just need to make it too inconvenient not to.

[–] Cheradenine@sh.itjust.works 4 points 2 days ago (5 children)

The Net interprets censorship as damage and routes around it.

Gilmore's quote was true then, it is not the current state of play.

If you need to use banking/government/transit apps, you need to play by the rules now

[–] NotProLemmy@lemmy.ml 3 points 2 days ago (1 children)

You can hide root/fake play integrity.

[–] koper@feddit.nl 7 points 2 days ago* (last edited 2 days ago) (1 children)

They can make it so much harder to do that, to the point where almost everyone just gives up.

[–] umbrella@lemmy.ml 2 points 1 day ago

i think we are already at this point.

its not necessarily harder, but its so annoying to do and find comprehensive information on the process.

load more comments (4 replies)

load more comments (1 replies)

load more comments