GrapheneOS will remain usable by anyone without requiring personal information

Posted by nothrowaways 1 day ago

GrapheneOS will remain usable by anyone without requiring personal information(grapheneos.social)

600 points | 185 commentspage 2

hananova 1 day ago|

That's a very arrogant and hubristic statement. It'll come back to bite them in the ass when a government with a long enough arm forces them to retract such an absolute statement. Even if they genuinely believe that they will never do it, in the future it will be seen as a lie regardless.

blacksmith_tb 1 day ago||

I appreciate the principled stand, but on the other hand the CA law only requires users to self-identify when setting up accounts (and then the OS will expose age to apps), that seems fairly toothless (though wrongheaded) compared to TX and UT wanting to scan photo IDs[1]

1: https://www.tomshardware.com/software/operating-systems/cali...

heavyset_go 1 day ago||

"Toothless" unless you're an app, website or platform developer, then you're given an enormous liability burden even if you strictly adhere to age signals and censor everything accordingly:

> (3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.

> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

Turns out the age signal is not enough. Liability-wise, you'll probably be doing face and/or ID scans, too, even if the law doesn't explicitly call for it.

Developers will just implement the strictest state's censorship and age verification schemes for everyone, which has already happened. My state has no age verification laws, yet platforms, and even Android itself, are trying to get me to scan my face and dox myself to use them. I can't even look at spicy tweets online without verifying my age with the X app, they're censored for my own protection.

BobbyJo 1 day ago|||

Why should we be ok with laws just because they won't accomplish anything?

lazide 1 day ago||

Oh boy, California will love you.

BobbyJo 1 hour ago||

I left California 5 years ago :)

tzs 19 hours ago|||

> I appreciate the principled stand, but on the other hand the CA law only requires users to self-identify when setting up accounts (and then the OS will expose age to apps).

It is narrower than that. It only applies to accounts whose user is a child and is the primary user of the device.

See section 1798.500 (i) which says [1]:

  (i) “User” means a child that is the primary user of the device.

[1] https://law.justia.com/codes/california/code-civ/division-3/...

nullpoint420 1 day ago|||

Until CA matches the TX and UT laws. Boiling the frog

tzs 19 hours ago|||

If that's what they wanted there is no reason not to start with laws like the TX and UT laws. You need the boiling the frog when you are trying to push the evelope.

lazide 1 day ago|||

But somehow in the opposite (yet same?) way.

jibe 1 day ago|||

To be clear, the Texas law only applies to mobile app stores, not the operating system, and there is no requirement to scan photo ID, just the vague,” commercially reasonable method of verification.”

incompatible 1 day ago||

"Commercially reasonable" would be something cheap, like ask a chatbot for an opinion.

heavyset_go 1 day ago||

I don't want to feed my biometrics and identity into AI companies' models so they can train on them for free and then sell facial recognition systems to the government.

phendrenad2 1 day ago||

Except for the fact that my age is now a piece of information that any tracking pixel or web malware can access at all times to de-anonymize me, even in incognito mode. But maybe that can be solved by collapsing all ages above 18 to just 18. Not sure if that violates the wording of the law though.

bee_rider 1 day ago|||

That is the wording of the California law, IIRC. The age brackets are under 13, 13-16, 16-18, and over 18. It also requires the OS to provide only the minimum information necessary to comply with the law, and only when necessary to comply with the law.

kbelder 1 day ago|||

Keep in mind that as people age out of the 16-18 bracket, their age will be established fairly precisely. And that this information is spread by data brokers, and may follow them forever.

themafia 1 day ago||||

What can I show to 16-18 year olds that I can't show to 13-16 year olds?

The real meat of the law is requiring websites and applications to comply with this signal. Which would be one good reason why there are so many categories of seeming little difference. This then gives them the opportunity to fine and harass developers out of business for the most minor of infractions or instances of mislabeling.

bee_rider 1 day ago|||

I don’t really see the need for the line at 16, it seems like they ought to be able to push that line up or down and simplify the brackets.

But, the state doesn’t actually have an incentive to fine and harass their tax base out of business. I don’t think they made it over-complicated on purpose, I think lawmakers just over-estimate our capacity to understand laws.

warkdarrior 1 day ago|||

Under CCPA, users over 16yo only need to be given an opt-out for data sharing, while users under 16yo have to provide affirmative opt-in.

hsbauauvhabzb 1 day ago||

Which if you think about it, is completely bonkers. Recognising the harm that data tracking causes, but ignoring the harm for the majority of people.

hnthrowaway2768 1 day ago|||

[dead]

blacksmith_tb 1 day ago|||

But the "fact" that I told the OS I was 99yr old might be the data they're getting? To anyone who's setting up their own machine, it will be effectively optional: if you just want to make sure you fall in the "adult" bracket, you will tell the OS you're 25 (even if you're 13... or 99...). For kids whose parents are setting up devices, it could be an actual headache (assuming they're honest), but in that sense it's like a lot of other nannyware solutions, probably clunky, but possibly not all bad?

heavyset_go 1 day ago||

Other nannyware solutions don't force apps, sites and platforms to spend money to censor themselves by law lest they be fined, or worse, which IMO, is all bad.

bivlked 1 day ago||

the commitment to not requiring google play services is what makes this different from most privacy ROMs. the real question is whether the app ecosystem holds - banking apps and 2FA are always the pain point that pushes people back to stock android.

niksmac 1 day ago||

calvinmorrison 1 day ago||

so what is going to happen? Will California issue slave catcher warrants for those who violate laws? will Free Stater sheriffs dispatch citizens on long haul flights to meet their fate in the Golden State?

test7rocks 1 day ago|

I hear, maybe someone can verify this, that US states not only can't enforce state laws on anyone outside state borders, but also can't even mess with post and delivery services so as to intercept (in the case of California, and far worse New York, age verification OS level tyranny) non-compliant respects-your-freedom devices as they cross the state-border.

dpifke 21 hours ago||

Let me introduce you to California's way of doing things: https://guncad.substack.com/p/special-issue-state-of-califor...

They're suing Florida residents with no ties to California for linking to pictures of guns on the internet.

They will likely lose, but the goal is not to win, it's to score points with their political base and maybe bankrupt the defendants with legal fees.

tzs 18 hours ago||

> They will likely lose, but the goal is not to win, it's to score points with their political base and maybe bankrupt the defendants with legal fees.

Or the goal might be to lose, but to establish some precedent that will hamper states like Texas that have tried similar things with abortion providers.

ChrisArchitect 1 day ago||

[dupe] https://news.ycombinator.com/item?id=47479183

varispeed 1 day ago||

If Motorola releases a phone with flagship specs that runs LineageOS, I am buying.

joecool1029 1 day ago|

They have a Graphene partnership, not a LineageOS one. The latter is entirely up to volunteers to port it.

varispeed 1 day ago||

I am sorry, I meant Graphene!

shevy-java 1 day ago||

Good. It is time to get rid of those corporate lobbyists that try to sniff for user data and then write up corporate laws. I would not understand in the slightest why my computer should provide any information about myself to the outside world - so why is the law suddenly changed? Who, aside from Meta, is pushing for this? Clearly the "but but but protect the kids!" is the red herring here. The whole law could have been worded differently than it was - that was not "accidental".

nclin_ 1 day ago|

This is for mass surveillance by the US government.

beeburrt 1 day ago||

Fuck yeah! I was wondering about this.

pigpag 1 day ago|

[dead]

More comments...