Posted by anonymousiam 17 hours ago
also: Google Cloud Fraud Defence is just WEI repackaged - https://news.ycombinator.com/item?id=48063199
It looks like a cloudflare page but it's not hosted by them. eg. https://bgp.he.net/dns/archive.is#_ipinfo It's hosted by AS49505 JSC Selectel
I think they now use their own Cloudflare turnstile if I remember correctly, but back then they switched to hcaptcha.
With apple there's no choices, so I'll continue to take my chances with Android
Also, personally I care less and less. As long as my banks and government apps work, I'll just not use somebody's service if they put up barriers like this.
If most people care less and less, the result would be that banks and government apps will also work less and less.
Look, companies have to prioritise. And the obvious way to prioritise is to say "users are requesting X A LOT and nobody requests Y, so we will do X". Companies never, EVER say "it would be more ethical to do Y, let's do Y".
As people, we can do two things:
* Push our governments to regulate that shit. That means, complain a lot to the government.
* Be vocal to companies and complain when they don't support your system. If enough people do that, it will be prioritised.
The hardware attestation (which is used by strict Play Integrity) checks the signature on your OS. It is totally possible to allow signatures other than Google, but Play Integrity doesn't do that.
Companies could totally decide to use hardware attestation and accept systems signed not only by Google, but also other systems (like GrapheneOS). But they don't care because not enough users complain to them.
Users of alternative Androids typically silently move to another service or stop using it entirely. Which is understandable but doesn't help the cause.
I'd rather have Google check an Apple phone attestation than have Google check a Google phone attestation, and vice versa, though, because you can assume each company is trying to keep as much information private to themselves instead of giving it to the other. Google is probably just getting "yes it's an Apple phone" and some kind of temporary token, instead of my IMEI, IMSI, phone number, all signed in accounts, biometrics and so on.
Could you justify that? Because to me it seems like Apple isn't doing anything even like this.
Also, Apple sells themselves as a privacy company, but often pick (possibly intentionally) insecure defaults. E.g. you might use end-to-end encrypted chats, but by default iCloud backups are not end-to-end encrypted, so law enforcement can just request your backups/chats from Apple. If you are vigilant and enable Advanced Data Protection for E2E iCloud backups, it probably still doesn't matter because the people that you communicate with probably do not have ADP enabled.
Besides that, they are enshittifying in the same way as Google. Ads in Maps, Ads in applications that you get with the OS (Apple Creator Studio ads in Keynote, etc.), Ads in your system settings for Apple Fitness+ (really).
At least Pixel phones and soon some Motorola models have the option of installing GrapheneOS.
The way it's going, by the time the Motorola + GrapheneOS phone is out, it will be a lot more painful to use GrapheneOS than today. Not because of GrapheneOS of course, but because everybody accepts that bullshit Google is doing.
If you're waiting for Motorola + GrapheneOS, you could start complaining to banks and other apps that don't support GrapheneOS :-). If enough people did that, maybe those companies would consider it.
In the meantime, I'm currently using a low end Motorola moto g 5G 2023 which lets me turn off Play Services. Chrome and the Google Calendar don't run (really do need to find a replacement calendar), and I couldn't be happier. Motorola's interest in GrapheneOS makes me wonder if they did this on purpose.
Calendar server: https://radicale.org/v3.html Sync: https://manual.davx5.com/
So, you run Radicale server, you can import Google Calendar.
Set up Davx5 on mobile to sync with the local server
Access from anywhere with Tailscale.
My dad runs the family domain/emails/etc. The hard part will be convincing him to degoogle the whole family.
I'm also becoming open to using software that lies to google about what it is :) Google will treat us like sh*t, why shouldn't we reciprocate.
I have absolutely no idea what happened there. My best theory so far is that they clicked on some really, really wrong buttons when solving a captcha themselves while logged in to their Google account in the same browser. Bizarre.
The projects were named after a Google Doc they'd recently worked on (or a .docx attachment they'd received?) though, so my other guess is that they somehow created a Google Docs macro or similar by accident?
He (Torvalds) had no power to do anything and sold out. Even if he did, big tech would just go and use BSD.
For over a decade both Torvalds, and Stallman sold everyone out. They don't make their money directly from "free software" or "open source" in the first place.
Stallman was right in that he knew digital surveillance was going to happen, but he was incorrect in believing that FLOSS was ever sustainable economically and especially with AI replacing the developer and that big tech and startups are weaponising that against them.
Even when Stallman is against AI, he doesn't care. He knows he doesn't make money from "free software"; but only by speaking about it. Torvalds is the same but likes AI.
Can any other developer do exactly that in 2026?
But his vision/prophecy is about 50 years old and while still valid it probably needs an update.
We are now dealing with a fully networked world where AI/bots have become dominant. I am not sure he did / could go as far in his vision.
There's hardly anything you can do to stop someone determined enough to spend money to spam your specific website. These kinds of captchas do raise the bar somewhat, but every single one of them is ultimately bypassed by paying people to solve them for you.
[1]: https://digital-markets-act.ec.europa.eu/contact-dma-team_en
You will also see this page if your smartphone is degoogled and you try to open the reCAPTCHA attestation URL in a web browser instead of in Google Play Services.