fuck offffff
Interesting how the majority of the comments refer to you being monitored on your own phone, ignoring that you will be monitored on everyone else’s phone as well.
Probably something people aren’t thinking about. How would this even work in two party consent states/countries?
The same way slopgen cleverly went around seemingly unbendable coryright laws: by ignoring the shit out of it, and half-scaring half-bribing the governments and the public to allow them to do whatever the fuck they want.
By
bribinglobbying local politicians. As always, laws are only real when they’re enforced.
Much like how Facebook includes non-users in their social graph.
Which is also an important issue with google mail.
But this also violates the expectation that spoken conservations are private.
Reason n+1 for me being thankful for switching to GrapheneOS.
How’s the app support? I want to switch if/when the Motorola phones come out, but I’m wondering how many of my apps/services I’ll have to abandon.
I am yet to find any app that doesn’t work.
Almost everything just works after installing sandboxed Google Play Services. For a few apps you have to tweak a setting to turn off some of GrapheneOS’s exploit protections. But I’ve found very few that refuse to run, and nothing indispensable. If you don’t like your main profile having Play Services you can set them up under a second profile or a private area and keep the apps that use them away from your main profile.
The other thing that might be a dealbreaker for you is no contactless payments with things like google wallet will work. But you could always just attach your credit card to the back of your phone and :tada: it works again lol
Contactless payments technically work fine, just not via Google Wallet. Banks that have their own tap to pay app usually don’t have that problem.
You must be lucky to have such banks in your country.
There’s several EU countries that do. Some of them as part of a push for sovereignty, but most, I think, cause they developed their solutions before Google Wallet was enabled in that country.
I’m unaware of anyone but curve, and curve seem to shadow-ban you for having rooted or weird phones and then claim kyc failure. In general they are quite shady and have poor customer service.
You know any other ones? Would be very useful since I think anyone in the eurozone could then use those.
I can confirm that the Sparkasse Mobiles Bezahlen in Germany works with GrapheneOS (Pixel 7 Pro)
There was no work profile support when I last tried to convert. deal breaker, atm.
That has been working fine for years at this point.
me and the other folks trying to get this working disagree. there are several threads about it on the GOS forum.
Yeah, I was thinking of separate profiles in general, and had never encountered the concept of an employer controlled separate profile. When I needed a device for something work related, I usually got issued a phone.
Those were the days…I used to have a personal phone, corporate phone and a site phone! The multi phone inconvenience was real…
Just grab an app like Shelter.
0% of the apps/methods available at the time worked with my employers setup. I did everything except the adb method. ended up getting a crap phone for work. it just sits on my desk anyway.
Oh, you mean a profile set up by your employer. Actually, dunno whether that works. I never let any employer touch a personal device.
that is the point of the work profile when used as the non-primary profile.
same phone; but work profile cannot see or interact with the primary profile or configure the device. if the corporate account is used as the primary, they can wipe the phone remotely.
Ive only got one gripe with it and its the requirement for RCS. I do prefer to use signal but genuinely only one person I know has gotten on to it. I hate using google messages but for folks that send me bulk pictures from iOS its just a hassle until there’s a Foss one that works but there isnt to my knowledge. I do know RCS only works on the main profile goo
I switched a few months ago and overall its been an excellent experience. Some pitfalls though:
- Banking apps may not work, Santander in the UK for example but I’m going to transfer away from them
- Contactless pay through google wallet doesn’t work, I couldn’t find a way to attach a card to the back of my phone and also keep pixel snap usable so I bought a small pixel snap wallet that works nicely
- Recently Volkswagen and vw group enabled google play attestation for their app and not hardware attestation, so my cars app no longer works. This is probably the most frustrating for me because as an EV owner there’s no other way to track the charge of your car other than via the app. This is particularly annoying when using public charge points and you can’t track the charge progress when walking away from the car. First world problem, I can just leave it alone and let it charge without keeping an eye on it but that’s annoying to me, I’m sure I’ll get over it.
- Because of the above, I’m concerned other apps may start to follow suit. For example “too good to go” in the UK is “not compatible” with my device from the play store because it doesn’t pass the play attestation… Hopefully it’s not a trend.
Overall though I would highly recommend. All the other main features work flawlessly.
One of my banking apps enabled Google Play attestation. It’s really infuriating. I don’t understand the point either - AFAIK all apps need to be signed with the dev’s private key anyway, don’t they? If they are then why would anyone care where I downloaded it from?
Take a look at OVMS (open vehicle monitoring system). I use it since I have an EV because I don’t want to pay for “connected services”.
Some bank apps may not work, but you can check by searching for you bank name + GrapheneOS
I found this list helpful: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
I also found that one of the ones I use would only work in the Owner profile with Gplay services so the secondary profile wasn’t an option for it.
I’ve had zero apps not work, including my banking apps.
Amazing for me tbh. I only had to give up contactless payment since my bank switched to google wallet and I have 0 google apps on my phone. Obtanium and Aurora store are life savers.
Doesn’t help if someone you’re talking to has it on. And unlike Zuck’s stupid glasses you won’t even be able to know unless you ask every single person you talk to first. This sucks.
It’s probably illegal in Germany and some other EU countries. Not that that always stops Big Tech. But this one, at least in Germany, could land the user some jail time.
It’s illegal in parts of the US too
You still gave your money to Google for the phone…
No, I gave it to the person who resold the phone at a lower cost than what I would’ve paid to get it from Don’t Be Evil Inc.
based
What a useless and irrelevant comment that adds less than nothing to the conversation.
The people who called me crazy because “there’s no way your phone can be listening in on you all the time” are the same people who are going to be the most excited about this “feature”
How did these people expect “Hey Siri” / “Hey Google” to work?
Im a perfect world, as they claim, its a secondary system listening that isn’t recording or transmitting anything, and is meant to be low power. If it hears the wake up word, it wakes up the other mic and starts recording.
Thats how they claim the smart speakers work anyway.
This would be different.
This was my understanding, but I just don’t believe it anymore. There have been way, way too many time my wife and I were talking about an incredibly niche thing that didn’t come up through the internet in any way, and lo and behold the algorithm presented those key words. Nobody will ever convince me it isn’t being done to some extent.
It doesn’t need to, that’s the issue, there is so much other data you are generating that can be harvested. Nothing you talk about is completely random, so it’s incredibly easy to build profiles about you, without listening to a single word.
I understand that’s the theory, but these situations were specifically not something that could be easily gleaned. We’re talking like reminiscing about things that happened in our pre internet youth that there’s no record of anywhere and that came up randomly in conversation. I’m definitely aware of the dynamic, even before ubiquity of the internet, it’s true that sometimes companies would know people were pregnant before the person did based on their purchasing profile. This wasn’t that though, there’s just no possible connection.
That happened a few times now, so pretty much nothing is going to convince me it’s not the case.
I think you’d be surprised, there is always a connection. Oh some middle aged millennial waxing poetic about nostalgia? Wow, totally haven’t heard that before, and it’s certainly not the singular thing every company is capitalizing on in media currently. No, you are absolutely unique and Google is simply listening to every conversation about you.
No, I wouldn’t be, because I was talking about a random location which was indeed pretty unique. That said, it’s a pleasure to finally meet you, I’m a big fan.
I had this happen many years ago, to the point there was no chance something wasn’t listening. We suspected it was my partners iPhone with Facebook installed before they got better about preventing abuse like that, as it was a Facebook ad that showed up.
Were talking about something where we never use the product, would never use the product, but it came up in a conversation just between the 2 of us, and there were ads the next day.
It happened a few times.
It can’t hear if it isn’t already listening.
“How they claim?” Is there no way to confirm that?
You look for network traffic. You might not be able to see inside the packets, but you can know when they’re sending packets, and how many. As far as I know, voice assistant systems that claim to use a secondary local circuit to detect calls are telling the truth.
That’s kind of what I was wondering, I figured this as well as a way to track that it is at least sending data at unusual times. Someone else in this thread explained that actually determining what that data is would be difficult yeah: https://lemmy.world/post/48510943/24408747
I don’t know enough about system security or forensics to evaluate this, but it does make sense based on what I know.
The consensus so far seems to be that they don’t collect as much data as people think, partly because they can’t process all of it, and partly because educated guesses are good enough to target ads often enough.
I have a memory of people black boxing it and seeing power usage and network traffic that supported the claims but that was a snapshot in time and as others note its all proprietary.
It takes a lifetime to build a good reputation, but you can lose it in a minute.
They ship with proprietary code, this would be the point of open source.
In practice in my experience, every company is at least skirting the law regarding privacy, and I never worked for one big enough that could lobby itself out of a fine.
would this not be detectable by tracking the data sent through your network?
I used to run forensic network capture and analysis tools.
First thing, traffic is encrypted. All you will see is a blob of traffic passing through. You used to see hostnames with TLS, but now with quic, you see nothing. This makes it hard.
You could root the phone and install a root ca certificate for a decrypting proxy, you might see more, but the data itself (not just the transport protocol) could be encoded or even encrypted within the network encapsulation.
Next, you’d have to reverse engineer the protocol if they’re using something nonstandard. Also, malware can often be set up to “behave” when it can detect analysis. I’m all but certain Google would do this.
Maybe you could do statistical analysis of the traffic and attempt to baseline normal vs when it’s transmitting audio. It would be a bit of a blind guess at best.
If I had more time, I’d love to try it. I have an old pixel7 pro. Maybe I can sort something out.
People have already done that and shown that no the device isn’t listening to you 24/7 and sending all your data out. There are plenty of papers on the subject, and it makes sense. Why record, decode and analyze all audio when your digital footprint is so much easier to compile and analyze. People aren’t random, so it’s easy to put them into statistical buckets of how to target them. Here is one reference paper (of many): https://recon.meddle.mobi/papers/panoptispy18pets.pdf
If its real time monitoring you, but not if its logging data to send later when it would be expected to be doing so.
Audio doesnt take up much space.
Even if it was open source, you’d need to be able to verify what they ship matches the specs. Allowing you to flash whatever you want onto it helps, but you still need to validate the hardware.
I dont know. You’d need to reverse engineer the hardware and software to be confident, and could a OTA update then sneak a bypass in anyway?
Edit: i think Amazon might have abandoned this as well and always records on echos now too.
Doesn’t need to track you all the time to know exactly who you are and what you’re up to.
Continuously monitoring is such a waste of their resources, they already know everything about you, they just need to check in now and then to make sure you’re buying the correct t-shirts.
Microsoft introduces “Recall” spyware the world goes mad, Google and Apple do something similar and it’s mostly silence.
I’m not defending Microsoft but it just shows the double standards between the trust in these corporations.
Constant surveillance 😡
Audio memories 😍
BIG BROTHER IS
WATCHING YOU
HELPING YOU REMEMBER YOUR IMPORTANT CONVERSATIONS
This will be quite illegal in all countries and states that require 2 party consent at minimum.
Incoming Google lawsuits in 3, 2, 1.
lol. they are exempt from copyright, they will be somehow exempt from this too.
If a song isn’t recognized, a short digital fingerprint may be sent to Google to securely search the cloud. Background conversations and audio are never sent to Google.
And, of course, Google will honor this and any other setting, as always, right? Right?
As soon as they got away with “federated learning” (basically use your phone to train ai then just phone the results home rather than your data) 🤢 they knew they could just keep pushing and pushing and pushing until they have it all
If you’ve got an android, go into your phone’s dev options and try to turn off Google’s location tracking service, or the one that tracks screen inputs, or the one that checks what wifi networks are around you.
They’ve been dishonourable from day 1 :C
That’s such bs short digital fingerprint is anything compressed and encrypted
Welcome to your “I only buy vintage tech” era.
Mine started when 3.5 mm audio jacks started disappearing. We all draw a line.
Alternatively - the pocket computer revolution is beginning. Hell, many in my tech circles are making cyberdecks and the sorts with hopes of only using a phone to make and receive calls. Disconnect from the ‘big’ in Big Tech, not the tech :D
Technology divergence is inevitable after corporations saw that convergence into an “all in one device” made their work much simpler.
No surprise feature phones, MP3 players and dedicated-use devices are making a comeback. My wish is for full pocket computers to return.
Well there are adapter cables USB-C to 3.5mm. On my previous phone in my car I used a splitting cable to power it while using the 3.5mm as input to the car radio. However on my new phone Samsung decided to not support it anymore -.-
I’m going off memory here, but I think this was an issue way back with some phones having DAC hardware built in, and others skipping that hardware in exchange for requiring dongles that included such?
Maybe you just need to find a new dongle? Hopefully that helps and sorry if it doesn’t, but I’d rather just have a headphone jack back and skip all the complications…
They don’t always work good. I’ve tried many even Apple versions. It’s finicky somewhat for the audio to pickup like in a car with an aux to the adapter to phone usbc. They do work. Just not perfect. Still prefer 3.5mm jacks and wired headphones. Wireless junk has almost always been a scam to me. Batteries and bluetooth wear out.
I agree but we all carry spy devices with us, it’s too late.
Motorola needs to release those GrapheneOS compatible phones now 💀
Hopefully also as a supported option to the existing phones. I’ve got a Fold and switching is sounding pretty good right now…
OK, how do you disable it permanently? Besides Graphene or mobile Linux?
Yes. To all of those.
<Laughs in GrapheneOS>
I am thinking about installing Graphene OS, any thoughts so far on how it work, or rather what hasn’t worked on it? I am already using Brave and Proton and trying my best to get out of the AI overlord mess that is Google.
I use grapheneOS for many years now. I’m having some trouble coming up with things that haven’t worked on it. I use Aurora as an alternate front end for google play, for downloading certain free apps.
I think I’ve seen problems with apps that check google store for purchase verification, but I don’t personally have a google account or purchase android apps so it hasn’t affected me.
Its nice if you are actually trying to stay away from Google. Its probably not the best experience if you still want to use their apps and services.
I prefer the experience. My phone doesnt try to get my attention or track me, at least as far as I can tell. Reminds me of when the first smart phones came out and they were just useful tools.
I am new to GrapheneOS, and I love it. However, it doesn’t work with Google Pay, Wallet, or Moto Tag devices.
I also prefer the unbloated ROM and limiting what Google can do on my phone. However, this new captcha thing is worrying: https://www.digitaltrends.com/phones/the-makers-of-security-first-grapheneos-are-putting-google-and-apples-tactics-on-blast/
I’m at a point in my life where I just won’t use a service or company if it won’t work on my devices. Thats not likely to be a luxury everyone has so I know its not for everyone.
Second the req against Brave, the CEO is actively a fascist sympathizer.
Mullvad and Librewolf are both better, especially since Brave is Chrome-based and is going to stop supporting Manifest v2 when Google finally swings the axe.
Ironfix on Android is best equivalent to Mullvad on PC.
Also fuck Brave and its CEO and its crypto fascism bulkshit.
Mullvad doesn’t work on Android though correct? And if privacytests.org/android is to be believed, seems like Brave currently is the best of the bunch, unless you have seen something better?
brave is not a good privacy choice (it has repeatedly shown that it is not to be trusted, it squeezes money out of you, and is run by a homophobic cryptobro (who is also the creator of javascript)
on android, use firefox or ironfox; on desktop, use librewolf
Anyway to set up Firefox on android to actually block tracking? Seems like it is just as leaky as Chrome, but maybe they have improved it.
not sure
i dont actually use android, i use an iphone, i just know quite a bit about this stuff
Is mull not recommended anymore?
Mull was from DivestOS, which ended up folding a few years ago. Sad, cause I actually used it on a OnePlus 7T phone and it was a promising alternative to Graphene that similarly allowed for bootloader relocking. I really wish the team got the support it needed.
idk about it
ironfox is forked from it tho
Good to know, thanks!
Anyway to set up Firefox on android to actually block tracking? Seems like it is just as leaky as Chrome, but maybe they have improved it.
Honestly, it an easy switch and you’re going to love the control you regain.
GrapheneOS, asap Pixel owners.
Thank me later.
Before it’s somehow no longer an option. I fear the Motorola deal will somehow get blocked.
I saw this title and immediately said “fuck off” then clicked, and …glad to see OP sharing my immediate sentiment.
JFC, I don’t need tech tracking every goddamn word and fart.
I will happily send them all the farts they want.
Honestly, I thought they already did that.
One of my motivations for becoming more privacy minded, was the amount of times a subject of conversation was delivered through an algorithm later.
It was creepy, talk about hose pipes> receive hosepipe content/ads.
I think so but now it’s being marketed as a feature which is nauseating.
My creepiest experience was shopping at Lowe’s and then getting recommendations on Amazon that night for drill bits and cabinet door handles. The thing is, I had purchased some drill bits at Lowe’s so OK, but I had only stopped and looked at the cabinet door handles.
Your phone told advertisers you were located at Lowe’s using GPS. Then your credit card company told advertisers you bought drill bits. If you looked up any cabinet door handles in the past, that data was given to advertisers too. They put all those pieces together to serve you more ads on drill bits and cabinet door handles.
A lot of stores keep track of which aisles you spend more time in, that information is then shared with their “partners” (ad networks). By the time you made it home, they had already shared that you bought bits and that your device spent a while looking at cabinet hardware.
I’m sure there’s more than a little Baader-Meinhof happening. I did expand my privacy a bit; pihole, searxng, some other stuff and I notice it less now. Or I think I do, humans are notoriously bad at this.
I have such a hard time believing it’s not a phenomenon. I know coincidences happen, but mannn
I’ve been advertised things that my wife has talked to me about that i otherwise have no interest in. I absolutely believe my phone is listening.
Your wife probably searched them online. The advertisers got your public IP address to display ads of what was searched. It’s so subtle and people leave digital bread crumbs everywhere that it gives the appearance that the phone is listening to you.
Truth be told it’s more processing power and work to stream and auto transcribe everyone’s audio from their phone. It’s effortless to just scoop up all search and purchase data.
Yeah there’s a “now playing” feature that will recognize music being played nearby, which I have found useful many times.
An AI note taker could actually be useful for some applications, like a meeting summary or play-by-play for a d&d session. It’s just all the other stuff about AI that makes it shitty.
Sure. If you actively turn it on, and all involved know it’s on. But this is always active as far as I’m aware.
I’m guessing it’ll be toggle off, and it’ll toggle itself back on every update.
In other words, they’re taking your data for their use all the time, and sometimes they’ll share your data with you.
You can have it off and just use the “song search” on the top menu, but yeah. I assume it just keeps itself activated even if you disable it, they just try to be less blatant about catering to you.
Anecdotally, I’ve only had lime 2 instances of “google was definitely listening to show me this ad” in the 6 years I’ve had pixels, and I’ve seen just as many instances with other phone types. You truly have to go out of your way to avoid the surveillance.
