fuck offffff
Reason n+1 for me being thankful for switching to GrapheneOS.
How’s the app support? I want to switch if/when the Motorola phones come out, but I’m wondering how many of my apps/services I’ll have to abandon.
I am yet to find any app that doesn’t work.
Almost everything just works after installing sandboxed Google Play Services. For a few apps you have to tweak a setting to turn off some of GrapheneOS’s exploit protections. But I’ve found very few that refuse to run, and nothing indispensable. If you don’t like your main profile having Play Services you can set them up under a second profile or a private area and keep the apps that use them away from your main profile.
The other thing that might be a dealbreaker for you is no contactless payments with things like google wallet will work. But you could always just attach your credit card to the back of your phone and :tada: it works again lol
Contactless payments technically work fine, just not via Google Wallet. Banks that have their own tap to pay app usually don’t have that problem.
You must be lucky to have such banks in your country.
There’s several EU countries that do. Some of them as part of a push for sovereignty, but most, I think, cause they developed their solutions before Google Wallet was enabled in that country.
I’m unaware of anyone but curve, and curve seem to shadow-ban you for having rooted or weird phones and then claim kyc failure. In general they are quite shady and have poor customer service.
You know any other ones? Would be very useful since I think anyone in the eurozone could then use those.
I can confirm that the Sparkasse Mobiles Bezahlen in Germany works with GrapheneOS (Pixel 7 Pro)
There was no work profile support when I last tried to convert. deal breaker, atm.
That has been working fine for years at this point.
me and the other folks trying to get this working disagree. there are several threads about it on the GOS forum.
Yeah, I was thinking of separate profiles in general, and had never encountered the concept of an employer controlled separate profile. When I needed a device for something work related, I usually got issued a phone.
Those were the days…I used to have a personal phone, corporate phone and a site phone! The multi phone inconvenience was real…
Just grab an app like Shelter.
0% of the apps/methods available at the time worked with my employers setup. I did everything except the adb method. ended up getting a crap phone for work. it just sits on my desk anyway.
Oh, you mean a profile set up by your employer. Actually, dunno whether that works. I never let any employer touch a personal device.
that is the point of the work profile when used as the non-primary profile.
same phone; but work profile cannot see or interact with the primary profile or configure the device. if the corporate account is used as the primary, they can wipe the phone remotely.
Ive only got one gripe with it and its the requirement for RCS. I do prefer to use signal but genuinely only one person I know has gotten on to it. I hate using google messages but for folks that send me bulk pictures from iOS its just a hassle until there’s a Foss one that works but there isnt to my knowledge. I do know RCS only works on the main profile goo
Some bank apps may not work, but you can check by searching for you bank name + GrapheneOS
I found this list helpful: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
I also found that one of the ones I use would only work in the Owner profile with Gplay services so the secondary profile wasn’t an option for it.
I’ve had zero apps not work, including my banking apps.
I switched a few months ago and overall its been an excellent experience. Some pitfalls though:
- Banking apps may not work, Santander in the UK for example but I’m going to transfer away from them
- Contactless pay through google wallet doesn’t work, I couldn’t find a way to attach a card to the back of my phone and also keep pixel snap usable so I bought a small pixel snap wallet that works nicely
- Recently Volkswagen and vw group enabled google play attestation for their app and not hardware attestation, so my cars app no longer works. This is probably the most frustrating for me because as an EV owner there’s no other way to track the charge of your car other than via the app. This is particularly annoying when using public charge points and you can’t track the charge progress when walking away from the car. First world problem, I can just leave it alone and let it charge without keeping an eye on it but that’s annoying to me, I’m sure I’ll get over it.
- Because of the above, I’m concerned other apps may start to follow suit. For example “too good to go” in the UK is “not compatible” with my device from the play store because it doesn’t pass the play attestation… Hopefully it’s not a trend.
Overall though I would highly recommend. All the other main features work flawlessly.
One of my banking apps enabled Google Play attestation. It’s really infuriating. I don’t understand the point either - AFAIK all apps need to be signed with the dev’s private key anyway, don’t they? If they are then why would anyone care where I downloaded it from?
Take a look at OVMS (open vehicle monitoring system). I use it since I have an EV because I don’t want to pay for “connected services”.
Amazing for me tbh. I only had to give up contactless payment since my bank switched to google wallet and I have 0 google apps on my phone. Obtanium and Aurora store are life savers.
Doesn’t help if someone you’re talking to has it on. And unlike Zuck’s stupid glasses you won’t even be able to know unless you ask every single person you talk to first. This sucks.
It’s probably illegal in Germany and some other EU countries. Not that that always stops Big Tech. But this one, at least in Germany, could land the user some jail time.
You still gave your money to Google for the phone…
No, I gave it to the person who resold the phone at a lower cost than what I would’ve paid to get it from Don’t Be Evil Inc.
based
What a useless and irrelevant comment that adds less than nothing to the conversation.
Motorola needs to release those GrapheneOS compatible phones now 💀
Hopefully also as a supported option to the existing phones. I’ve got a Fold and switching is sounding pretty good right now…
The people who called me crazy because “there’s no way your phone can be listening in on you all the time” are the same people who are going to be the most excited about this “feature”
How did these people expect “Hey Siri” / “Hey Google” to work?
Im a perfect world, as they claim, its a secondary system listening that isn’t recording or transmitting anything, and is meant to be low power. If it hears the wake up word, it wakes up the other mic and starts recording.
Thats how they claim the smart speakers work anyway.
This would be different.
This was my understanding, but I just don’t believe it anymore. There have been way, way too many time my wife and I were talking about an incredibly niche thing that didn’t come up through the internet in any way, and lo and behold the algorithm presented those key words. Nobody will ever convince me it isn’t being done to some extent.
It doesn’t need to, that’s the issue, there is so much other data you are generating that can be harvested. Nothing you talk about is completely random, so it’s incredibly easy to build profiles about you, without listening to a single word.
I understand that’s the theory, but these situations were specifically not something that could be easily gleaned. We’re talking like reminiscing about things that happened in our pre internet youth that there’s no record of anywhere and that came up randomly in conversation. I’m definitely aware of the dynamic, even before ubiquity of the internet, it’s true that sometimes companies would know people were pregnant before the person did based on their purchasing profile. This wasn’t that though, there’s just no possible connection.
That happened a few times now, so pretty much nothing is going to convince me it’s not the case.
I think you’d be surprised, there is always a connection. Oh some middle aged millennial waxing poetic about nostalgia? Wow, totally haven’t heard that before, and it’s certainly not the singular thing every company is capitalizing on in media currently. No, you are absolutely unique and Google is simply listening to every conversation about you.
No, I wouldn’t be, because I was talking about a random location which was indeed pretty unique. That said, it’s a pleasure to finally meet you, I’m a big fan.
I had this happen many years ago, to the point there was no chance something wasn’t listening. We suspected it was my partners iPhone with Facebook installed before they got better about preventing abuse like that, as it was a Facebook ad that showed up.
Were talking about something where we never use the product, would never use the product, but it came up in a conversation just between the 2 of us, and there were ads the next day.
It happened a few times.
“How they claim?” Is there no way to confirm that?
I have a memory of people black boxing it and seeing power usage and network traffic that supported the claims but that was a snapshot in time and as others note its all proprietary.
It takes a lifetime to build a good reputation, but you can lose it in a minute.
They ship with proprietary code, this would be the point of open source.
In practice in my experience, every company is at least skirting the law regarding privacy, and I never worked for one big enough that could lobby itself out of a fine.
Even if it was open source, you’d need to be able to verify what they ship matches the specs. Allowing you to flash whatever you want onto it helps, but you still need to validate the hardware.
would this not be detectable by tracking the data sent through your network?
I used to run forensic network capture and analysis tools.
First thing, traffic is encrypted. All you will see is a blob of traffic passing through. You used to see hostnames with TLS, but now with quic, you see nothing. This makes it hard.
You could root the phone and install a root ca certificate for a decrypting proxy, you might see more, but the data itself (not just the transport protocol) could be encoded or even encrypted within the network encapsulation.
Next, you’d have to reverse engineer the protocol if they’re using something nonstandard. Also, malware can often be set up to “behave” when it can detect analysis. I’m all but certain Google would do this.
Maybe you could do statistical analysis of the traffic and attempt to baseline normal vs when it’s transmitting audio. It would be a bit of a blind guess at best.
If I had more time, I’d love to try it. I have an old pixel7 pro. Maybe I can sort something out.
People have already done that and shown that no the device isn’t listening to you 24/7 and sending all your data out. There are plenty of papers on the subject, and it makes sense. Why record, decode and analyze all audio when your digital footprint is so much easier to compile and analyze. People aren’t random, so it’s easy to put them into statistical buckets of how to target them. Here is one reference paper (of many): https://recon.meddle.mobi/papers/panoptispy18pets.pdf
If its real time monitoring you, but not if its logging data to send later when it would be expected to be doing so.
Audio doesnt take up much space.
You look for network traffic. You might not be able to see inside the packets, but you can know when they’re sending packets, and how many. As far as I know, voice assistant systems that claim to use a secondary local circuit to detect calls are telling the truth.
That’s kind of what I was wondering, I figured this as well as a way to track that it is at least sending data at unusual times. Someone else in this thread explained that actually determining what that data is would be difficult yeah: https://lemmy.world/post/48510943/24408747
I don’t know enough about system security or forensics to evaluate this, but it does make sense based on what I know.
The consensus so far seems to be that they don’t collect as much data as people think, partly because they can’t process all of it, and partly because educated guesses are good enough to target ads often enough.
I dont know. You’d need to reverse engineer the hardware and software to be confident, and could a OTA update then sneak a bypass in anyway?
Edit: i think Amazon might have abandoned this as well and always records on echos now too.
It can’t hear if it isn’t already listening.
Doesn’t need to track you all the time to know exactly who you are and what you’re up to.
Continuously monitoring is such a waste of their resources, they already know everything about you, they just need to check in now and then to make sure you’re buying the correct t-shirts.
Fucking yikes
Constant surveillance 😡
Audio memories 😍
BIG BROTHER IS
WATCHING YOU
HELPING YOU REMEMBER YOUR IMPORTANT CONVERSATIONS
I already get “random” ads for things that were only part of a verbal conversation that happened to be near the phone.
What I want is a physical kill switch for the mic and camera, less surveillance not more.
That’s been happening for well over a decade now, and while “respectable security researchers” call it bullshit… there’s simply too much anecdotal evidence for it to happen organically.
The reality is they don’t need to listen.
They have so much data on users.
- how old you are
- where you are
- what you last bought
- when you just bought it
- who you are near
- what they bought
- what the people around you are searching and what ads they are seeing
- what is being bought and sold by everyone around you
- when you sleep
- what you eat
- the things you are chatting about on MMS
- where you go
- when you’re home and when and where you work
It just goes on and on and on.
People think they are unique but they are not as unique as they think.
NONE of that data can predict a random occurrence discussion that goes in a specific direction.
A great example is something that happened to me in 2015. One night I was out with friends, and one of them had a really bad panic attack. The next day I was discussing it with a colleague during a smoke break, who recommended he gets a clip-on pulse oximeter. No searches, nothing, literally just a half minute detour in our chat. I repeat, nothing was typed in or looked up or in any way entered into any computer intentionally.
Five minutes later we’re sitting in front of our respective computers and I start getting ads for the very thing. Mind you, we’re still at a point where nothing noted during this discussion was entered into any computer. Explain this.
Friend, or friends discussed said panic attack on big tech social in DMs or something. Obviously, you follow your friends, you are likely to go out on Saturdays with them, maybe even your first name was mentioned in their messages, you are now tied to an advertising angle for ‘Panick Attacks’. Data brokers buy this information, serve ads. This is just ONE way the data may have been inferred. This doesn’t include contact scanning, location services and so on.
No such discussion happened. As per above, that group of people were super toxic and couldn’t care less about this specific person…
At most the remaining people would’ve mentioned how his panic attack inconvenienced their night out.
“who you are near” does.
Someone that has recently purchased something might talk about it.
Someone that has commented on a news article might talk about it.
Someone has a panic attack and googles what to do about it.Huh, and that’s 2015, before pulseoxen were common household medical supplies like thermometers.
Something smells fucky for sure
You’re right that they don’t need to, but in reality they do whether they announce it or not.
In 2017 I tested this at home alone in my apartment in by myself using my smarphone by finding a site with lots of banner ads, monologing next to my phone about a topic with no relation to my current life at the time for about a minute, then refreshing the page. To my horror, the exact thing I was monologing about showed up on every single banner ad. Nothing in my life was going on related to that topic and the only thing connecting me and the topic was my own vocal words.
That was the moment I decided to avoid Google/big tech for the rest of my life.
Okay but how does all of that
Tell them I’m in the market for a toilet seat?
And then forget to tell them - I only need 1 toilet seat?
that’s an easy one.
google is an ad company, their main customers are the people who buy ads, pretending you need a toilet seat let’s them charge toilet seat makers more to “target” you
All the toilets in your building / neighborhood were installed all the same time and your need for a toilet seat likely matches the average lifespan of that item. They see this, they see you bought a toilet seat.
They don’t sell ads directly for you though. The do sell ads to people your age in your location that might need a toilet seat. They might also know that that item has a high return rate. On the chance you return it they want to sell the opportunity to advertise to you for more to potential customers (ad buyers)
It just goes on and on.
Except they think I’m a 65 year old radiological oncologist in Florida named [my name]. First off, my name is unusual enough that I used to keep tabs on all 13 of us. (you get really bored in the hospital unless you give yourself something to do) None of us work in medicine (well I offer some medical CPEs but that’s education, not medicine) I’ve lived in the hospital I guess. None of us live in Florida. The most famous of us used to be a hockey player, but he hasn’t done shit lately. He’s been to Florida. I’m sure. There’s a hickey team there in Miami, right?
I have been getting ads for stents and sutures and clips and bullshit like isn’t this supposed to be the dude who aims the radiation gun and burns out the cancer? For 25 godsdamned years. How long has goggle existed? That long. I don’t know how I fucked their profile of me but I managed it somehow.
I always wonder whether we’re getting it backwards.
Like, did you see ads for kayaks because you had that conversation about kayaking, or did you have the conversation because an ad company/social network decided it was time for you to get into kayaking?
It may not even be that they advertised kayaking to you. They may just have a very good model of your behaviour that predicts you’re likely to be interested in kayaking.
Honestly this is scarier, and harder to understand. But I suspect it to be the case
Not that hard to understand. They have an extremely large dataset to analyze for “subjects adjacent to these searches” and it returns “kayaking” among other things. Then just show ads for those related things. You ignore the things you’re not considering as background noise, and notice the ones related to your new hobby.
Sorry, harder to understand for the general population. Most people just think their phones are listening to them.
Ah fair enough
I’m figuring it’s smart TVs and smart speakers, not the phones
I have one smart TV and a few streaming devices, none of which have microphones. Yes that includes the remotes. I have zero smart speakers even plugged in to power.
I do have one smart phone with a least one microphone though.
Should be legally mandated in the surveillance environment we are in.
Even though it’s not technically physical, GrapheneOS does have switches for both the camera and mic that disable them at the system level.
So if you answer a call, for example, you’re prompted to unblock the mic because the phone app is requesting to use the mic.
the pinephone has such kill switches
If a song isn’t recognized, a short digital fingerprint may be sent to Google to securely search the cloud. Background conversations and audio are never sent to Google.
And, of course, Google will honor this and any other setting, as always, right? Right?
As soon as they got away with “federated learning” (basically use your phone to train ai then just phone the results home rather than your data) 🤢 they knew they could just keep pushing and pushing and pushing until they have it all
If you’ve got an android, go into your phone’s dev options and try to turn off Google’s location tracking service, or the one that tracks screen inputs, or the one that checks what wifi networks are around you.
They’ve been dishonourable from day 1 :C
That’s such bs short digital fingerprint is anything compressed and encrypted
Interesting how the majority of the comments refer to you being monitored on your own phone, ignoring that you will be monitored on everyone else’s phone as well.

Which is also an important issue with google mail.
But this also violates the expectation that spoken conservations are private.
Probably something people aren’t thinking about. How would this even work in two party consent states/countries?
The same way slopgen cleverly went around seemingly unbendable coryright laws: by ignoring the shit out of it, and half-scaring half-bribing the governments and the public to allow them to do whatever the fuck they want.
By
bribinglobbying local politicians. As always, laws are only real when they’re enforced.
Much like how Facebook includes non-users in their social graph.
Illegal in Germany. You may not record conversations, if you try to enter something like that as evidence you’ll get punished as well.
I suspect there are many countries with laws like that, and if your phone actually disables the feature when you enter them or just let’s you hang to dry…
Doubt. The law likely talks about making unauthorized recordings. There is likely nothing in the law that would disallow automatic transcription if no recording is created.
Unless the law is extremely vague such as “it is unlawful for a microphone to pick up conversations” the law likely doesn’t cover this situation.
I am more than happy (and eager) to be proven wrong, but in my experience the law tends to lag behind tech by quite a bit.
I didn’t check the actual law, always a good idea to do so.
So, §201 StGB actually covers both, it is forbidden to “aufnehmen” (record) as well as “mithören” (spy on). Bonus, its forbidden to cite transcription (im Wortlaut mitteilen).
Its an old law, going back to video cameras with magnetic tape and actually tapping a phone line. So it was used quite often, including the mentioned fake surveillance cameras, that didn’t record or even view anything but seemed to the public they did.
When dashcams became a thing people would be sentenced for using them. These days you can use dashcams, but never save for more than 24h or show the recording to anyone but the police/court.
I guess the law is a relict of living next door to Stasi, but its really just a guess of mine.
If huge tech corps are good at anything, it’s swerving around laws or simply deciding to ignore them.
They’ll argue that since you consented, it’s not spying.
And they’ll put something in the terms that it’s your responsibility to inform people around that your or their conversations will be recorded (lol, as if anyone would - but they’ll claim that as a defence).
And if they end up in court and get fined, even millions is just a slap on the wrist compared to how much they made from all that juicy data.
Laws will not stop them.
Google is not breaking the (German) law here, it actually is your responsibility as a user to not spy on people. Failure to do so means up to three years in jail, for a first offender most likely a fine. And your device that you used to break the law might get confiscated.
The later was already the case when people used radar warner apps (banned on Germany as well) and lost their smartphone for that.
I wonder if there’s a legal loophole here? Specifically this works by transcribing “important conversations” into text, it’s not actually storing .mp3 recordings. Obviously still disgusting and I hate it.
The legal loophole is Google can afford to pay the fine. They make more money breaking ze law than they do following they law
This right here. Companies like Google effectively have infinite money and it’s not a big deal for them to pay off the (usually miniscule) fines that they get hit with.
No, the user breaks this law, not the manufacturer. So the loophole for google is, they don’t care about you.
Not a lawyer, but as far as I got it, the storing isn’t the punishable part, the recording is.
You can’t have security cameras filming public spaces (like the road in front of your house). Even if its dummies, as people couldn’t tell the difference whether the camera actually films them or not.
Illegal in parts of the U.S. as well
if you try to enter something like that as evidence you’ll get punished as well.
They’ll just use parallel construction
No need to, there is no fruit of the poisonous tree in German law. Police can strip search you in bright daylight on a crowded square for no reason - clearly illegal, bit what they find will be used to proscute you. The officers will be punished as well, at most with a stern talking to.
I saw this title and immediately said “fuck off” then clicked, and …glad to see OP sharing my immediate sentiment.
Aaaand it’s Niantic all over again.
GrapheneOS, asap Pixel owners.
Thank me later.
Before it’s somehow no longer an option. I fear the Motorola deal will somehow get blocked.
This would be such a cool thing, too bad it will only be used to scrape our data in order to sell us more ads. There are far too many technologies and concepts that have been ruined already due to bloody greed.
Hey, don’t be so pessimistic.
For sure it will be available for government agencies to subpoena or even outright purchase.
This is the free market. Everything about you is for sale.
I’m sure this current administration and some oligarchs have been, and are, doing everything in their power to know as much about each of us as possible. With AI and some Doge ‘behind the scenes’ work, a bad actor could say “I want to know everyone who shows even a slight bent to the left” so we can target them." Control and manipulation is the point. Everyone reading this is a target. And I’m sure I’ll be bumped up on their ‘people to be concerned about’ list after writing this.
Yeah the down side of Lemmy having an open API is that anyone at all can scrape it to train whatever they want.
I would advise doing as much as you can to not put real info about yourself on here (maybe even some fake info to poison it).
All the people in charge of everything are fucking leeches.
Any soviet officials still alive must be going crazy: “wait, they actually pay to be surveilled???”
I’d trust talking revolution with a soviet commissar more than I’d ever trust a modern day company listening in on my everyday everything.
I got banned from Reddit for:
- Saying Peter Thiel should be turned into soup.
- Saying Peter Th-iel should be turned into soup.
- Explaining to someone that I had two warnings about saying Peter Thiel should be turned into soup, which was then deleted and replaced with “user is banned for this post”
They’re scared. You hear me, Peter? I’m coming for you with carrots and onions.
Yes reddit is controlled by the epstein class we all know this
Soylent green is made of Peter Thiel!
I feel like that would be Soylent Putrid Brown or Boyblood Red
Mirepoix du Thiel
This guy cooks
Fucking Reddit.
Thank god I have Graphene.





























