One of the reasons I build my own LineageOS builds is because of terrible one-party consent recording laws (in places like California) there’s no geographic way in Android to check it on a state-by-state way. It just goes off country code and disables it for the US since quite a few states it’s illegal to do. For my state it isn’t illegal so I modified my builds to allow it.
There are other things like this too in Android disabled on per-country. Japan has a camera shutter noise that cannot be disabled but this was a request by their carriers, apparently not a law, big discussion under this review: https://review.lineageos.org/c/LineageOS/android_frameworks_...
I have to wonder how this will impact their partnership with Motorola. Presumably, Motorola will have more difficulty if they're found not to be complying with relevant law...
I hope GrapheneOS isn't completely banking on their partnership succeeding. If Motorola devices ever became the only devices that GrapheneOS works on, and it's being done with Motorola's blessing, then it could be more easily legislated out of existence.
I wholeheartedly support GrapheneOS but, because of that, I very much hope they don't box themselves into a corner that's then easy to 'wall off'.
Having said that, the hardware being restricted to Pixel devices was always a tenuous proposition based on Google's design choices. If Pixels remain supported whilst adding Motorola, that's only a good thing.
I appreciate the principled stand, but on the other hand the CA law only requires users to self-identify when setting up accounts (and then the OS will expose age to apps), that seems fairly toothless (though wrongheaded) compared to TX and UT wanting to scan photo IDs[1]
To be clear, the Texas law only applies to mobile app stores, not the operating system, and there is no requirement to scan photo ID, just the vague,” commercially reasonable method of verification.”
Except for the fact that my age is now a piece of information that any tracking pixel or web malware can access at all times to de-anonymize me, even in incognito mode. But maybe that can be solved by collapsing all ages above 18 to just 18. Not sure if that violates the wording of the law though.
Of course :^) I'm close to jumping ship to GrapheneOS, but as a Swedish resident I really need our digital id services, digital mailbox, and banking apps. I have seen their page on app support, but I am slightly afraid its not up to date / will break any time. I guess the solution is to use one banking android phone and one GrapheneOS for everyday use.
I believe GrapheneOS would only be an issue if the Swedish gov decides on using the Google Play Integrity API instead of Android's hardware attestation API (and requiring their apps to whitelist GrapheneOS's keys). So their stance doesn't really change much in terms of how banking apps currently work with GrapheneOS.
He's referring mostly to BankID which is a very secure MFA solution designed for banking purposes(all banks in Sweden accept the same mfa app) the inbox app is probably kivra, which is a email inbox which uses BankID for authentication, and is used for invoices and other "official business" mails.
There's also swish, which is instant payments to both friends and businesses. Swish also uses BankID.
BankID is also used to sign documents, file taxes, etc.etc.
Swedish society is largely built around this one official MFA solution, and having a phone where you cannot run it is a real hassle
I can only speak for my bank (Nordea), but they do offer a separate 2FA device you can order if you "can't use" your smartphone for whatever reason. As a solution it sucks, but technically you're not forced to use a mobile phone to login. I'd be surprised if other banks didn't offer similar fallbacks.
It's not an issue, we're just spoiled. It's such an amazing convenience that anything else seems like a huge and unnecessary hassle.
There is actually more a second MFA provider that is accepted almost everywhere, including the tax authority. I forget it's name and I've never tried it, so I can't say too much, but presumably it provides similar functionality as BankID
I hope you are allowed to operate in Canada Freely. If I am right, there is already something called Bill C-22, which is again a censorship and state level surveillance act under the guise of Child protection. Sooner or later Canada introduce this rule too.
so what is going to happen? Will California issue slave catcher warrants for those who violate laws? will Free Stater sheriffs dispatch citizens on long haul flights to meet their fate in the Golden State?
One of the reasons I build my own LineageOS builds is because of terrible one-party consent recording laws (in places like California) there’s no geographic way in Android to check it on a state-by-state way. It just goes off country code and disables it for the US since quite a few states it’s illegal to do. For my state it isn’t illegal so I modified my builds to allow it.
There are other things like this too in Android disabled on per-country. Japan has a camera shutter noise that cannot be disabled but this was a request by their carriers, apparently not a law, big discussion under this review: https://review.lineageos.org/c/LineageOS/android_frameworks_...
Canadians not being able to disable Amber alerts sent at presidential level all the time might also be interested to be able to sleep again...
Jesus Christ it woke me the fuck up
I have to wonder how this will impact their partnership with Motorola. Presumably, Motorola will have more difficulty if they're found not to be complying with relevant law...
I hope GrapheneOS isn't completely banking on their partnership succeeding. If Motorola devices ever became the only devices that GrapheneOS works on, and it's being done with Motorola's blessing, then it could be more easily legislated out of existence.
I wholeheartedly support GrapheneOS but, because of that, I very much hope they don't box themselves into a corner that's then easy to 'wall off'.
Having said that, the hardware being restricted to Pixel devices was always a tenuous proposition based on Google's design choices. If Pixels remain supported whilst adding Motorola, that's only a good thing.
I'd think they just can't sell the phones preloaded with graphene in regions where these laws exist.
Id also want to load GOS myself, pre-loading it seems like it defeates some of the point
I appreciate the principled stand, but on the other hand the CA law only requires users to self-identify when setting up accounts (and then the OS will expose age to apps), that seems fairly toothless (though wrongheaded) compared to TX and UT wanting to scan photo IDs[1]
1: https://www.tomshardware.com/software/operating-systems/cali...
Why should we be ok with laws just because they won't accomplish anything?
To be clear, the Texas law only applies to mobile app stores, not the operating system, and there is no requirement to scan photo ID, just the vague,” commercially reasonable method of verification.”
Until CA matches the TX and UT laws. Boiling the frog
Except for the fact that my age is now a piece of information that any tracking pixel or web malware can access at all times to de-anonymize me, even in incognito mode. But maybe that can be solved by collapsing all ages above 18 to just 18. Not sure if that violates the wording of the law though.
If you're considering switching to GrapheneOS from iOS, here's a guide: https://blog.okturtles.org/2024/06/the-ultimate-ios-to-graph...
Reading the pros and cons list made it very clear to me that I'll never switch to GrapheneOS.
Of course :^) I'm close to jumping ship to GrapheneOS, but as a Swedish resident I really need our digital id services, digital mailbox, and banking apps. I have seen their page on app support, but I am slightly afraid its not up to date / will break any time. I guess the solution is to use one banking android phone and one GrapheneOS for everyday use.
I believe GrapheneOS would only be an issue if the Swedish gov decides on using the Google Play Integrity API instead of Android's hardware attestation API (and requiring their apps to whitelist GrapheneOS's keys). So their stance doesn't really change much in terms of how banking apps currently work with GrapheneOS.
Do the banking apps have features that the (mobile?) websites do not? Genuine question, I have no frame of reference for Swedish banks
He's referring mostly to BankID which is a very secure MFA solution designed for banking purposes(all banks in Sweden accept the same mfa app) the inbox app is probably kivra, which is a email inbox which uses BankID for authentication, and is used for invoices and other "official business" mails.
There's also swish, which is instant payments to both friends and businesses. Swish also uses BankID.
BankID is also used to sign documents, file taxes, etc.etc.
Swedish society is largely built around this one official MFA solution, and having a phone where you cannot run it is a real hassle
Same in Norway.
The less free states are starting to require remote attestation to send payments at all.
You can't login to those without app as a 2FA.
I can only speak for my bank (Nordea), but they do offer a separate 2FA device you can order if you "can't use" your smartphone for whatever reason. As a solution it sucks, but technically you're not forced to use a mobile phone to login. I'd be surprised if other banks didn't offer similar fallbacks.
You can have these apps on a separate device that lives in a drawer like paper documents would. We need to separate state from private life.
Sounds like your issue is with your government.
It's not an issue, we're just spoiled. It's such an amazing convenience that anything else seems like a huge and unnecessary hassle.
There is actually more a second MFA provider that is accepted almost everywhere, including the tax authority. I forget it's name and I've never tried it, so I can't say too much, but presumably it provides similar functionality as BankID
Likewise, my plan will be to have GrapheneOS as my "real" OS, and a cheap secondary phone for banking app and whatnot.
Related and also on the front page: https://news.ycombinator.com/item?id=47479183
I hope you are allowed to operate in Canada Freely. If I am right, there is already something called Bill C-22, which is again a censorship and state level surveillance act under the guise of Child protection. Sooner or later Canada introduce this rule too.
The bill to watch on age verification is S-209 (the "S" because it originates in the Senate). Section 12(2) includes the requirements for potential verification methods. https://www.parl.ca/DocumentViewer/en/45-1/bill/S-209/first-...
Keep an eye on michaelgeist.ca. If there are petitions to sign to oppose it, you'll probably find out there.
so what is going to happen? Will California issue slave catcher warrants for those who violate laws? will Free Stater sheriffs dispatch citizens on long haul flights to meet their fate in the Golden State?
If Motorola releases a phone with flagship specs that runs LineageOS, I am buying.
They have a Graphene partnership, not a LineageOS one. The latter is entirely up to volunteers to port it.
Fuck yeah! I was wondering about this.