Even more dialogs that most users will blindly tap "Allow" to will not fix the problem.

Society has collectively decided (spiritually) that it is ok signing over data access rights to third parties. Adding friction to this punishes 98% of people in service of the 2% who aren't going to use these services anyway.

Sure, a more educated populous might tip the scales. But it's not reality, and the best UX reflects reality.

Web sites could legally use cookies for non-tracking purposes without cookie banners but considering people have not stopped visiting sites despite the fugly click-through cookie banners makes them a failure.

All it takes is for 50% of the internet users to stop visiting web sites with them, and web site authors will stop tracking users with external cookies.

You've written that like it's a plausible and likely scenario.

(If it was likely, it would have already happened)

- Nearly all websites people use day-to-day are commercial

- To run ads in a post-1997 world, you must have a conversion pixel because ads aren't sold by impression, they're sold by clicks and they need to know someone made it to your site

- Therefore, some form of tracking cookies (oooh evil) are required

- Big Tech (Google/Meta/X) controls 99% of the real estate where ads can be run, so... they will know about visitors

Unless browsers simply had a setting by default to only save cookies past one session when users allow it. That would be a wildly more effective and efficient solution than forcing every single random website to implement some byzantine javascript monstrosity which attempts to somehow inhibit other JS it doesn't actually control from dropping cookies -- something that the JS API in a browser doesn't even support.

I work on a product that doesn't even have any ad traffic land on it or want to do any tracking, and setting up a cookie management platform was insane. You have to dive into the docs of every SDK to try to figure out how this particular SDK can be signaled to do the GDPR compliance things.

The law has turned out to be useless, agreed — or at least, it has driven hard-to-navigate UX that we live through today. The intent could have taken us in a different direction with some care (i.e. mandating a clear, no-dark-pattern opt-out/opt-in ahead-of-time option a la DoNotTrack header that similarly failed): if web clients (browsers) were required to pass visitor's preferences and if the list of shared-with was mandated to be machine readable with an exact format (so browsers would create nice UIs), maybe we'd get somewhere.

Whoever came up with an idea to attach CSAM scanning provision to it is an evil genius, what an incredible way to make sure it's not going to pass any time soon.

Simply select the sites whose first party cookies you want preserved, triggered only by user actively toggling it on, or prompted for on a user-triggered POST that occurs on a page with a user-filled password field (similar to how popups were killed off, no prompting on a POST done without user interaction). "Do you want to let this site 'ycombinator.com' remember you (stay logged in, etc.)?" [YES] [NO]

Otherwise delete the cookies in X minutes/hours/etc.

Or another way, keep the cookies while a tab is on the site, then once no tabs are visiting it, put them in an 'archive.' Upon visiting the site again, show a prompt "Allow ycombinator.com to recognize you from your previous visit(s)?" <Yes> <No, be anonymous> If yes, restore them, otherwise, delete them.

It is so simple to have browsers be responsible for the user's safety, yet since we left it to politicians to decide, we got all this silliness putting it on the users -- and where the technical implementations are by necessity INSIDE the JS sandbox where it's difficult for users to verify that it's being done correctly.

[0]: https://medium.com/incerto/the-most-intolerant-wins-the-dict...

How would the content creators or news sites earn then? Web is built on ads, and ads are built on tracking as untargeted ads pays significantly lower than targeted.

“Creators” seem to do just fine with the patronage model.

> ads are built on tracking as untargeted ads pays [sic] significantly lower than targeted.

Not my problem. I am not required to prop up your failed business model.

I'd bet if you ask people "do you care about privacy?" Close to 100% would say yes.

If you ask "you have to give up privacy to be able to log in to your email automatically. Are you ok with that?" Close to 100% would say yes.

If you ask "we will give you this email service for free but in exchange we get to squeeze every ounce of juice that we can out of it to persuade you to buy things you don't need. Are you ok with that?" Close to 100% would say yes.

It doesn't matter what people say they care about. Their actions say otherwise, if the privacy-friendly option is in any way less convenient.

The only thing I've found awful is the mindset of the people implementing the banners.

That you feel frustration over that every company has a cookie banner, is exactly the goal. The companies could decide that it isn't worth frustrating the user over something trivial like website analytics, as they could get that without having to show a cookie banner at all.

But no, they want all the data, even though they most likely don't use all of it, and therefore are forced to show the cookie banner.

Then you as a user see that banner, and instead of thinking "What a shitty company that don't even do the minimal work to not having to show me the cookie banner", you end up thinking "What a bad law forcing the company to inform me about what they do with my data". Sounds so backwards, but you're not the first with this sentiment, so the PR departments of the companies seems like they've succeed in re-pointing the blame...

Once that happens, the "originals" will feel the pressure.

But even so, I'd argue that since it's a small business, you'd do much better with qualitative data rather than quantitative, since it's a small business it's hard to make choices based on small amount of data. Instead, conduct user experience studies with real people, and you'll get a ton of valuable data.

All without cookie banners :)

This is partially due to the fact that Google Analytics is free and the default for most website/app builders. But, still, it's ridiculous.

This is why half the web has cookie-consent banners. No amount of developers who know the details screaming up the ladder will fix this. The emergent behavior put in place by the legal profession and corporate politics favors the SAAS companies that sell GDPR cookie banner products and libraries. Even if they're in the right, there is a greater-than-zero percent chance that if they do the wrong thing they'll go to court or be forced to defend themselves. And even then if it's successful, the lawyers still need to be paid, and the company will look at "that fucking moron Joe from the website department" which caused all their hassles and countless hours of productivity as a result of being a "smart ass".

> This is why half the web has cookie-consent banners

Agree, but we as developers can have an impact in this, especially in smaller companies. I've managed to "bark up the ladder" sufficiently to prevent people from mindlessly adding those popups before, and I'm sure others have too.

But those companies have all been companies where user experience is pretty high up on the priority ladder, so it's been easy cases to make.

or union workers strike against Imaginary Mail Service Corp. because they are being killed on the job, and people (consumers) get angry at the workers because their package wont show up on time (or the railways arent running, etc...) instead of getting mad at the company inflicting that damage on other people...

or when [imaginary country] puts sanctions on [other poorer country] the people of that country blame the government in power instead of the people directly inflicting harm on them.

I'm not sure why this is the case, but we have been conditioned to be resistant to the inconvenience and not the direct cause. Maybe its because the direct cause tends to be a faceless, nameless entity that directly benefits from not being the target of ire.

Nope, that's not how it works. But your whole comment is a great showcase about how these myths continue to persist, even though the whole internet is out there filled with knowledge you could slurp up at a moments notice.

'Nothing is essential until you prove it is' - apply to the cookie ombudsman for €1k to make your case for allowance.

You complete a detailed form including giving your company registration and the reason for use of each cookie. You list each company with access.

You pay into escrow €10 per user per company (eg 10 users, sending data to 1200 companies; 120000€) you wish to gather/keep data on, providing that users details and an annual fee.

Any non trivial infringement and you get DNS blocklisted, the escrow money is paid out, CEO of the registered company is fined one years income (max of last 4 years) and legal proceedings are started against the company and its executives.

On application to the cookie ombudsman I can see all companies who legally have access to my data (and via which gateway company), I can withdraw access, they can withdraw service.

Operating system level controls, though, provide a single control plane. One can very easily imagine OS-level toggles per application of:

[No Internet, No Internet outside your own app-sandbox, Ask me every time, Everything is allowed].

No opt in from apps required -- they might break if the network is disabled, but the user is still in control of their data.

There's little to no conscious choice in this. But there is a lot of money in this. Like... a LOT of money. If I were to try to influence society to be okay with it, it would be a no brainer.

So, to me, it's obvious that society has been brainwashed and propagandized to accept it. But doing so generates hundreds of billions if not trillions of dollars. How, exactly, such manipulation is done is unknown to me. Probably meticulously, over the course of decades if not centuries. I know that the concept of privacy during the writing of the constitution was much, much more stringent than it was in the 70s, which is much more stringent than it is today.

But, I am very confident it is happening.

(The "I don't care about cookies" extension is similarly effective, but since I'm already running u-block origin, it makes more sense to me to enable it's filter.)

Word of caution though, that might silently break some websites. I've lost count of the times some HTTP request silently failed because you weren't meant to be able to get some part of the website, without first rejecting/accepting the 3rd party cookies.

Usually, disabling uBlock, rejecting/accepting the cookies and then enabling it again solves the problem. But the first time it happened, it kind of caught me by surprise, because why in holy hell would you validate those somehow?!

Users had a global way to signal “do not track me” in their browser. I don’t know why regulators didn’t mandate respecting that instead of cookie consent popups.

Apple IDs could easily have global settings about what you are comfortable with, and then have their apps respect them.

This would have the added benefit of being configurable and work on a bunch of apps instead of just one at a time too

On desktop and Firefox app, I only browse through private browsing so cookies are mostly irrelevant as session ends as soon as all windows close.

And if you design software that uses tracking and what not. Go fuck yourself.

The vast majority (>95%) of users does not understand what those pop-ups say, seems fundamentally incapable of reading them, and either always accepts, always rejects, or always clicks the more visually-appealing button.

Try observing a family member who is not in tech and not in the professional managerial class, and ask them what pop-up they just dismissed and why. It's one of the best lessons in the interactions between tech and privacy you can get.

By adding that extra step forcing users to be aware of (and optionally decline) the vendors collection of personal data, it adds a disincentive for collecting the data in the first place.

In other words, opt-in can be thought of as a way to encourage vendors to change their behaviour. Consumers who don't see an opt-in will eventually know that the vendor isn't collecting their information compared to others and trust the product more.

It is definitely true that most users don't know what they're opting out of, they just understand that they have basically nothing to gain anyway, so why opt-in?

But actually, that's totally fine and working as intended. To be fair to the end user, Apple has done something extremely complicated here, and it's going to be extremely hard for anyone except for an expert to understand it. A privacy-conscious user could make the best call by just opting out of any of these features. An everyday user might simply choose to not opt-in because they don't really care about the feature in the first place: I suspect that's the real reason why many people opt-out in the first place, you don't need to understand privacy risks to know you don't give a shit about the feature anyway.

If you do not want it (and that is >90% of people, who never asked for it, never requested it, but was forced upon them these 'enriched' lies and exposure to corporate greed).

This is everyone, it is universal, I've met many people "in tech" who also click the most "visually appealing" button because they are trying to dismiss everything in their way to get to the action they are trying to complete.

The microcosm that is HN users might not just dismiss things at the 95%+ rate, but that is because we are fed, every day, how our data is being misappropriated ate every level. I think outside of these tiny communities, even people in tech, are just clicking the pretty button and making the dialog go away.

I agree that a lot of people don't read, or attempt to understand the UI being presented to them in any meaningful manner. It really is frustrating seeing that happen.

But, think about the "colorful" option you briefly mentioned. Dark patterns have promoted this kind of behaviour from popups. The whole interaction pattern has been forever tainted. You need to present it in another way.

That’s an interesting question. Something to consider, iOS photos has allowed you to search for photos using the address the photo was taken at. To do that requires the Photos app to take the lat/long of a photos location, and do a reverse-geo lookup to get a human understandable address. Something that pretty much always involves querying a global reverse-geo service.

Do you consider this feature to be a violation of your privacy, requiring an opt-in? If not, then how is a reverse-geo lookup service more private than a landmark lookup service?

It seems trivially possible to do this in a more privacy preserving way: geocode the search query and filter photos locally.

No idea how Apple implements it though.

Something to consider - location is geo-encoded already into photos and doesn't need this uploaded to Apple servers. Searching can be done locally on device for location.

Apple goes as far as to offer a setting to allow the user to share photos and remove the geocoding from it.

Offering a new feature is opt-in.

Unfortunately, against my better wishes, this only erodes trust and confidence in Apple that if this is happening visibly, what could be happening that is unknown.

I suppose in some sense it is, as it a reverse-geo lookup service, but it's also no where near to the front in the location privacy war.

Cell phone providers basically know your exact position at all times when you have your phone on you, credit card companies know basically everything, cars track driving directly, etc. etc.

I can see why some people would be up in arms but for me this one doesn't feel like missing the forest for the trees, it feels like missing the forest for the leaves.

But the argument that this specific feature represents some new beachhead in some great war against privacy strikes me as little more that clickbate hyperbole. If Apple really wanted to track people’s locations, it would be trivial for them to do so, without all this cloak and dagger nonsense people seem to come up with. Equally, is a state entity wanted to track your location (or even track people’s locations at scale), there’s a myriad of trivially easy ways for them to do so, without resorting to forcing Apple to spy on their customers via complex computer vision landmark lookup system.

The interesting thing is that Apple has created a cathedral of seemingly objective sexy technical details that feel like security. But since it’s all trust, feelings matter!

So my answer is, if it feels like a privacy violation, it is. Your technical comparison will be more persuasive if you presented it in Computer Modern in a white paper, or if you are an important Substack author or reply guy, or maybe take a cue from the shawarma guy on Valencia Street and do a hunger strike while comparing two ways to get location info.

Apple is building a location database, for free, from user's photos and saying it's anonymized.

It's not a service I want, nor one I authorize. Nor are my photos licensed to Apple to get that information from me.

Encryption is only good relative to computational power to break it available to the many, or the few.

Computational power usually seems always available in 10-20-30 years to generally break encryption for the average person, as unimaginably hard it seems in the present. I don't have interest in taking any technical bait from the conversation at hand. Determined groups with resources could find ways.. This results in no security or encryption.

Where on earth did you get that from? The photos app is sending an 8bit embedding for its lookup query, how are they going to build a location database from that?

Even if they were sending entire photos, how do you imagine someone builds a location database from that? You still need something to figure out what the image is, and if you already have that, why would you need to build it again?

> Encryption is only good relative to computational power to break it available to the many, or the few. > Determined groups with resources could find ways.. This results in no security or encryption.

Tell me, do you sell tin foil hats as a side hustle or something? If this is your view on encryption why are you worried about a silly photos app figuring out what landmarks are in your photos. You basically believe that it’s impossible for digital privacy of any variety is effectively impossible, and that you also believe this is a meaningful threat to “normal” people. The only way to meet your criteria for safe privacy is to ensue all forms of digital communication (which would include Hacker News FYI). So either you’re knowingly making disingenuous hyperbolic arguments, you’re a complete hypocrite, or you like to live “dangerously”.

They’re broadly similar services, both provided by the same entity. Either you trust that entity or you don’t. You can’t simultaneously be happy with an older, less private feature, that can’t be disabled. While simultaneously criticising the same entity for creating a new feature (that carries all the same privacy risks) that’s technically more private, and can be completely disabled.

> The interesting thing is that Apple has created a cathedral of seemingly objective sexy technical details that feel like security. But since it’s all trust, feelings matter!

This is utterly irrelevant, you’re basically making my point for me. As above, either you do or do not trust Apple to provide these services. The implementation is kinda irrelevant. I’m simply asking people to be a little more introspective, and take a little more time to consider their position, before they start yelling from the rooftops that this new feature represents some great privacy deception.

But thank you for one more demonstration that even the HN crowd can’t reliably give or deny informed consent here.

I actually couldn't get Photos address search to work right in my testing before writing my previous comment, even with a geotagged photo that I just took. So I'm not sure whether I have some setting disabled that prevents it.

The only match was via character recognition of a printed form that I had photographed.

To be clear, I meant that it was a nonissue for me, because I don't geotag my photos (except in that one test). Whether it's an issue for other people, I don't know.

One of the problems with iPhone lockdown is that it's a lot more difficult to investigate how things work technically than on the Mac.

By saving them from any source other than the camera app you’ve configured to not use geo-tagging.

My Photos library contains camera snapshots and screenshots, nothing else.

For what it’s worth, I’m surprised that you never save photos to your phone that you didn’t take yourself. Do people not send you interesting pictures? Pictures of yourself?

I don't even use Photos app on Mac anymore. They've ruined it compared to the old iPhoto. I just keep my photos in folders in Finder.

I don't personally have a strong feeling for or against this particular feature, since I don't use geotagging at all, so it doesn't affect me. I'm neither endorsing nor condemining it offhand. I'll leave it to other people to argue over whether it's a privacy problem. It could be! I just lack the proper perspective on this specific issue.

The issue is much deeper for anyone who has remotely worked with EXIF data for any creative or professional work they do.

Personally I do not believe these popups serve any purpose, because I ultimately cannot (at least in a reasonable way) prove that the website is acting in good faith. Asking me whether the app should phone home doesn't really guarantee me pressing "no" will actually prevent the tracking.

I am continuously surprised at how we convince ourselves privacy at scale will work with a varying amount of yes/no buttons. There are 2 ways to trust software 1. be naive and check whether "privacy first" is written somewhere 2. understand the software you are running, down to the instructions it is able to execute.

The permission popups also lack granularity. When giving access to my contact list, which contacts does it actually access? Can I only give access to contacts name and not phone numbers? Is it for offline or online processing? If online, should we have another popup for internet access? But then, can I filter what kind of internet stuff it does? You go down the rabbit hole and eventually end up with a turing-complete permission system, and if you don't, your "privacy" will have some hole to it.

And I've been in situations where I noticed a box was checked that I'm sure I didn't check. I want to turn these things off and throw away the key. But of course the vendor will never allow me to. Therefore I use Linux.

I hate to break it to you, but these things happen in Linux, too.

It's not the operating system that's the problem. It's that the tech industry has normalized greed.

The reason why this is the case is because while the tech industry is rotten, the Linux desktop isn't really directly owned by a tech industry company. There are a few tech companies that work on Linux desktop things, but most of them only work on it as a compliment to other things they do.

Distributions may even take it upon themselves to "fix" applications that have unwanted features. Debian is infamous for disabling the KeepassXC networking features, like fetching favicons and the browser integration, features a lot of users actually did want.

Meaning, between the big vendors making the OS, and state-level actors making hardware, I wouldn’t necessarily trust Wireshark on machine A to provide the full picture of traffic from machine A. We might see this already with servers running out-of-band management like iDRAC (which is a perfectly fine, non-malicious use case) but you could imagine the same thing where the NIC firmware is phoning home, completely outside the visibility of the OS.

Of course, it’s not hard to capture traffic externally, but the challenge here would be correlating that external traffic with internal host monitoring data to determine which apps are the culprit.

Still, if you were extra paranoid, it wouldn't be unreasonable or even difficult to check from an external vantage point.

> Are there any tools that enable capturing traffic from outside the OS you’re monitoring, that still allow for process-level monitoring?

Doing both of these things at once would be hard, though. You can't really trust the per-process tagging because that processing has to be done on the machine itself. I think it isn't entirely implausible (at the very least, you could probably devise a scheme to split the traffic for specific apps into different VLANs. For Linux I would try to do this using netns.)

I want this too, but when even the two most popular base OSes don't adhere to this, I feel like it's an impossible uphill battle to want the software running on those platforms to behave like that.

"Local-first" just isn't in their vocabulary or best-interest, considering the environment they act in today, sadly.

Software will continue to spy on people so long as it is not technically prohibited or banned.

I highly suggest everyone else does their darnedest not too either. Don’t do it in your own software. Refuse and push back against it at $dayJob.

I realize that my small contribution as a privacy and data-respecting SWE is extremely small, but if we all push back against the MBAs telling us to do these things, the world will be better off.

It’s the prisoner’s dilemma, but one vs many instead of one vs one. So long as someone defects, everyone either defects or goes out of business.

It’s the same as with unethical supply chains. A business using slave labour in their supply chain will out-compete all businesses that don’t. So well-meaning business owners can’t really switch to better supply chains as it is the same as just dissolving their business there and then.

Only universal regulation can fix this. If everyone is forced not to defect, we can win the prisoners dilemma. But so long as even 10% of big tech defects and creates this extremely lucrative business of personal data trade that kills every company not participating, we will continue to participate more and more.

Read Meditations on Moloch for more examples.

Apple iOS provides crash logs via the following navigation path:

  Privacy & Security
    Analytics Data
      AppName-date-time.ips

Normal people don't email support with crash logs, they just grumble about it to their coworkers and don't help fix the problem. You can't fix a problem you don't know about.

And yet we don't have home inspectors coming into our homes unannounced every week just to make sure everything is ok. Why is it that software engineers feel so entitled to do things that no other profession does?

Downloading a torrent isn't the same thing as going to the record store and physically stealing a CD, and regular people can also understand that there's a difference between the invasiveness of a human being entering your house and someone not doing that. So either people can understand torrenting isn't the same as going into a store a physically stealing something and anonymized crash logs aren't the same thing as a home inspector coming into your house, or Napster and torrenters actually owe the millions that the RIAA and MPAA want them to.

I'm not saying that all tracking is unequivocally good, or even okay, some of it is downright bad. But let's not treat people as idiots who can't tell the difference between the digital and physical realm.

To put it in the language of someone who mistakenly thinks you can own information: data about crashes on computers that aren't yours simply doesn't belong to you.

Outside of specifically silicon valley, that level of entitlement is unheard of. Once you put it in human terms what you're asking for, it sounds absolutely outrageous. Because it is - you and I just exist in a bubble.

This can all be avoided and you can have you cake, too. Run the software on your metal. That's what my company does and it's great in many ways. We have a level of introspection into our application execution that other developers can only dream of. Forget logging, we can just debug it.

I'm just not sure why Apple needed to activate this by default, other than not draw attention to it... and doing so that was more important than the user's rights to the privacy they believe they are purchasing on their device.

I don't care what convenience i'm being offered or sold. If the user has decided what they want and the premium they are paying for Apple, it must be respected.

This makes me wonder if there is an app that can monitor all settings in an iPhone both for changes between updates, and also new features being set by default to be enabled that compromise the user's known wishes.

All this AI, and this is still overlooked.

I'm hoping it was an oversight.

This is a “look at me, Apple bad” story that harvests attention. It sets the premise that this is an unknown and undocumented process, then proceeds to explain it from Apple documentation and published papers.

It exists. I use such software everyday. For example, I am submitting this comment using a text-only browser that does not auto-load resources.

But this type of smaller, simpler software is not popular.

For example, everyone commenting in this thread is likely using a browser that auto-loads resources to submit their comments. HN is more or less a text-only website and this "feature" is not technically necessary for submitting comments. All so-called "modern" web browsers send requests to the internet without explicit intent first. IN addition to auto-loading resources, these browsers automatically run Javascript which often sends further requests never intended by the web user.

Brand new Apple computers now send packets to the internet as soon as the owner plugs them in for the first time. This may enable tracking and/or data collection. Apple proponents would likely argue "convenience" is the goal. This might be true. But the goal is not the issue. The issue is how much the computer owner is allowed to control the computer they buy. Some owners might prefer that the computer should not automatically send packets to remote Apple servers. Often it is not even possible to disable this behaviour. Computer purchasers never asked for these "convenenience" features. Like the subject of this submission, Apple Photos, these are Apple's decisions. The computer owner is not allowed to make decisions about whether to enable or disable "convenience" features.

As the court acknowledged in its opinion in US v Google, default settings are significant. In this case, it is more than a default setting. It is something the owner cannot change.

I too want exactly that, which got me thinking, that's what firewalls are for! DROP OUTBOUND by default, explicit allow per-app.

On Andoid, iptables-based firewalls require root, which wasn't a good option for me (no twrp support for my device), so after some searching I stumbled upon NetGuard - open source and rootless, implements a firewall using Android's VPN service (you can configure Android to route all traffic through this "VPN" which is actually a local firewall). The downside is you can't use an actual VPN (except with some complicated setup involving work profiles and other apps). I've been using it for a couple of weeks and am very satisfied, I noticed apps phoning home which I did not want to, like a scanning app I had used to scan private documents in the past, perhaps an oversight on my part.

They're the ones allowing you to root your phone or flash a custom ROM in the first place, so that's not a fair characterisation. Banks have a vested interest in reducing fraud, and a rooted Android might allow for easier and additional attack vectors into their apps and thus systems.

Aaaaand no.

Even in the case where I’m willing to risk trusting the developer, they have literally zero resources to pen test the software I’ll be running my banking apps on, and in the case of Android roms need to run known vulnerable software (out-of-support source-unavailable binary blobs for proprietary hardware that were never open-sourced).

The same argument was made about TPM’s on PC’s and against Windows 11 for years (that they should just be disabled/sidestepped). It only holds water if you don’t understand the problem the device solves for or have a suitable alternative.

* Bulletproof

* Privacy Conscious

* Normal (recommended)

That way users are roughly opting in and opting out in a way that aligns with their desires

> there is an increasing discontent growing towards opt-out telemetry

Really? That's news to me. What I observed is people giving up more and more privacy every year (or "delegating" their privacy to tech giants).

The backlash against Microsoft's Windows Recall should serve as a good indicator of just how deeply people have grown to distrust tech companies. But Microsoft can keep turning the screws, and don't you know it, a couple years from now everyone will be running Windows 11 anyways.

It's the same for Android. If you really want your Android phone to be truly private, you can root it and flash a custom ROM with microG and an application firewall. Sounds good! And now you've lost access to banking apps, NFC payments, games, and a myriad of other things, because your device no longer passes SafetyNet checks. You can play a cat-and-mouse game with breaking said checks, but the clock is ticking, as remote attestation will remove what remains of your agency as soon as possible. And all of that for a notably worse experience with less features and more problems.

(Sidenote: I think banking apps requiring SafetyNet passing is the dumbest thing on planet earth. You guys know I can just sign into the website with my mobile browser anyways, right? You aren't winning anything here.)

But most users are never going to do that. Most users will boot into their stock ROM, where data is siphoned by default and you have to agree to more data siphoning to use basic features. Every year, users will continue to give up every last bit of agency and privacy so as long as tech companies are allowed to continue to take it.

If people don’t have a choice, then they’re not giving up privacy, like the person you’re agreeing with said, it’s being taken away.

Maybe you need to set an environment variable. Maybe that variable changes. It is pretty exhausting so I can understand people giving up on it.

Is that really giving up on it though? Or are they contorted to it?

If you do anything on the radio without the users explicit consent you are actively user hostile. Blaming the user for not exercising his/her right because they didn't opt out is weird.

I find that the popular apps for basic operation from F-Droid do a very good job of not screwing with the user either. I'm talking about DAVx⁵, Etar, Fossify Gallery, K-9/Thunderbird, AntennaPod etc. No nonsense software that does what I want and nothing more.

I've been running deGoogled Android devices for over a decade now for private use and I've been given Apple devices from work during all those years. I still find find the iOS devices to be a terrible computing experience. There's a feeling of being reduced to a mere consumer.

GrapheneOS is the best mobile OS I've ever tried. If you get a Pixel device, it's dead simple to install via your desktop web browser[1] and has been zero maintenance. Really!

[1] https://grapheneos.org/install/web

A large amount of work has been put into making Graphene specifically work with banking apps. Mine does, for instance.

GrapheneOS only works on Pixel devices. Pixel devices are fine. We have reached a point where just about every mid-tier device is fine, really. I run my devices until they are FUBAR or can't be updated due to EOL. EOL for Android (and GrapheneOS) is ~7 years from the release date now.

> it locks you out of a ton of apps people rely on such as banking and money transfer apps.

These can be installed and isolated using work or user profiles in GrapheneOS. Also as https://news.ycombinator.com/item?id=42538853 points out, a lot of work has been put into making Graphene work with banking apps[1].

> You must recognise that it's not a practical solution for most people.

Of course I do. We can act on two levels. We (as a society) can work for regulation and we (computery people) can take direct action by developing and using software and hardware that works in the user's interest. One does not exclude the other.

[1] https://privsec.dev/posts/android/banking-applications-compa...

My budget didn't allow me to buy a brand new one but I could buy a second hand pixel 6a for 200€.

Having said that you can also use an older phone with /e/os or lineageos and avoid apps that tracks you by limiting to android apps without telemetry available on f-droid.

However, how is that supposed to work for your significant other, or your mother, or your indifferent-to-technology friend?

Don't get me wrong, I also strive to keep my device's information private but, at the same time, I realize this has no practical use for most users.

The reality is these are no longer mere tools, they are instruments for conducting life. They are a prerequisite to just about any activity, much like driving in the US.

We expect each and every citizen to have an intimate understanding of driving, including nuances, and an understanding of any and all traffic laws. And we expect them to do it in fractions of a second. Because that is the cost of utilizing those instruments to conduct life.

Having said that it doesn't prevent them to check the "enable network" option when installing apps.

That said. You can order a Pixel with GrapheneOS pre-installed and Google Apps and services can be isolated.

> I think banking apps requiring SafetyNet passing is the dumbest thing on planet earth. You guys know I can just sign into the website with my mobile browser anyways, right?

No, you're not. For logging in, you need a mobile app used as an authentication token. Do not pass go, do not collect $200... (The current state of affairs in Czechia, at least; you still _do_ have the option of not using the app _for now_ in most banks, using password + SMS OTP, but you need to pay for each SMS and there is significant pressure to migrate you from it. The option is probably going to be removed completely in future.)

It's the same way that bills come out to crack people's policy.

Only people don't always know they can demand the opposite so it never gets messed with again, and instead get roped into fatigue of reacting to technology bills written by non-technology people.

It would have been so much easier for them to just send the whole photo as is to a server and process it remotely like Google does.

Are people giving up their privacy? Looks to me it’s being taken without consent, via enormous legalese and techniques of exhaustion.

If you have a smartphone in your pocket, then, for better or worse, you're carrying a location tracker chip on your person because that's how they all work. The cell phone company needs to know where to send/get data, if nothing else.

It seems disingenuous to put a tracker chip in your pocket and be up in arms that someone knows your location.

Unless this kerfuffle is only about Apple.

forced can also mean the whole no privacy by default and dark patterns everywhere.

Nowhere in marketing materials or what passes for documentation on iOS we see an explanation of the risks and what it means for one’s identity to be sold off to data brokers. It’s all “our 950 partners to enhance your experience” bs.

No.

And for how cheap and trivial syncing photos is, any mandatory or exclusive integration of services between app/platform/device vendors needs to be scrutinized heavily by the FTC.

Try disabling the motd stuff - it's quite pernicious by design.

And removing the ubuntu-advantage package disables the desktop. lol.

This is just too much of a coincidence. I know, I know, this "... isn't Apple's fault" blah blah. Bullshit it's not. They can't have it both ways where they say their app store process is great and then they allow this shit.

Which is kind of ironic in places like HN, where so many advocate for Chromebooks.

How many people use a web based camera or web based photo album app?

When it’s done default on, I default opt out.

GeoIP is definitely as you say of figuring out the location of an IP.

With photos, geocoding is embedding the gps location in each photo. Those locations are being sent scrubbed but still metadata to Apple.

The more I think of it I’m not sure if it’s useful to me to give that database to Apple for free. If it was presented as it’s being explained in device maybe I’d say cool, yeah.

Needless to say, if an Apple employee wanted to stalk someone (say an abusive partner, creep, whatever), the fact that this stuff phones home means that the employee can deduce where they are located. I've heard stories from the early days of Facebook about employees reading partner's Facebook messages, back before they took that kind of stuff seriously.

People work at these places, and not all people are good.

I doubt Apple employees could deduce location from the uploaded data. Having worked at FB I know that doing something like that would very quickly get you fired post 2016

[1] https://www.koffellaw.com/blog/google-ai-technology-flags-da...

This feature is intended to spy on the user. Those kinds of features can't be opt-in. (And yeah, holomorophic "privacy preserving" encryption song-and-dance, I read about that when it came out, etc).