I think it has something to do with your brain playing both sides of the dream. You are coming up with how to react, but you are also at the same time coming up with what happens next. So if you dream a lion and you are like “uhoh, what if the lion tried to chase me, that would be a problem, I’d have to run away,” then you’re now dreaming about a lion that is chasing you and how you are running away.

Or plants. Or whether you should shout at people. Or sort of the concept of women.

Nah, that’s an NPU.

The graphics stack is better, but the security isolation is IMHO solving a problem no one really had, at the cost of breaking a bunch of integration mechanisms people actually used.

You want UI security isolation for something like Android, where most software being run is fundamentally opposed to the interests of the user and wants to steal anything not nailed down, and you also contain things at the file system level. If Facebook could screenshot every other app all the time it absolutely would, and people would download it anyway. To some extent the enforceable promise that it can’t do that is why people are still willing to download it anyway and let it do all the other things it does to compromise a system.

In a distro shipping legitimate software, isolation at the desktop UI level is nice for defense in depth, but not really drawing a real security boundary around any program to the point where a user can trust a machine with malicious software running. It doesn’t matter if I can’t steal Firefox’s pixels if I can echo "export PATH=$HOME/.evil-firefox/bin:$PATH" >>~/.bashrc.

Probably.

This sounds like a bug in the distro packaging of the module, or maybe in Grub. You don’t want to try and install any kernel package, or make your default boot option any kernel package, that the wifi driver package doesn’t declare compatibility with.

But nobody’s package manager knows to do this by default when the driver package is installed, and most packaging systems might not even be able to articulate that constraint.

Now I’m thinking with portals.

I don’t think it is right to trivialize rape like that.

I don’t think the burden should be on users, but I do think some of the burden should be on the press. If the press just assumes Google is up to no good and never does the investigative reporting needed to show it, we will miss out on having very politically useful evidence.

Anytime I want cooperation I will need to persuade you.

That sounds suspiciously like democracy, the thing we would quite like to achieve.

But they aren’t even showing collection of data in the article. For the data to be collected, it needs to leave the phone, not just be touched by Play Services.

Play Services does collect data it shouldn’t collect, by sending it back to Google. But the difference between “I am collecting your data” and “I wrote software you are running” is important and needs defending, because obscuring it is one way that independent developers are prevented from publishing and marketing actually-privacy-preserving software. If I am deemed to have “collected” your personal data every time you type it into a text editor I wrote, I can no longer distinguish my local-only encrypted text editor from Google’s one that stores all your data unencrypted on their cloud. We both have to say we “collect” your data, and nobody non-technical can tell the difference.

You can buy a phone that arrives running GrapheneOS. This might not be advisable, because it adds another point of trust in the refurbisher who actually does the flashing, but you don’t need to have the skills or do the research to install it yourself to get access to a device that runs it.

It’s not that I want to give them the benefit of the doubt, it’s that the article neglects to bring in that whole thread of the argument that you give here. This should all be in the article.

The SensorVault data is “just” the Google Maps Timeline data though, right? Which people have always been able to turn on and off, if they knew about it.

I feel like Google not really respecting a concept of user consent and pretending people agree to poorly-publicized and often-modified tracking programs is a different, and, frankly, weirder, privacy problem than there being closed source stuff running with high permissions. If you could revoke permissions from Play Services, or if it was source available or even free software, that wouldn’t solve the problem because it would still be able to do stuff Google had manufactured consent for it to do.

Do you mean “transmits” as in “from the location service on the phone to the mapping app on the phone”?

Or do you mean the phones are all updating the wifi SSID geolocation database, which they then all can use for doing wifi-based geolocation?

The article seems to go directly from “this piece of software talks to all the sensors and isn’t well sandboxed” to “Google has directed this software to profile and surveil users” without actually providing evidence to support that leap. Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user’s privacy?

If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills, because those sorts of scandals are important arguments for increased privacy protections. But we need to actually find that mismanagement occurring, not just assume it must be because Google wrote the code and it isn’t open source.

But if a Graphene device takes a non-malicious approach to data management out of the box, can’t you just buy one of those instead of doing research and taking charge of your device to proactively prevent spying? Why not just let a trustworthy organization like the Graphene project manage it for you, instead of an untrustworthy one like Apple?

I had no idea these existed and they look amazing!

Where do you buy these that isn’t under boycott?

Sounds like a lot of people are out there selling defective hardware.

I thought they were still hoping to convince people to use Bedrock so they had to buy Windows.