In the past, we could have made a version of Signal without this spyware, to be installed as an APK (as I would expect the EU to force Google to ban the non-spying version from the app store). With the upcoming Android developer verification, this will no longer be a possibility.
The thing that depresses me about offhand references to bilderberg group is it's a missed chance to name real names. I don't know who they are, but from chat gpt'ing it looks like there's some particular agencies regularly behind these. One is "DG Home," an EU department on security that drafts legislation.
Another is Europol, a security coordination body that can't legislate but frequently advocates for this kind of legislation.
And then there's LEWP, The law enforcement working party, a "working group" comprised of security officials from member EU states, also involved in EU policy making in some capacity.
Perhaps targeted reform of these bodies is in order so they don't keep producing this legislation over and over. The blocking minority shouldn't just oppose the legislation itself, but make sure that their representation at those bodies is stopping those recommendations from moving forward. The legislating infrastructure needs to be challenged as much as any particular bill.
People have been talking about this for years. Corruption, authoritarianism and fascism is eating the EU from within and people who warned about it were called from tin foil hatters to just nutters.
The Data Retention Directive was passed in 2006 by the EU. It was law of the land for almost a decade:
>According to the Data Retention Directive, EU member states had to store information on all citizens' telecommunications data (phone and internet connections) for a minimum of six months and at most twenty-four months, to be delivered on demand to police authorities.
>Under the directive, the police and security agencies would have been able to request access to details such as IP addresses and time of use of every email, phone call and text message sent or received. There was no provision in the directive that permission to access the data must be confirmed by a court. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid in response to a case brought by Digital Rights Ireland against the Irish authorities and others because blanket data collection violated the EU Charter of Fundamental Rights, in particular the right of privacy enshrined in Article 8(1).
At least in the UK, a lot of these calls were made by the far right.
It's easy to dismiss as hypocritical, but it doesn't mean that they were wrong. Their "solution" to leave rather than fix was simply because they wanted it but in their control. Honestly they are nutters who make stuff up about "bendy bananas" etc, which dilutes the complaint.
The media, owned and controlled by powerful people who benefit from the status quo, just tacked on the term 'far' to remind people not to venture outside the Overton window or think too hard. It's scary and far away. Stay the cosy middle where it's safe. Anyone against the pro-corporate status quo (for example mass immigration) is tainted having an extreme opinion; Discussion over.
There are a few nutters and poor people notice these trends first. The media tend to zoom in on those people and of course that taints all their concerns because normal people don't want to say anything that people might see as poor or nutty; they want to be seen as successful and smart. Only poor people would complain about immigration and only extremists and pedos would complain about censorship and you are not one of them right?
The far right may have *latched on* to these calls, but rest assured they are as eager as anyone to use state power to quash dissidents, if not more so.
Any political party of any member state that even thinks about being critical of the EU will instantly be completely destroyed by "independent" national (state sponsored) media.
What are you talking about. UK is the prime example of political parties being extremely critical of the EU and eventually getting exactly what they asked for.
But even if you think UK is some kind of weird one-off example - it's not. Look at Poland - PiS has been openly critical of EU for years now and held power for years, will most likely win it again in the next elections. Konfederacja straight up calls EU facist on a daily basis and they have like 20% support for some insane reason.
>>by "independent" national (state sponsored) media.
You have to explain what you mean by this - you can't be independent and state sponsored. Or do you mean unbiasased(like what the BBC or TVP are meant to be, which they are obviously not but they are not "independent")
That "insane reason" is the propaganda machine(s) of russia and china. Konfederacja is called Konfederussia by many Poles just because how often what they say align with russian interest. The founder of Konfederacja, Janusz Korwin-Mikke once said that in the war between russia and Poland, he would fight on the side of the former.
UK is a wrong example as their issue wasn't EU's policies but the idea of one Europe. They wanted to have control on the borders that was fundamentally incompatible with EU.
And even then it was based on a misunderstanding of border policy, a false perception of control by the EU. In the years since Brexit all of the issues they had have only worsened and the biggest political agitator now is just the same group that pushed for Brexit with a new name still running on an anti immigrant ticket. Turns out the border problems were policies of their own governments.
I think something that is under estimated is how much it was a matter of identity - do people feel British or European? The areas that voted remain most strongly were the nationalist areas of Scotland and Northern Ireland.
It doesn't have to be in secret, they can and do plan and coordinate these efforts in the open. When we hear about it, it was already planned for many years.
I mean, "the police should have the power to read your communication" is not some fringe view. It's been the view of every state in the history of forever.
Couldn't someone just build that Signal APK without spyware and then get it signed/verified by Google?
The Google change means that every APK has to be signed and linked to a developer with a verified identity.
Unless Google might not be willing to approve this alternative version of Signal, but is there any indication of that? The Signal clients are open source with a permissive license so there's nothing unauthorized about building and distributing a modified version yourself.
If the developer is in the EU, they can come after them. If not, the EU can direct Google to revoke the verification. The commission has a big lever to pull with fines which are pretty much arbitrary.
The point is, before, you could run apps on your Android phone without anyone's permission. Now, you need Google's permission. You're relying on Google authorizing a Signal build which circumvents laws, and that's not at all a given.
>Is there any indication that Google will obey the laws of the EU when they have no vested interest in the outcome?
In this context it isn't EU laws. The upcoming Android change in 2026 will stop anyone installing a non-verified app on their Android devices. This seems to be something Google arrived at "independently". But I would bet the US and EU and whoever else have put pressure on them.
The law would be "don't sign apps unless they follow these regulations". Google has put themselves in the position of being able to enforce these regs, but that doesn't mean they aren't law.
The EU says it wants to challenge Big Tech. What they mean is they want to blackmail them into giving them privileged access to information, control- and surveillance systems.
Android as it is fails as an operating system and the same idiots ruining perfectly good software in other companies now work for Google. Not that iOS is in any way better, it has the exact same and even more deficiencies.
There are plenty of devices running older versions of Android which are not under Big G's control and won't be subjected to this authoritarianism. Coincidentally they are also likely to be easily rootable, so you can still have full freedom.
Just don't "upgrade" and ignore all the propaganda telling you bad things about that. Keep building apps that work on older, less-hostile devices and spread the word to oppose this very deliberate planned obsolescence.
True, but there are apps, as reported in other threads in this forum, that will not run on rooted phones. E.g. banking and government apps. Most people will not go around with a rooted phone, much less with two phones.
> Coincidentally they are also likely to be easily rootable, so you can still have full freedom.
Also easily remotely ownable, so you can be spied on without even having to install any software at all. And any that aren't now will be a couple of years after they fall out of support. Which, by the way, is very hard for the community to step in and do, since they're full of undocumented proprietary binary blobs.
> Just don't "upgrade" and ignore all the propaganda telling you bad things about that.
... and when your fully owned device finally breaks completely?
You've fallen for the propaganda. "remotely ownable" is only true if you do things like visit sites with JS enabled by default, which is what has been the case with true PCs for a long time.
There's a whole community keeping these devices alive, I trust them far more than Big G.
The... propaganda? PoC exploits demonstrating full device takeover by sending an image file are propaganda? What would a real security vulnerability that's not propaganda look like?
libwebp, a Google-originated format... how convenient.
via a crafted HTML page
Don't forget that the majority if not all exploits will use something like JS to obfuscate their existence and frustrate analysis.
Also remember the famous sayings "Those who give up freedom for security deserve neither" and "Live free or die". Accepting the insecurity, because freedom cannot exist without it, is also important.
No, really. I asked a specific question. What would a vulnerability that's not propaganda look like? Please explain how to distinguish between propaganda and non-popaganda vulnerabilities. I need to be able to distinguish between them for myself.
Since the right people are here, can anyone explain to me why its so hard to "root" (in reality, obtain basic filesystem / networking etc. control) with that OS?
GrapheneOS is focused on being as secure as possible. When you put root access into the equation, all the security protections are irrelevant if apps are able to bypass them at will.
It's really not that hard to do, just antithetical to the purpose of the OS.
It already took a mountain of resisting the network effect to get at least some half of my friends to chat with me on Signal. The chances to get them to move to something more obscure, that has any additional friction is low and the effort in convincing them will be high. That's not to say I won't try, but man I hope it doesn't come to that.
Tesla...certainly isn't top of mind when I think about makers of technology products that permit true ownership of the hardware / respect their users' privacy.
A phone made by a car manufacturer that abuses access to car cameras to spy on customers in their homes and share videos of them being naked? You can't even pay me to make me use such crap.
Unfortunately, "reasonable" generally means "can do the things typically done with smartphones these days", which include things like banking, media streaming, and civic stuff - things mediated by the very systems whose vendors aren't just embracing remote attestation, but actually driving its proliferation.
For better or worse[0], this is not a technical problem - it's a social/political one. Technology created it, by making remote attestation possible - but the actual problem is with why companies want to use it.
--
[0] - Definitely worse. Technical problems are easy.
I don't care about this kind of private communication. I care about automating and debullshittifying my life, which includes stuff like banking and civics.
I didn't learn to program computers so I could use it to shitpost more privately. I learned it so I can make machines deal with things for me the way I want them to.
Google won't have to ban the non-spying version of Signal, Signal will simply cease to operate in the EU. That's what the Signal CEO said in an interview.
>as I would expect the EU to force Google to ban the non-spying version from the app store
If you expect hostile action by Google you should also expect the rootkit that is google play services to also do that. Which means in both cases the solution would be to use a actual open source mobile OS based on AOSP.
