Google’s ‘Secret’ Update Scans All Your Photos
-
That's what you don't use, which wasn't what they asked, right?
-
Have you even read the article you posted? It mentions these posts by GrapheneOS
-
I guess the app then downloads the required models
-
True or not, one can avoid the whole issue by using your phone as a phone, maybe to send texts, with location, mike, and camera switched off permanently, and all the other apps deleted or disabled. Sure, Google will still know you called your SO daily and your Mom once a week (NOT ENOUGH!), and that you were supposed to pick up the dry cleaning last night (did you?). Meh. If that's what floats the Surveillance Society's boat, I am not too worried.
-
did they make it so after people started removing it?
-
The scaling attack specifically can make a photo sent to you look innocent to you and malicious to the reviewer, see the link above
-
Google says that SafetyCore “provides on-device infrastructure for securely and privately performing classification to help users detect unwanted content
Cheers Google but I'm a capable adult, and able to do this myself.
-
Nah, for system stuff that updates via Google Play, it's always been like that. Like Android System Webview for example, if you search Google Play for it you only see the Beta and Developer versions of it. You need a direct link to see the default one included with modern Android.
https://play.google.com/store/apps/details?id=com.google.android.webview
-
Whether the people at Google who did this knows they are evil or thinks they are not evil doesn't really even matter. Having a phone app that automatically scans all your photos should scare the shit out of you. At the very least it wastes your battery and slows down your phone.
-
People can go further than that and install a ROM for their phone that doesn't have any Google apps on it. People can even use applications that normally require Google Play Services by using microG, which spoofs things. You can also root your phone with Magisk and use apps to block anything leaking anything else.
-
You don't need advanced scanning technology running on every device with access to every single bit of data you ever seen to detect scam. You need telco operator to stop forwarding forged messages headers and… that's it. Cheap, efficient, zero risk related to invasion of privacy through a piece of software you did not need but was put there "for your own good".
-
If it provided a feature to automatically block incoming dick pics, which Google claims it's for, was fully local, and only scanned incoming messages, not my own gallery, which is what Google claims, I would likely find it useful. There is nothing wrong with the idea in general.
At the very least it wastes your battery
Again, if it's an optional feature that you can choose to turn on or off, there is nothing wrong with that.
-
In my experience, the API has iteratively made it ever harder for applications to automatically perform previously easy jobs, and jobs which are trivial under ordinary Linux (e.g. become an access point, set the IP address, set the PSK, start a VPN connection, go into monitor / inject mode, access an USB device, write files to a directory of your choice, install an APK). Now there's a literal thicket of API calls and declarations to make, before you can do some of these things (and some are forever gone).
The obvious reason is that there are a billion fools whom Google tries to protect them from scamers.
But it kills the ability to do non-standard things, and the concept of your device being your own.
-
I will perhaps be nitpicking, but... not exactly, not always. People get their shit hacked all the time due to poor practices. And then those hacked things can send emails and texts and other spam all they want, and it'll not be forged headers, so you still need spam filtering.
-
Tried it on my laptop. Doesn't work at all
-
I saw that, that's what I meant by "it sounds like it has the capabilities to spy", something that can do all those things must have lots of access and could provide perfect cover for any number of undesirable processes.
-
I suppose that's all true, I'd say more "following apples lead on locking things down" than over engineered, but
.I find myself avoiding the whole root business, I do want my mobile device to be fairly locked down. But I also use alternative OSs and app stores to avoid 90% of the garbage (stuff I can't avoid I put in work profile, like I still need google maps).
It works for me, but on the front of this complexity driving away devs I don't really see a viable alternative. Base Linux isn't secure enough for what we put on these little computers. I mean you've still got tons of influential people arguing you shouldn't use secureboot or a tpm as if leaving your whole computer unsecured is better than the indignity of using a non-free bios.
-
Love me some Obtainium. Did my first PR this week (adding cross-device sync via SxncD)
-
I didn't see it anywhere on my phone but ill look into it more after work. Thanks for the heads up.
-
Apparently I'm a beta tester for it, don't recall signing up for beta tests with it
