It is amazing how Volkswagen keeps messing up.
I am currently in the market for a new car, an EV specifically. Volkswagen brands were at the top of my list for many reasons, among them the excellent driving assist implementation.
I got an offer from a dealer three weeks ago and was going to order the car, then the API for the community integration got turned off. I decided to hold back and see what comes from it. Now this, which ultimately - since I am a GrapheneOS user - makes me completely cancel my plans.
I really do not understand VWs thinking here. It would cost them little to nothing to continue not blocking the the inofficial API and not block GrapheneOS (or other non Play Protect androids) users. It would have no adverse effects on the average Joe, but it would gain a lot of support and enthusiasm from heavy users, differentiating from other brands. Not to mention the fact that it is the USERS data in the first place
German companies, especially old school industrial ones like VW, have a very hard time understanding open platforms. The view everything through the lense of liability and compliance first. Their thinking is that if someone runs their app on a custom ROM and uses that to manipulate the app in any way, and that causes some extremely hypothetical damage, that they might be held liable for not having prevented this situation.
Obviously, the chances of that are virtually zero. But they'd rather make their product worse than assume with any kind of risk, even if it is virtually zero. That is simply the way in which German enterprises operate.
If they have concerns about the security of their app on some platform, they have the choice to either put "security" into the app, or to trust the platform vendor to provide the security. The correct solution is the first way. Deferring trust to the platform provider is the lazy way.
If their APIs are done correctly, they shouldn't be afraid to expose them.
How else would you build "security" into the app (in the sense of not allowing third-party modifications of it that would open them up to liability), except relying on hardware attestation that the app has not been modified? That attestation necessarily requires the platform provider to be involved.
You don't, the app runs on a user-supplied device. They should secure the part that runs on the car and consider the interface between the app and the api to be a user interface.
I am pretty sure that was not the engineers, but someone higher up the food chain ordering people to do that. I might be wrong, but maybe I missed the obvious "/s" or "/i" here.
Clearly the engineering team didn't know ahead of time that Electrify America would be the end result of dieselgate. Had they known, perhaps they would have been more eager to do the engineering work though! haha
It was just a fun inside joke, since nobody could have assumed the fines would create Electrify America. Personally I'm glad Electrify America exists, though the way it happened was probably not the best path to get here.
EA even has successfully moved on from just being an org forced into existence and are actively trying to take care of customers and produce a good product now that they have some competition.
I mean, the only reason they did it was to be able to comply with the requirements of the test.
But the reality is that every once in a while you have a scandal like this or something like Wirecard, and it happens, because the culture is such that absolutely nobody thinks it possible. That includes officials and regulators whose first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.
>because the culture is such that absolutely nobody thinks it possible
Only naive laymen or newcomers to Germany think it's not possible. German business leaders, lawyers and politicians know exactly how much corruption and scamming is going on in the business sector, and it's not a little.
>first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.
That was purely malicious to try to protect Wirecard, not because the regulators couldn't possibly imagine corruption and law breaking exists, that was the story they used as cover for their corruption.
Like you're a regulator and instead of doing the thing you were hired for and look at the evidence The Economist showed you, you instead "use your instincts" to decide not to do your job and not look into Wirecard because you can't imagine something bad can ever happen? Come on! All those regulators should have been fired and tried for corruption and/or accessory to crime.
If I had to guess it’s liability concerns around the app-based remote unlock and parking + R155 and CRA. A lot of european companies have moved to require attestation in their apps, likely spurred on by the CRA.
But why? I'd understand (though not approve) them tightening down everything about the car firmware to the max. They are responsible for the app, sure (it's a "digital element"), but they aren't responsible for the OS the app runs on. The CRA should not be used as an excuse to enact stupid restrictions.
Yes? These things directly follow one another: VW are obsessed with letter-of-the-law compliance, so things like end-runs around test routines are obvious solutions.
And VW didn't single-handedly destroy the diesel market; economics and physics did. Almost every other manufacturer was also fudging the tests results in some way. But more importantly, building a passenger car diesel that meets NOx targets doesn't work; by the time a passenger car diesel meets modern NOx targets honestly, the car contains a ludicrous precious metal loading in the catalyst and is only a few percentage points more efficient in terms of consumption and CO2 emissions than a petrol car and the math doesn't add up. Diesel is just not a practical solution for passenger cars; it never was in most ways, but it took the EU a long time to restrict NOx pollution to a sustainable level and expose the physical issues at hand.
That itself though speaks for a broken company culture. If one part of the company is completely disaligned with the values of good engineering, why should anyone still trust the company as a whole? It seems they at the very least severely lack a good vision then, to uphold the company values or what should be the company values.
That’s how megacorps are. VW has almost 700K employees. Enforcing a company culture on that scale is a very diffuse and difficult thing. If you are evaluating whether you should trust a company based on their ability to enforce values throughout all their orgs, you really shouldn’t trust any company unless it’s a tiny one where this sort of thing can be a lot easier to hold the line on.
You don't understand, both comes from the same motivation and way of thinking: You see, compliance in Germany is about pretending to be super-compliant and not getting caught. Everyone will do the dance, make all the moves, and if you seem to make all the moves, you are assumed to be compliant. Supervisory authorities will not really check thoroughly except if you are annoying them or making them look bad. Especially if you are partially state-owned like VW.
In Dieselgate VW got caught, made the supervisory authorities and politicians look bad, which is why the authorities also weren't inclined to sweep it under the rug completely. They just shielded VW from the financial consequences in Germany (German VW customers got shafted).
Blocking GrapheneOS is the useless "pretending" part of compliance. They don't really want to do security, because that would cost money, so they pick some actions that seem drastic, harsh and don't cost them anything to implement. Later, when there is a security incident, they will point to their huge heap of pretend compliance, whine a bit about state sponsored actors, high criminal intent and other obvious deflecting bullshit. But they will get away with it, because they did the compliance dance, so they are obviously compliant and did nothing wrong. Nobody in authority will look twice als long as they are neither annoyed or made to look bad.
I've had the same Golf since I bought it new in 2014. I like my Golf, so it should be an easy sale for VW to sell me a replacement.
However, VW just seem to make gaff after gaff. Collecting information they shouldn't, exposing information they shouldn't have to hackers via lax security practices.
How many rakes can a company step on?
Now, they're blocking GapheneOS? They've got two hopes of selling me another 'Dub.
VW is obviously not thinking that any noticable portion of the userbase uses Graphene, and someone (somewhere) is going to get a promo by making VW infra adhere to "standards" or something
Actually we need to force our European governments to use services that do not depend on foreign services (ie. Google or Apple). Then I guess it will only then become obvious to them how crazy the situation has become.
The company's have done their thing to ensure that the average guy wouldn't even try escaping their lock-in. So chances are becoming smaller and smaller to hope for a critical mass of users to complain.
which is why shaming them is a valid attempt to get them to "think". it has worked in the past (particularly with bmw!).
specially because no car really supports grapheneos, but it can be used in any car supporting regular android provided google play is installed which ensures google's certification and validation is being preserved. if i get this right bmw is actively blocking this, which would be just a dick move.
I don't use Graphene, but now I'm out of the market for a VW.
Vendor lock-in to Play services is ridiculous.
A car is a big purchase, and ideally not something I discard after a few years. I'd like it to not treat me like a second-class citizen and renter who can't make decisions over how to extend the life of my purchase.
It's ridiculous, but are we only saying that because we're on HN or is it because the portion of the userbase who thinks it's actually a bad thing is the larger one?
> I got an offer from a dealer three weeks ago and was going to order the car, then the API for the community integration got turned off. I decided to hold back and see what comes from it. Now this, which ultimately - since I am a GrapheneOS user - makes me completely cancel my plans.
Make sure that dealers know why you changed your mind.
As a dealer, it would be frustrating especially because it is so silly.
Basically, if they report any of this to HQ, it would be along the line of "I am losing the sale of a whole car over some stupid app block".
What is the risk of letting them know that someone lost trust in VW's features due to a boneheaded decision of their software group and decided not to buy that brand at all?
Same here. I'll be in a market soon and I had my eyes on a VW i4 or a Škoda Enyaq, but this makes me seriously reconsider. I really wanted to support local industry and buy a European product this time, but they are making it seriously difficult (no, don't get me even started on Stellantis).
I was hesitating between a VW ID.4 and Peugeot 5008 (7 seater, much space). In the end I went for the Peugeot and it's fine. The ID was much more fun to drive, but I would have lost space and paid a lot more.
Peugeot is reasonable and works. Charging could be faster and WLTP longer, and once I had the screens restart while on the motorway which thankfully did not affect driving but was pretty terrifying. All that to say - go ahead and buy European. You'll have some issues but for me all better than to get a china car with who knows what data exfiltration and hidden issues, or a Tesla that will lock you in when the car burns. EU companies are too boring to spy and too risk averse to have tesla-like issues..
Mercedes has some interesting EV options, and they have some models at the moment that are not necessarily that expensive. Through the grapevine I overheard something about surplus production due to mandate to build a certain number of EVs.
If you don’t want/need a new car, the used car market in Germany is pretty active with EQAs and EQBs.
I think there was no specific thinking in that space at all. They went for attestation of the app for security reasons of the API and their testing only runs on normal android and iOS devices. Consequently, they realized later this and write a response pointing to their tested platforms.
So understanding why they drop it is IMHO easy. Understanding why they use only attestation based API despite and forcing their third party ecosystem out is stupid. Companies do not understand open communities.
> Volkswagen brands were at the top of my list for many reasons
You should definitely reevaluate how you constructed your list. VW has a history of being scummy (https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal) and their ICE cars are notorious for being unreliable compared to the Japanese car-makers. To be fair, EVs do change the equation a bit, but given their scandal plagued past, there's no way I would put them at the top of any list.
> their ICE cars are notorious for being unreliable compared to the Japanese car-makers.
I always read this online, but my personal experience in EU doesn't match that at all in quite a sample of people and cars over the last ~15 years. At least not for older cards. The reliability after 100k km seems to be somewhat similar.
The repairability of VW-group stuff in 3rd party services is soo much better and cheaper. The WV-group is huge and many models across the brands share same parts and full engines. There exist non-OEM alternatives and people know how to fix those cars.
I have never bought new car. But driving anything but VW got expensive fast.
Toyota cars can have bespoke parts even between different months of the same year for the same model. Continuous improvement isn't really that cool for cars.
Outside Western Europe, VW is priced like a premium upmarket brand (not quite luxury). Maintenance and general upkeep for a VW are easily two to three times the cost of an equivalent Japanese car.
Which wouldn't be an issue if the cars were actually built to their price point. But the VW cars we get here are shittier versions built in nasty factories. They break down if you look at them wrong. The build quality is nonexistent. They are absolutely an awful deal, no matter how you look at them. You also have to personally import parts from wherever they're available, because otherwise only the dealerships have parts and they are absurdly overpriced.
Also, European brands are afraid of exporting EVs. If you want an EV, you buy a Chinese car. There is no other option. It is as simple as that.
I currently own a 10 year old Seat Leon with not a single out of maintenance repair (if we ignore the cosmetic repair due to a wildlife encounter). My parents have owned multiple VW vehicles, with each of these lasting >15 years without major issues. I know they have a reputation of being unreliable compared to Toyota, but that hasn't been my personal experience and equally important: they do not look like a Toyota. And Mazda has awful EVs
Putting these factors aside: they are usually cheaper than their peers in insurance and they have dealerships absolutely everywhere. I've had multiple Skoda and VW EV rentals and the experience has been nothing but pleasant. Hence my priorities.
Said owner cares about their experience above the environment. Sure people care about the environment, but it is always lower than all the other factors in their personal list of things they worry about.
That is why so many rich fly private jets to environment conferences. People put Greenpeace and similar bumper stickers on their SUVs that never go off road and rarely have more than one person inside. They care about the environment, but only when it doesn't impact anything else in their life.
> Sure people care about the environment, but it is always lower than all the other factors in their personal list of things they worry about.
Emissions scale with performance, and inversely of fuel efficiency. So the environment may not be the most important point, but I'm pretty sure fuel efficiency is high on the list when you're picking a compact or long-range car that is supposed to be fuel efficient.
Also, by advertising as compliant to green specs something that wasn't, means people may have been swayed to purchase irregular cars despite them not being really green, only due to the fact that they may have received rebates and contributions for the purchase, regardless of whether "being greener" ranked high on their decision metrics.
Data point: I bought a Skoda because of its claimed efficiency. It wasn’t the only factor, but in the balance of weighing things up, I cared that the stated emissions and fuel efficiency were better than some of the competitors.
I was lied to. Had I known that was the case there is a good chance I would have gone with a different car.
My car was recalled and reprogrammed and it no longer had the torque it had at first.
Of course now it’s clear that most if not all manufacturers were doing the same trick, they just weren’t caught at it.
I'm kinda glad that it's VW blocking GrapheneOS users in a cynical way. When my parents got a VW Jetta they never stopped complaining about it and never bought one again. So it tracks that they'd also be the car manufacturer to block GrapheneOS and stomp on their user's privacy.
It's an easy market to win at this point. The bar has been lowered so much. Already have a nice car? Just don't display utter disdain for your user's privacy and you get our $$.
I've test driven pretty much all VW brands (that fall within my budget) and thus far, the Cupra Born has been my favorite.
I have test driven the Kia EV4 and EV3, but I am not a huge fan. I do not enjoy the look of the EV3 and while the EV4 was a nice drive, I kept bumping my leg against the direction selector (which is below the handle for the wipers; But this is a huge nitpick since I am fairly tall, so not really an issue for 99% of drivers).
The main issue with Kia across the board is that their are so darn expensive for insurance. At my current provider, the EV4s insurance would have been 500 EUR more expensive than an roughly equally priced Cupra Born.
Not a huge SUV fan, but the Skoda Elroq and Skoda Enyaq were very nice vehicles as well
Been mostly interested in ev6. Just compared insurance cost and Polestar 2 was almost double. Born was also 50% more than kia ev4. Maybe different in the us if you are there?
This is sadly not even the full extent of it. What they did is, they locked their api entirely for anything that is not play protect certified. That means, all the cool stuff that was doable via community-driven projects is now dead in the water.
The "app" they provide is 60% advertisement, 30% features, and I unironically preferred using a Home Assistant connection instead of of it for everything. Even for automations like "when to preheat the car", since that was easier and more intuitive outside of their native function.
This also means, that charge control from the cars side is not possible to automate anymore.
Sure, one could take the position "but it was never officially promised", but for some people, including me, having the api (which is paid btw) was a selling point.
Car apps, beside Tesla, are universally awful to use. Even Tesla's is not beyond reproach (app size is massive, for one), but at least it doesn't make me want to poke my eyes out. Apple should make a "Cars" app that's like the "Watch" app and let them standardize.
I feel you. From my side I try to complain / rate / review every time, even if it's a low effort action, to cost them time and in the case of the regulated companies, to slightly worsen their complaint stats.
There's enough of users to start making a difference. Really, even a low effort action raising valid concerns (security theater, a lie, google's monopolistic position, anti-competitive, etc), keywords that will make their response more careful and potential complaint to the regulator more impactful.
Things like this can actually be a good way to nudge a company in the right direction sometimes. Nobody uses those internal review systems, and sometimes their stats are actually important. A handful of users might make up a really big chunk of the reviews.
In a similar vein, I once met a woman who told me how she would enter every single one of those stupid contests that you'd see printed on cereal boxes and ice cream containers because literally five people enter into those things, so you're odds of winning are surprisingly high. Apparently she won a bunch of them, but her favorite was when got a week long vacation that included going on a fishing trip with Ben and Jerry of "Ben and Jerry's".
I feel like that should be a warranty claim. You sold me one car with a specific set of features and now you've updated it into a different one lacking those features. It's not the same car. You broke it. Fix it or pay me for it's value.
Rivian would have gone out of business a year ago if VW had not approached them with an offer of $5.8B to rewrite all of VW's car software [0]. Because VW knew their own software sucked.
I wonder if this is a result of Rivian writing VW's software or if that effort hasn't yet borne fruit.
So "Play Protect" is doing all the damage to the third-party ecosystem that it'd seemed designed for.
I've slowly but surely been moving away from any service provider of any type who does not allow me to use their service without their often Play Services-dependent app. Changing vehicles would be a lot harder though.
Developers have to go out of their way to implement triggering Play Integrity API checks in their app and then retrieve the results to check on their services. They're putting a lot of effort into banning anything not licensing Google Mobile Services. It's definitely not a security feature since it permits devices with no security updates for more than 8 years but not a far more secure OS than anything Google certifies. Google doesn't allow GrapheneOS to obtain certification and certification comes with highly anti-competitive rules which would be completely unacceptable. Their licensing system has been ruled illegal in South Korea and other countries should not only do the same but ban the Play Integrity API and other related anti-competitive features. These are not actual security features and that's an excuse for the actual purpose of enforcing their GMS licensing model including forcing including a bunch of Google apps with extremely privileged access and using their builds of many OS components shipped from the Play Store.
Driving a rental car in Germany almost makes me cheer for the ongoing bankruptcy of their auto industry. It really needs a full reset at this point. Sad thing is EU law mandates for a modem in the car as well as intrusive driving aids that actually make driving less safe by constantly driving your attention away from the road[1]. So there is no hope to get a minimally decent car in Europe in the near future, unless a wider reset also happens at the political and social level.
Recently I rented Cupra for a week, its assistants were non intrusive, and helpful. It was a pleasant surprise. Now don't get me started on Toyota or Hyundai assitants... BTW the video you linked features a Toyota.
- beeps about the speed limit, especially if it misses a sign. For example every time starting on a parking lot it keeps the 5 kph even after multiple turns
- warns about leaving the lane, including trying to stay on the lane by slightly couter steering while ignoring yellow construction lines
- Sometimes when moving off from a standstill in a queue, it triggers all "careful you're about to crash into something"-warnings. I suspect it's detecting exhaust gasses from a car in front?
- You must not, ever, touch the turn signal to announce your will switch lanes soon, while there is still a car next to you. You'll get a loud, obnoxious warning tone. This one is especially annoing as it makes sleeping as a passenger on the autobahn basically impossible.
> ... it makes sleeping as a passenger on the autobahn basically impossible.
Which people often do when sharing the driving on long drives. So, another case of it making driving more dangerous, if the spare driver can not rest properly.
I recently saw a reportage about emergency call-takers. As you watch them work you'll notice they get an automatic call from the crashed car long before any human calls them, presumably from that modem.
I'm not arguing that the modem should be mandatory, or that you shouldn't be able to control what it does. But forcing car vendors who want to built in a modem to make this modem do an automatic emergency call by default, that seems quite sensible. Even more sensible would be if the modem did nothing unless you allow it, except when it detects that crash, but... profits.
Whoever came up with the idea that the car should beep loudly even close to the speed limit has clearly never driven a car.
The best way to silence it is to constantly be over the speed limit or well below.
Probably made worse by the fact that _every_ VW brand car I’ve driven has read about 10% high on the speedometer. I think I’m going 100 kph, but timing using the km markers on the highway show I’m going about 90.
When I talked to the dealers, they said that the speedometers only have to be accurate +/- 10% according to the SAE specifications.
After DieselGate I assumed that the high reading was to game the fuel consumption game.
> When I talked to the dealers, they said that the speedometers only have to be accurate +/- 10% according to the SAE specifications.
I believe the requirement is only one way - they can read high by a certain % but they cannot read low. Which makes sense. But that means in reality they will usually read a little high.
Was in an Uber in Korea recently traveling from the airport and the car literally beeped every 30 seconds for the entirety of the one hour drive with what presumably was a speed limit warning - a beep AND a verbal message. Seemed to be only marginally over the limit. Drove me insane. I don't know how the driver dealt with it - he must experience it all day every day.
I guess you just filter it out after a while but it definitely makes me think I need to do some research before getting a new car any time soon.
This thing makes me crazy. But I can somehow ignore my Skoda’s whining. The other car was bought months before this regulation happened and I will keep it as long as I can.
> constantly driving your attention away from the road
Absolutely agree! After a few minutes you realise you forgot to disable one of the 'features' and then get distracted trying to do that.
Lane keep assist is broken and dangerous
Auto high beam assist is broken and dangerous
Auto cruise control is broken and dangerous
Collision detection-avoidance is broken and dangerous (thinks you're going to crash quite often in our narrow, built-up areas in the UK)
Speed sign detection is broken
Hell, even automatic wipers, after all these years, is far from perfect. I feel they should have had to prove themselves with that before being given anything more important
How are all these "broken and dangerous"? In my car (Volvo) they work rather well. Perhaps sign detection sometimes misses signs, but so do I so I can't fault it. The others though, I rank them all somewhere between "genuinely useful" and "absolutely awesome"
N.B. I didn't write /all/ were "broken and dangerous"
But some personal examples:
- Auto high beam assist saw a car at a side junction, turned off high beam, then turned back on, mimicking a 'flash' to let the car out, which they acted on by pulling out. I had to brake hard to avoid them. I was doing 60 mph
- I was on the motorway and a stranded vehicle was on the hard shoulder and the driver decided to exit from the side closest to my lane. I went to move over slightly to give space and avoid him, and the lane assist pushed me back towards him (there was too much traffic for me to change lanes)
- Driving in built-up areas with lots of parked cars and narrow sections, the collision avoidance has pre-activated with huge beeping warnings that massively distracted me, causing me to actually nearly hit something
These were all different modern (but not high end) vehicles
Auto cruise control doesn't take into account vehicles in other lanes etc. It encourages disengagement in dangerous situations/surroundings. It is by definition dangerous
edit: and speed sign detection is probably the most broken. The constant beeping and flashing. I mean, I don't have to explain that do I? Distraction -> danger.
I don't know how large a group who will do this is - but if the UK bans VPNs I can see Graphene having a very large target on its back.
- Buy Pixel, Get Graphene
- Use FDroid, don't sign up for Google Play, download Tor browser
- Censorship resistant access to the internet without handing over your ID.
Pixel being a fairly popular phone in the UK is the interesting bit - if you had to buy some niche device I couldn't see it hitting more than a few hundred people doing it, but there are likely 100k pixels in the UK, and it's still possible to buy one and put Graphene on it.
The squeeze on the free internet happened so quick by the UK (well it took years of indifference and a failure to enshrine protections - but once they started moving the did so super fast)
Realistically we're speed running ID being tied to internet usage - create your escape hatch while you can!
There must be 10s of millions of x86 PCs with unlocked bioses in the UK. The issue won't be running an open device. The problem is software - what does someone running Linux do if the government mandates online services require proprietary attestation APIs?
It's scary how quickly the banning is moving. The problem is what happens next. When they realise that banning things doesn't really work. The next logical step is severely limiting internet traffic.
The first wave will be to mandate ID verification for online services. Some people will then start using p2p services, so the next step is to ban devices that can run non-approved software. Probably having your own VPS running your own software will also not be allowed. And like that, all the avenues for escaping control will be closed… for your safety, of course.
> what does someone running Linux do if the government mandates online services require proprietary attestation APIs?
One dual-boots to a reputable Linux vendor’s signed/sealed OS image with secure boot enabled in BIOS, so that the attestations are valid; financially supports said vendor; contacts them quarterly with check-ins on the status of their lockdown+attestation roadmap and uses professional journalism approaches to highlight their (in/)action; and, contacts one’s relevant governing body to petition for the addition of that vendor’s signed/sealed product line to be added to the authorized signatures list by both government-sponsored apps and to the verification platforms of the competing vendors (in order to balance the necessities of attestations with an appropriate degree of anti-monopolistic protections for consumers).
> It's scary how quickly the banning is moving. The problem is what happens next. When they realise that banning things doesn't really work
This confidence that ‘attestation doesn’t really work’ is the same sort of confidence that lead the Linux user community to largely scoff at, and ignore, attestation’s threat from when it was ballistically launched three decades ago towards the future. Options are now very limited for stopping it, and largely reduced to ‘getting some Linux into the approval list’. Severe compromises in user freedom will be required for the signed+sealed distro images to receive government approvals.
Imagine if Linux were an app on a video game console and you start to see the outcome: it’s a perfectly great working environment into which all of /usr/local and /opt and /home are writable, but the lockdown prevents you from modifying the OS in any way that could defeat the attestation protections. Apps you install into /opt can only access their own /opt/prefix, apps you install into /usr/local can access $HOME. The apps you install can choose to write session data (such as digital age verification certificates) to a system-protected /data store keyed first by the kernel’s signature, and second by the vendor signature the kernel reads from the app; with the understanding that an attestation latch-forward after an exploit patch will wipe that store, and that dual-booting to a different vendor will suspend access to sessions stored by that vendor.
This is, to climb on my hobby horse for a moment, why I continue to believe that Valve will be the first Linux vendor to receive government attestation approval alongside Apple / Google / Microsoft have previously across the desktop and mobile spaces. I’d really prefer that to be Graphene, Ubuntu, and Valve — but Graphene’s customer base is hostile to this, Ubuntu doesn’t have any incentive to care, and of the Linux vendors out there, Valve has a decade-long head start on the need for a locked-down and attested platform for business reasons. All of the above falls out naturally from considering how to defend one app from another on Android, iOS, Steam Deck, and Xbox. So far as I can tell today, though, Linux intends to be left out in the cold on all this. Oh well.
Linux intends to be left out of all this attestation garbage because it completely undermines the point of fully owning and controlling your own devices. I don't want or need to ask permission before I run a program - not from random megacorporations, and ESPECIALLY not from any of the various governments. If some third party service wants to make sure I'm not doing anything nefarious, they should do it at the border of their servers and the services they offer.
> what does someone running Linux do if the government mandates online services require proprietary attestation APIs?
So, in the scenario posed (quoted above again for context) that I’m responding to, where the government has mandated attestation online, it seems like you’re arguing that Linux should continue to opt-out of attestation, and thus be forced into non-internet uses only. Do I misunderstand your intended outcome to the scenario here? I took for granted that Linux users would want to retain access to the internet as a critical priority, given how strongly they’re objecting to attestation of internet apps (and eventually internet access), but if I’m mistaken then I’m happy to reverse course!
The idea is that enough users insist on non-attestation devices and platforms that governments and mega corps aren't able to require them for critical services. And loudly protest, switch to different services, etc when they DO attempt to be required. Example: already personally switched banks when they tried to require a validated Android device, and let them know directly and in reviews all over the place.
Don't fall for the trap that all of this is inevitable, you have to try and resist it first.
This way we will just have unremovable age verification, spyware, online accounts to use the os, name another bs from other vendors. What's the point of Linux then? The moment big corps and the state can seal spyware into your computer, they'll happily do it.
I'd rather have a separate burn device with whatever os for state services which lives in a faraday cage most of the time and have a proper OS I control on the main device than give somebody control over it.
I’m with you in spirit, but the ship is sinking, man. Your arguments were already made in the 90s when the first puff of smoke from all this was on the horizon. Thirty years of chicken little later, I’ve moved past being upset about this and am trying instead to persuade the Linux community to step up before the window of opportunity closes on GP computing altogether. Do something, act, if you want a better future; or do nothing if you don’t. What actions do you suggest people take in support of your viewpoint?
> We have a helicopter on Mars yet they still can't master a installation wizard.
Unexpectedly, the 'bootable thumb drive' models are actually pretty great — not the installers, but the ones that boot straight into a GUI that works and is usable. I haven't used one as my personal Linux uses predated thumb drives, but I have always (mistakenly?) assumed that once you're booted into a liveCD, you can click 'Install on a drive partition' and it will actually do something coherent and GUI and reasonable. Have I been too optimistic? Probably, yeah :(
I would never ever trust Linux from a vendor. If it's not installed by myself, I refuse to use it.
When you accept government gift in approval consider it tapped. At any point they can return to the vendor and go "install this". No? Okay bye to your certification.
> I would never ever trust Linux from a vendor. If it's not installed by myself, I refuse to use it.
I bet you would, though, if the built OS image were 100% reproducible except for the signature. Once you have a fully reproducible Linux OS build, you can literally copy paste the cryptosig from the vendor and it will work with the image you built yourself from source that you inspected yourself. Then it’s impossible for the government to tap it without breaking the reproducible image checksum and thus the published cryptosig. It’s a better defense than any warrant canary would be, and it satisfies your concerns fully.
Arch shows only 15 packages left for their core OS to be built reproducibly; what I don’t see at their dashboard is the state of their ISO build reproducibility, but I imagine that’s the same as the core, so maybe it’s just unstated for obviousness. https://reproducible.archlinux.org/
Does GrapheneOS publish their repro build efforts as a dashboard anywhere?
> I bet you would, though, if the built OS image were 100% reproducible except for the signature.
CryptoSecure, depends how it's done but again neither can be trusted. Especially when you have no control over the silicon running the OS.
I don't trust Linux now. Microsoft got its mits with WSL. RedHat sold-out to IBM and Debian got in bed with Canonical. Arch & Valve I might trust slightly more. They've got to make money somehow /shrug.
I use FreeBSD and I don't trust that either unless I can do make install world, even then I have my suspicions.
“Every time we see a Google Pixel, we suspect it might belong to a drug dealer,” said a police official leading the anti-drug operation in Catalonia.."
Seems like some countries/areas are already targeting the Pixel (really its because of GrapheneOS)
It is far more likely that it is due to scams and grifts that pretend to be GrapheneOS, associated with GrapheneOS, or based on GrapheneOS, rather than GrapheneOS itself. Criminals tend to be not that bright.
I regret not signing up for Discord when they first introduced facial recognition and middle schoolers were trivially spoofing their ID checks with meme pics.
There's really something to be said for greedily signing up for most things and trying to get grandfathered before the zipcuffs tighten.
IRL, though, fuck this. Home depot added flock cams and broad facial recognition, grocery store installed turnstiles, haven't stepped foot in either since. I'm just dropping out of the IRL retail economy left and right.
- drop wireguard / OpenVPN packets crossing the country border
- analyze https traffic to detect traffic patterns not matching https fully and block such connections
Are you taking from the experience that this is not blockeable in Russia?
EDIT: I might be confusing vless/xray/reality but seems like there are no problems to block it based on ip reputation + tls fingerprint + amount of connections https://habr.com/ru/articles/1044396/
Of course this would block some valid websites but when has government cared about that
And some including mullvad already accept payment in crypto, there will always be some dodgy VPN company in some dodgy jurisdiction that will take your BTC in exchange for an account.
VW blocking third party to access their servers is one thing, the thing that I find shocking is that you need to access VW servers to obtain your charging data while this should be directly available locally from the car.
The historical data is aggregated in some "cloud" rather than in the car, but if you want to collect and aggregate the data locally, you can still, for now at least. Car Scanner Pro and ABRP (A Better Route Planner) are both really popular for EVs for this exact use case, and both support VW EVs; they read battery charge state / voltage / temperature and operating states (speed, consumption, etc) using both standard OBD and proprietary manufacturer diagnostic IDs over the OBD port and then redo the aggregation and math that VW are doing on their end.
I've seen some great successes using HomeAssistant combined with one of these that connects your vehicle's various CANbuses (via OBD port) to Wifi/BLE. https://www.meatpi.com/products/wican
Google Play has been a huge drag on innovation and security in the mobile ecosystem. I'm actually looking forward to the time when AI kills the mobile app ecosystem so that every phone manufacturer can bundle their own "vibe-code-your-own-app" system with their devices, and the Google Play monopoly is broken.
I don't think that will happen. Sure for a minority of users the same as people running linux for their daily driver, and I definitely support it!
It's possible that we get to a place where everyone cooks their own meal (vibe coded app), and only goes out to eat sometimes (official app store). Spreadsheets are the same, you can get a lot of milage, and most still buy and use closed source software.
I see a future where it is easier for startups to create their own mobile devices than to deliver certain functionality through the Google and Apple platforms where your own data will be used against you and where their devices can record you 24/7 without any remediation to ensure privacy.
Let's rewind 15 years ago when everyone was jumping and praising mobile Eco-systems. Did no one ever see this happening or were most too gullible with Facebook hugs and pokes
And some early skepticism: "iPhone SDK And Restrictions: Some Of The Details Aren’t Great" (7 Mar 2008) <https://news.ycombinator.com/item?id=131171> Mostly concerns limitations on the API and what capabilities are exposed.
And for those who care to do more digging, a couple of searches bounded on 5 Mar 2008 -- 6 Mar 2012, the first 4 years of the App store:
Yes, I am 37. What about you? I was hosting an IRCd on my 33.2k modem at night using Hybrid-IRCd before that ratbox. I recall XFree86 before Xorg and running Linux on my 486dx running kernel 2.x
My first mobile phone was a Siemens m35i, eventually followed by a Sony Ericsson k500.
Where the Nokia 3310 phone couls receive animated icons via SMS messages that displayed on the background as well as looking at ascii smut via WAP at the age of 15.
So yes, what do you take me for? A disappointed cynical 37 year old who's watched the world burn in to a walled garden of hell that folk enjoy licking the grey walls of.
I do recall the rainbow fences where one could happily jump over if you got bored. Where anxiety wasn't a thing and folk were in touch with nature.
> In my opinion, the most useful next step is to contact Volkswagen support in a coordinated and technically precise way [...] Smartphone: Google Pixel Operating system: GrapheneOS
I strongly recommend saying that the operating system is one of "Android" (there are many variants), "Android (GrapheneOS)", or "GrapheneOS Android".
But if you say only "GrapheneOS", you are practically telling VW to respond that they do not support that operating system.
I had a used 2016 VW Golf and it was a lemon. It would have an average of one serious problem a month. I finally gave up being a professional car maintainer and dumped it, taking a huge loss because it was effectively worthless on the car market despite only being 8 years old. Fun car to drive, but what's the point if it doesn't work reliably? I completely lost my trust for VW vehicles after that.
Not surprising to me at all that their software is a similar high quality experience, but in general I think it's weird that cars have to be connected to the Internet anyways and I doubt the competition is substantially better.
I want a law that requires publishing your API for apps like this as well as allowing users to crate their own frontend based on it. That would enable more privacy aware versions of these apps.
My 2016 car has the old version of Android auto. My phone has the new one, I think from 2019 or 2020. They are incompatible. Did I miss something by not integrating my phone with my car? I don't think so. I call with Bluetooth and navigate with the screen of the phone. The only thing I'm using is the mic and speaker of the car. The mic is probably substantially better than any earpiece I could buy, because I suspect that it's designed to filter out noises from the car and from the road.
> My 2016 car has the old version of Android auto.
I don't know if an AAWireless adapter might operate in a way that could bridge that compatibility gap, but it might be worth a shot if you can borrow one to try it out.
I've been decently happy with it in a ~2020 car. Compared to a direct USB connection, there are some privacy implications with how it's running a low-power access point in the car, but bluetooth etc. are already a risk there.
> Did I miss something by not integrating my phone with my car? I don't think so. I call with Bluetooth and navigate with the screen of the phone.
For me the the main feature for Android Auto (over just a bluetooth connection) is navigation on the car's larger touchscreen that already has a good fixed position.
I am in market for a Car within a year or two, and I promise it won't be one from Volkswagen, if a company supports OSS platforms in cars and is available in APAC I will buy from them even if it costs 2x for the same specs (preferably a Hybrid but EV works too I guess).
It's not your car anymore, you're just renting someone else's hardware and access to their restricted platforms. Some recent cars even deny starting your car engine if the always on camera facing the driver thinks the driver isn't capable of driving "safely".
This is the WEF future your conspiracy uncle was telling you about during family gatherings. Well.
Modern cars are such enshittified garbage. I was in a modern Toyota recently and every time you start it, the screen shows a "Guest mode activated" that you need to explicitly dismiss. The only way to disable this is to install some stupid Toyota app which I would never install. Then you dismiss the popup and the home screen is "Experience Drive Connect" which is some stupid Toyota subscription which I would never subscribe to. What a piece of garbage. I'd probably just disconnect the whole screen entirely.
Tell the dealer you won't buy unless they disable all that garbage. They may say they can't, and if they let you walk out maybe they really can't. Then ask them for a discount so you can replace the head unit with one that doesn't spy on you.
This is actually mostly impossible these days, there is no "head unit" like cars had a couple decades ago, and the infotainment systems are integrated with all the other computer systems in the car. Disabling anything is difficult and will affect the car's functionality.
Isn't this for the same reason why you can't do banking on an unlocked bootloader phone?
There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
GrapheneOS requires a locked bootloader and supports using deveice attestation via the generic attestation functionality in the Android Open Source Project.
Play integrity is an anticompetitive tool that ignores this, and artificially limits itself on GrapheneOS. It is not due to any incompatibility.
The GrapheneOS supporters are not on our sides, apparently. The seem to actually like remote attestation. They just don't like that they are not in on Play Integrity. But what is won if attestation includes official GrapheneOS releases but would still otherwise be exactly the same evil stuff that takes control of the user's device?
I still am hoping that at one point they understand the full consequences of remote attestation. There are some signs they start to notice, but it's slow...
Note that I am a GrapheneOS supporter. You seem to have a few misconceptions.
GrapheneOS is one of, if not the most vocal organization against the abuse of attestation mechanisms. GrapheneOS and its userbase feel the consequences of play integrity every single day.
Im not sure where you got the idea that all GrapheneOS wants is to be accepted by play integrity, because that is not the case. GrapheneOS has been working with regulators to get play integrity banned. Being accepted by play integrity, but nothing else changing, is not good enough for GrapheneOS. It would only be a small victory along the path of abolishing this nonsense.
So, no, GrapheneOS and its community are definitely against play integrity. The "signs" that they are "starting to notice" are not there. They are already fully aware of what attestation is and how it can be abused. They are definitely not ignorant on the subject.
You might be confusing root based attestation with pinned attestation. Root based attestation is flimsy and allows tools like play integrity to ban operating systems they do not like. Pinned attestation, on the other hand, has real security properties and cannot be abused to block certain operating systems. GrapheneOS uses pinned attestation as a part of their Auditor app, and it has other cool uses we could see in the future.
My opinion: Any kind of attestation that is delivered to a non-user-controlled server about the state of a user's end device that the user (possibly using means outside of the end device) cannot change will be abused, e.g for anti-competitve purposes.
I am hearing lots of arguments that grapheneOS is more secure (it is) and should therefore be included in remote attestation.
The pinning you are proposing, does it imply that there is again some certification of the "official" GrapheneOS, versus e.g. the user's own fork of GrapheneOS?
How would any of the existing proponents of remote attestation agree to anything like this, given what we consider abuse is exactly their reason of implementing it in the first place?
Here, VW wants to stop use of the API by anything else than their App, in order to stop hobbyists and sell API access to commercial middle men. If the user could pin their own software's attestation or even register an arbitrary public key to cover updates, then the user would as well be able to code his own API client that just emulates the attestation.
Is there any write up or discussion of the pinning you propose?
I am really not yet convinced how you want to counter the inevitable abuse that app developers and service providers will subject the user to if the OS security model gives them that kind of power over the user's end device.
> There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
I get that Google doesn't want to be sued for failing to protect its users and indirect users of the mobile phones sold by other companies, but for advanced users there should be an option to update the signing keys used by the bootloader, so that you can unlock, flash your custom ROM, update keys, and relock bootloader. Such a phone should still be considered "trusted" by Google Integrity APIs. But currently there's no way to do this, so basically you don't really own your hardware.
I gave up on custom ROMs trying to extend my devices' lives and bought a Fairphone instead, so I have the assurance from the vendor that I will have software updates for a very long time.
Note that Fairphone does not provide software updates for anywhere near as long as they claim, and using a modern device with 7 years of support, such as a pixel or iphone, will be far better in the long term. Fairphone is basically e-waste out of the box.
The VW app can't do remote unlock so that's not a problem. It allows you to turn on the aircon or start charging and that's about it. That only works 50% of the time anyway.
- RCS doesn't work at all on non-Owner accounts, switching to the owner account is necessary to receive them (I use a secondary account for my "main" account, the owner is left empty except for a Google Fi associated account)
- Immediate auto-update can cause phone to turn off and not turn on overnight (you can change the setting)
- Google Wallet won't work for payments (in Europe you can instead use Curve)
- The default AOSP app selection is in general worse than the Google provided ones (you can install them, after installing Google Play Services, which is sandboxed)
- Getting Google Fi to work required some fiddling initially, pretty sure it was because of my use of the non-Owner account
- Some banking apps will refuse to work (mine work fine)
- You can get Android Auto working, but by default so many things are sandboxed that applications and TTS won't show up unless you spend the time enabling permissions
Overall I am happy with it. It does feel a bit less polished than stock Android (because of the interaction of apps and more strict sandboxing), but for most people who don't care about Google Wallet and are ok installing Play Services and any necessary Google apps, the experience feels pretty much like a de-Gemini'd/de-bloated Android.
GrapheneOS has an official partnership with a large OEM (Motorola), has near perfect app compatibility, is constantly improving upon user experience, and has been well known and regarded in the privsec community and by many trusted security experts. It appears to be gaining more mainstream awareness as a result.
Oh, and Android 17 has been released so there is hype for that.
Sort of, there're more posts about graphene in the year 2026 & they get much more attention. Aggregated some data and plotted it with my agent: https://boop.icu/Pr.png
Marketing-it-harder has some effect, but it's limited.
If a monopolist can insist on terms (e.g., Amazon mandating lowest price guarantees from sellers, or Google mandating auth / compliance / KYC exclusivity to Google Play Services privileged devices by app devs), then threats to the compelled party (sellers, app devs) will be minimally effective.
Class action lawsuits, regulation, and legislation, are required for effective relief.
I hate that cars are every day more and more crammed with software, when car manufacturers can't seem to be able to make half-working code in the first place (looking at you Nissan, who just can't even put the correct timestamp on your GPS data points…)
My car won't let me flick the windshield wipers while the car is parked. I don't know why, maybe they think I'm throwing rain onto... already wet pedestrians? Similar problem with auto-folding mirrors. My mirror was frozen shut one day, and I didn't notice until I'd been driving for a few blocks (which is on me). Figured I'd just cycle the fold-unfold a few times to pop it free, but the button is disabled when the car is in motion.
Increasingly my vision of retirement is a life of luxury surrounded by hardware from before the internet era, things that do what I tell them, rather than telling me what I am and am not allowed to do.
I'm filling my shop with machining equipment without all the extras, but my first 6 years of retirement will be fixing those machines before I can make anything... (and family history doesn't give me good odds of living that long - which is average.)
> when car manufacturers can't seem to be able to make half-working code in the first place (looking at you Nissan, who just can't even put the correct timestamp on your GPS data when car manufacturers can't seem to be able to make half-working code in the first place (looking at you Nissan, who just can't even put the correct timestamp on your GPS data points…)
Nissan sells a ton of cars to subprime borrowers, quality isn’t exactly their focus. Hyundai/Kia and Stellantis
also target the same buyers.
I got an iPad as backup with my 2fa stuff, and so I can keep an eye on kids in Apple ecosystem. When my iPhone mini does I'll go for /e/OS or GrapheneOS. And then I'll have the iPad lying at home for all the shenanigans that are nice but I don't even really need. My phone must serve me.
I am confused here... this is the car, that person buys and person owns. It is used to haul said user's butt from point A to point B. (a) like wtf? (b) what is it about these companies that want to commoditize everything?
Supporting mainstream OEM variants can already be enough of a nightmare in behavioural differences. What motivation do most companies have to support Graphene, which will be a handful of customers at best? Developers may be fine with offering a best effort support model, but legal certainly wouldn't.
The funny thing is, nothing needs to be done to support GOS. GOS has 99% android app compatibility. The issue isnt that GOS requires changes in the app to support it, rather, the tools they are using explicitly ban non-certified OSs.
Dont let their boilerplate responses fool you, tools like play integrity only serve to push anticompetitive practices. The claims about not being able to support GOS are nonsense, and all they did was break existing support.
My daily driver is a de-Googled LineageOS device, but I purchased a $50us iPhone SE 3 for FaceTime.
I have moved most of the my finance activity to it, along with my license and passport. I would never trust a Google device with this much, and the convenience has been profound in a few circumstances.
I would relegate any intrusive apps here, and happily deny them cross-app tracking privileges.
The issue here is the Google-only remote attestation nonsense. It seems pointless to me. A device passing Google's attestation check tells you nothing. The device could well have malware on it and you won't know it. Integrity is a misnomer. The integrity scope is tiny.
The app worked without issues until a few weeks ago. I used it for a year. It was not broken. GrapheneOS is just AOSP Android, optionally with Google Play Services.
My take is that they were trying to block rooted phones and/or custom ROMs of questionable origin and GrapheneOS just became collateral damage because all these companies do go the minimal route of using Play Integrity. GrapheneOS supports remote attestation through AOSP APIs, in fact, they have a page about it.
I think it's worth letting this be heard. GrapheneOS has > 400,000 users and is rapidly growing. Breaking things is not going to affect 5 people anymore, but thousands, ten thousands or hundreds of thousands, depending on what the app is.
> My take is that they were trying to block rooted phones and/or custom ROMs of questionable origin
There are only bad reasons for them to do that. End users don't get compromised that way in reality, but it does mean they might convince the app to do something that's bad for profits.
They don't need to do anything to support GrapheneOS. They only need to stop actively going out of the way to block it and any other alternative OS via the Play Integrity API. They put significant effort into blocking anything other than iOS or a Google Mobile Services Android stock OS certified by Google. They're not only blocking a non-stock AOSP-based operating system but rather anything other than iOS or a Google Mobile Services Android device certified by Google.
GrapheneOS maintains 99% android app compatibility. It does not require any additional funding or expenses to support GrapheneOS, and is actually more expensive to add these anticompetitive tools responsible for banning GrapheneOS.
GrapheneOS is also not responsible for bugs in this app. Any bug reports coming from GOS are likely to be from the hardening toggles, which uncover bugs in the app. This is the apps fault, and these bugs still exist on other OSs. It should be resolved for the benefit of all users.
Its not a different os though. Its still android. VW seems to just have turned on integrity checks which constantly cause issues for non-google androids. Plenty of banks do the same.
"Support" is such an overloaded and vague word in the software industry. What does it mean for a company to "support" an app/os configuration?
1. They deliberately target that app/os configuration, QA tests it, and answer customer support requests about it.
2. They target the configuration, QA tests it, but it's offered without customer support.
3. They target the configuration, but only release an untested build, use at your own risk.
4. They don't target the configuration at all, but the builds they do release happen to work on the configuration, totally unacknowledged by the company.
5. They don't target the configuration, and deliberately sabotage their application such that un-targeted configurations are actively blocked. Only adversarial users who hack the software are able to use it.
Too many companies say: "We can't do 1 because we don't 'support' it, therefore we must do 5!"
Proton is one of the best examples of this phenomenon. Almost all Windows games work on Linux via Proton. Sometimes they even run better than they do on Windows.
About the only time it doesn't work is when the game uses an anticheat system that intentionally blocks Linux. I can even see where the game devs are coming from when it comes to competitive games; cheating ruins the game for other players, and there's no way to prevent certain kinds of cheating without trusting the client to a degree.
I can't see any reasonable and user-respecting place VW could be coming from intentionally blocking access from open systems.
> If 97% of your users are on mainstream OSes, and the rest also account for disproportionately high numbers of bug reports, why should they bother supporting alternatives?
No. You're not required to use the app. You're not even entitled to use the app. If you want to use the app, you have to play by their rules. Plenty of device manufacturers have chosen to only offer iOS apps. No one talked about mandating that apps were available on competing platforms.
If you choose to use something like GrapheneOS, you are signing up for the fact that almost no one will test on your platform and plenty of things will be broken.
The app worked until a few weeks ago. GrapheneOS does not miss any functionality (nor security) for the app to work. The only change is that they started blocking non-GMS Android through the thoroughly anti-competitive Play Integrity.
Hypothetically, if GrapheneOS wanted to become a certified Android, it would probably not be blocked on technical reasons, only that becoming certified (last time a contract was leaked) requires running privileged Google Play Services (which is less secure) and pre-installing a bunch of Google apps that should not be uninstallable.
The issue here is not that they didn't test on alternative distributions of Android, the issue is that they went out of their way to prevent anything but the officially blessed distributions.
Except for the fact that the car is sold as is with the features advertised (i.e. working with an Android app with no additional qualifiers as to which kind of android) AND that users are paying for these connective services
GrapheneOS is based on the Android Open Source Project and retains near perfect android app compatibility. It cannot call itself android for legal reasons, but the legal definition does not affect its app compatibility.
Tools such as play integrity are illegal. Using anticompetitive and monopolistic tools is not the right of application developers.
The legal definition matters a lot if someone is trying to argue that VW advertising Android features is supposed to include GrapheneOS
> Using anticompetitive and monopolistic tools is not the right of application developers.
Please talk to an actual lawyer before making legal claims, because to be blunt it's very clear you don't know what many of those terms mean in a legal context. VW is not a "monopoly". They have no obligation to allow the use of their software on platforms they don't want.
The legal definition of the OS does not matter at all when considering the difference between failing to support something, and using a tool that explicitly stops something from working that otherwise works without issue. Play integrity is a tool which does not base any of its certification decisions in privacy or security, rather leverages it for anticompetitive reasons. This is known and trivially verifiable.
I do know what these terms mean in a legal context. I am claiming that play integrity is an anticompetitive and monopolistic tool, of which VW decided to use. I am not claiming VW is a monopoly. What you are claiming is their right to do, is not their right at all, and is illegal.
You've made a lot of leaps. IF something were declared to be anticompetitive, it would be in the context of the provider of the service. There is no law or moral issue with Volkswagen using it.
You may disagree with the concept of Device Integrity, but it is a feature with plenty of history and demand. Companies want their services accessed from secure platforms for security, and this is not inherently anticompetitive.
The basis of your argument, that users want these developers to support another platform, does not make sense, because GrapheneOS does not require apps add explicit support for it. GrapheneOS has 99% android app compatibility.
The issue is not that this application isnt tested on GOS, its that an anticompetitive, illegal tool is being used to ban non-certified OSs when these apps would work perfectly otherwise.
This is one of the most ignorant comment I ever read on Hacker News. Are you from VW?
Obviously VW broke the app for GrapheneOS (or any other custom ROM) on purpose, and ironically, things usually works fine for custom ROMs than some Chinese OEM customized ROMs, and when it works, it means the developer went extra miles to implement workaround to cater the flawed OS.[1]
Sure the app is not required, though one loses on all of the remote-control functionality (remote start, remote climate control, etc.).
Maybe then app developers should be mandated to open fully their server-side protocols, so people can create apps for platforms that are not supported by default. No more undocumented APIs, anybody can get an API key, no API serving limits!
Yeah this has less to do with VW and GrapheneOS and more to do with Google Play's attestation. Many apps don't work with sandboxed GMS/microG currently and more will come as we get closer to a locked down version of Google's Android.
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's Usage Policy. To request an adjustment pursuant to our Cyber Verification Program based on how you use Claude, fill out https://claude.com/form/cyber-use-case.
Well, I didn't know it before I bought tesla (and have since sold it), but it's really convenient to pair the phone to the car and let it act as a key. I never had to worry about getting the keys, I just took my phone and it opened the doors.
Also I have to say, setting charge times remotely is mighty handy, if one pays the market/pool prices for electricity which fluctuate from hour to hour.
I am annoyed that the EU allows this in the first place, that car manufacturers sniff off data from people. And, on top of that, block open source alternatives.
To me this smells like a cartel. Why is the EU not doing anything?
It is. There are incoming EU regulations about consumers needing free access to their data that is sent to a cloud server on their behalf. That doesn’t mean all the functionality of an app needs to be implemented.
My feeling is that this change plus the recent API lock for a few days ago are in fact part of a reworking to enable this EU legislation.
The solution is not to try to shame or force Volkswagen to support GrapheneOS, the solution is to (legally) force them to allow the car to run a custom CarOS, for which the community can write their own app
That's a non-starter in most countries. Since the car software is tied into a number of important safety features and regulated controls, custom operating systems will never be supported.
There are already massive problems with people miswiring head units to play videos while driving and updating their ECU to spew pollution into the air. You're not going to convince any significant number of people that it's a good idea to allow arbitrary code to run and control most of the other systems too.
> Since the car software is tied into a number of important safety features and regulated controls, custom operating systems will never be supported.
Then that's a poor design that should go the way of the dodo. Someone hacking the entertainment system should not be able to take over control of the engine. The entertainment system on planes do not allow one to hack into the autopilot. There should be no need for a firewall, they should have no shared wires between them.
"Safety critical" isn't just the drivetrain. I don't work in automotive and won't pretend to understand all the rules, but off the top of my head, some things that my car uses the head unit for:
* Backup Camera
* Turning traction control on/off
* Turning auto hold (maintaining the brake pedal while stopped) on/off
* Window defrosting
Many cars are even more integrated - are there any physical buttons inside a Tesla or is it all through the touchscreen?
They're not. Use any car's heads up display and you can configure an enormous number of things. Even if there was somehow a pure separation, things such as "playing video while the car is moving" are regulated in many jurisdictions and would land firmly in the "UI" layer.
You can detect the car is in motion or not without talking to the engine computer. Just like my phone can tell I'm in motion without connecting to the car at all. You're trying to justify a bad design with bad reasoning
Not with the necessary precision. GPS doesn't work in tunnels or parking garages and can be wildly inaccurate in city centers with skyscrapers blocking line of sight, for instance.
The built-in, offline mapping in my Honda uses a whole host of local-only sensors to handle these situations where GPS is intermittent. It works rather well at figuring out where the car is on the map, and when it deviates from the prescribed route.
It works in tunnels. It works in cities with tall buildings. It works on Lower Wacker Drive in Chicago.
Is there some technological limitation that precludes using this data to determine whether or not a movie can be played?
(It's not like it's new tech. It's decades-old. Honda started using it over 20 years ago.)
There's no need when OBD does just fine for this purpose.
It's also not clear what the purpose of this line of argument is. Some sensor says "car is moving". The operating system in the car/head unit is responsible for enforcing that signal, and it could ignore it equally from either OBD or some pile of gyroscopes. Where that signal comes from has nothing to do with why you will not see cars accepting custom operating systems.
> It's also not clear what the purpose of this line of argument is.
It completely dismantles your previous goalposts, which were planted firmly on GPS:
>> Not with the necessary precision. GPS doesn't work in tunnels or parking garages and can be wildly inaccurate in city centers with skyscrapers blocking line of sight, for instance.
(I guess we all have the freedom to be as flexible with our goalposts as we wish. I didn't come here for a tireless argument that is motivated by nothing but the desire to argue, though. Have a great day!)
My line of argument is "the head unit is responsible for not allowing video playback while in motion". Anything to do with detecting motion came after that.
The point of argument is that it no longer becomes a security issue to allow customOS on the infotainment system because it absolutely has no connection to the engine computer.
This is not an architectural issue. The threat isn't a bad OS causing the car to explode. This is a safety issue where the car is required to prohibit certain things - such as video playback.
You'd hope so but I fear that many safety critical aspects run on the same system as the infotainment system... And that's a perfect excuse for manufacturers to keep these things completely closed
One person's "controlling their own engines" is another "spewing nitrous oxides, carbon monoxide, and other pollutants into the air, giving cancer to neighbors and destroying the atmosphere". We tried the "don't regulate" path and it ended in a multitude of disasters.
In the States, for example: Every state I've looked at has laws that make it illegal to roll coal.
And at least in my own state (Ohio), it's a primary offense. A person can be pulled over and ticketed for this even if they're doing everything else by the book. It's super easy to spot.
It seems that it persists not because of a lack of laws, but because of a lack of enforcement.
> AED estimates that the emissions controls have been removed from more than
550,000 diesel pickup trucks in the last decade. As a result ofthis tampering, more than 570,000
tons of excess oxides of nitrogen(NOx) and 5,000 tons of particulate matter (PM) will be emitted
by these tampered trucks over the lifetime of the vehicles. [https://int.nyt.com/data/documenttools/epa-on-tampered-diese...]
The reason diesel folks delete emissions is because the way the new diesel motors are set up actually kills the motor. Buying a new motor (or a whole truck!) is extremely expensive. Now if the automotive industry came out with an efficient diesel that also ran well for more than 100k miles, we’d see a lot less deletions.
All 550K diesels with modded emissions are not rolling coal, that is a wild extrapolation
I didn’t ask the multiplier of badness of a single individual doing a bad and stinky thing, I asked what you think the _scale_ is. Do you believe that all people with trucks modified to do this are doing it at all times? Or even half the time? How many people do you think are doing it?
Why should they ?! Do you also want to force them to design their cars so the engine is easily replaceable by a Custom Engine OS so that the community can build their own engines ?!?
Because laws are (mostly) a reflection of what society wants.
People are growingly concerned with both the car manu and Apple/Google control over their car and related extra software goodies.
Laws are really needed when businesses don’t play nicely. I don’t know the legal specifics, but I’m sure glad I don’t need to buy $1000’s of specialty tools to maintain my vehicle, and sure glad that replacement parts are readily available (and will be for decades).
Just image how much worse society would be if car manus did the same thing as Apple and had ID-paired parts. Sorry! Your AC doesn’t work anymore, please install a genuine Honda oil filter at your nearest Authorized Honda Shop, available for a minimum of $500.
> People are growingly concerned with both the car manu and Apple/Google control over their car and related extra software goodies.
10 out of random 10 drivers out there don't care about the software running in the car.
> Laws are really needed when businesses don’t play nicely. I don’t know the legal specifics, but I’m sure glad I don’t need to buy $1000’s of specialty tools to maintain my vehicle, and sure glad that replacement parts are readily available (and will be for decades).
You drive a self-maintained car. Nothing wrong with that, but I would guess 95 out of 100 drivers on the road don't care about the car at all - they just want reliable transportation from A to B and perhaps some confort.
> Just image how much worse society would be if car manus did the same thing as Apple and had ID-paired parts. Sorry! Your AC doesn’t work anymore, please install a genuine Honda oil filter at your nearest Authorized Honda Shop, available for a minimum of $500.
I don't have to imagine that al all, all premium car manufactures digitally id their components and will not accept 3rd party replacements.
Honda isn’t a premium car manufacturer, but also can you please show a source for “all premium car manufactures digitally id their components and will not accept 3rd party replacements.” I know plenty of mechanics and while OEM is usually the way to go there are many aftermarket parts that get installed regularly.
I would guess there are a couple of orders of magnitude difference between the complexity of interfaces comparing the head unit with wheels and tires.
Like, the head unit is in control of all that happens on the slow bus of the car, and needs to pass independent safety certifications for a complex system.
That's unacceptable, because intelligence needs a way to steer your car into oncoming traffic if required to do so due to confidential national security reasons.
I got an offer from a dealer three weeks ago and was going to order the car, then the API for the community integration got turned off. I decided to hold back and see what comes from it. Now this, which ultimately - since I am a GrapheneOS user - makes me completely cancel my plans.
I really do not understand VWs thinking here. It would cost them little to nothing to continue not blocking the the inofficial API and not block GrapheneOS (or other non Play Protect androids) users. It would have no adverse effects on the average Joe, but it would gain a lot of support and enthusiasm from heavy users, differentiating from other brands. Not to mention the fact that it is the USERS data in the first place
Obviously, the chances of that are virtually zero. But they'd rather make their product worse than assume with any kind of risk, even if it is virtually zero. That is simply the way in which German enterprises operate.
If their APIs are done correctly, they shouldn't be afraid to expose them.
When they leave the "security" to the platform they can blame them in a lawsuit.
Clearly the engineering team didn't know ahead of time that Electrify America would be the end result of dieselgate. Had they known, perhaps they would have been more eager to do the engineering work though! haha
It was just a fun inside joke, since nobody could have assumed the fines would create Electrify America. Personally I'm glad Electrify America exists, though the way it happened was probably not the best path to get here.
EA even has successfully moved on from just being an org forced into existence and are actively trying to take care of customers and produce a good product now that they have some competition.
But the reality is that every once in a while you have a scandal like this or something like Wirecard, and it happens, because the culture is such that absolutely nobody thinks it possible. That includes officials and regulators whose first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.
Only naive laymen or newcomers to Germany think it's not possible. German business leaders, lawyers and politicians know exactly how much corruption and scamming is going on in the business sector, and it's not a little.
>first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.
That was purely malicious to try to protect Wirecard, not because the regulators couldn't possibly imagine corruption and law breaking exists, that was the story they used as cover for their corruption.
Like you're a regulator and instead of doing the thing you were hired for and look at the evidence The Economist showed you, you instead "use your instincts" to decide not to do your job and not look into Wirecard because you can't imagine something bad can ever happen? Come on! All those regulators should have been fired and tried for corruption and/or accessory to crime.
In fact, that's how a lot of compliance works in industries where there's little little enforcement and relies a lot on self regulation.
And VW didn't single-handedly destroy the diesel market; economics and physics did. Almost every other manufacturer was also fudging the tests results in some way. But more importantly, building a passenger car diesel that meets NOx targets doesn't work; by the time a passenger car diesel meets modern NOx targets honestly, the car contains a ludicrous precious metal loading in the catalyst and is only a few percentage points more efficient in terms of consumption and CO2 emissions than a petrol car and the math doesn't add up. Diesel is just not a practical solution for passenger cars; it never was in most ways, but it took the EU a long time to restrict NOx pollution to a sustainable level and expose the physical issues at hand.
VW knew this but lied to customers and told them they could have both. Dieselgate was their attempt to convince everybody the lie was true.
In Dieselgate VW got caught, made the supervisory authorities and politicians look bad, which is why the authorities also weren't inclined to sweep it under the rug completely. They just shielded VW from the financial consequences in Germany (German VW customers got shafted).
Blocking GrapheneOS is the useless "pretending" part of compliance. They don't really want to do security, because that would cost money, so they pick some actions that seem drastic, harsh and don't cost them anything to implement. Later, when there is a security incident, they will point to their huge heap of pretend compliance, whine a bit about state sponsored actors, high criminal intent and other obvious deflecting bullshit. But they will get away with it, because they did the compliance dance, so they are obviously compliant and did nothing wrong. Nobody in authority will look twice als long as they are neither annoyed or made to look bad.
tl;dr: compliance in Germany is performative
However, VW just seem to make gaff after gaff. Collecting information they shouldn't, exposing information they shouldn't have to hackers via lax security practices.
How many rakes can a company step on?
Now, they're blocking GapheneOS? They've got two hopes of selling me another 'Dub.
(Bob and No).
All of em.
The company's have done their thing to ensure that the average guy wouldn't even try escaping their lock-in. So chances are becoming smaller and smaller to hope for a critical mass of users to complain.
specially because no car really supports grapheneos, but it can be used in any car supporting regular android provided google play is installed which ensures google's certification and validation is being preserved. if i get this right bmw is actively blocking this, which would be just a dick move.
Vendor lock-in to Play services is ridiculous.
A car is a big purchase, and ideally not something I discard after a few years. I'd like it to not treat me like a second-class citizen and renter who can't make decisions over how to extend the life of my purchase.
Make sure that dealers know why you changed your mind.
"Some nerd couldn't use their nerd phone."
What incentive does a dealer have to know or care about this?
Peugeot is reasonable and works. Charging could be faster and WLTP longer, and once I had the screens restart while on the motorway which thankfully did not affect driving but was pretty terrifying. All that to say - go ahead and buy European. You'll have some issues but for me all better than to get a china car with who knows what data exfiltration and hidden issues, or a Tesla that will lock you in when the car burns. EU companies are too boring to spy and too risk averse to have tesla-like issues..
If you don’t want/need a new car, the used car market in Germany is pretty active with EQAs and EQBs.
Not quite an SUV, but maybe fits the same use case?
So understanding why they drop it is IMHO easy. Understanding why they use only attestation based API despite and forcing their third party ecosystem out is stupid. Companies do not understand open communities.
You should definitely reevaluate how you constructed your list. VW has a history of being scummy (https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal) and their ICE cars are notorious for being unreliable compared to the Japanese car-makers. To be fair, EVs do change the equation a bit, but given their scandal plagued past, there's no way I would put them at the top of any list.
I always read this online, but my personal experience in EU doesn't match that at all in quite a sample of people and cars over the last ~15 years. At least not for older cards. The reliability after 100k km seems to be somewhat similar.
The repairability of VW-group stuff in 3rd party services is soo much better and cheaper. The WV-group is huge and many models across the brands share same parts and full engines. There exist non-OEM alternatives and people know how to fix those cars.
I have never bought new car. But driving anything but VW got expensive fast.
Toyota cars can have bespoke parts even between different months of the same year for the same model. Continuous improvement isn't really that cool for cars.
Outside Western Europe, VW is priced like a premium upmarket brand (not quite luxury). Maintenance and general upkeep for a VW are easily two to three times the cost of an equivalent Japanese car.
Which wouldn't be an issue if the cars were actually built to their price point. But the VW cars we get here are shittier versions built in nasty factories. They break down if you look at them wrong. The build quality is nonexistent. They are absolutely an awful deal, no matter how you look at them. You also have to personally import parts from wherever they're available, because otherwise only the dealerships have parts and they are absurdly overpriced.
Also, European brands are afraid of exporting EVs. If you want an EV, you buy a Chinese car. There is no other option. It is as simple as that.
Putting these factors aside: they are usually cheaper than their peers in insurance and they have dealerships absolutely everywhere. I've had multiple Skoda and VW EV rentals and the experience has been nothing but pleasant. Hence my priorities.
That is why so many rich fly private jets to environment conferences. People put Greenpeace and similar bumper stickers on their SUVs that never go off road and rarely have more than one person inside. They care about the environment, but only when it doesn't impact anything else in their life.
Emissions scale with performance, and inversely of fuel efficiency. So the environment may not be the most important point, but I'm pretty sure fuel efficiency is high on the list when you're picking a compact or long-range car that is supposed to be fuel efficient.
Also, by advertising as compliant to green specs something that wasn't, means people may have been swayed to purchase irregular cars despite them not being really green, only due to the fact that they may have received rebates and contributions for the purchase, regardless of whether "being greener" ranked high on their decision metrics.
I was lied to. Had I known that was the case there is a good chance I would have gone with a different car.
My car was recalled and reprogrammed and it no longer had the torque it had at first.
Of course now it’s clear that most if not all manufacturers were doing the same trick, they just weren’t caught at it.
It wasn't "more CO2" grade, it was "more NOx" grade. This in urban settings will actually kill more people with respiratory problems.
VW's "clever hack" probably, statistically, killed people.
https://en.wikipedia.org/wiki/Diesel_emissions_scandal https://en.wikipedia.org/wiki/Defeat_device
https://www.theguardian.com/environment/2015/sep/24/uk-franc...
Of course the governments probably lobbied for this stuff because it improves their car industry tax profits/employment numbers.
It's an easy market to win at this point. The bar has been lowered so much. Already have a nice car? Just don't display utter disdain for your user's privacy and you get our $$.
I have test driven the Kia EV4 and EV3, but I am not a huge fan. I do not enjoy the look of the EV3 and while the EV4 was a nice drive, I kept bumping my leg against the direction selector (which is below the handle for the wipers; But this is a huge nitpick since I am fairly tall, so not really an issue for 99% of drivers).
The main issue with Kia across the board is that their are so darn expensive for insurance. At my current provider, the EV4s insurance would have been 500 EUR more expensive than an roughly equally priced Cupra Born.
Not a huge SUV fan, but the Skoda Elroq and Skoda Enyaq were very nice vehicles as well
The "app" they provide is 60% advertisement, 30% features, and I unironically preferred using a Home Assistant connection instead of of it for everything. Even for automations like "when to preheat the car", since that was easier and more intuitive outside of their native function.
This also means, that charge control from the cars side is not possible to automate anymore.
Sure, one could take the position "but it was never officially promised", but for some people, including me, having the api (which is paid btw) was a selling point.
Yes, I registered specifically for this comment.
There's enough of users to start making a difference. Really, even a low effort action raising valid concerns (security theater, a lie, google's monopolistic position, anti-competitive, etc), keywords that will make their response more careful and potential complaint to the regulator more impactful.
In a similar vein, I once met a woman who told me how she would enter every single one of those stupid contests that you'd see printed on cereal boxes and ice cream containers because literally five people enter into those things, so you're odds of winning are surprisingly high. Apparently she won a bunch of them, but her favorite was when got a week long vacation that included going on a fishing trip with Ben and Jerry of "Ben and Jerry's".
I wonder if this is a result of Rivian writing VW's software or if that effort hasn't yet borne fruit.
[0] https://en.wikipedia.org/wiki/Rivian_and_Volkswagen_Group_Te...
I've slowly but surely been moving away from any service provider of any type who does not allow me to use their service without their often Play Services-dependent app. Changing vehicles would be a lot harder though.
[1] https://www.youtube.com/watch?v=f-S76WEl25k
- beeps about the speed limit, especially if it misses a sign. For example every time starting on a parking lot it keeps the 5 kph even after multiple turns
- warns about leaving the lane, including trying to stay on the lane by slightly couter steering while ignoring yellow construction lines
- Sometimes when moving off from a standstill in a queue, it triggers all "careful you're about to crash into something"-warnings. I suspect it's detecting exhaust gasses from a car in front?
- You must not, ever, touch the turn signal to announce your will switch lanes soon, while there is still a car next to you. You'll get a loud, obnoxious warning tone. This one is especially annoing as it makes sleeping as a passenger on the autobahn basically impossible.
Which people often do when sharing the driving on long drives. So, another case of it making driving more dangerous, if the spare driver can not rest properly.
I'm not arguing that the modem should be mandatory, or that you shouldn't be able to control what it does. But forcing car vendors who want to built in a modem to make this modem do an automatic emergency call by default, that seems quite sensible. Even more sensible would be if the modem did nothing unless you allow it, except when it detects that crash, but... profits.
When I talked to the dealers, they said that the speedometers only have to be accurate +/- 10% according to the SAE specifications.
After DieselGate I assumed that the high reading was to game the fuel consumption game.
Never again, VW auto group…
I believe the requirement is only one way - they can read high by a certain % but they cannot read low. Which makes sense. But that means in reality they will usually read a little high.
I guess you just filter it out after a while but it definitely makes me think I need to do some research before getting a new car any time soon.
Absolutely agree! After a few minutes you realise you forgot to disable one of the 'features' and then get distracted trying to do that.
Lane keep assist is broken and dangerous
Auto high beam assist is broken and dangerous
Auto cruise control is broken and dangerous
Collision detection-avoidance is broken and dangerous (thinks you're going to crash quite often in our narrow, built-up areas in the UK)
Speed sign detection is broken
Hell, even automatic wipers, after all these years, is far from perfect. I feel they should have had to prove themselves with that before being given anything more important
But some personal examples:
- Auto high beam assist saw a car at a side junction, turned off high beam, then turned back on, mimicking a 'flash' to let the car out, which they acted on by pulling out. I had to brake hard to avoid them. I was doing 60 mph
- I was on the motorway and a stranded vehicle was on the hard shoulder and the driver decided to exit from the side closest to my lane. I went to move over slightly to give space and avoid him, and the lane assist pushed me back towards him (there was too much traffic for me to change lanes)
- Driving in built-up areas with lots of parked cars and narrow sections, the collision avoidance has pre-activated with huge beeping warnings that massively distracted me, causing me to actually nearly hit something
These were all different modern (but not high end) vehicles
Auto cruise control doesn't take into account vehicles in other lanes etc. It encourages disengagement in dangerous situations/surroundings. It is by definition dangerous
edit: and speed sign detection is probably the most broken. The constant beeping and flashing. I mean, I don't have to explain that do I? Distraction -> danger.
The squeeze on the free internet happened so quick by the UK (well it took years of indifference and a failure to enshrine protections - but once they started moving the did so super fast)
Realistically we're speed running ID being tied to internet usage - create your escape hatch while you can!
It's scary how quickly the banning is moving. The problem is what happens next. When they realise that banning things doesn't really work. The next logical step is severely limiting internet traffic.
One dual-boots to a reputable Linux vendor’s signed/sealed OS image with secure boot enabled in BIOS, so that the attestations are valid; financially supports said vendor; contacts them quarterly with check-ins on the status of their lockdown+attestation roadmap and uses professional journalism approaches to highlight their (in/)action; and, contacts one’s relevant governing body to petition for the addition of that vendor’s signed/sealed product line to be added to the authorized signatures list by both government-sponsored apps and to the verification platforms of the competing vendors (in order to balance the necessities of attestations with an appropriate degree of anti-monopolistic protections for consumers).
> It's scary how quickly the banning is moving. The problem is what happens next. When they realise that banning things doesn't really work
This confidence that ‘attestation doesn’t really work’ is the same sort of confidence that lead the Linux user community to largely scoff at, and ignore, attestation’s threat from when it was ballistically launched three decades ago towards the future. Options are now very limited for stopping it, and largely reduced to ‘getting some Linux into the approval list’. Severe compromises in user freedom will be required for the signed+sealed distro images to receive government approvals.
Imagine if Linux were an app on a video game console and you start to see the outcome: it’s a perfectly great working environment into which all of /usr/local and /opt and /home are writable, but the lockdown prevents you from modifying the OS in any way that could defeat the attestation protections. Apps you install into /opt can only access their own /opt/prefix, apps you install into /usr/local can access $HOME. The apps you install can choose to write session data (such as digital age verification certificates) to a system-protected /data store keyed first by the kernel’s signature, and second by the vendor signature the kernel reads from the app; with the understanding that an attestation latch-forward after an exploit patch will wipe that store, and that dual-booting to a different vendor will suspend access to sessions stored by that vendor.
This is, to climb on my hobby horse for a moment, why I continue to believe that Valve will be the first Linux vendor to receive government attestation approval alongside Apple / Google / Microsoft have previously across the desktop and mobile spaces. I’d really prefer that to be Graphene, Ubuntu, and Valve — but Graphene’s customer base is hostile to this, Ubuntu doesn’t have any incentive to care, and of the Linux vendors out there, Valve has a decade-long head start on the need for a locked-down and attested platform for business reasons. All of the above falls out naturally from considering how to defend one app from another on Android, iOS, Steam Deck, and Xbox. So far as I can tell today, though, Linux intends to be left out in the cold on all this. Oh well.
So, in the scenario posed (quoted above again for context) that I’m responding to, where the government has mandated attestation online, it seems like you’re arguing that Linux should continue to opt-out of attestation, and thus be forced into non-internet uses only. Do I misunderstand your intended outcome to the scenario here? I took for granted that Linux users would want to retain access to the internet as a critical priority, given how strongly they’re objecting to attestation of internet apps (and eventually internet access), but if I’m mistaken then I’m happy to reverse course!
Don't fall for the trap that all of this is inevitable, you have to try and resist it first.
This way we will just have unremovable age verification, spyware, online accounts to use the os, name another bs from other vendors. What's the point of Linux then? The moment big corps and the state can seal spyware into your computer, they'll happily do it.
I'd rather have a separate burn device with whatever os for state services which lives in a faraday cage most of the time and have a proper OS I control on the main device than give somebody control over it.
"Starting anaconda", "Enable Kdump", on anything RedHat.
Debian spews an ancient terminal window of options upon options and who knows how to install Arch.
Linux installations has never been click, click go. Installation wizards are still designed for the tech enabled and not the common user.
We have a helicopter on Mars yet they still can't master a installation wizard.
Unexpectedly, the 'bootable thumb drive' models are actually pretty great — not the installers, but the ones that boot straight into a GUI that works and is usable. I haven't used one as my personal Linux uses predated thumb drives, but I have always (mistakenly?) assumed that once you're booted into a liveCD, you can click 'Install on a drive partition' and it will actually do something coherent and GUI and reasonable. Have I been too optimistic? Probably, yeah :(
When you accept government gift in approval consider it tapped. At any point they can return to the vendor and go "install this". No? Okay bye to your certification.
Call me paranoid.
I bet you would, though, if the built OS image were 100% reproducible except for the signature. Once you have a fully reproducible Linux OS build, you can literally copy paste the cryptosig from the vendor and it will work with the image you built yourself from source that you inspected yourself. Then it’s impossible for the government to tap it without breaking the reproducible image checksum and thus the published cryptosig. It’s a better defense than any warrant canary would be, and it satisfies your concerns fully.
Arch shows only 15 packages left for their core OS to be built reproducibly; what I don’t see at their dashboard is the state of their ISO build reproducibility, but I imagine that’s the same as the core, so maybe it’s just unstated for obviousness. https://reproducible.archlinux.org/
Does GrapheneOS publish their repro build efforts as a dashboard anywhere?
Instructions to fully reproduce a build are here: https://grapheneos.org/build#reproducible-builds (disclaimer: I never tried using them).
CryptoSecure, depends how it's done but again neither can be trusted. Especially when you have no control over the silicon running the OS.
I don't trust Linux now. Microsoft got its mits with WSL. RedHat sold-out to IBM and Debian got in bed with Canonical. Arch & Valve I might trust slightly more. They've got to make money somehow /shrug.
I use FreeBSD and I don't trust that either unless I can do make install world, even then I have my suspicions.
“Every time we see a Google Pixel, we suspect it might belong to a drug dealer,” said a police official leading the anti-drug operation in Catalonia.."
Seems like some countries/areas are already targeting the Pixel (really its because of GrapheneOS)
There's really something to be said for greedily signing up for most things and trying to get grandfathered before the zipcuffs tighten.
IRL, though, fuck this. Home depot added flock cams and broad facial recognition, grocery store installed turnstiles, haven't stepped foot in either since. I'm just dropping out of the IRL retail economy left and right.
Genuine question. That's news to me and I'm here.
[0]: https://www.birminghammail.co.uk/news/midlands-news/new-vpn-...
https://youtube.com/shorts/WvHl3G6KojI
I believe they're "doing research" into it, which basically means they don't understand how any of it works.
It mostly happened already and it's in motion.
EDIT: I might be confusing vless/xray/reality but seems like there are no problems to block it based on ip reputation + tls fingerprint + amount of connections https://habr.com/ru/articles/1044396/
Of course this would block some valid websites but when has government cared about that
I don’t think that will stop them trying though
[1] https://en.nshc.net/
It's possible that we get to a place where everyone cooks their own meal (vibe coded app), and only goes out to eat sometimes (official app store). Spreadsheets are the same, you can get a lot of milage, and most still buy and use closed source software.
Reminds me of this: https://www.robinsloan.com/notes/home-cooked-app/
<https://www.macstories.net/stories/10-years-of-app-store-a-t...>
HN discussion at the time:
- Apple iPhone SDK Event: iFund - $100 Million for iPhone Devs <https://news.ycombinator.com/item?id=130686>
And some early skepticism: "iPhone SDK And Restrictions: Some Of The Details Aren’t Great" (7 Mar 2008) <https://news.ycombinator.com/item?id=131171> Mostly concerns limitations on the API and what capabilities are exposed.
And for those who care to do more digging, a couple of searches bounded on 5 Mar 2008 -- 6 Mar 2012, the first 4 years of the App store:
"iphone sdk": <https://hn.algolia.com/?dateEnd=1331078400&dateRange=custom&...>
"iphone apps": <https://hn.algolia.com/?dateEnd=1331078400&dateRange=custom&...>
"iOS apps": <https://hn.algolia.com/?dateEnd=1331078400&dateRange=custom&...>
A very cursory eyeball of those shows some interest, but nothing overwhelmingly panglossian or critical. But I've not looked in depth.
https://distrowatch.com/table-mobile.php?distribution=icepac...
My first mobile phone was a Siemens m35i, eventually followed by a Sony Ericsson k500.
Where the Nokia 3310 phone couls receive animated icons via SMS messages that displayed on the background as well as looking at ascii smut via WAP at the age of 15.
So yes, what do you take me for? A disappointed cynical 37 year old who's watched the world burn in to a walled garden of hell that folk enjoy licking the grey walls of.
I do recall the rainbow fences where one could happily jump over if you got bored. Where anxiety wasn't a thing and folk were in touch with nature.
Literally who?
The rest of us groan when we hear "DOWNLOAD OUR APP" or grocery stores that want you to install their spyware coupon app.
These days, nost apps are just data exflitrators, spyware portals, and surveillance pricing initiatives, wrapped up with a "FREE THINGY" wrapping.
This describes almost every "tech" product
I strongly recommend saying that the operating system is one of "Android" (there are many variants), "Android (GrapheneOS)", or "GrapheneOS Android".
But if you say only "GrapheneOS", you are practically telling VW to respond that they do not support that operating system.
Not surprising to me at all that their software is a similar high quality experience, but in general I think it's weird that cars have to be connected to the Internet anyways and I doubt the competition is substantially better.
I don't know if an AAWireless adapter might operate in a way that could bridge that compatibility gap, but it might be worth a shot if you can borrow one to try it out.
I've been decently happy with it in a ~2020 car. Compared to a direct USB connection, there are some privacy implications with how it's running a low-power access point in the car, but bluetooth etc. are already a risk there.
> Did I miss something by not integrating my phone with my car? I don't think so. I call with Bluetooth and navigate with the screen of the phone.
For me the the main feature for Android Auto (over just a bluetooth connection) is navigation on the car's larger touchscreen that already has a good fixed position.
Happy voting with your wallet folks. See ya.
This is the WEF future your conspiracy uncle was telling you about during family gatherings. Well.
Toyota's have such a backlog of orders that they're marking cars up above MSRP
There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
Play integrity is an anticompetitive tool that ignores this, and artificially limits itself on GrapheneOS. It is not due to any incompatibility.
I still am hoping that at one point they understand the full consequences of remote attestation. There are some signs they start to notice, but it's slow...
GrapheneOS is one of, if not the most vocal organization against the abuse of attestation mechanisms. GrapheneOS and its userbase feel the consequences of play integrity every single day.
Im not sure where you got the idea that all GrapheneOS wants is to be accepted by play integrity, because that is not the case. GrapheneOS has been working with regulators to get play integrity banned. Being accepted by play integrity, but nothing else changing, is not good enough for GrapheneOS. It would only be a small victory along the path of abolishing this nonsense.
So, no, GrapheneOS and its community are definitely against play integrity. The "signs" that they are "starting to notice" are not there. They are already fully aware of what attestation is and how it can be abused. They are definitely not ignorant on the subject.
You might be confusing root based attestation with pinned attestation. Root based attestation is flimsy and allows tools like play integrity to ban operating systems they do not like. Pinned attestation, on the other hand, has real security properties and cannot be abused to block certain operating systems. GrapheneOS uses pinned attestation as a part of their Auditor app, and it has other cool uses we could see in the future.
The pinning you are proposing, does it imply that there is again some certification of the "official" GrapheneOS, versus e.g. the user's own fork of GrapheneOS?
How would any of the existing proponents of remote attestation agree to anything like this, given what we consider abuse is exactly their reason of implementing it in the first place? Here, VW wants to stop use of the API by anything else than their App, in order to stop hobbyists and sell API access to commercial middle men. If the user could pin their own software's attestation or even register an arbitrary public key to cover updates, then the user would as well be able to code his own API client that just emulates the attestation. Is there any write up or discussion of the pinning you propose?
I am really not yet convinced how you want to counter the inevitable abuse that app developers and service providers will subject the user to if the OS security model gives them that kind of power over the user's end device.
I get that Google doesn't want to be sued for failing to protect its users and indirect users of the mobile phones sold by other companies, but for advanced users there should be an option to update the signing keys used by the bootloader, so that you can unlock, flash your custom ROM, update keys, and relock bootloader. Such a phone should still be considered "trusted" by Google Integrity APIs. But currently there's no way to do this, so basically you don't really own your hardware.
I gave up on custom ROMs trying to extend my devices' lives and bought a Fairphone instead, so I have the assurance from the vendor that I will have software updates for a very long time.
Has this ever happened?
- RCS doesn't work at all on non-Owner accounts, switching to the owner account is necessary to receive them (I use a secondary account for my "main" account, the owner is left empty except for a Google Fi associated account)
- Immediate auto-update can cause phone to turn off and not turn on overnight (you can change the setting)
- Google Wallet won't work for payments (in Europe you can instead use Curve)
- The default AOSP app selection is in general worse than the Google provided ones (you can install them, after installing Google Play Services, which is sandboxed)
- Getting Google Fi to work required some fiddling initially, pretty sure it was because of my use of the non-Owner account
- Some banking apps will refuse to work (mine work fine)
- You can get Android Auto working, but by default so many things are sandboxed that applications and TTS won't show up unless you spend the time enabling permissions
Overall I am happy with it. It does feel a bit less polished than stock Android (because of the interaction of apps and more strict sandboxing), but for most people who don't care about Google Wallet and are ok installing Play Services and any necessary Google apps, the experience feels pretty much like a de-Gemini'd/de-bloated Android.
It's not as customizable as Samsung for instance.
It only runs on Pixel phones (next year hopefully some Motorola phones).
Oh, and Android 17 has been released so there is hype for that.
As a EU citizen, please sign this petition https://www.change.org/p/eu-data-act-durchsetzen-autoherstel...
If a monopolist can insist on terms (e.g., Amazon mandating lowest price guarantees from sellers, or Google mandating auth / compliance / KYC exclusivity to Google Play Services privileged devices by app devs), then threats to the compelled party (sellers, app devs) will be minimally effective.
Class action lawsuits, regulation, and legislation, are required for effective relief.
If most would do this, they are not individuals anymore.
Increasingly my vision of retirement is a life of luxury surrounded by hardware from before the internet era, things that do what I tell them, rather than telling me what I am and am not allowed to do.
Nissan sells a ton of cars to subprime borrowers, quality isn’t exactly their focus. Hyundai/Kia and Stellantis also target the same buyers.
A German philosopher had a lot to say about this a couple hundred years ago... I think his name was Karl.
> Please note that the use of the Volkswagen app is only supported on iOS devices and Android devices with supported operating system versions.
Is it time to mandate app developers support all operating systems for a device?
Dont let their boilerplate responses fool you, tools like play integrity only serve to push anticompetitive practices. The claims about not being able to support GOS are nonsense, and all they did was break existing support.
I have moved most of the my finance activity to it, along with my license and passport. I would never trust a Google device with this much, and the convenience has been profound in a few circumstances.
I would relegate any intrusive apps here, and happily deny them cross-app tracking privileges.
My take is that they were trying to block rooted phones and/or custom ROMs of questionable origin and GrapheneOS just became collateral damage because all these companies do go the minimal route of using Play Integrity. GrapheneOS supports remote attestation through AOSP APIs, in fact, they have a page about it.
I think it's worth letting this be heard. GrapheneOS has > 400,000 users and is rapidly growing. Breaking things is not going to affect 5 people anymore, but thousands, ten thousands or hundreds of thousands, depending on what the app is.
There are only bad reasons for them to do that. End users don't get compromised that way in reality, but it does mean they might convince the app to do something that's bad for profits.
GrapheneOS is also not responsible for bugs in this app. Any bug reports coming from GOS are likely to be from the hardening toggles, which uncover bugs in the app. This is the apps fault, and these bugs still exist on other OSs. It should be resolved for the benefit of all users.
"Support" is such an overloaded and vague word in the software industry. What does it mean for a company to "support" an app/os configuration?
1. They deliberately target that app/os configuration, QA tests it, and answer customer support requests about it.
2. They target the configuration, QA tests it, but it's offered without customer support.
3. They target the configuration, but only release an untested build, use at your own risk.
4. They don't target the configuration at all, but the builds they do release happen to work on the configuration, totally unacknowledged by the company.
5. They don't target the configuration, and deliberately sabotage their application such that un-targeted configurations are actively blocked. Only adversarial users who hack the software are able to use it.
Too many companies say: "We can't do 1 because we don't 'support' it, therefore we must do 5!"
About the only time it doesn't work is when the game uses an anticheat system that intentionally blocks Linux. I can even see where the game devs are coming from when it comes to competitive games; cheating ruins the game for other players, and there's no way to prevent certain kinds of cheating without trusting the client to a degree.
I can't see any reasonable and user-respecting place VW could be coming from intentionally blocking access from open systems.
Because of those bug reports, very few may be specific to the non-mainstream OS? https://news.ycombinator.com/item?id=28978086
If you choose to use something like GrapheneOS, you are signing up for the fact that almost no one will test on your platform and plenty of things will be broken.
Hypothetically, if GrapheneOS wanted to become a certified Android, it would probably not be blocked on technical reasons, only that becoming certified (last time a contract was leaked) requires running privileged Google Play Services (which is less secure) and pre-installing a bunch of Google apps that should not be uninstallable.
How is that not anti-competitive?
> GrapheneOS is a privacy and security focused mobile OS with Android app compatibility [https://grapheneos.org/]
Tools such as play integrity are illegal. Using anticompetitive and monopolistic tools is not the right of application developers.
> Using anticompetitive and monopolistic tools is not the right of application developers.
Please talk to an actual lawyer before making legal claims, because to be blunt it's very clear you don't know what many of those terms mean in a legal context. VW is not a "monopoly". They have no obligation to allow the use of their software on platforms they don't want.
I do know what these terms mean in a legal context. I am claiming that play integrity is an anticompetitive and monopolistic tool, of which VW decided to use. I am not claiming VW is a monopoly. What you are claiming is their right to do, is not their right at all, and is illegal.
You may disagree with the concept of Device Integrity, but it is a feature with plenty of history and demand. Companies want their services accessed from secure platforms for security, and this is not inherently anticompetitive.
It can even make you a great/better one…
The issue is not that this application isnt tested on GOS, its that an anticompetitive, illegal tool is being used to ban non-certified OSs when these apps would work perfectly otherwise.
Obviously VW broke the app for GrapheneOS (or any other custom ROM) on purpose, and ironically, things usually works fine for custom ROMs than some Chinese OEM customized ROMs, and when it works, it means the developer went extra miles to implement workaround to cater the flawed OS.[1]
[1]: ref: Years of Android community experience
Maybe then app developers should be mandated to open fully their server-side protocols, so people can create apps for platforms that are not supported by default. No more undocumented APIs, anybody can get an API key, no API serving limits!
https://news.ycombinator.com/item?id=48319509
Fuck that.
Also I have to say, setting charge times remotely is mighty handy, if one pays the market/pool prices for electricity which fluctuate from hour to hour.
To me this smells like a cartel. Why is the EU not doing anything?
My feeling is that this change plus the recent API lock for a few days ago are in fact part of a reworking to enable this EU legislation.
There are already massive problems with people miswiring head units to play videos while driving and updating their ECU to spew pollution into the air. You're not going to convince any significant number of people that it's a good idea to allow arbitrary code to run and control most of the other systems too.
Then that's a poor design that should go the way of the dodo. Someone hacking the entertainment system should not be able to take over control of the engine. The entertainment system on planes do not allow one to hack into the autopilot. There should be no need for a firewall, they should have no shared wires between them.
* Backup Camera
* Turning traction control on/off
* Turning auto hold (maintaining the brake pedal while stopped) on/off
* Window defrosting
Many cars are even more integrated - are there any physical buttons inside a Tesla or is it all through the touchscreen?
If you're going to use the worst example as the comparison, then we'll get no where fast.
It works in tunnels. It works in cities with tall buildings. It works on Lower Wacker Drive in Chicago.
Is there some technological limitation that precludes using this data to determine whether or not a movie can be played?
(It's not like it's new tech. It's decades-old. Honda started using it over 20 years ago.)
It's also not clear what the purpose of this line of argument is. Some sensor says "car is moving". The operating system in the car/head unit is responsible for enforcing that signal, and it could ignore it equally from either OBD or some pile of gyroscopes. Where that signal comes from has nothing to do with why you will not see cars accepting custom operating systems.
It completely dismantles your previous goalposts, which were planted firmly on GPS:
>> Not with the necessary precision. GPS doesn't work in tunnels or parking garages and can be wildly inaccurate in city centers with skyscrapers blocking line of sight, for instance.
(I guess we all have the freedom to be as flexible with our goalposts as we wish. I didn't come here for a tireless argument that is motivated by nothing but the desire to argue, though. Have a great day!)
In the States, for example: Every state I've looked at has laws that make it illegal to roll coal.
And at least in my own state (Ohio), it's a primary offense. A person can be pulled over and ticketed for this even if they're doing everything else by the book. It's super easy to spot.
It seems that it persists not because of a lack of laws, but because of a lack of enforcement.
also, what scale of harm do you think exists from those people?
do you really believe that control of one’s own engine should be removed from all vehicle owners if a few people misuse it?
do you understand that vehicle manufacturers use their proprietary systems that control the vehicle to exploit customers?
Serious health complications, particularly to cyclists and pedestrians. Significant pollution surges:
> According to government estimates, the practice can increase nitrogen oxide emissions as much as 310 times, non-methane hydrocarbons 1,400 times, and carbon monoxide 120 times. [https://www.rawstory.com/raw-investigates/rolling-coal-donal...]
> AED estimates that the emissions controls have been removed from more than 550,000 diesel pickup trucks in the last decade. As a result ofthis tampering, more than 570,000 tons of excess oxides of nitrogen(NOx) and 5,000 tons of particulate matter (PM) will be emitted by these tampered trucks over the lifetime of the vehicles. [https://int.nyt.com/data/documenttools/epa-on-tampered-diese...]
I didn’t ask the multiplier of badness of a single individual doing a bad and stinky thing, I asked what you think the _scale_ is. Do you believe that all people with trucks modified to do this are doing it at all times? Or even half the time? How many people do you think are doing it?
People are growingly concerned with both the car manu and Apple/Google control over their car and related extra software goodies.
Laws are really needed when businesses don’t play nicely. I don’t know the legal specifics, but I’m sure glad I don’t need to buy $1000’s of specialty tools to maintain my vehicle, and sure glad that replacement parts are readily available (and will be for decades).
Just image how much worse society would be if car manus did the same thing as Apple and had ID-paired parts. Sorry! Your AC doesn’t work anymore, please install a genuine Honda oil filter at your nearest Authorized Honda Shop, available for a minimum of $500.
10 out of random 10 drivers out there don't care about the software running in the car.
> Laws are really needed when businesses don’t play nicely. I don’t know the legal specifics, but I’m sure glad I don’t need to buy $1000’s of specialty tools to maintain my vehicle, and sure glad that replacement parts are readily available (and will be for decades).
You drive a self-maintained car. Nothing wrong with that, but I would guess 95 out of 100 drivers on the road don't care about the car at all - they just want reliable transportation from A to B and perhaps some confort.
> Just image how much worse society would be if car manus did the same thing as Apple and had ID-paired parts. Sorry! Your AC doesn’t work anymore, please install a genuine Honda oil filter at your nearest Authorized Honda Shop, available for a minimum of $500.
I don't have to imagine that al all, all premium car manufactures digitally id their components and will not accept 3rd party replacements.
(Yes, repairability and standardization are encouraged where feasible.)
Like, the head unit is in control of all that happens on the slow bus of the car, and needs to pass independent safety certifications for a complex system.