It's the right trade off for most people as the only USA 2G nationwide network is T-Mobile's. They are going to turn it off in April 2 2024 (1).
There's some regional carriers in rural areas that offer the only coverage available. Like Commnet Wireless (2). These are few and far between and usually they have deployed 3G to their whole footprint. The Big Three are building out native coverage to overlap with them. But by Murphy's Law someone with an Android 14 phone is going to discover that they can't call anything but 911. Ideally there would be a button prompt enabled in No Service situations to re-enable 2G. FCC rules mandate that cellphones must support fallback to null cipher if that's what's needed to connect an emergency call.
> It's the right trade off for most people as the only USA 2G nationwide network is T-Mobile's. They are going to turn it off in April 2 2024 (1).
A US-only analysis of this seems not especially useful, since Android is used worldwide. If anything it is more popular outside of the US than inside of the US, making US-based analysis even less illuminating.
Deadhorse is remote geographically, but it's the hub of oil operations for the entire North Slope, so there's demand for corporate connectivity and not just personal cell phones. there's been a fiber line out to it since 2017 [0].
the remote areas with less connectivity are probably places without deep-pocketed corporate customers that would justify the expense of running fiber. I suspect large swaths of the Alaskan interior fall under that description.
Yeah, it's not a great argument to cherry pick a place that has 4G and then remark at the fact that it has 4G. The point isn't that given one specific remote settlement you selected on the map it would be extremely difficult to deliver 4G connectivity to that settlement. The point is that there are a ton of remote settlements and it would be extremely difficult to deliver 4G connectivity to all of them.
Microwave and narrow focused point to point wifi is still definitely a thing in remote areas. Although with Starlink becoming very popular I wonder how long until new deployments decline.
Having just visited a few National Parks there were many cell towers with modern LTE cell radios connected to an old and badly under-provisioned microwave link. In busy parks like Yellowstone the cell service was effectively unusable. The background traffic from the phones in people's pockets (checking email, checking for updates, downloading map tiles or getting directions, etc...) was enough to bring the entire system to its knees.
I was thinking that they were way overdue to replace those microwave dishes with a Starlink terminal.
Starlink is LEO, it doesn't have the latency issues of old-style satellite internet (indeed it can theoretically be faster than anything ground-based as soon as you're going further than ~700km).
Nobody said anything about the latency issues of GEO stationary satellites. Starlink very much has real latency differences and potential bandwidth capacity limitations vs a dedicated point to point microwave link as previously stated.
Starlink has to travel minimum of 550km twice + distance from ground station to destination server. For remote locations, you generally also have an additional satellite to satellite relay distance as well. So realistically say 1500km minimum, likely way higher. Speed of light time on that distance is ~5ms, and that doesn’t account for latency losses at each hop and also remember that’s one way time.
There’s a reason microwave is still used, even sometimes over fiber, where latency matters.
> Speed of light time on that distance is ~5ms, and that doesn’t account for latency losses at each hop and also remember that’s one way time.
So it's about +10ms to your ping for nearby destinations, less (and potentially even faster) for more distant destinations. That's really not enough to worry about in most contexts; even for FPS gaming, unless you're a pro 10ms isn't a huge difference maker.
> There’s a reason microwave is still used, even sometimes over fiber, where latency matters.
Only for HFT as far as I know; latency mattering that much is a tiny niche.
If your concern is guaranteed latency you'll choose a consistent +10ms rather than a link that goes down whenever it rains. I very much doubt there are any cases for remote industrial machine control where microwaves are the better option.
> rather than a link that goes down whenever it rains.
Oh, so you are finally conceding that Starlink doesn’t fit every use case? Because Starlink definitely goes down during a storm occasionally but a dedicated microwave link with high gain parabolic dishes won’t in the same conditions.
> I very much doubt there are any cases for remote industrial machine control where microwaves are the better option.
Yes, Starlink satellites have inter-satellite laser links that can provide connectivity even if there's no base station nearby. These have been active since November 2022 [1]. They were supposed to expand coverage to most of the Arctic in early 2023 [2], which indeed seems to have happened [3].
The opposite. They started with low latitudes, up to London. The initial target market was big spenders, and there are progressively fewer of those north of London. Starlink in the high north remains hit or miss, particularly in mountains.
I have been to Deadhorse AK, it is a pretty cool oil rig town probably producing billions dollars worth of oil each year, more than many US towns. So Please dont compare it with rural areas.
Deadhorse also has a fully functioning commercial airport with Alaska Air flights that are "free" for the workers there.
>Deadhorse also has a fully functioning commercial airport with Alaska Air flights that are "free" for the workers there.
neat, I didn't realize the US had anything like 'company towns' anymore, hopefully they avoid the paternalism stuff that ruined company towns in the previous centuries.
Deadhorse is owned by BP and every tourist needs to show ID to enter. It has fancy hotels with free buffets inside, lot of big and tough machines and even tougher people. Lots of old people to manning businesses inside.
Worth is a subjective concept, Yosemite might have negative GDP but might be worth very high value for many of us due to its natural beauty. We are talking here about cellphone towers, availability of good infra will mostly dependent on GDP of that region.
It obviously doesn’t, but GDP roughly correlates to the profitability of expanding a network to that area. As others have mentioned, there are many awesome, very remote areas that would never be economically viable to provide cell coverage.
True, but some of the LTE bands are the lowest licensed carrier frequency cellular service - they should be the most reliable. Like b71 (600MHz) and b12/13/14/17/28/29/67/85/103 (700MHz) blocks. [1] There's really no reason for 2G only connectivity anywhere in the US other than underinvestment in rural communities no?
Absolutely, but there probably only needs to be a single cell tower in Deadhorse, where a rural mountainous region would need several to serve a smaller area if the signal is getting blocked, which would be more expensive.
The outdoor mall in Alameda has notoriously awful coverage. It was so annoying that I called Verizon to complain about it. The operator said that the population density was too low to support good coverage there (WTF), and that also the trees there block the signal (I could see a Verizon tower from the parking lot where I was standing, and you can see from one end of the island to another from the upper floor of tall houses).
I will never understand how the powers that be decide where to deploy coverage.
Alaskan and touring musician here. Coverage on the road system up here is great, believe it or not. In 2015, my band was on tour Outside, and as we headed through spokane, across Idaho heading to Missoula, I ached with anticipation: I was gonna play Montana by Frank Zappa as soon as we crossed the border.
That didn't happen for a solid 30 or 40 miles, because none of us had signal. And that was on an interstate.
you win. you win with this post. i can see the cop dropping his hot dog and getting mustard on his uniform. "there's been this creepy car outside my house for days, could someone come check it out?"
I am curious what rural areas have 2G only. I've driven all over the contiguous US and hit plenty of "No Service" and 3G, but never 2G (T-Mobile Samsung S22).
This is a T-Mobile rant about them turning off non-LTE 4G service. T-Mobile is still providing non-LTE 4G, but they will not let you activate a new non-LTE 4G device on their network. Last year I tried to do this. Before I did anything, I called them and asked if I could activate a new non-LTE 4G device. They told me it would not be a problem. Activation went fine, but after a few days, the device stopped working. I spent hours with Tech Support trying to solve it, but we couldn't, so they had me go to the store and get a new SIM. The new SIM worked fine for a few days, but then the device stopped working. Troubleshooting on my own, I swapped the SIM with a different non-LTE 4G T-Mobile device on the same account (iPad Pro). Both devices began working! After swapping the SIMs back, they both continued to work, but the new one stopped working after a few days. I called T-Mobile Tech Support again and confronted them with this proof that the SIMs and devices were fine, but service on the new device would fail after working for a few days. After hours more, they found some Tech Bulletin they were unaware of that explained it this way; Any device activated after (some day I forgot in 2022) will cease to function unless it registers 4G LTE service with a tower every 24 hours. T-Mobile would have to have written a script to implement this, and they clearly did it only for marketing purposes. My non-LTE 4G iPad Pro (2016) still works great, but I had to replace the other non-LTE 4G device with something newer. Note: I had used that same device on the T-Mobile network for several years before temporarily deactivating it for six months and then trying to re-activate it. If I had re-activated it a month earlier, it would have worked fine.
TLDR; Cellular providers make money by selling you new equipment, and they will claim a device is unsupported even when it's not true.
Which is interesting, because earlier this year in the UK, I was getting repeated nagging texts from my mobile provider that they were switching off 3G, and that 2G would be the fallback.
I think the biggest reveal I see in the article is that the lynchpin of stingray is basically an overpriced downgrade attack. Disabling 2g is arguably a potent way for ma bell to keep security companies like stingray from eating their already opulent lunch. We also dropped 2g because stingrays parlour trick also immediately outed itself as a national security threat
My Samsung S21 running the latest Android (13) doesn't offer the option to disable 2G while keeping 4G/5G. The list is literally: 2G/3G/4G/5G, 2G/3G/4G, 2G/3G, 3G only, or 2G only. If you want to keep 4G and/or 5G you're SOL. Personally, I would prefer 4G/5G (as the 2G/3G fallback on my network next to useless outside the 4G/5G coverage footprint). Hopefully when Android 14 comes to the S21 it comes at least the option to disable 2G as described in the article.
MMI (man machine interface) codes.
Some of them are dictated by telephony standards, some by carriers and some (probably most popular) by device manufacturers.
Basically they let you access various features and settings
Early releases of LTE just didn’t have a spec for voice call, so the phone would disconnect and reconnect in 3G when a call was happening(circuit switched fallback). Maybe that one?
> There's been a setting for users to disable 2G for forever,
I don't think this setting does what you think it does. The description under this option has a big caveat: "For emergency calls, 2G is always allowed". So even when disabled, the phone can still use 2G networks.
It sounds like this new option is to actually disable all 2G functionality.
No, the new option in this respect is to let corporates choose "No, never" for employee devices.
Previously (e.g. Android 13) if your cellular provider said you can choose "No" then there's a slider in your Settings so you can choose, otherwise it's greyed out and tells you "Name of Your Provider requires 2G to be available".
On corporate devices it's a pain to have settings that your users can screw up, and so it's nice when Android (or Apple for iOS) makes the setting something you can choose to lock down instead.
# Edited to correct text of fixed message when your cellular provider has decided you mustn't switch off 2G.
The new feature (and underlying HAL) both explicitly allow the radio to ignore restrictions on network types when making emergency calls, so this is not the distinction being drawn.
There is also nothing the OS can do to shut down 2G in most cases; the best it can do is ask nicely that the baseband does not use it. So the "shut it all down" theory is also not correct.
Emergency call works slightly differently to normal calls, in particular, it could start with the phone completely disconnected from the tower. So specifically emergency call being available in 2G doesn’t mean the phone still registers on 2G.
It’s probably a legal requirement that if 2G is supported emergency calls on 2G must be also supported. Maybe there are some LTE-3G dualmode phones without GSM in the world, if that’s what you must have?
If a phone is already compromised to the point it can make emergency calls without the user intending it to, how helpful is it for the user to have disabled 2G?
> In other words, the network decides whether traffic is encrypted and the user has no visibility into whether it is being encrypted.
I'm pretty sure that it was intended that the OS UI would show you when your connection is unencrypted, but none of them do because that was undesired by state actors.
Also, even if encryption is enabled it's only for the radio part of the data transmission, not handset -> handset. Otherwise you would not be able to make calls to landlines, so isn't it already trivial for a Network Operators to decrypt your raw data? It would help for scenarios like an embassy mounting a fake base station to grab data about protestors outside it, I suppose.
Also, how can they tell if the encryption key is weakened by setting lots of bits to zero, like was done in the original version of GSM?
Yes, they just ask companies for direct access. With a bit of arm twisting, they mostly get what they need because they have the law on their side and cooperation is not optional. No need for back doors if you can just come in via the front door.
Google helping with your security is similar to when those nice mafia guys knock on your door offering protection. Don't forget that Google is apotheosis of evil corporation trying to take over all your data. This is the very company that turned "don't do evil" into "do things".
It's almost like a giant company like Google have ~100,000 employees, with a complex incentive structure at different levels that are encouraged to do different goals. While I have almost completely de-googled my life a few years ago, it is just stupid to attribute malice to anything they touch -- they have plenty of good contributions, certain parts of AOSP being an example.
I would be happy to have that on a GrapheneOS phone for example, if I hadn't went with Apple.
This is not a Googler's 20% project. You can expect any major feature released to have been infected with Google's morality and mentality of being an ad company needing to extract profit out of free products.
You cannot apply Hanlon's Razor to megacorporations.
I think a lot of Android devices have that; you type ##4636## into the dialer, and a menu appears. In that menu, you can select which cellular technologies are used.
I wish there was a way to create or apply a rule that addressed that type of comment. Most, certainly not all, end up not contributing much, just angst.
Yes? The world is nowhere near perfect, but those mafia guys are probably actually going to protect "their" money from other gangs, and Google's obsession with your data means they have even more incentive to protect said data from other actors. In addition, of course, to the more general incentive to build features that can make more people (or in this case, organizations) choose Android.
Credit where credit's due. Google moves against our best interests very often but this is not one of those times. Let's accept this improvement graciously. Other Android-based operating systems like LineageOS and GrapheneOS will also benefit.
GrapheneOS implements a similar feature which limits to 4G cellular networks.
This is great if the phone decides 3G or 2G connectivity is better, but I know the 4G network is faster (still slow). A downside is that if the 4G network is completely overwhelmed (e.g. on a festival), the phone might not receive phone calls or sms it'd receive if it could switch to 2G (happened to me. The phone had 4G connectivity, but SMS didn't work without allowing 2G).
My Samsung S21 running Android 13 doesn't have this option. My carrier is One NZ but from what I understand it's just stock Samsung firmware/software without anything specific to my carrier. Curious what Samsung phone you have, I wonder if it's only available on the more recent models.
You don't need custom carrier firmware, some configs are downloaded from carriers whenever your device registers in the network.
Those settings are one of them.
I may have to get rid of my Samsung phone because of this. There is no way to turn off 5G or 5G UW. I often find myself in an area where the phone will cling on to 1 bar of 5G UW and it's unusable with websites refusing to load. On an iPhone you can just turn off 5g and fall back to LTE. On this Samsung phone my only option is to physically move to another location which is unacceptable.
It's hard to imagine how they going to achieve this given that ultimately it's controlled by the closed source baseband code that's not written by Google.
There are only so many partners for cellular basebands in Android phones realistically. Qualcomm, MediaTek, and Samsung make up the vast majority of that market. Google already cooperates with them for other work I'm sure. No reason they wouldn't want to implement this.
I hope that they didn't make it any more difficult for me to MITM my own phone traffic. The latest Android releases have a couple of painfully annoying methods. The one I did (simplest, IMHO) requires rooting, installing a (somewhat obscure) Magisk module, and several more steps after. Not a fun experience, and I signed up for Android and not iOS because I want to be able to do stuff like that.
You might be able to MITM some packets meant for the cellular network, but fundamentally you're not gonna be able to MITM any cellular packets without running your own base station (i.e. a device outside your phone). Whatever mechanism you used for redirecting cellular traffic to your MITM apparatus could always be bypassed by simply sending that traffic over the actual cellular network.
Seeing all the comments, I think the best option could have been 2G default off (perhaps with a popup when nothing but 2G is available saying that "fallback to 2G temporarily? It is not encrypted" kind of alert, with the exception of emergency calls always available over 2G regardless of user prefs.
It just isn't at all. It's still on-air in the US and much of Europe not to mention huge countries like India (where it is still heavily used) and China plus many African countries.
> We look forward to discussing the future of telco network security with our ecosystem and industry partners and standardization bodies. We will also continue to partner with academic institutions to solve complex problems in network security. We see tremendous opportunities to curb FBS threats, and we are excited to work with the broader industry to solve them.
I'll be honest. The stuff in this article is good, if a little underwhelming, but I feel a large amount of distrust for Google nowadays, to the point where what would've felt like unnecessary pessimism now feels only rational to me.
Ever since Google dropped WEI into our lives, I feel like they should not be allowed to be a part of any security efforts in any standards body or ecosystem. How long until carriers try to limit devices that don't support Google Play or Apple remote attestation of some kind?
> Ever since Google dropped WEI into our lives, I feel like they should not be allowed to be a part of any security efforts in any standards body or ecosystem. How long until carriers try to limit devices that don't support Google Play or Apple remote attestation of some kind?
Wait, so no Google or Apple employees involved in any standards body security efforts. What about TPM? Better ban employees from Intel, AMD, Qualcomm, Microsoft...who's left?
I mean, that's a take, but it seems like really the take away is that we should be skeptical of company motivations and security issues in standards bodies should be dealt with transparently, which all seems like a good take?
Until some kind of regulatory action occurs, I especially do not believe Google should be allowed. Intel definitely has its misgivings and conflicts of interest, but Intel doesn't have the same conflicts of interest that Google has.
I truly believe Google is off on their own island of being impossible to trust in their current state.
Especially not in a world where W3C gleefully standardizes literal DRM.
How is it worse when Google wants to implement something that Apple already did? I mean it's bad but being number two to implement it seems like the regulators should look at Apple first, not Google.
>I mean it's bad but being number two to implement it
Number is irrelevant - power is.
>seems like the regulators should look at Apple first, not Google.
If some one person company proposed this instead, would you want regulators to look at them first?
To put it simply - Apple does not provide OS to smartphones and PCs, it manufactures them. So as long as they do not produce 50% of PCs or 50% of phones or have Microsoft agreeing with their proposal then they are lesser threat (for now).
It's like with Monopolies and Cartels - power over market should bring relative response from regulators over company - especially if that company tries to create proposal which invades users privacy.
I'm not sure if I agree that Google's future intent is the bigger threat versus Apple already using it.
>So as long as they do not produce 50% of PCs or 50% of phones
Apple's market share in the US smartphone market is at almost 58%.
>It's like with Monopolies and Cartels
Yes, and I'm not saying Google shouldn't be looked into if necessary, but Apple has a 100% monopoly on iPhones unlike Google on Android and PC where you can switch browser.
If Apple is stopped, there are no reasons to go after Google, as it would also be illegal for them to do the same. Two birds with one stone – and Apple definitely also needs to be stopped.
> Apple's market share in the US smartphone market is at almost 58%.
And less than 30% worldwide.
> and PC where you can switch browser.
Under condition that you are not using anything other than Windows/ChromeOS - then no matter how much you switch the browser the OS stack will still not be certified - like DRM always fails to work on my end.
>If Apple is stopped, there are no reasons to go after Google, as it would also be illegal for them to do the same.
You are missing the point for me - Apple is just somewhat big¹ hardware company with niche¹ system. If you want to fight them because they have enormous power on your market - power to you, but from global perspective "no reasons to go after Google" is clearly misguided.
> How is it worse when Google wants to implement something that Apple already did?
P.S.
It isn't worse - both are terrible and both should ultimately be scrapped.
Just because one company invents invasive bs doesn't give rest right to continue with that.
Before someone says Apple has 50% of phones - no it does not. Based on worldwide data not US one.
The WEI discourse is just getting comical. it may be bad for the open internet, or for the browser ecosystem. but it's not a security flaw.
to say you don't trust google to be part of any security efforts because they tried to put security in a place you don't want it is silly. you're arguing the slippery slope fallacy here, there's no reason to think that carriers would even want any sort of device attestation, or be legally allowed to do that under the terms of their spectrum licenses.
Of course it's a security flaw, but it's a security flaw for the end user, not google. It's google's security, like them putting their own lock on your door that they can a remotely activate on a whim. This is what most humans would call a security flaw, but it's a non traditional one for sure.
I guess security is only ever defined with respect to specific security threats.
There are quite a few of those "dual use" features where you have a primary purpose of protecting some oligopolist's business model but the incidental side-effects range from beneficial to catastrophic in terms of security for users.
Take Apple's side-loading ban for instance. It makes obvious sense for Apple's own interests. Beyond this primary purpose, it protects people against getting tricked into installing malware but it also poses a threat to human rights and freedom of speech as it gives whoever is in power central control over the software people can use to protect themselves.
Google's WEI is another such dual use technology that can be portrayed in many different ways, because it really does have different consequences for different people at different times.
? I didn't say it's a security flaw. The problem is that it's a terrible, user-hostile, open-web-hostile approach to security that shouldn't have even been proposed.
>there's no reason to think that carriers would even want any sort of device attestation
With the bargaining power that Google has in the mobile space, I strongly suspect they could find a way to entice carriers into moving towards enforcing device attestation. And I don't just mean forcing devices to attest; I mean things like, Hmmm, are you sure you want these untrusted Android devices on your RCS services?
> or be legally allowed to do that under the terms of their spectrum licenses.
I don't really like relying on hoping the laws will help, but it would be nice to know for sure if they do. Unfortunately, I am assuming you aren't actually positive.
Google Fi definitely favors Google devices heavily and there is no supported way to use a non-data-only device without an Android phone with GMS.
Nobody said you did. Normally, crummy security(security flaws) is what disqualifies someone from security and not functioning security. You're comment implied WEI would work as imagined and you remarked that should disqualify Google from security. That's a bit ass-backwards, disqualifying someone because they didn't introduce security flaws.
> The problem is that it's a terrible, user-hostile, open-web-hostile approach to security that shouldn't have even been proposed.
But it isn't a security flaw. And no, it isn't a terrible, user-hostile, open-web-hostile approach to security. It's just a gleam in someone's eye who's stated goal is to not create something which is a terrible, user-hostile, open-web-hostile security approach but some additional signal which websites can try to use to filter out malicious traffic. Why do WEI critics always come off as sounding like the "think of children" anti-encryption fear mongers? At least wait until it becomes something first.
> With the bargaining power that Google has in the mobile space, I strongly suspect they could find a way to entice carriers into moving towards enforcing device attestation. And I don't just mean forcing devices to attest; I mean things like, Hmmm, are you sure you want these untrusted Android devices on your RCS services?
With the bargaining power that Apple has in the mobile space, I strongly suspect carriers can tell Google to pound sand. Unless Google is implementing something Apple has already, I doubt that will happen.
I don't understand why you think the literal only way a security standard can be bad is if it has a literal security flaw. What Google is doing is bad for reasons other than security flaws, but it's no different from the other reasons why Google being involved in standards other than security standards is bad. It's just that in this case, their evil, user-hostile mechanism has absolutely no reasonable use case outside of security.
Yes, developing bad, user-hostile, open-ecosystem-hostile security standards should indeed bar you from security standards work even if the prison you've built for end users is maximally secure.
Because of this I propose that "the users should require that server attest it, environment and content with respectable attester before it provide any other data to the user - user should get signal if server operates on up-to date unmodified stack and did not modify server environment in any way to track, monitor, gather (steal) user's data, nor is compromised." How about that?
>"the the bargaining power that Apple has in the mobile space"
Like 30% (and loosing) of worldwide phones? Think globally not US. And we shouldn't forget that Apple may loose EU market altogether because of it inflexibility when comes to battery replaceability.
>Why do WEI critics always come off as sounding like the "think of children" anti-encryption fear mongers?
No we do not. In fact many just want opposite - for encryption not to be used as power over common people but by the people.
> "At least wait until it becomes something first."
As Google implements it before even finalizing proposal and banned all comments and pulls - I will not.
> It's just a gleam in someone's eye who's stated goal is to not create something which is a terrible, user-hostile, open-web-hostile security approach but some additional signal which websites can try to use to filter out malicious traffic.
To put it by analogy from Car owning company:
"We propose that any package delivery must be delivered in secure and attested way - so we propose mechanism that will provide way for smaller companies fly drone before you get your package. We will not allow them to sell your photos - pinky promise."
This is more or less how I feel about Google promises.
If you propose something on global - you should take all the time to think about ways that it can be mismanaged before you even propose it, If you trivialize concerns then you are as guilty when they inevitably happen.
>some additional signal which websites can try to use to filter out malicious traffic.
"The solution to the surveillance economy seems to be more surveillance."
This is quite good quote - because if you think for second about this phrase it should give you good idea what You can get…
Google is a large company. One part can do good while another part does bad. It's not as if anybody thinks Pichai is directing it all with any success :)
Companies have many incentives and they play out in different ways. It's possible to have that result in some things that you think are good and some which you don't. At a certain size, there is no longer a unified set of values holding everything together and inevitably, some values will clash with yours. Lumping everything into one pile is dramatic.
There is, but the financial net result is only known with hindsight. Exactly which actions boost the net result in a particular time frame always remains uncertain.
Also, the people who work for corporations have their own goals and net results, such as promoting their own careers or self esteem.
Shareholders may wish for a single minded, deterministic, profit seeking machine but that is not a possibility. Capitalism just provides vague, incomplete and even contradictory incentives.
>There is, but the financial net result is only known with hindsight.
I mean a net result regarding the impact it has on society.
>Shareholders may wish for a single minded, deterministic, profit seeking machine but that is not a possibility.
Yes, but my point is not based on some total purity of absolute profit seeking.
It's enough that we can observe for 20 plus years now actions with harmful intentions and harmful effects, primarily motivated and explained by profit seeking.
It doesn't have to be Google's (or any companys or organizations) absolute and only priority, nor everybody has to be single-mindedly going for it all of the time, Google doesn't even have to be totally effective in this goal for them to perform profit-increase-oriented harmful actions.
I mean, it's such a pedantic point! What you wrote is common sense, and it wasn't contended. I didn't paint them as pure-profit-seeking-pure-evil-nothing-else.
Just as an actor that causes harm in pursuit of its profit-seeking.
Unless you believe Google is controlled on the micro-level by some all-knowing AI with the single goal of profit seeking, and it can ultimately align every one of their goals to profit, that is just an overly naive take. People/bureaucracy is faulty, even at being evil.
>Unless you believe Google is controlled on the micro-level by some all-knowing AI with the single goal of profit seeking, and it can ultimately align every one of their goals to profit, that is just an overly naive take.
Yes, because a company can be a negative actor driven by profit-seeking only if it is "controlled on the micro-level by some all-knowing AI with the single goal of profit seeking, and it can ultimately align every one of their goals to profit".
That's, of course, not the point. For example, I believe the Chromium team has done plenty of good, too, but the C-suite, directors and shareholders are at best, completely complicit in a lot of the sketchy, corrupt activity that Google is endeavoring in with standards, Android, etc.
So it's difficult to trust them with anything. There are plenty of great people at Google, but they're not able to stop the awful things Google does, so why does it matter?
I don't think the stuff in the article is really that great. Google is basically shoring up a few possible avenues of man in the middle attacks.
Meanwhile, the mobile ecosystem is still rife with many other avenues - your MVNO, fractured Ma Bell, Play Services still has outsized privileges on standard Android, most apps aren't E2EE (despite the article's bastardized use of the term), etc. It's just this boring corporate security narrative where we're supposed to continue ignoring the 800lb gorillas selling our personal information into countless surveillance databases and focus on how they're closing down possible independent attackers.
What would be newsworthy is if they were even talking about real security - libre baseband, mitigating protocol identifiers (eg IMEI) that allow for pervasive location tracking, etc.
> Ever since Google dropped WEI into our lives, I feel like they should not be allowed to be a part of any security efforts in any standards body or ecosystem.
Excluding Apple and Google, the remaining bodies are MS, Amazon and Facebook which presence is close to non-existent in the mobile OS market. Good luck with them?
It feels like folks reacting to WEI are just riding a wave of publicity and outlash. There are many reasons that WEI sounds like a good idea, but a reasonable debate can't even occur in the current climate. I would like the ability to improve websites' trust in me, and use services that are free of bots, but apparently giving me the ability to do that might somehow endanger folks rights to not do that so I am not going to be allowed to? What's next, people will be outraged that I show my state issued id before entering age restricted stores?
> There are many reasons that WEI sounds like a good idea
I know I'm biased in my opinion on WEI, my initial reaction was extremely negative.
That said, I'm willing to be open minded here. As a user, how does WEI benefit me?
I can easily see how WEI benefit's advertising companies like Google and how it benefits advertisers that want to track their campaign's effectiveness. What I can't see is how it benefits a user of the web.
I don't care if I'm responding to a bot if the conversation is meaningful, nor do I care if a bot posted some content to whatever content feed I'm currently browsing because I like to see content and it doesn't matter if a bot or human posted it, to me.
What is the benefit in "improving websites' trust in me" to me as a user? As a web developer, I do not trust my users nor would I ever trust them. This is a core principal in application development.
The "give up your freedom to prevent crime" argument isn't new or compelling. I'd rather keep what little privacy I have and put up with spammers.
As for captchas and logins, I'm not sure that'll change much. Websites still want to spam us so they'll keep asking for our email addresses, and companies still have AI to train so they still have to force us to identify buses and crosswalks. I also don't care for the idea of participating in a protection racket. "Just give us all your data and we'll stop annoying you by demanding it" isn't much better than "just pay us and we'll stop trashing your property"
Alright, you got me. There is a tiny, minor, insignificant benefit. This is not worth giving up any control of my own PC.
> You'll see less spam in website comments.
Highly unlikely. This will be defeated by spammers just like every other attempt to stop them is.
> Fewer websites will be behind a login wall.
Not just highly unlikely, but absolutely not going to happen. No site that currently requires login will change to not require login. No site will give up that user data.
I believe that the concern is that it will infringe on some people's ability to use their computers to interact with some websites (something which is vital to living in our modern society). My computers all run Linux and I use Firefox so this is a personal issue for a lot of people. As someone who is only able to use sites like Netflix on my computer through the continued generosity of a bunch of large corporations (honestly it's really good fortune) this makes me extremely uncomfortable. Especially since the whole point of EME was to prevent privacy and it hasn't done that (100% of Netflix content is trivially available to anyone via a multitude of pirate sites) so...
How can parties which have no power have any kind of dialogue with a megacorp with billions of dollars. From a thousand miles up the only level of dissatisfaction that is even noticeable is the kind where people throw their androids in a lake and switch to Apple and Bing.
Exactly zero folks are liable to notice that you have a subtle nuanced analysis regarding their strategic direction with a feature. It would be like you telling a star about how you feel about how they wore their hair at a show 3 weeks ago. Your opinion is either invisible or irrelevant.
I think the Lockdown Mode will disable 2G only starting with iOS 17.
The press release [1] doesn't mention 2G directly but only "safer wireless connectivity defaults" but FastCo [2] is more direct "with iOS 17, Apple is not only beefing up Lockdown Mode (by blocking the iPhone from connecting to 2G cellular networks and from auto-joining insecure wireless networks) but bringing Lockdown Mode to the Apple Watch".
There's some regional carriers in rural areas that offer the only coverage available. Like Commnet Wireless (2). These are few and far between and usually they have deployed 3G to their whole footprint. The Big Three are building out native coverage to overlap with them. But by Murphy's Law someone with an Android 14 phone is going to discover that they can't call anything but 911. Ideally there would be a button prompt enabled in No Service situations to re-enable 2G. FCC rules mandate that cellphones must support fallback to null cipher if that's what's needed to connect an emergency call.
(1) https://www.t-mobile.com/support/coverage/t-mobile-network-e...
(2) https://www.cellularmaps.com/regional-carriers/commnet-wirel...