this post was submitted on 07 Jun 2025
98 points (100.0% liked)

Privacy

38672 readers
190 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] beyond@linkage.ds8.zone 10 points 1 day ago

This might be a hot take but the best way to avoid or "bypass" onerous things like the "integrity API" is to opt out of the proprietary world as much as possible. Use exclusively free (Libre) software and technology where you can.

We should not be thinking in terms of how do we get proprietary crapware onto our free systems, because that defeats the purpose of a free system. The idea is to build an alternative to the proprietary world.

[–] Ulrich@feddit.org 12 points 1 day ago (1 children)

GrapheneOS is already working on it:

We're going to add a secure way of working around this without breaking the app source security model. We'll be adding support for having the OS automatically verify the Play Store signing metadata and then inform Play services those apps were installed from the Play Store.

https://grapheneos.social/@GrapheneOS/114554622772349562

[–] zelnix@lemmy.ml 4 points 1 day ago

That's already released and only deals with recent changes. It doesn't fix apps using strong integrity challenges

[–] pinball_wizard@lemmy.zip 10 points 1 day ago (1 children)

Do you think we can find a way to bypass these,

Yes. Direct physical access always wins. A device in my hands is my device.

or is the future of the digital world just authoritarian and dystopian?

Yes. Many people aren't going to explore the solutions, or be willing to give up the convenience that comes with not changing what they're doing.

[–] utopiah@lemmy.ml 3 points 1 day ago (1 children)

A device in my hands is my device.

Could you then please help root the Meta Quest 3? So far I believe nobody managed.

[–] rumba@lemmy.zip 5 points 1 day ago (1 children)

We're a decade too early for open source vr.

That's not a VR headset, You bought an expensive Facebook paperweight.

[–] utopiah@lemmy.ml 1 points 1 day ago* (last edited 1 day ago) (1 children)

Edit for TL;DR as this became lengthy : agreed, do NOT buy "an expensive Facebook paperweight" but also, open source VR exists today! Depending on your definition and needs, there is a lot that can be done and you can help.

Rooting isn't open source...

Anyway Valve Index runs perfectly on Linux, that's how I finished Half-life: Alyx. I also do already have a rooted Lynx XR1 and a Project NorthStar which is open hardware (even though not OSHW iirc).

There are also :

  • open source runtimes for OpenXR like Monado,
  • runtime managers or switches e.g. xr-chooser or openxr-explorer
  • window managers (ish) like xrdesktop or Stardust XR
  • browser like Wolvic (with Gecko and now Chromium backend) with cross-platform supports with WebXR
  • streaming from desktop to standalone HMDs e.g. WiVRn or ALVR
  • some distributions have dedicated documentation e.g. NixOS for desktop and PostMarketsOS mobile
  • plenty of tools that run on standalone HMDs as most are "just" Android devices, e.g. termux letting you install NodeJS then run your own on device Web server to code on device, standalone, offline, alternative launchers e.g. LightningLauncher, removing some telemetry and plenty more I'm not even aware of.

IMHO one of the best resource covering that and more is https://lvra.gitlab.io/

So... I'm a bit confused, maybe I misunderstood, what did you mean by being "a decade too early"? Which functionality specifically is missing today?

[–] rumba@lemmy.zip 1 points 21 hours ago (1 children)

The Index and the Quest are entirely different things.

The index is a monitor with sensors attached to it.

The Quest is a proprietary PC with an ecosystem, DRM and billion dollar company backing.

Rooting isn't open source They don't have anything to do with each other other than the fact that you don't need to root open source devices. They lock us out of root because they don't want us to control our own devices, They want us to use their stores, they're walled gardens, and their support for everything which is very un-open source.

My point behind touting an open source mobile VR device would be that it would not need to be rooted.

I looked at the hardware you mentioned and while the open stuff looks very nice it looks very not available for anyone to purchase. Do you expect any of that hardware to be more available soon?

[–] utopiah@lemmy.ml 1 points 5 hours ago
  • for the Lynx (that can't be bought rooted already but takes about 15min to root) I wouldn't buy it right now but wait for their AndroidXR release... and see if that would be rootable. I personally share my Lynx with hardware and software hacker friends nearby because I know it's a relatively rare device.
  • NorthStar is AR, not VR, and by default isn't mobile but there are compute pack explorations and opaque covers. Honestly if you are not into hardware tinkering I would not recommend it. If you are though then you probably don't need a lot of hand holding, just connecting with peers to learn from each other.
  • SimulaVR https://simulavr.com/ is very tempting but the price tag is quite high and to be honest I worry that they are following the Lynx delivery delay path. I also haven't put my actual hands on an actual product so I can't comment on it.
  • Valve itself has been leaving hints for mobile VR and they did IMHO an amazing job with the SteamDeck, namely something reliable (it "just works") while running Linux proper (even though most players will be totally unaware of it) ... but it's Valve. So they will release it, if they ever do, whenever they will believe it's ready. This is also pure speculation! They have not announced anything but they did sell the Index, SteamDeck, SteamVR on Linux, and there are bits of code hinting at a standalone HMD.
[–] serenissi@lemmy.world 37 points 2 days ago (2 children)

IMO the only reason tech world can be authoritarian is people's negligence. Otherwise even if all major brands produce unhackable locked down hardware, people could boycott those and buy the one obscure open device (like pine64) and market force will force big names to revert.

Corporations do not have power by themselves. People refusing to think and understand gives them power. Same applies to mainstream politics.

[–] Auli@lemmy.ca 2 points 22 hours ago

They have money which means they advertise which influences peoples decisions. As much as some people might deny it ads work.

[–] drspawndisaster@sh.itjust.works 28 points 2 days ago (2 children)

So unless I can convince my mom to install Firefox we're fucked.

...we're fucked.

[–] FauxLiving@lemmy.world 4 points 1 day ago (2 children)

Unless you can convince them to get out of the 'surveillance for free stuff' market then they're fucked, not everyone.

You can choose to use free and open source software and sped time learning and putting together a system that benefits you. Or you can just sign up for Google, let them do all of the work in exchange for spying on you with every device that you buy and put in your house.

[–] drspawndisaster@sh.itjust.works 2 points 14 hours ago

Oh I'm gonna dodge corporate bullshit at every opportunity, but they're also allowed to gather data on me simply tracking my friends and family

[–] Auli@lemmy.ca 1 points 22 hours ago

I'm fucked either way. Big corporations control so much of the internet devices the chances are my stuff is going to them anyway.

[–] serenissi@lemmy.world 11 points 2 days ago* (last edited 2 days ago) (1 children)

yes. also your friends, not only mom.

(/s aside, most people of younger generations don't care as well, not only elderly less tech literate folks)

We are soooo fucked.

[–] FireIced@lemmy.super.ynh.fr 17 points 2 days ago (2 children)

I sadly believe we’re fucked

[–] Auli@lemmy.ca 3 points 22 hours ago (1 children)

We where fucked when the internet got consolidated into what five companies.

[–] FireIced@lemmy.super.ynh.fr 3 points 22 hours ago

And them being in the USA as well

[–] AnnaFrankfurter@lemmy.ml 15 points 1 day ago (3 children)

We were fucked a long time ago it's just the effects showing now. But I hope the rebels at Graphene OS and other custom ROMs will find a way.

load more comments (3 replies)
[–] catloaf@lemm.ee 29 points 2 days ago

If you can root your phone and use an xposed module, maybe. Or the EU forces them. Otherwise, there's not much option.

[–] Nicro@discuss.tchncs.de 19 points 2 days ago (2 children)

Well the idea of having attestation isn't the problem. The problem is that apps requiring attestation (banks, insurance providers, ID-systems) use the most convenient solution. Slapping on Googles prebuild attestation. Graphene for example, provides alternative attestation for their OS and offers docs for anyone to implement a more fitting set of checks.

There are two approaches here: If you're upset that your hacked-to-bits, rooted, unlocked and/or unencrypted device is failing checks: I'd say, tough luck. Until we can create provably untampered app-containers, that level of access genuinely breaks TOS on apps and regulations on handling personal data. Breaking those checks is then breaking those compliances in an unsafe way.

If you believe your setup is actually secure and compliant, just not in a way the allmighty Google intended: Try and get an attestation module for your setup. Fight for these apps to accept non-Google attestation and fight for devices that don't artificially limit what can pass as secure.

[–] Auli@lemmy.ca 2 points 22 hours ago

What kind of bullshit is this. Breaks what regulations? You know everyone allows things to happen on a computer which guess what you have root access to and is "unsecure" This bullshit gets said so many times but it is not true.

[–] koper@feddit.nl 26 points 2 days ago (3 children)

If you're upset that your hacked-to-bits, rooted, unlocked and/or unencrypted device is failing checks: I'd say, tough luck. Until we can create provably untampered app-containers, that level of access genuinely breaks TOS on apps and regulations on handling personal data.

Hard disagree. If you own the device, you should be in full control of what's going on. Sure, attestation can give some extra security, but that decision should be up to the user. Everything else is just excuses for user hostile DRM: platforms levaraging technology to secure their own profit margin against the interests of user.

[–] smiletolerantly@awful.systems 14 points 2 days ago* (last edited 2 days ago) (1 children)

Yyyyyyupp

"Oh no, this device is rooted! :(" Yes because I know what I am doing, now show me my account balance you stupid piece of ahit banking app.

[–] skarn@discuss.tchncs.de 7 points 1 day ago

Banking app: "Oh no, your device does not conform to Google's latest whim, terribly insecure, can't let you make a SEPA."

Baking website: "Opera on an outdated, pirated copy of Windows? Looks a-ok to me!"

load more comments (2 replies)
load more comments
view more: next ›