cross-posted from: https://infosec.pub/post/9936059
I would like to collect the scenarios in which people are forced to enter Google’s #walledGarden (that is, to establish and/or maintain an account).
If someone needs a Google service to access something essential like healthcare or education, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:
- right to life
- healthcare
- freedom of expression
- freedom of assembly and of association
- right to education
- right to engage in work and access to placement services
- fair and just working conditions
- social security and social assistance
- consumer protection
- right to vote
- right to petition
- right of access to (government) documents
- right to a nationality (passport acquisition)
- right of equal access to public service in his country
Below is what I have encountered personally, which serves as an example of the kind of experiences I want to hear about:
- Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:
- emergency apps (e.g. that dial 112 in Europe or 911 in the US)
- banking apps
- apps for public services (e.g. public parking)
- others?
- (education) Google docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped in pursuit of education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.
- (education) A public university’s wi-fi network involved a captive portal and the only way to gain access was to supply credentials for a Google or Facebook account.
I’ve noticed that when creating an account for a public service I often have the option to supply credentials for Google or Facebook to bypass the verification process. In all cases of this kind of registration shortcut being used for public service, there was an alternative Google-free way to open the account. But in the private sector, I’ve seen this style of registration that absolutely required a proxy login via some shitty walled garden (like the university wi-fi). So I wonder if there are any situations where a government (anywhere in the world) requires a Google account in order to get service.
Education is a good one. Fortunately at this stage in my life it’s no longer an issue for me. I cannot think of anything else I would need google for. Never needed Google to dial emergency services as this is available on dumb phones as well as land lines. Public service apps just need an email of phone number, email I host myself.
One thing that should be discussed is major email providers shutting out self-hosters so that they only accept emails originating from one of the big tech companies. You can receive emails, but having them accepted by others is another story. I’m usually not in favor of heavy handed legislation, but this is an area I would have no issue with the feds interfering as this is essentially a way to create a monopoly.
I’ve ditched email for the reason you mention. If I need to email a private sector entity, I might check their MX server and attempt to send a message if the receiving server is not Google or MS. But generally I nix whatever company I would otherwise want to reach. If I need to reach them (e.g. to get support for a product I already own and I’m stuck with), then I use snail mail. Same for public offices. Most government offices use Microsoft for email which is a non-starter for me. If they use MS then they’re getting snail mail from me.
Things I need from the Play Store are:
- Banking App
- Banking TAN App
I downloaded them using the Aurora store and although they complain about missing play services on every startup, they work without them.
Things I don’t need, but use (installed in the same way and run without play services):
- App from my country’s train service
- App from my carsharing service
- Netflix
- Spotify
I could run those in a browser, but I don’t see what the big difference would be. They run without play services.
So luckily, in Germany, you can live without Google. Nothing actually requires it.
I use a LineageOS phone with nanogapps which can run a TAN app but I use a hardware TAN generator instead which is far more secure.
My tablet is pure LineageOS without any Google services.
What’s TAN?
(edit)
Regarding the train svc, the carsharing, Netflix, etc, I generally draw a line and say all the private sector stuff can be disregarded apart from life essentials like groceries. So in your list, the train service is a good point because that’s a public service which invokes human rights (equal access to public service). Since you mention Germany, I happen to recall some Germans saying that the train app can access tickets and fares that are otherwise unreachable, perhaps in part because some stations have no kiosk.Re tickets: Many people in Germany use a kind of flatrate of 50€ per month for regional and local public transit, which either comes with a plastic card or an app. Politicians discouraged the card as ‘less modern’ and many people don’t even know about the card. Basically all train stations for interregional trains (InterCity Express (ICE), InterCity (IC) and EuroCity (EC)) have a way to aquire printed tickets.
That sounds like a good option for regular users and locals. Can that card be bought anonymous non-residents using cash? It would seem to eliminate a lot cases of non-phone users getting screwed but I guess there would still be tourist cases where the 50€ is unjustified. Like if someone is just passing through and needs to change airports (though I guess those are also not the cases where someone would be forced to use a phone app).
Practically only Germans can subscribe, as an address and a bank account is required for the ticket.
Transaction number. It’s a second factor for authentication of basically everything you want to do while banking online.
Most people use a phone app for it (which doesn’t reliably work on degoogled and rooted phones), but you also have the choice of buying a dedicated TAN generator device, so people without smartphones can use online banking.
Banking apps are not a “need”, as long as you can do internet banking over their web instance. At least that’s my case with all 4 financial institutions I use.
My bank requires a second factor for everything done over the web instance. That second factor is either an app or a hardware token generator you have to buy seperately.
That does make sense. The one Bank that requires a hardware token provided by them gave it to me for free. The other 3 accept that I use my FIDO keys.
I don’t have a personal Google account and can’t think of any times I’ve felt like I needed one. I’ve had some for work but only accessed from work computers so figure those are the company’s accounts rather than mine.
Don’t need Google account to access my bank. How does that work exactly? My bank has its own login setup, in no way reliant on a Google account. If your bank requires a Google account, get another bank.
Never needed an app to dial 911…the whole point of 911/999 is that it’s easy to remember, easy to dial. Also, I haven’t dialed 911 in 25 years, but I’m pretty sure opening the dialer and pressing 3 buttons isn’t too difficult. Also, I don’t see how having a Google account is required to dial 911 (or use an app? ) to do so.
The places where I see a major problems are education, where Google and Microsoft have entrenched these systems. Of all the places I see an opportunity for Open Source and Linux to have a major impact, it’s there. I’d happily work for an org with goals to get OSS and Linux into schools as the base infrastructure (but also with Windows, OSX, iOS as part of everyone’s curriculum).
I’ve also never seen a public service require Google or Facebook credentials. I’ve seen some companies/services use them for “user convenience”, and even those typically offer other sign-on/verification processes. But never a public service (power/water/DMV/dtate/county, etc). If I did run into this, oh, I’d be raising a stink with some regulators, representatives, and reporters. Fuck that.
I have exactly one service I use my Google account for - Tailscale - and that’s because I’ve been too lazy to switch to another method until I move it to production (think the offer a third party SSO or a hardware key).
Don’t need Google account to access my bank. How does that work exactly?
Like most banks, a bank pushed an app exclusively via Google Playstore or Apple’s store. At the same time, that bank shut down their website and closed their walk-in over-the-counter service. Customers then had 3 choices to access their account: join Google’s walled garden, join Apple’s walled garden, or make an appointment for every single transaction which incurs fees. Alternatively, the Android app can be obtained using an app called Aurora and violate Google’s ToS by using a shared account to download the app.
I think that particular bank started making their app available in Huawei’s app store, so there is an alternative walled garden for Android users in that case. But Huawei is an uncommon option as more and more banks trend in the direction of forced-Google-patronage.
Never needed an app to dial 911…the whole point of 911/999 is that it’s easy to remember, easy to dial. Also, I haven’t dialed 911 in 25 years, but I’m pretty sure opening the dialer and pressing 3 buttons isn’t too difficult. Also, I don’t see how having a Google account is required to dial 911 (or use an app? ) to do so.
A 911 app was hypothetical but a 112 app certainly exists. You populate the app with important details like name and address. The app is capable of both voice and text (SMS) and IIRC can also connect via wi-fi if there is no GSM signal. If you can’t speak for some reason (choking, throat cut or you’re hiding from an intruder and must be silent) the app transmits all the data you configured plus whatever you can type.
update
Someone in a crossposted thread said it’s not just Playstore that marries people to Google but also an API library for financial transactions:
To me it is a bit confusing what you are looking for exactly. Like, if you want to know where you really need an Google account with no alternative there are probably few situations. Usually there are alternatives although they may require some or even a lot of effort. Or do you want to know in how far Google makes it so comfortable and is so dominant that it becomes the default for most people?
Like someone else in the comments here, I also live in Germany and do not have any Google account (or any GAMAM account). I couldn’t think of any apps that I would need where a Google account is required? Of course, if you are using stock android it may be necessary. But who exactly is forced to use android or ios if they can also use a custom rom?
The only case I can think of where you would be forced to use Google is when your employer or any group you are in is requiring you to participate with a Google account. But I’m not sure how they could force you to do so and even then, alternatives could be found, if other people are willing to do so.
I don’t get the 911/112 example. But maybe it’s because I’m generally confused about what you are trying to find out exactly.
To me it is a bit confusing what you are looking for exactly.
It’s research for this article → https://thefreeworld.noblogs.org/post/2024/03/20/comparison-of-the-human-disempowerment-severity-of-3-walled-gardens-facebook-google-and-cloudflare/
and do not have any Google account (or any GAMAM account)
That stumped me for a second. I guess #GAFAM is now being called #GAMAM? I hate to accept the renaming as “Meta” hijacked a normal word to inject their brand into normal conversation unrelated to them. But OTOH, it’s more accurate, sadly enough, since Meta owns the Facebook subsidiary.
I don’t get the 911/112 example. But maybe it’s because I’m generally confused about what you are trying to find out exactly.
Contacting emergency services is an important human right on many levels:
- right to live
- right to healthcare
- right to equal access to public services
So forcing people to patronize Google in order to install the app means people are trapped in Google’s walled garden in order to maintain their human rights. Some say “you can simply dial 112/911, no app needed”. But the app is useful in more situations as it transmits name and address instantly and supports text when you cannot speak.
Here’s a quite interesting story where someone is being denied medical service for not patronizing Google or Apple:
Oh ok, that clarifies it for me. I guess it would still be helpful to distinguish between Google really trapping someone inside their walled garden and them just exerting a strong incentive to stay inside the walled garden. I mean, you can have a custom rom on your phone etc. But still most people won’t choose this because it would mean technical literacy that hardly anyone has as well as giving up the comfortability and features of the walled garden.
I wrote gamam because I wasn’t sure what the abbreviation was and a quick search gave me gamam ;)
The example you gave at the end sounds horrible. Pretty obvious how walled gardens work in this one…
I mean, you can have a custom rom on your phone etc.
The OS is not the issue. It’s that apps are exclusively distributed in the Playstore which requires a Google account to reach. People running homebrew stuff tend to use Aurora, but that app still needs Google creds to use Google’s API. The anonymous option supported by Aurora violates Google’s ToS, so it’s not a legal option that anyone could point to as an official escape from the walled garden.
I personally will not use Aurora, even anonymously, because use of the app in most cases signals to the server that they were successful in getting the app to someone and connecting. It rewards them nonetheless.
Interesting point and you’re certainly right about Aurora. I also use startpage.com as my default search engine and there it is basically the same. While I don’t give Google my data, I still rely on it nonetheless…
Startpage is certainly more favorable than Google. But it’s worth mentioning that Startpage is a Google syndicate so Google still profits from the use of Startpage. There are a number of searx instances out there that provide Google results by scraping Google instead of paying for API access. That’s a way to get Google results without feeding Google.