cross-posted from: https://infosec.pub/post/9936059

I would like to collect the scenarios in which people are forced to enter Google’s #walledGarden (that is, to establish and/or maintain an account).

If someone needs a Google service to access something essential like healthcare or education, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

  • right to life
  • healthcare
  • freedom of expression
  • freedom of assembly and of association
  • right to education
  • right to engage in work and access to placement services
  • fair and just working conditions
  • social security and social assistance
  • consumer protection
  • right to vote
  • right to petition
  • right of access to (government) documents
  • right to a nationality (passport acquisition)
  • right of equal access to public service in his country

Below is what I have encountered personally, which serves as an example of the kind of experiences I want to hear about:

  • Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:
    • emergency apps (e.g. that dial 112 in Europe or 911 in the US)
    • banking apps
    • apps for public services (e.g. public parking)
    • others?
  • (education) Google docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped in pursuit of education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.
  • (education) A public university’s wi-fi network involved a captive portal and the only way to gain access was to supply credentials for a Google or Facebook account.

I’ve noticed that when creating an account for a public service I often have the option to supply credentials for Google or Facebook to bypass the verification process. In all cases of this kind of registration shortcut being used for public service, there was an alternative Google-free way to open the account. But in the private sector, I’ve seen this style of registration that absolutely required a proxy login via some shitty walled garden (like the university wi-fi). So I wonder if there are any situations where a government (anywhere in the world) requires a Google account in order to get service.

  • @[email protected]
    link
    fedilink
    109 months ago

    Things I need from the Play Store are:

    • Banking App
    • Banking TAN App
      I downloaded them using the Aurora store and although they complain about missing play services on every startup, they work without them.

    Things I don’t need, but use (installed in the same way and run without play services):

    • App from my country’s train service
    • App from my carsharing service
    • Netflix
    • Spotify
      I could run those in a browser, but I don’t see what the big difference would be. They run without play services.

    So luckily, in Germany, you can live without Google. Nothing actually requires it.

    • @[email protected]
      link
      fedilink
      59 months ago

      I use a LineageOS phone with nanogapps which can run a TAN app but I use a hardware TAN generator instead which is far more secure.

      My tablet is pure LineageOS without any Google services.

    • @[email protected]OP
      link
      fedilink
      5
      edit-2
      9 months ago

      What’s TAN?

      (edit)
      Regarding the train svc, the carsharing, Netflix, etc, I generally draw a line and say all the private sector stuff can be disregarded apart from life essentials like groceries. So in your list, the train service is a good point because that’s a public service which invokes human rights (equal access to public service). Since you mention Germany, I happen to recall some Germans saying that the train app can access tickets and fares that are otherwise unreachable, perhaps in part because some stations have no kiosk.

      • @[email protected]
        link
        fedilink
        39 months ago

        Transaction number. It’s a second factor for authentication of basically everything you want to do while banking online.
        Most people use a phone app for it (which doesn’t reliably work on degoogled and rooted phones), but you also have the choice of buying a dedicated TAN generator device, so people without smartphones can use online banking.

      • @[email protected]
        link
        fedilink
        39 months ago

        Re tickets: Many people in Germany use a kind of flatrate of 50€ per month for regional and local public transit, which either comes with a plastic card or an app. Politicians discouraged the card as ‘less modern’ and many people don’t even know about the card. Basically all train stations for interregional trains (InterCity Express (ICE), InterCity (IC) and EuroCity (EC)) have a way to aquire printed tickets.

        • @[email protected]OP
          link
          fedilink
          1
          edit-2
          9 months ago

          That sounds like a good option for regular users and locals. Can that card be bought anonymous non-residents using cash? It would seem to eliminate a lot cases of non-phone users getting screwed but I guess there would still be tourist cases where the 50€ is unjustified. Like if someone is just passing through and needs to change airports (though I guess those are also not the cases where someone would be forced to use a phone app).

          • @[email protected]
            link
            fedilink
            English
            29 months ago

            Practically only Germans can subscribe, as an address and a bank account is required for the ticket.

    • youmaynotknow
      link
      fedilink
      19 months ago

      Banking apps are not a “need”, as long as you can do internet banking over their web instance. At least that’s my case with all 4 financial institutions I use.

      • @[email protected]
        link
        fedilink
        29 months ago

        My bank requires a second factor for everything done over the web instance. That second factor is either an app or a hardware token generator you have to buy seperately.

        • youmaynotknow
          link
          fedilink
          29 months ago

          That does make sense. The one Bank that requires a hardware token provided by them gave it to me for free. The other 3 accept that I use my FIDO keys.