3/19/2026 at 9:27:39 PM
The part in the flow where you select between allowing app installs for 7 days or forever is a glimpse into the future. That toggle shows the thought process that's going on at Google.I can bet that a few versions down the line, the "Not recommended" option of allowing installs indefinitely will become so not recommended that they'll remove it outright. Then shrink the 7 day window to 3 days or less. Or only give users one allowed attempt at installing an app, after which it's another 24 hour waiting period for you. Then ask the user to verify themselves as a developer if they want to install whatever they want. Whatever helps them turn people away from alternatives and shrink the odds of someone dislodging their monopoly, they will do. Anything to drive people to Google Play only.
by tavavex
3/20/2026 at 12:33:07 AM
An actual example of this lives in the Gmail iOS app. Click a link in an email and every x days, a sheet appears: https://imgur.com/a/nlGS4Yk1. Chrome
2. Google
3. Default browser app (w/unfamiliar generic logo)
They removed the option for Safari some time in the last two years; here's how it looked in 2024: https://imgur.com/1iBVFfc
And the cherry on top of dark UX patterns: an unchecked toggle rests at the bottom. "Ask me which app to use every time." You cannot stop getting these.
by lelandfe
3/20/2026 at 5:00:22 AM
The darkest UX pattern I have ever hit is trying to cancel Google Workspace; whereby they disable the scrollbar on the page so you cannot actually get to the cancel button.by pea
3/20/2026 at 10:42:46 AM
Yes, I want through this last year and documented it in a screencast. This is how it looks https://mstdn.social/@can/115243851196253381How is this legal?
by shafyy
3/20/2026 at 1:32:15 PM
Don't assign to malice what can be explained by incompetence:* new automated UX experiments starts * the UI bot made a change that made the page unscrollable * the experiment has a much higher rate of retention then the control (because people can't scroll) * the experiment is deemed a success by results analysis (no one looks at the page to see WHY) * the experiment is blessed as the new pipeline
Such an obvious business improvement made by Gemini !
by ddalex
3/22/2026 at 2:49:21 PM
How about "don't assign to incompetence the malice that can result in big bucks"by LocalH
3/20/2026 at 4:09:32 PM
>Don't assign to malice what can be explained by incompetence:OK, if it is a bug, what are the different time frames for people experiencing this pretty serious bug?
by bryanrasmussen
3/20/2026 at 4:15:00 PM
[dead]by retr0rocket
3/20/2026 at 12:51:36 PM
It's probably not but no one has challenged them on it.by hrimfaxi
3/20/2026 at 4:54:09 PM
It's legal until somebody sues them.by gzread
3/20/2026 at 10:41:25 AM
Oh yes, I have had that! I tried disabling workspace for my brother-in-law through screen sharing and I thought it was a screen sharing issue. I successfully did it on my own computer but I’m glad to learn this was probably on purpose. I’m not crazy!by frizlab
3/20/2026 at 10:42:31 AM
I get this on cookie consent modals tooby Macha
3/20/2026 at 1:21:11 PM
Hanlon's razor applies.by nvarsj
3/20/2026 at 4:23:32 PM
I think there needs to be a new kind of 'razor': 'Never attribute mistakes to stupidity that benefit the ones making them'The dressing up of purely malicious or greedy actions as merely resonable ones, that were executed poorly has become incredibly prevalent in the modern world.
by torginus
3/22/2026 at 3:41:27 AM
It’s Grey’s law: any sufficiently advanced incompetence is indistinguishable from malice.by alasarmas
3/20/2026 at 10:35:25 AM
one time had cancel Google Colabs and really I couldn't figure out have to yell at them in support ticket to remove my subscription (eventually they did)by pzo
3/20/2026 at 9:22:15 AM
Welcome to the future :)by t0lo
3/20/2026 at 12:41:29 AM
I was so mad when they removed the fourth option. I can't remember which one was which, but one meant "open in a webview inside this app" and the other was "open in a new tab in your default browser". It was still terrible UX but I liked at least having that choice.by kowbell
3/20/2026 at 2:33:00 AM
I hate this pop-up so much. I don’t even have Chrome installed on my phone. How about open up on the only browser I have installed…This kind of thing should be illegal. The default browser is the default for a reason, to avoid this kind of stuff.
I think I’ve reported this as a bug to Google a couple times, in a couple different apps… as they do it in their other apps too.
The only thing that bothers me more are the, “sign-in with Google”, prompts on 90% of websites now. How about just giving the option to login with Google if so choose to login, and not spam it on every website just for visiting?
Google really has made the internet and worse place in so many ways.
by al_borland
3/20/2026 at 3:28:28 AM
It's OK. This is the dying, last gasp effort that a company makes when it has no way to innovate, no way to add any real value, no capacity to drive change internally, and has become completely non-user focused.In short, it's what companies like IBM and Broadcom are now.
Shallow husks of their former self, mere holding companies for patents, with a complete lack of care and concern about any end-user retention.
Google search has turned completely into junk over the last two weeks. You may think "two weeks only?!", and you're right there, but this is a whole new level of stupid.
You may not be getting this where you are, but here searches are constantly prepended with human checks, searches can take up to 5+ seconds, you name it. They literally spend so little on maintaining and working on their search engine, that it's effectively unusable much of the time now. I don't care whether it's bot traffic, or what, and no it's not just me, or my ISP. This is wide-scale.
It takes so long I just click on an alternate search engine and search there. I don't have time to waste in their inanity.
Any sane and sensible company wouldn't entirely trash and destroy their mainline product, which is key to drive users to experience Google products. But this degree of sheer, unbridled arrogance is what topples empires. The thought that it really doesn't matter, flows off of google as a foul stench.
Look at Microsoft of old, the god of arrogance. Once the most dominant, powerful tech company in the world. They were king. Browser king. OS king. Everything king. Now they are barely noticed by large swaths of the market.
So goes Alphabet these days.
by b112
3/20/2026 at 5:21:42 AM
The problem is that these companies can remain on life support for decades, phoning it in and making things continuously worse as their desperation grows.If they follow the path of IBM and Broadcom, they will move away from the consumer market and focus more on the enterprise. If Google fully realized that vision it would be extremely disruptive. Them shutting down Google Reader practically killed RSS for quite a while. Imagine that level of disruption with products that have mainstream appeal… mail, maps, docs, search, etc. It would be pandemonium.
by al_borland
3/20/2026 at 11:39:49 AM
Pretty sure this would be the only way the rest of the world (except China) dumps US tech services, so it sounds great.by phatfish
3/20/2026 at 6:41:01 AM
> mail, maps, docs, search, etc. It would be pandemoniumI would hardly notice, TBH.
There are alternatives for all of that.
by still_grokking
3/20/2026 at 9:36:15 AM
Good for you. That doesn't change that millions of people rely on these daily, including many less technically inclined.by account42
3/20/2026 at 11:30:14 AM
Real change starts with real pain. People aren’t interested in obsessively checking privacy settings in apps or disabling tracking everywhere and I don’t expect them to. Governments don’t protect them because of gestures widely at status quo. People will realize those services are important and there will be a massive realignment. That’s how I expect things will go.by gessha
3/20/2026 at 2:29:36 PM
Microsoft is already pivoting away from consumer products.by minnowguy
3/20/2026 at 5:41:16 AM
>Look at Microsoft of old, the god of arrogance. Once the most dominant, powerful tech company in the world. They were king. Browser king. OS king. Everything king. Now they are barely noticed by large swaths of the market.Have they ever been more valuable than now?
by lobf
3/20/2026 at 6:07:44 AM
I think it’s more about how they are perceived. They’re making a lot of money somehow, but they have been losing desktop OS marketshare for at least 15 years, they completely missed mobile, Xbox seems to be failing, they completely gave up on the browser and just threw a skin on Chrome. They have O365 in the enterprise, sure, but that was a market they once owned… now they share it with Google Docs and a host of others. They had to shove Linux into Windows just to get developers to stick around. They had the PC gaming market on lockdown, but Valve is coming for them with all their Linux based efforts… we have PewDiePie as an Arch user now. How bad does Microsoft need to screw up to push someone all the way to Arch? All their consumer facing products seem to be trending down.Everyone loves to talk about FAANG… there is no M, why not? One would think Microsoft would belong more in that collection than Netflix, yet here we are.
In terms of technology and looking forward, what is Microsoft doing really right? Even their investment in AI seems questionable and they pushed it into their products so hard that everyone hates it. They have GitHub and VS Code, but that was an acquisition and people are always nervous, because they don’t really trust Microsoft based on their track record. Azure is fairly popular, but AWS is still the benchmark everyone talks about. There is their enterprise management software… that helped take Styker completely down last week (maybe not totally Microsoft’s fault and more the admin, but that’s still some really bad press). Did I forget something big?
by al_borland
3/20/2026 at 7:00:03 AM
TBH, you could change a few terms and that text wouldn't look much different in the 90's. Microslop never gave a shit on end-users and what they think. Nobody ever "liked" Microslop. People were always complaining that Windows is shit, Office is shit, MS Servers are a joke, etc. Nobody at Microslop ever cared. They always cared only about having all the companies and governments in ransom, which was always their golden egg goose. The only other thing they care about, to make the first thing happen, are developers. They put a lot money into keeping people developing using their tech, and this actually works. Even on Linux it's hard to avoid Miroslop tech. (I've got just today a Pipewire update which pulled in some MS libs for ML; and there is for sure more as they have even code in the Kernel.) Microslop's EEE strategy is a long game, which is actually pretty hard to beat.by still_grokking
3/20/2026 at 8:45:17 AM
Your circles are really small and echo-chamber-y.Office was considered a very solid product for many generations. Windows 95 was loved. So were Windows 2000, Windows XP with the SPs, Windows 7, Windows 10.
.NET was the envy of the Java world for many years.
Microsoft had many duds but they also had some great products.
You can't sell as many products as they did without also having some good products.
by oblio
3/20/2026 at 6:26:00 PM
> Office was considered a very solid product for many generations.When was that? My introduction to Excel was in the 1990s when a scientist asked about data corruption, and my response was "oh, yeah, Excel does that, you need to fiddle with these options and hope the options do not get turned off, seeing as companies may randomly screw over user preferences". The look in their eyes...they probably had done a whole bunch of data entry before they even noticed the corruption. Anyways, a few decades later those genomes got renamed, for some reason or another. Other customers came to me and pleaded, please do not install Word 6, it's bad, and I was like, well, be that as it may, but Microsoft has broken the file format, again, so if someone sends you a Word 6 document you will not be able to read it. They've got you over the barrel, perhaps consider not using their software? Unless you like being chained to that main-mast, of course, don't shame the kink! Later on a coworker said, try Visio, and I was like, this is sort of bad, and they were like, yeah, it was better before Microsoft bought it. So, when was Microsoft not producing kusogeware? Sometime during the semi-mythical 80s, perhaps?
by tolciho
3/20/2026 at 7:52:09 AM
I don't think everyone hates Microsoft's AI offerings, but rather a vocal group of online people.Copilot is useful, particularly if it is the only thing enabled in your company.
Don't get me started on Azure though. Their VMs are insanely slow, yet still cost like hundreds per month.
I don't know who in their right mind thinks it is a good deal and that they should move all their services into Azure. Apparently a lot of senior management.
by user34283
3/20/2026 at 6:26:14 AM
I think if, 10 years ago, you spun Microsoft into several different companies with everything playing out exactly as it has today in the product management side, the most direct consumer-facing sections like Windows Desktop and Xbox would have cratered and most analysts would say that they have bleak futures, while Azure and 365 would have grossly overperformed and would have been titans.MS has been successful despite fucking up the monolithic position they held in desktop and gaming, because they managed to find a particularly valuable golden goose. It's just that in doing so they allowed the other golden geese they have to become quite sick.
If you took out cloud rev MS would have been much more motivated to not let the rest of the company's products turn in to the sorry state they're in.
by cmcaleer
3/20/2026 at 6:45:07 AM
Most client PC are still running on Microslop Windows.They are, as always, using Windows to sell all their other crap, especially Azure and 365. Things like their AD or office tools are tightly integrated into the cloud so you realistically can't even use the one without using the other.
by still_grokking
3/20/2026 at 7:05:20 AM
At work, we needed a PC for a Linux-based Webkiosk the other day. The computer proposed by the colleague who actually orders stuff comes with a Windows license. I said we don't need that. A fruitless, lame effort was made to locate a substitute w/o a Windows license. I renewed my protest, but the feeling that the problem is me was already floating in the air. I gave up. We purchased a Windows license to run Linux. For the umpteenth time. It's like a Microsoft tax on PCs.by avhception
3/20/2026 at 1:39:20 PM
Those OEM licenses do seem quite cheap. I think it was Dell who gave an option for a while. To remove the Windows license and have Ubuntu instead only saved $10.It was low enough where I think most buyers questioned if it would be worth it to have the license just incase.
by al_borland
3/20/2026 at 3:59:10 PM
I’ve heard the actual OEM cost is offset by the manufacturer getting paid for all the bloatware included.by mwwaters
3/20/2026 at 4:25:04 PM
Kiosk can probably be done with rpi.by rini17
3/21/2026 at 9:17:01 AM
From a CPU / GPU standpoint? Yes. From a "I need to constantly replace SD cards or netboot the weird firmware" standpoint? I'd rather not.by avhception
3/20/2026 at 9:45:00 AM
Yeah, this kind of crap is exactly what antitrust laws are supposed to prevent but governments don't care.by account42
3/20/2026 at 7:14:45 AM
If you had separated them, 365 would probably run on AWS and have better cross-browser support.by solid_fuel
3/20/2026 at 5:59:29 AM
Do you feel they're? As user, not as investor.by yehat
3/20/2026 at 4:31:53 PM
I don't know what feelings have to do with an objective measure like valuation.by lobf
3/20/2026 at 6:38:42 AM
I'm not sure where you are but at least here Microslop is still ruling more or less everywhere besides the online ad market.They are big in everything that is mass scale developer oriented with things like GitHub, VSCode, or all their libs, tools, and integrations (they "own" in large parts for example Python, TS, and Rust). Governments and public services are all running on Azure. So do a lot of companies; more or less all small and mid sized. They are still dominant in the gaming market, and get stronger there with every year.
Microslop was always, and still is the same Microslop. They are very successful with what they do since decades. Whether one likes that or not.
by still_grokking
3/20/2026 at 7:29:56 AM
They haven't been dominant in the gaming market for a long time now. Since the beginning of the last generation (Xbox One, PS4, Nintendo Switch), Microsoft has had the worst selling game consoles. And they are getting weaker with every year: the Xbox director was fired just a few weeks ago.by Scoring6931
3/20/2026 at 9:40:09 AM
They still control PC gaming. Even Valve has long given up on disrupting DirectX and the Win32 API in general and is just translating whatever APIs Microsoft decides we should have.by account42
3/20/2026 at 12:30:55 PM
That only grants market control so long as Microsoft keeps releasing new APIs, otherwise the people reimplementing them like valve/wine will catch up.I think Valve’s play isn’t to steal tons of Microsoft’s gaming market share; their play is to just get enough of a market that game developers are incentivized to code to the APIs that work well in Proton, not whatever the latest and greatest in Windows is. If we cross that inflection point, Microsoft’s PC gaming chokehold will be on life support.
by zbentley
3/20/2026 at 4:56:45 PM
I noticed you didn't mention any consumer products except gaming. That's because they no longer dominate there.by gzread
3/20/2026 at 10:52:50 PM
Github and VS Code are kind of consumer products aren't they?by abustamam
3/20/2026 at 12:56:26 PM
This narrative has some critical flaws. Google is not just search or Android and hasn’t been for a while.by bitexploder
3/20/2026 at 10:32:54 AM
Sadly I'd say it's the opposite with them winning that antitrust case, none of these big guys give a shit anymore, they're basically slowly easing into doing whatever the hell they want.by KoolKat23
3/20/2026 at 4:27:18 PM
Just to illustrate how bad Google has gotten, I've had the boomer habit of searching for a website name and then clicking the link in Google.In the past 1-2 years I had to stop that, as there's a good chance I will be taken to some ad-sponsored link that has hijacked the search results.
For example, if I search 'Claude' the actual link to claude.ai will not even fit on a 1080p screen.
by torginus
3/20/2026 at 5:53:08 PM
Alternatives are not that better :(Also Google search degradation is partly due to the web becoming infested with AI slop and most content moving to chat apps, which are walled gardens by default.
by aboardRat4
3/20/2026 at 1:58:32 PM
The funny thing is that until like 2024 iOS actually HAD no default browser control, so this kind of thing was a huge help for people who wanted to use Chrome against Apple’s monopolistic wishes. Of course it’s fair to argue that it should be eliminated now. The commenter who mourned the web view option also has a good point, but tbh that ought to just be asked once and then live in settings.by xp84
3/21/2026 at 4:34:29 AM
Even when it had no default browser, it should only prompt for Chrome when a user has Chrome installed. I do not.In addition, it should remember the setting forever and not keep prompting every couple months.
This is not a good faith attempt to let a user open a link in their browser of choice, it’s a push to get users to download and use Chrome. I can only assume users with Chrome as their default browser don’t get this needless slide-in.
by al_borland
3/21/2026 at 12:37:06 PM
Can the app tell if Chrome is installed?by dieortin
3/20/2026 at 5:35:26 AM
> I think I’ve reported this as a bug to Google a couple times, in a couple different apps… as they do it in their other apps too.Alas, I don't think it's a bug. A PM or VP probably got a bonus for this.
> How about just giving the option to login with Google if so choose to login, and not spam it on every website just for visiting?
Yeah this is kinda weird. I don't know if it's browser specific though. I use Firefox on my main computer and I think I still see it. Which means that the website owner opted into this weird pattern. No other auth providers do this. Just Google.
by abustamam
3/20/2026 at 11:50:30 AM
I opt into it on my site it's just a login option you can ignore if you want to log in another way, but for those who use it it removes the friction of writing out a password and verifying the emailby sureMan6
3/20/2026 at 1:32:43 PM
It can’t just be ignored, it covers content, and if someone accidentally clicks the wrong thing… poof, they now have that site linked to their Google account.It’s a cancer on the Internet.
by al_borland
3/20/2026 at 1:08:36 PM
I’m annoyed by it every time on every site when I have to dismiss it. Probably not the only one and probably depends on your type of site/visitors.by calmworm
3/20/2026 at 3:51:09 PM
I'm sure some number of website owners ran A/B tests and determined that more people signed in when it was present.I'm also sure that some number of website owners don't know or care that it's annoying to some people.
Personally I've just learned to ignore it; but if it did annoy me enough I'd zap it with uBlock.
by abustamam
3/20/2026 at 3:53:43 PM
Thanks for sharing! It's not really easily ignored for some people (I ignore it the same way I ignored banner ads in the 00s). I'm curious if you have any metrics on bounce ratios with/without the option. The sentiment here on HN appears to be largely negative but HN does not represent the population at large. I find that many people don't mind or even like a lot of stuff that HN tends to hate.by abustamam
3/20/2026 at 8:18:46 AM
> The only thing that bothers me more are the, “sign-in with Google”, prompts on 90% of websites now.It's indeed aggravating. Thankfully it turns out you can turn it off (and of course the option is extremely well-hidden): https://developer.chrome.com/docs/identity/fedcm/customizati...
by dataflow
3/20/2026 at 1:30:21 PM
Having to use Google browser to disable Google’s own bad behavior is unacceptable.by al_borland
3/20/2026 at 10:40:04 AM
But only on Chrome? I'm on Firefox and I see those prompts all the time.by breakingcups
3/20/2026 at 10:51:38 AM
Go to your uBlock Origin settings and enable the annoyances/social filter lists.by the_pwner224
3/20/2026 at 3:07:46 PM
You can set a personal rule in Ublock origin to block these sign in with Google pop-ups.https://www.reddit.com/r/uBlockOrigin/wiki/solutions/#wiki_g...
by starkgoose
3/20/2026 at 4:53:42 PM
> The only thing that bothers me more are the, “sign-in with Google”, prompts on 90% of websites now This drove me really, really mad last winter. How did they even achieve this? My policy is no US vendors. Period. Not for work stuff at least; not for things I depend on. What a mess.by edg5000
3/20/2026 at 3:21:16 AM
> not spam it on every website just for visiting?It's the website that spamming that.
Either via google.accounts.id.prompt(), or options provided to loaded Google scripts.
Google is guilty only insofar as that feature is possible.
by paulddraper
3/20/2026 at 5:12:20 AM
There is no way this many sites did it organically without Google pushing it in some way, not to mention they built the thing in the first place (as you mentioned). There also doesn’t seem to be any way to disable it (other than maybe an extension that I saw recently, but at $15 I needed to think about how much I want to spend just because Google is obnoxious).I’m sure the real goal of this “feature” is to get people to sign-up for the site without them actually realizing they are signing up. They click OK just so the modal goes away and now the site has their email address. They can use that growing email list to seek higher prices from sponsors when they put an add in their newsletter the user will now be spammed with.
Imagine if the other auth providers followed suit. Open a news article and you need to close the Google auth, Apple auth, Facebook auth, Microsoft auth, GutHub auth, X auth… I’m sure I’m forgetting some. After closing those 6 modals, reject the cookie prompt, close the newsletter modal, and maybe now we can start reading the article if there is an auto-playing video ad covering some of the content.
All of this is really pushing me away from the internet in general and souring me on the tech industry as a whole. I’m at that point where I find myself casually browsing for jobs that won’t require I ever touch a computer again.
by al_borland
3/20/2026 at 8:31:51 AM
You can disable it in your Chrome settings: chrome://settings/content/federatedIdentityApiWebsites that choose to put a sign-in with Google button on a page can disable the popup by setting data-auto_prompt="false". The default being "true" is how Google is pushing this, but this seems like a rather gentle way of pushing.
It's clearly a deliberate choice that websites make. Your explanation as to why they're doing it seems very plausible to me.
by fauigerzigerk
3/20/2026 at 2:00:37 PM
I don’t using Chrome. Having to use Chrome to disable a Google “feature” doesn’t feel like a path forward.by al_borland
3/20/2026 at 4:48:25 PM
I think this whole functionality is actually based on an experimental browser API (FedCM) that may be coming to other browsers as well.https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
But ultimately websites can pop up whatever annoying nonsense they want. There isn't really any "way forward" except avoiding bad websites or using ad blockers.
by fauigerzigerk
3/20/2026 at 7:03:57 AM
Just use µBlock Origin for most of the annoyances, and for the stupid google popup a simple Stylus CSS rule is enough.by still_grokking
3/20/2026 at 2:40:39 PM
They did it because they want you to be signed in, for tracking, upsell, or whatever else.by paulddraper
3/20/2026 at 3:26:13 AM
Google is guiltyby harry8
3/20/2026 at 5:19:47 AM
Trouble is we cognoscenti know it but the great unwashed do not and or don't give a damn about the fact.Google and all of Big Tech well know of our objections but unfortunately we are only hardly perceptible noise to be ignored on their way to even greater profits.
by hilbert42
3/20/2026 at 10:54:39 AM
> This kind of thing should be illegal.That's a bit silly.
Some people think pineapple doesn't belong on pizza, but that means you should avoid buying pineapple pizza, not outlaw it.
by eru
3/20/2026 at 12:30:08 PM
Google buys up all the pizza places in your town and stops selling anything but pineapple pizza. The delivery driver also stays and watches to make sure you don't take the pineapple off and if you do, you're banned from buying Google Pizza anymore. It's a long drive to find a pizza place that isn't owned by Google.by duskdozer
3/20/2026 at 3:20:31 PM
> Google buys up all the pizza places in your town and stops selling anything but pineapple pizza.Awesome: great business opportunity to open new pizza places.
Either you make a lot of money from customers, or you sell to Google for more money. If the latter: open yet another place, rinse and repeat.
by eru
3/20/2026 at 6:29:09 PM
Except the fact that opening up new pizza place have a huge upfront cost. Your pizza may need to be pricier too. You thought people are flocking to your new pizza place, but the reality is that most people just want to not get hungry, and will rather chomp down pineapple pizza while being surveiled, than spending more for non-pineapple pizza.Look, I love making a analogies. Just that they have scale, and competing against it is hard.
by bentinata
3/21/2026 at 4:48:41 AM
> [...] but the reality is that most people just want to not get hungry, and will rather chomp down pineapple pizza while being surveiled, than spending more for non-pineapple pizza.In that case, who are we to judge the company that gives people what they want?
by eru
3/21/2026 at 7:59:36 AM
It's not what they want, it's the minimum of what they'll tolerate.by duskdozer
3/21/2026 at 7:06:28 AM
People don't know what they want. $VENDOR knows that and shovels whatever shit they can mass produce into their customers face.I, for one, still wouldn't care one bit. The problem is, this drags us all down eventually. I don't wan't shit shoveled into my face.
by tosti
3/21/2026 at 7:56:50 AM
Who knows better than people?by eru
3/20/2026 at 10:56:29 AM
If you have a monopoly, different rules apply.by Tepix
3/20/2026 at 3:19:37 PM
Google doesn't exactly have a monopoly here.by eru
3/20/2026 at 6:23:23 AM
I’m in the UK and use the Gmail app, I don’t ever see this sheet. Is this US-only?I don’t see the sheet for imgur.com either because, well, they’ve blocked access completely for UK users. :shrug:
by froddd
3/20/2026 at 6:31:50 AM
I see it in the UK.by tonyedgecombe
3/20/2026 at 9:56:22 AM
The app settings offer a way to set default browser to the system default (which is what I have selected), as well as a toggle to “Ask me every time” — I have this turned off and never see the pop-up.EDIT: also just tested turning this checkbox off. I then clicked a link in an email, got the pop-up, unchecked “ask me every time”, clicked default browser, and didn’t see the pop-up next time.
by froddd
3/20/2026 at 10:49:16 AM
Don’t worry, it’ll come back in a couple of months. Not sure if has a timeout, or if it gets reset by app updates, but that checkbox is only sticky enough to gaslight you into thinking it worksby swiftcoder
3/20/2026 at 5:20:58 AM
An annoying extension of this is opening a Google maps link on mobile. It always prompts to open Google Maps (the app) no matter what. If you click no, its bugs the fuck out and opens an App Store link. If you click yes, even if you have Google Maps installed, it bugs the fuck out and opens an app store link. In neither case will it properly show the location on a first attempt. It's been like this for years. I'd ask what they're thinking when they came up with this, but I remain unconvinced that any such activity happens inside any Google offices today.by kdheiwns
3/20/2026 at 5:47:38 AM
I think this is an Apple bug.I’ve seen it with non-Google apps too. I’m not sure what causes it, but I believe sometimes you can long tap the link and select the correct option.
I believe the behavior where you say no and it still tries to open the app is because the default behavior on Google Maps links is to open Google Maps.
by smelendez
3/20/2026 at 12:33:45 PM
This happens to me now on Android. It either wants to download google maps or if I try to open in browser, it just repeatedly refresh loops before drawing anything. But not always possible it seems to get the address by inspecting the linkby duskdozer
3/20/2026 at 7:59:18 AM
If you use iPhone, you can use iOS Mail app (and with iCloud mail) if you really care.Apple dark UX pattern is that there always has badges on Settings app if you do not subscribe to iCloud even if you have manual backup. You cannot dismiss it.
by iqandjoke
3/20/2026 at 8:33:00 AM
I don't subscribe to iCloud, and have never seen these. Where do you see them?by tengwar2
3/20/2026 at 10:23:38 AM
This has tripped up non-technical family members who ask for help and aren't sure if they are required to pay for these things."What is Arcade, am I supposed to be paying for it?"
Sigh. Apple used to be better than this.
by iamcalledrob
3/20/2026 at 9:29:16 AM
They keep enshittifying the experience for those not using iCloud Mail. They just removed the feature to use alternate email aliases on non-iCloud accounts on iOS 26.by Daedren
3/20/2026 at 9:40:18 AM
I love the irony that the Imgur link asks you to install the Imgur app firstby pftburger
3/20/2026 at 12:42:22 PM
I don't understand why people don't use alternative mail clients to avoid that? Is the Gmail app the only one that is good enough? If so, and if it is essential to you, just go with the bundle (Gmail, Chrome, etc). (FWIW, I left gmail entirely, I pay for my email provider)by irae
3/20/2026 at 4:35:22 PM
This would drive me insane! I'm glad I ditched Gmail altogether.by babypuncher
3/20/2026 at 5:45:59 PM
Please don't use imgur, it blocks off half of the internet. Use catbox.moe or imagebanby aboardRat4
3/20/2026 at 5:59:34 AM
the YouTube app does the same. Infuriating. I don't have Chrome installed and it doesn't list the only third party browser I _do_ have installed: Orionby hutattedonmyarm
3/20/2026 at 1:42:56 AM
Why are you even using the Gmail as your mail app?by vachina
3/20/2026 at 2:35:43 AM
The switching cost on a 20+ year old email address is high. It’s basically impossible to totally migrate away from. On top of that, since Google does their own thing, it doesn’t fit well into standard IMAP that most clients use.Sparrow made Gmail a great experience, but Google bought it and shut it down. I’m still rather bitter about that. It’s the only email client that actually made me enjoy email.
by al_borland
3/20/2026 at 4:18:21 AM
>The switching cost on a 20+ year old email address is high. It’s basically impossibleYou can use mobile Thunderbird with a Gmail account.
by wafflemaker
3/20/2026 at 2:49:41 AM
> The switching cost on a 20+ year old email address is high. It’s basically impossible to totally migrate away from.Not that hard. Get new email, autoforward old email to new. In old email, set reply-to as new email.
After suitable time has elapsed, disable old email.
by ninjagoo
3/20/2026 at 4:46:33 AM
This doesn’t solve the root of the problem. Google is still the backbone of a significant amount of the email and no meaningful progress would be made toward the day when I could delete the Google account.It would require systematically changing my email at the 300+ sites I’m aware of, assuming they allow that, or deleting the account if they allow that. I’ve been making efforts here and it’s painful. Many companies don’t have good systems for that, if any at all. Even big companies like Amazon and Sony, I was told to just abandon old accounts and let them hang out there forever… I had duplicate Audible and PlayStation accounts. No way to delete them. I found this particularly upsetting with Sony, considering how many times they’ve been hacked. On some sites I also ended up in captcha purgatory.
Then there are the hundreds more who have my email somewhere. I tied to change my email 13 years ago. My own mother still sends to my old gmail account. I think she used the new one a few times, but do I really want to nag my 70 year old mother about using the wrong address? My dad is the only one who reliably uses it, because he uses his contacts app properly. Over a decade and the progress has been almost non-existent. All this effort did was make email and logins harder to manage by spreading it out.
The pragmatic approach is to go back to Gmail, since most stuff is still there. I don’t want to be in bed with Google, but at least it’s only one thing to think about.
Thinking about it, my Gmail account is also my Apple ID. I think Apple only recently made an option available to change that, but it feels risky.
by al_borland
3/20/2026 at 5:58:39 AM
I changed my Amazon sign in a few weeks back, no real issue. I just popped over to Audible and there seems to be a pretty straight forward flow to changing your email, although I didn’t actually try it out. What issue did you have? Was it awhile back? Not trying to be contentious but curious / you may have some luck now if you struggled with it in the past. It’s certainly not trivial to just abandon one email for another, especially if you have been using the same for two decades.by ribosometronome
3/20/2026 at 6:23:09 AM
I had 2 accounts. A legacy Audible account and my main Amazon account. The Audible account was created before Amazon bought them, and I think after the acquisition I just started using my Amazon account.My main Amazon account has all the Audible stuff I actually care about, as well as copies of the stuff on my legacy account, so I wouldn’t lose anything that mattered if they deleted it.
My goal was to delete the legacy account and all my personal data related to it (which I believe is required by law in some places).
I ended up on the phone with support and talked to them for quite a while. They said there was nothing that could be done. This was probably a year ago, Best I could do I guess is delete as much as I can, if they allow it, change the email to a 10 minute email, and then let it go. This is what I had to do for Papa John’s last week and a couple other places, but I’d rather my account actually be deleted so I don’t have to worry about a future data breach on an account I would no longer be able to get into. I don’t know how their database is setup, if I change something I can see, is it actually gone or does the DB keep a history? There are a lot of unknowns that make me uncomfortable with just abandoning an account.
With Sony it was worse. At least Amazon talked to me. Similar situation with 2 accounts. Their website said to call to have your account deleted. I called, waited on hold for 40 minutes, then was told they couldn’t do it. They hung up on me while I was trying to tell them their website said to call the number.
This past weekend I migrated out of 1Password, which I had been using for 18 years. That was a fairly big job. The export/import did OK, but I still had to go one-by-one through 600+ entires to sure things up and fix little things. The main job is done, but I have a little more I’d like to do. The email job is bigger and has lots of other people involved, which is where the real challenge is, as they’re all different.
by al_borland
3/20/2026 at 12:54:29 PM
> This past weekend I migrated out of 1Password, which I had been using for 18 years. That was a fairly big job. The export/import did OK, but I still had to go one-by-one through 600+ entires to sure things up and fix little things.Don't start using new services or capabilities on corporate platforms. It's a trap (TM).
Start with open source. It'll be a little bit behind the curve initially, but it will pay off over a lifetime. I started with Keepass back in the day, and never had to worry about migration.
by ninjagoo
3/20/2026 at 1:27:32 PM
I’ve tried to use Keepass many times. It’s always felt extremely clunky to use. Last time I tried it (at work) about a year ago and it seemed like nothing changed in the last 20 years.As much as I’d like to be an open source purist, the user experience isn’t there. The lack of design talent in the open source community is still apparent, and there is often little focus on the last 5-10% of the UX that makes something nice to use. I assume this is because that part isn’t very fun.
by al_borland
3/20/2026 at 12:25:56 PM
> It would require systematically changing my email at the 300+ sites I’m aware ofYes, this can seem overwhelming. That's where the auto-forward helps. This is what I did: initially changed emails at the big ones - banks, govt, etc., maybe 10 or so. For the rest, when an email would come in, I would change it for just that one. It distributes the workload over time and is much more manageable.
> I tied to change my email 13 years ago. My own mother still sends to my old gmail account
This is where the reply-to setting becomes important - most email clients will use the reply-to when responding. For persistent ones, go into, say Mom's contacts, and update the email there, deleting the old one. Had to do this with my parents and family. Don't make them do it, do it yourself.
How to set reply-to: go to Settings > Accounts and Import, click "edit info" next to your email address in the "Send mail as" section, select "Specify a different 'reply-to' address" in the pop-up and enter the desired email.
by ninjagoo
3/20/2026 at 2:11:31 PM
> the 300+ sitesI am almost sure that you only use 15 of those sites regularly, 30 of those sites occasionally, and almost never for the other 250.
It's doable. If you keep finding excuses, you'll never get it done.
by g947o
3/20/2026 at 12:35:35 PM
Do one a day and you'll be done in a year. Do one a week and you'll be done in 6. You don't have to be done tomorrow.by duskdozer
3/20/2026 at 3:23:08 AM
I hate to say it but you are right. It might be finally time to cut the gcordby hallway_monitor
3/20/2026 at 9:55:58 AM
And the accounts I have in many many places which use email address as a primary key?by AndrewDucker
3/20/2026 at 2:13:05 PM
You don't need to update all of them. Nobody is asking you to give up your Gmail. You can start with the 20 sites you use the most frequently which takes an hour. For the rest, either take time to migrate or leave them in Gmail, since you don't actually need to visit those sites or get updates often.by g947o
3/20/2026 at 3:29:53 AM
I've not had issues plugging Gmail into Thunderbird, aquamail, k-9 mail, maybe you could try one of those?by komali2
3/20/2026 at 4:56:07 AM
The issues I had (granted this was probably a decade ago), was that Gmail uses tags and IMAP uses folders. The translation there always felt messy and cumbersome. To me, this is why I felt Gmail wasn’t good in generic mail clients and really needed one built for Gmail.Maybe all those apps have since updated to natively support all Gmail’s features, but that is also a cat and mouse game with all the stuff they try that doesn’t fit neatly into established mail protocols.
by al_borland
3/20/2026 at 11:40:59 AM
I can confirm that basically all third-party apps have to handle this "Gmail weirdness" and come up with an abstraction layer to make Gmail IMAP accounts play nicely with "regular" IMAP accounts.by isaachinman
3/20/2026 at 2:09:39 PM
It's possible and I migrated almost all my emails from Outlook and Gmail. That's two services.I still have those accounts and occasionally check for emails from old contacts or service emails, but on a daily basis I don't interact with Gmail at all.
by g947o
3/20/2026 at 10:20:09 PM
I still use emacs gnus with Gmail. You need a token instead of old fashioned imap auth, but it works fineby tiberious726
3/20/2026 at 2:40:06 AM
Spark is a good replacement for Sparrow.by asutekku
3/20/2026 at 4:53:09 AM
I just checked out a video. I don’t think it’ll do it for me. What I liked about Sparrow is it made email feel more like Messages or Twitter. Going back and forth in email didn’t feel so formal. I didn’t see that in Spark. They also seem to be leaning really hard into AI, which is a bit of a turn off.by al_borland
3/20/2026 at 3:57:45 AM
Gatekeepers have to gatekeeper. Sigh.by notyourwork
3/20/2026 at 1:34:42 AM
I hope the EU cracks down on them like they did with Apple.by stavros
3/20/2026 at 2:23:27 AM
Merely regulating them isn't enough. The world needs to start enforcing antitrust laws. If we don't break up all these big tech companies, our future will be a technofeudalist cyberpunk dystopia.by matheusmoreira
3/20/2026 at 5:46:50 AM
We haven't broken up all these big tech companies, and we are living in a technofeudalist cyberpunk dystopia.by deaux
3/20/2026 at 7:14:42 AM
That escalated quickly.I think that's actually true. But what does it mean, what's the way forward?
by still_grokking
3/20/2026 at 11:33:28 AM
The way things are going, the same way as things have gotten better historically: at the cost of lots of blood.by account42
3/20/2026 at 8:20:49 AM
Support eff.org, edri.org.by fsflover
3/20/2026 at 1:23:19 PM
EDRi and NOYB are doing fantastic work.by stavros
3/21/2026 at 3:44:46 AM
Honestly many people (including myself) still have the ability to unplug from this stuff, and so I think it's time to do that.by alpineidyll3
3/20/2026 at 7:16:36 AM
Has the Apple situation really improved?I'm probably out of the loop, but last I checked, to put an app somewhere that's not the official App Store, they required you to pay their hefty fee for putting it in the App Store (even if you weren't going to do that), _and_ an additional Core Technology Fee.
(And if that's still accurate, one thing I don't get is how that isn't also anti-competitive.)
by pred_
3/20/2026 at 12:48:59 PM
Fast forward, and a few years from now, developers will have to sign their app with some EU bureau, otherwise it won't install anywhere. It's a choice about from whom come the restrictions. I don't like how much EU mandates and regulates hardware and software. It is about 20% helpful and 80% garbage regulations so far.by irae
3/20/2026 at 1:22:59 PM
I voted for the EU representatives more directly than I voted for Google.by stavros
3/21/2026 at 5:13:43 PM
I could easily change mobile phone OS to ungoogled one (e.g. LineageOS) or fully Linux, than changing jurisdiction to non-EU.by zajio1am
3/19/2026 at 9:39:21 PM
Pay verification fee to continueby wlesieutre
3/19/2026 at 11:01:13 PM
so Apple then? They require you to pay the $99 yearly fee to sideload for more than 7 daysby tom1337
3/19/2026 at 11:19:43 PM
Apple was clear that they were offering the safety of a walled garden from the start.Apple didn't lie about supporting a user's freedom to run anything they like, only to execute a rug pull after they successfully drove the other open options out of the marketplace.
by GeekyBear
3/20/2026 at 4:13:26 AM
> Apple didn't lie about supporting a user's freedom to run anything they like, only to execute a rug pull after they successfully drove the other open options out of the marketplace.They did execute a rugpull, and they aren't offering safety anymore.
The rug pull is ads in the app store. If I go to the app store now and search for my bank's name, the first result is a different bank. If I search for 'anki', the first 3 results are spam ad-ware tracking-cookie trash.
If I search "password store" I get 4 results before the "password store" app. I had a family member try to install one of the google-docs suite of apps, and the first result was some spamware that opened a full-screen ad, which on click resulted in a phishing site.
My family can't safely use the app store anymore because they click the first result, and the first result for most searches is now adware infested crap because of apple's "sponsored results".
What's the point of charging huge overhead on the hardware, and then an astounding 30% tax, and also a $100/year developer fee, if you then double-dip and screw over the users who want your app by selling user's clicks to the highest bidder?
by TheDong
3/20/2026 at 7:21:25 AM
Don't forget that Apple is spying on their users even more then Google does (which is gross in its own). Apple controls much more user data then Google does.At the same time Apple keeps telling their users some fairy-tales about "privacy".
No, Apple isn't honest. Definitely not.
by still_grokking
3/20/2026 at 1:39:56 PM
The question is how much of that data do they sell to data brokers.by jandrese
3/20/2026 at 3:50:40 PM
Google also "Doesn't sell your data to data brokers"Because they sell "insights" or "access" or "marketing" or whatever.
by mrguyorama
3/20/2026 at 10:58:31 AM
Sources needed.by Summershard
3/20/2026 at 8:38:44 AM
No. Apple's phones started out with only web apps. They only add the walled garden later.by alextingle
3/20/2026 at 5:11:23 AM
> Apple was clear that they were offering the safety of a walled garden from the start.This is a red herring. Is Google a hypocrite for lying about it first? Sure. But suppose Android dies and gets replaced by something that never claimed to be open. Or gets replaced by nothing so there is only iOS. Is that fine then?
Of course not, because the problem is the lack of alternatives, and having your choice glued to an entire ecosystem full of other choices so that everything is all or nothing and the choices you would make the other way are coerced by them all being tied together into something with a network effect.
by AnthonyMouse
3/20/2026 at 1:57:24 PM
hahahahaha 'walled garden'repeating marketing speak.
Apple got you.
Walled Prison. Look at all those people suffering with iMessage trying to use openclaw.
by butILoveLife
3/21/2026 at 7:21:16 AM
It's a garden right up until the point you try to leave. Then it's a jail you're trying to break out of.Most sories with this plot, the prisoner gets free and gets to see the garden for what it really is. Famous example: The Matrix
by tosti
3/19/2026 at 11:29:03 PM
If Google actually takes away the ability to run unsigned code, my next phone will be an iPhone. And I rarely even run unsigned code.Honestly, it might finally result in me fully exiting the Google ecosystem.
by supern0va
3/20/2026 at 2:28:31 AM
> If Google actually takes away the ability to run unsigned code, my next phone will be an iPhone. And I rarely even run unsigned code.Same here. If I must be in a walled garden, then I will choose the better kept garden and it sure as hell isn't one of Google's crappy platforms.
The only reason to put up with the shittiness of Android is freedom. The same freedom they keep eroding with their constant, never ending attempts to force remote attestation and sideloading limits.
GrapheneOS is the last hope for Android as far as I'm concerned. Hopefully Google won't find ways to screw that up.
> it might finally result in me fully exiting the Google ecosystem
Don't wait for them to push you away. Start exiting now. Setting up mail on my own domain and distancing myself from gmail is one of the best things I've ever done. Highly recommended.
by matheusmoreira
3/20/2026 at 3:36:44 AM
I've noticed with GrapheneOS, that more recent builds are exhibiting weird issues. This isn't their fault, it's upstream ASOP issues. For example, just in the last few weeks:* The date has now gone missing from my lockscreen, only showing the time.
* I can no longer see signal strength on my phone for mobile, if wiki is off. I turn wifi on, and now I can. I use a larger font, but it used to be just fine.
There are all sorts of little changes like this I've noticed recently.
It makes me wonder if Google is slowly mangling default ASOP so projects like GrapheneOS will have a crappier daily build experience.
And GrapheneOS doesn't have time to manage features changes like this, they focus on their key security improvements and fixes. If Google is doing this on purpose, it has real potential to seriously degrade ASOP as usable without lots of fixes and changes.
They already rug-pulled security updates or whatever it was a few months back.
And it really seems like the sort of sneaky, underhanded way Google would handle things.
by b112
3/20/2026 at 4:47:01 AM
Odd, I don't have those issues (date is on the lock screen, network signal strength when wifi is off is there). Played around with font settings but that changed nothing. Up to date stable version of Graphene on an 8a. Are these beta versions? Or maybe it's phone dependent.by garciansmith
3/20/2026 at 5:16:37 AM
Do you have 'Receive security preview updates' on?Google stopped publishing any info about security updates until (I think) quarterlies come out. GrapheneOS had to sign some sort of non-disclosure for them, in order to roll them into updates.
If you don't have that on, then you're not fully up to date with security updates. This could be the difference.
by b112
3/20/2026 at 7:31:00 AM
> GrapheneOS had to sign some sort of non-disclosure for them, in order to roll them into updates.So doesn't this mean GrapheneOS is effectively controlled by Google now?
Also, how is keeping anything secret under NDA possible at all if you want to know what's in a security update and be actually able to build that update yourself from source?
by still_grokking
3/20/2026 at 7:58:14 AM
Controlled? No. It's about security updates being patched before disclosure.That said. it is indeed annoying, and there was a lot of uproar when it happened.
For the nuance of it, I'd suggest GrapheneOS docs, you'll get more accurate info.
https://discuss.grapheneos.org/d/27068-grapheneos-security-p...
by b112
3/20/2026 at 12:19:06 AM
Buy a cheap unlocked smartphone and run GrapheneOS[0]. I want my smartphone to be like my linux computers where I run them for as long as the hardware works and is still relevant. My iPhone 12 is getting close to its end of life support, yet it is still working well. We should expect better from trillion dollar companies. So I'm not supporting them with dollars wherever I can afford not to. That and I think it's more enjoyable to run something off the beaten path. I like to explore the space a little.I swapped out my MBP for an Asus Pro Art running linux last year and that's been working out pretty well. Hopefully my cheap motorola phone will be supported by GrapheneOS soon and that will work out too.
by state_less
3/20/2026 at 2:21:55 AM
> Buy a cheap unlocked smartphone and run GrapheneOSNote that this needs to be a Pixel at the moment.
by drnick1
3/20/2026 at 12:40:37 PM
It doesn't have to be Graphene; LineageOS works on a lot more devicesby duskdozer
3/20/2026 at 4:06:38 AM
GrapheneOS will support future Morotola phones that meet a subset of their requirements, rather than existing phones. Less likely to be budget lines for now.by ysnp
3/20/2026 at 6:13:07 PM
The cheap Motorola phones won't support GrapheneOS because they are missing some of the security features that GrapheneOS requires. The Motorola partnership is for some new phones: hopefully at a lower price bracket, but likely to be flagships or 2nd tier.by youainti
3/20/2026 at 7:24:57 AM
Just to switch to an even more aggressively monitored and tightly controlled walled garden?People sometimes act as if the one would be an viable alternative to the other. Even both are effectively the exact same shit for the exact same reasons.
How about we move instead to open systems?
by still_grokking
3/20/2026 at 2:34:40 AM
One walled garden to a bigger walled garden.by ipaddr
3/20/2026 at 3:34:37 AM
That is the human condition - up to the scale of the planet, which is the ultimate walled garden at the moment.by intrasight
3/20/2026 at 5:03:53 PM
Why not a GrapheneOS phone?by gzread
3/19/2026 at 11:17:33 PM
Which increases the limit to whatever time is left on your current payment period. After which the app will stop working and need to be reinstalled by an authenticated developer who has a current Apple Developer Subscription.EDIT: Edited the above which previously said 90 days incorrectly. Not sure where my brain pulled that from but I posted the correct details here prior: https://news.ycombinator.com/item?id=45743615
Notably if you install a month before your subscription expires you need to reinstall the app in 1 month.
by rezonant
3/19/2026 at 11:20:29 PM
> Which increases the limit to 90 daysIt increases to 365 days, no? At least thats the longest I can sign my app and I use a personal but paid Apple Developer Account
by tom1337
3/19/2026 at 11:27:16 PM
Oops yes you're correct. Edited post and put a note about the correction and a link to my previous post describing the correct details.But it's only 365 days if you install the app on day 1 of your $99 subscription period.
by rezonant
3/20/2026 at 11:17:55 AM
You can refresh them. SideStore[1] does that automatically out of the box (no computer needed) but there are Shortcuts to do that too.by noname120
3/19/2026 at 10:01:39 PM
>"PLEASE DRINK VERIFICATION CAN TO CONTINUE"by observationist
3/19/2026 at 10:22:06 PM
Context: https://files.catbox.moe/eqg0b2.png
I think they later made a Black Mirror episode along these lines. "Resume viewing... Resume viewing..."
by andai
3/20/2026 at 2:35:36 AM
Fiften Million Merits. The one where advertisers literally torture a man with loud high pitched noises because he refused to view ads and didn't have enough money to skip them.by matheusmoreira
3/20/2026 at 2:40:31 AM
Every one of BM's episodes is extremely good. Fifty Million Merits has so many parts that show precisely how evil technology can be.by jacquesm
3/20/2026 at 9:00:53 AM
I think the last 2(?) seasons lost the essence of what made Black Mirror great but the older ones are excellent. Older episodes often felt directly applicable to the evils of technology we use today but these newer ones seem to be more generic Sci-Fi, season 6 didn't feel like Black Mirror at all to me.by dns_snek
3/20/2026 at 9:55:01 AM
I haven't actually watched the last two seasons yet but the first ones are amongst the best stuff I've ever watched on a screen. So thank you for the heads up.by jacquesm
3/20/2026 at 3:24:41 AM
Common People is utterly terrifying. Woman falls into a coma, so startup uploads her mind to the cloud so it can stream her mind back to her. Then they start to enshittify the poor woman's life. Can't even sleep because they're using her brain as a CPU. She gets mercy killed while blurting out ads for antidepressants to the person doing it.Metalhead is also among my favorites. Those kill bots put Skynet to shame.
by matheusmoreira
3/20/2026 at 1:37:06 AM
That meme was 13 years ago.by userbinator
3/19/2026 at 11:11:50 PM
[flagged]by pie_flavor
3/19/2026 at 11:15:04 PM
I suppose the question is, who is actually willing to believe Google is going to deal in Good Faith. Why would anyone ever even begin to think that?by parrellel
3/19/2026 at 11:22:24 PM
[flagged]by pie_flavor
3/20/2026 at 2:41:27 AM
I see a bull charging full-sprint at me, I'm not going to sit here and consider whether he's merely reacting to a loud noise or if he's actively trying to gore me to death. Incidentally limiting user freedom is indistinguishable from purposefully limiting user freedom.by b00ty4breakfast
3/20/2026 at 12:54:15 AM
Google has a fetish for controlling what I can install because they earn money by sitting on the brdige between me and the app developer. That is not a conspiracy theory like you try to portray it. That is basic economics.by schubidubiduba
3/20/2026 at 12:10:17 AM
Alex Jones is a bit much, yathink?They're an amoral monopolistic megacorp that should have been broken up a year ago.
They are performing the ritual of maximalist offensive position -> half-hearted walk back to a worse status quo.
Is the problem they claim to want to solve real? Maybe. I haven't seen a convincing breakdown that doesn't lump a lot of unrelated fraud in the unvetted APK bucket.
That's beside the point though. No one should applaud this utterly predictable and disgusting behavior.
I don't accept it when Unity does it. I don't accept it when Hasbro does it. I won't accept it here either.
by parrellel
3/19/2026 at 11:55:53 PM
> "That's just FURTHER PROOF that you're secretly trying to destroy my phone."What a ridiculous strawman. I outlined a specific issue with what they introduced. To make it even more clear - the new flow Google created would work just the same with just the 24 hour delay, but the way how they introduced the "For how long should you be able to install apps?" question comes out of left field and suddenly makes you think about timing. Why would they ask you that? After all, you jumped through a sufficient number of hoops for Google, they probably estimated that anyone who has gone that far out of their way should know what they're doing. So why ask a developer or power user about the duration when this feature works? The very unsubtle hint here is that the question is asked because soon enough, 'Forever' will not be an option anymore. It's a very common tactic - restrictions start light, and then are ratcheted up into a nagging reminder that works to dissuade everyone but the most dedicated.
> You understand there's a real goal being pursued here, right? Suppose Google is dealing in good faith.
I do. But why are you so implicitly adamant that the only goals here are good, noble, moral goals? Google will do everything in its interests, regardless of how good or bad it is for people. Decreasing the vectors of attack on their platform is profitable for them, and it also coincides with the public interest of not getting hacked. But ensuring that other brands, OEMs or developers can't interfere with them building an app distribution monopoly is also good for them. Being the sole arbiters of what goes on the devices that have now become mandatory for participating in society is extremely good for them. Do you think they're only pursuing the first one of the three?
> How should they solve it differently?
You're not going to like the answer, but there's no clean, perfect solution that balances everyone's interests. Companies are pushing the safety angle in pursuit of the three interests I listed above. You can see just how much it ramped up in the last few years, even though we've been living under this status quo for decades. But it's not as simple as turning devices into grandma-phones with approved functionality only, because both extremes have big drawbacks. If you have 90s-style insecure fully-privileged computing for everyone, that's a path towards extremely unsafe and vulnerable systems, worked on by people who don't know what they're doing. If you have full lock-down, you're awarding current market leaders with an endless reign of power by insulating them from competition and giving them more control over users. The way we were doing things before this crackdown was striking a good balance of keeping most grandmas out while not choking the abilities of the hobbyists or third-party app distributors too much. If you want an alternative, an ADB flag that you have to change once through a command prompt would've been good too.
by tavavex
3/19/2026 at 11:06:18 PM
what's your solution to combat scammers?by wswin
3/19/2026 at 11:42:14 PM
Do you think regular desktop computer should be locked down like this too? Scammers can also tell people to run Windows programs. Should that be banned too?I'm fine with an opt-in lock-down feature so people can do it for their parents/grandparents/children.
Also, just let people get used to it. People will get burned, then tell their friends and they will then know not to simply follow what a stranger guides them to do over the phone. Maybe they will actually have second thoughts about what personal data they enter on their phone and when and where and who it may be sent to.
Same as with emails telling you to buy gift cards at the gas station. Should the clerk tell people to come back tomorrow if they want to buy a gift card, just in case they are being "guided" by a Nigerian prince scammer?
by bonoboTP
3/20/2026 at 6:49:16 PM
Exactly. There's a sucker born every minute. I'm not saying people deserve to be taken advantage of. The reality is that there will always be people who can be lead off a cliff with minimal effort. There will always be people who believe that a guy with a thick Indian accent and broken English is a representative of Microsoft and that he can fix their computer in exchange for gift card codes. There comes a point where society sacrifices too much under the pretense of protecting the gullible. Prevent people from using technology at all and they'll go back to buying actual snake oil.by ravenstine
3/20/2026 at 4:57:12 AM
Keep in mind that Android has like a billion users who have never touched a Windows computer. (And unmanaged Windows was/is also a disaster zone.) Coming at this from a internet forum perspective is missing the scope of the problem.> I'm fine with an opt-in lock-down feature
Me too, but it's really just some UI semantics whether this is 'opt-in' or 'opt-out'. Essentially it would be an option to set up the phone in "developer mode".
by flomo
3/20/2026 at 6:43:20 AM
There is a big difference between opt-in and opt-out that isn't semantics. You can't slowly discourage, deprecate and delete the default the way you can an opt-in, because too many people keep using it.by Dylan16807
3/20/2026 at 7:15:14 AM
Yeah, I predict that "developer mode" will eventually be a setup option in the trust store, so you'd have reset the phone to get to it.With billions of Android users, there's only millions of people who need or really want this. So like 1%. My point is stop thinking about your mom's windows box and consider the scale.
by flomo
3/20/2026 at 8:25:05 AM
This is based on a view of society that is incompatible with belief in democracy. If people overall can't be trusted to act responsibly and not follow complex sequences of steps dictated by scammers, what hope do they have to figure out who they should vote for? Liberty is responsibility. If you are permitted to cook your meal on your stove, you might burn yourself. It's an entirely different philosophy where the Big Brother or Dear Leader protects you from yourself and knows better what's good for you.by bonoboTP
3/21/2026 at 7:54:24 AM
Keep in mind that Android is super popular everywhere democracy isn't.I'm just spitballing something which would be completely trivial for any 'techie' (and wouldn't require jumping through 24 hr hoops), while improving the situation for the other 99%. Or Android becomes iOS and some minority of techies use some weirdo linux phone, whatever.
by flomo
3/20/2026 at 1:09:07 PM
Do you have aging parents?by fluidcruft
3/20/2026 at 12:43:59 PM
Not really. With opt-out, if I buy a new phone or even just reinstall OS, I will now have to wait 24 hours before doing anything useful with it.by duskdozer
3/20/2026 at 3:22:50 AM
Maybe? Let people form CAs, and if a CA gives out certs for malicious apps remove them. (Old apps continue to work, to publish new one get new cert.)Yes, sad, but works.
People will learn about scams, but scammers are unfortunately a few steps ahead. (Lots of scammers, good techniques spread faster among them than among the general public.)
by pas
3/20/2026 at 7:46:56 AM
If "they" is Google, this is just a really pointless middleman proposal. Android does all the cert stuff.Also Chrome trusts like 300 CAs. Does that work? Probably not if you live in 200 of those countries.
by flomo
3/20/2026 at 4:35:34 PM
The scams are more sophisticated than getting gift cards to pay the IRS. A number saying that it’s from the bank will say they need to verify some account information.I have had to actually verify my “investment profile” with a major broker in order to unfreeze some trades, in a high friction process. To the extent that a sideloaded app that looks exactly like the bank app has a low friction install, then people can get fooled and irrevocably lose savings.
If the lock-down is opt-in, almost nobody will opt in to it. If the lockdown is opt-out, then whether scams still happen depends on how much friction there is in opting out.
Freedom to install other unsigned sandboxed apps has a solution: Banks could use passkeys and other non-phishable methods. Sideloaded apps in Android can’t get to the bank app’s passkey.
Passkeys or hardware tokens get worries about the enshittification of the theoretical recovery process. Which, if that’s the case, I guess we should hope for/pay a better world, at least with banks and brokers. For them specifically, for account recovery allow either showing up in person or using ID checks.
Both for personal accounts and business accounts (i.e. with Business Email Compromise), I believe the onus should be on the bank to use non-phishable methods to show the human-readable payee from their app for irrevocable transfers.
by mwwaters
3/19/2026 at 11:50:58 PM
Let's say I'm sitting outside of your office with a bazooka and boxes of high explosives. You ask my why, and I say, "someone might try to rob this office." You say, "somehow, that does not persuade me that a stranger should loiter outside of my workplace with a massive stockpile of ordinance." I reply, "what's your solution to combat robberies?"by whatshisface
3/20/2026 at 12:50:11 AM
let's say I put a lock on an office door. You say "Why? Bazookas will get through the door anyways".I don't know how I feel about this change but context does in fact matter about whether something is a good idea or not
by rtpg
3/20/2026 at 1:38:05 AM
Is it a lock? I buy a building and the builder put an id verification lock on the doors and I am not allowed to remove it. And they also require a separate one time fee of 2 to 5 percent of the purchase price.by fsniper
3/20/2026 at 3:36:50 AM
Metaphors have their limits.In physical world, there’s only so many people who can rob you if you do something stupid (like constantly give away copies of your keys to strangers), they will be very noticeable when they are doing so, and if you feel like something’s off you can always change the lock.
On the Internet, an you are fair game to anyone and everyone in the entire world (where in some jurisdictions even if it’s known precisely who is the figurative robber they wouldn’t face any consequences), you could get pwned as a result of an undirected mass attack, and if you do get pwned you get pwned invisibly and persistently.
Some might say in these circumstances the management company installing a (figurative) biometric lock is warranted, and the most reliable way to stop unsuspecting residents from figuratively giving access to random masked strangers (in exchange for often very minor promised convenience) is to require money to change hands. Of course, that is predicated on that figurative management company 1) constantly upping their defences against tenacious, well-funded adversaries across the globe and 2) themselves being careful about their roster of approved trusted parties, whom they make it easy to grant access to your premises to.
by strogonoff
3/20/2026 at 6:29:42 AM
The trouble with your analogy is that physical reality works the same way. People have been committing mail fraud since the advent of post offices. Spies have been planting bugs on delivered goods since the invention of bugs. The thing that causes this isn't digital devices, it's long-distance delivery of goods and messages.Meanwhile installing software on your own device is the thing that isn't that. They're preventing it even when you're the owner of the device and have physical access to it. They're not installing a lock so that only you can get in, they're locking you out of your own building so they can install a toll booth on the door.
by AnthonyMouse
3/22/2026 at 3:46:01 PM
All of your examples require, to successfully attack one target, a level of effort (hiring human spies and keeping them happy so that they don’t whistleblow or swap sides, planting physical bugs, etc.) vastly incomparable with a level of effort required to attack millions upon millions of targets; and just as incomparably higher stakes of an unsuccessful operation (actual people going to jail, versus being perfectly safe in a jurisdiction that does not extradite).by strogonoff
3/20/2026 at 3:11:28 AM
totally my point here. The actual shape of the thing starts mattering so much that at one point your metaphor is just completely useless for judging the actual tradeoffsby rtpg
3/20/2026 at 4:30:01 AM
it already has a lock, by default you're not allowed to install apps in android you have to accepts a bunch of prompts and configurations (the key) and now you won't even have the keyby kelvinjps10
3/19/2026 at 11:29:41 PM
'Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.' - Benjamin Franklinby RobotToaster
3/19/2026 at 11:42:31 PM
'essential' means can't be bothered to wait 24 hours (once)?by fluidcruft
3/20/2026 at 6:50:43 AM
>"'essential' means can't be bothered to wait 24 hours (once)?"Essential means to get fucking lost and let me do with the hardware I paid for whatever I want.
by FpUser
3/20/2026 at 11:33:44 AM
Install a different ROM then that doesn't make you wait 24 hours one time.by fluidcruft
3/20/2026 at 1:17:40 PM
I'd rather sacrifice a virgin.by FpUser
3/20/2026 at 1:40:18 AM
You are missing the part that new 24 hour process was a response to backlash. It was not even in their plan.by fsniper
3/20/2026 at 3:07:17 AM
Sounds like backlash needs to continue until it's clear that that isn't acceptable either.by JoshTriplett
3/20/2026 at 2:21:36 AM
To do what I want with my own property seems pretty essential to me.by dare944
3/20/2026 at 2:28:12 AM
So install a different ROMby fluidcruft
3/20/2026 at 3:06:33 AM
And when you do that, you lose access to your bank, because bank apps routinely refuse to run on devices that leave the user in control (e.g. unlocked bootloader, rooted phone). Graphene and similar would be a much more acceptable solution if remote attestation of a locked bootloader were banned.by JoshTriplett
3/20/2026 at 11:49:01 AM
I really don't see the issue with waiting 24 hours. These protections in general seem very likely to help unsophisticated users. It really seems like a nothingburger to me personally. I was going to make an analogy to the ethics of getting vaccinated (and getting mildly ill of a day) to protect the immunity compromised members of the community, but even that is laughable because it underscores what a nothingburger this is (far more of the community is technologically unsophisticated than is immunocompromised, and what sophisticated users are being asked to do is closer to wearing a mask once for 24 hours).by fluidcruft
3/20/2026 at 2:55:09 PM
You can always find justifications to erode all civil liberties. I think it's a major gap in the way history is being taught that people think that the reasons to remove liberties sound like overt evil mustache-twirling slogans. In reality they always talk about a danger that the benevolent overlord will keep you safe from.All these changes are attacks on general purpose computing and computing sovereignty and personal control over one's data, and one's digital agency.
by bonoboTP
3/20/2026 at 3:10:50 PM
It makes no sense to me that people who feel this way insist on running a vendor's Android or iOS.by fluidcruft
3/20/2026 at 3:21:28 PM
More and more apps won't run, again allegedly to keep you safe. You can't run your bank apps on your rooted and custom software. TPMs of desktop, everything needing approval. Yeah you may say tough luck, just use the web. But more and more banks sunset their web UI. It's apps only. And then you'll say "tough luck, start your own bank and offer this feature if you think there is customer demand". Or tough luck, win an election and then you can change the laws etc.Yeah I'm aware that we can only watch from the sidelines. At least we can write these comments.
The new world will be constant AI surveillance of all your biosignals, age and ID verification, only approved and audited computation, all data and messaging in ID attached non e2e encrypted cloud storage and so on. And people will say it keeps you safe and you have nothing to fear if you are a law abiding person.
by bonoboTP
3/20/2026 at 4:10:05 PM
That world arrived at least ten years ago and if you don't like it, running Google's OS isn't even remotely admissible as an answer.by fluidcruft
3/20/2026 at 8:22:28 PM
This would be less of an issue if there were an explicit regulatory mandate saying "businesses larger than X may not limit any consumer capabilities for interacting with their business in such a way that it can only be accessed by proprietary applications running on locked-down systems that a user cannot modify, control, or install their own software on. Offering to have a person handle that functionality on their behalf does not constitute an alternative to functionality made available via such an application". (With appropriate clear definitions for "locked-down", and other appropriate elaborations.)by JoshTriplett
3/20/2026 at 9:46:26 PM
I don't know that sounds pretty dumb on the whole. The key challenge is determine who is at fault in the event of a breach. I don't think it's reasonable to hold companies responsible for privacy while also requiring them to allow privacy to be invaded.by fluidcruft
3/20/2026 at 9:49:26 PM
The current situation is that banks regularly require the use of an unmodified, unrooted Android or iOS device, which reinforces the duopoly and makes it impossible for anyone to compete. (Even emulating Android doesn't help, as emulated Android won't pass the checks banks do to make sure you don't have control of your device.)That situation is not acceptable. Got something better than insults like "pretty dumb" to say about how to resolve this abuse of the two-player oligopoly in the mobile phone market?
by JoshTriplett
3/20/2026 at 9:57:32 PM
I actually did explain specifically why it was pretty dumb and you ignored that point completely.by fluidcruft
3/20/2026 at 10:17:16 PM
You are uncritically repeating the party line from banks who claim it is necessary for security, without giving any rationale or supporting evidence, and coupling it with an insult.by JoshTriplett
3/20/2026 at 10:30:56 PM
The "party line" is not that holding companies accountable for security and also requiring them to be insecure is inconsistent.by fluidcruft
3/20/2026 at 10:47:24 PM
The incorrect party line is that allowing rooting and running your own OS and apps is insecure.Meanwhile, those same banks have websites.
by JoshTriplett
3/20/2026 at 11:29:18 PM
Have you tried using your web browser to buy gas or ride the bus?by fluidcruft
3/19/2026 at 11:43:59 PM
Boiling the frog.by bonoboTP
3/20/2026 at 2:08:06 AM
I have to completely concur that it's probably one step toward an increasingly restrictive final state. Add a few "Are you sure?? You'll brick your phone!!!" warnings, then ID and age-verification mandatory (think of the children!!)by xp84
3/20/2026 at 2:22:13 AM
Maybe it's not good idea for our entire civilization to use only two mobile operating systems controlled by companies that only want to make money.by hparadiz
3/20/2026 at 11:54:47 AM
Exactly, it's essentially (very much essential) infrastructure.by account42
3/20/2026 at 3:58:39 PM
Labeling the phones essential infrastructure can pretty easily backfire if your goal is to be able to modify the phone as you like.For an example think about how mods are treated on cars. There can be very good reasons for those restrictions, but if your goal is to be able to modify phones in the way you want, that might not be the best way to go about it.
In short, be careful what you wish for because sometimes you get it. :)
by ua709
3/20/2026 at 2:40:06 AM
Boiling the scammers and criminals is good.by fluidcruft
3/20/2026 at 8:39:32 AM
but you're also boiling yourself in the processby anhner
3/20/2026 at 4:35:44 AM
[dead]by 3842056935870
3/20/2026 at 6:05:38 AM
Stockholm syndrome is so pity when detected.by yehat
3/20/2026 at 9:55:43 AM
"Stockholm syndrome" is completely useless term invented by guy who never spoke with the actual hostages. What the histages did was logical conclusion for their safety, where police was endangering their lives more than their captors."Nils Bejerot, a Swedish criminologist and psychiatrist, invented the term after the Stockholm police asked him for assistance with analyzing the victims' reactions to the robbery and their status as hostages. Bejerot never met, spoke to, or corresponded with the hostages, during or after the incident, yet diagnosed them with a condition he invented."
"According to accounts by Kristin Enmark, one of the hostages, the authorities were careless, and their initial approach to the robbers nearly compromised the hostages' safety.[6] Enmark criticized Sweden's prime minister, Olof Palme, for endangering their lives. Palme believed that if Olsson saw one of his close relatives, he might be willing to surrender the hostages; however, the police made a careless mistake. They misidentified Olsson, and sent a 16-year old boy who was unrelated into the bank. This caused confusion and resulted in Olsson firing rounds at the boy who barely escaped. Olsson became much more agitated in general. After that, Enmark and the other three hostages were fearful that they were just as likely to be killed by police incompetence as by the robbers.[7][8][9] Ultimately, Enmark explained she was more afraid of the police, whose attitude seemed to be a much larger, direct threat to her life than the robbers.[10]"
by Markoff
3/20/2026 at 8:27:08 AM
Why not wait 3 months just to be safe? Or 3 years?I paid for my phone.
by rvba
3/20/2026 at 11:28:29 AM
If you want to wait 3 months or 3 years, knock yourself out. Nobody is forcing you to install software from places you don't want to.by fluidcruft
3/19/2026 at 11:31:33 PM
Would you support Microsoft doing the same thing to Windows?These are general purpose computing devices. It's sure taking a long time, but Cory Doctorow's talk on the war on general purpose computing is sure starting to become a depressing reality: https://www.youtube.com/watch?v=HUEvRyemKSg
by supern0va
3/19/2026 at 11:45:13 PM
Microsoft is doing the same thing, they call it S-mode. A surprisingly large amount of computers are sold with Windows S. Thankfully S-Mode can usually be disabled even if your computer shipped with it enabled. Windows S mode is a streamlined version of Windows designed for enhanced security and performance, allowing only apps from the Microsoft Store and requiring Microsoft Edge for safe browsing.by tredre3
3/20/2026 at 2:40:53 AM
Which is frankly hilarious because the Microsoft Store is the worst offender when it comes to hosting straight-up scams.I'm not the only one who has noticed: https://www.reddit.com/r/windows/s/6y39VNaLUh
by tadfisher
3/20/2026 at 12:07:26 PM
The same is true on Android.by account42
3/20/2026 at 4:54:33 PM
Did you visit that link? The top-downloaded apps on the Microsoft Store are 50% scams, compared to 0% on the Play Store and App Store.by tadfisher
3/19/2026 at 11:17:55 PM
All apps should be open source and subject to verification by nonprofit repositories like F-Droid which have scary warnings on software that does undesirable things. For-profit appstores like Google and Apple that allow closed source software are too friendly to scams and malware.by lukeschlather
3/19/2026 at 11:29:04 PM
I don't think that's a realistic suggestion as as the quantity of applications are huge who are going to spend time reviewing them one by one. And and even then it's not realistic to expect that that undesirable things can be detected as these things can be hidden externally for instance or obfuscatedby hasperdi
3/19/2026 at 11:42:25 PM
F-Droid exists and they have a much better track record than Google. I'm not actually serious, I just think if there's a single app repo that should be allowed to install apps without a scary 24h verification cooldown, it's Google's proprietary closed-source app store that needs the scary process, not F-Droid.by lukeschlather
3/20/2026 at 12:58:01 AM
Users don't have to wait 24 hours because Google Play store already has registered developers. Scammers can be held liable when Google knows who the developer of the malicious app is.by silver_sun
3/20/2026 at 2:12:24 AM
Really though? Who is in jail right now for Play Store malware offenses? Or are we just talking about some random person in China or Russia who signed up with a prepaid card and fake information had their Google account shut off eventually.by xp84
3/20/2026 at 8:49:15 PM
I'll give you that, enforcement of the rules can sometimes fail. But scamming & malware is a global industry, definitely not limited to state-funded actors in those two countries (which is what I think you're referring to).by silver_sun
3/19/2026 at 11:43:04 PM
I think compared to the alternatives, this is the best answer.Even if you are a bank or whatever, you shouldn't store global secrets on the app itself, obfuscated or not. And once you have good engineering practices to not store global secrets (user specific secrets is ok), then there is no reason why the source code couldn't be public.
by collabs
3/19/2026 at 11:28:24 PM
That's absurd.by staticassertion
3/19/2026 at 11:30:48 PM
No more absurd than letting a megacorp control what I install on my own device.by RobotToaster
3/20/2026 at 1:08:08 AM
Instead the megacorp forces open source licensing, which doesn't solve any of this shit anyway lolby staticassertion
3/20/2026 at 12:32:26 AM
It's also true, the best way to audit software is source-code and behavior analysis. Google and Apple do surprisingly minimal amounts of auditing of the software they allow on the Play Store and App Store, mostly because they can't, by design. It should shock absolutely nobody then that those distribution methods are much more at risk of malware.by array_key_first
3/20/2026 at 1:08:30 AM
No one is auditing. Behavior analysis works on closed source software too.by staticassertion
3/20/2026 at 4:38:09 PM
Most open source repositories do have eyes on the code. Debian often has separate maintainers who maintain patches specific to Debian.It's not a coincidence that Linux distros are much less susceptible to malware in their official repositories. It's a result of the system. Trusted software currated and reviewed by maintainers.
The play store will always have significant amounts of malware, so this entire conversation is moot.
by array_key_first
3/20/2026 at 6:32:44 PM
A lot of dubious claims here.1. "Most open source repositories do have eyes on the code"
Seems basically impossible that this is true.
"Debian often has separate maintainers who maintain patches specific to Debian." does not support the previous statement. Debian cherry picks patches, yes.
2. "It's not a coincidence that Linux distros are much less susceptible to malware in their official repositories."
Not only is it not a coincidence, it seems to not even be true.
3. "The play store will always have significant amounts of malware, so this entire conversation is moot."
This seems to just be "a problem can not be totally solved, therefor making progress on this problem is pointless to attempt". I... just reject this?
by staticassertion
3/21/2026 at 7:36:43 AM
Refusing or rejecting the claims don't invalidate them.by tosti
3/21/2026 at 11:34:11 PM
Why would I need to invalidate claims made with no support that seem obviously incorrect? Certainly I won't accept them.by staticassertion
3/19/2026 at 11:24:10 PM
Not the parent or agreeing/disagreeing with them, but to your question: if you get creative, there are a lot of things you could do, some more unorthodox than others.Tongue-in-cheek example, just to get the point across: instead of calling it Developer Mode, call it "Scam mode (dangerous)". Require pressing a button that says "Someone might be scamming me right now." Then require the user to type (not paste) in a long sentence like "STOP! DO NOT CONTINUE IF SOMEONE IS TELLING YOU TO DO THIS! THIS IS A SCAM!"... you get the idea. Maybe ask them to type in some Linux command with special symbols to find the contents of some file with a random name. Then require a reboot for good measure and maybe require typing in another bit of text like "If a stranger told me to do this, it's a scam." Basically, make it as ridiculous and obnoxious as possible so that the message gets across loud and clear to anybody who doesn't know what they're doing.
by dataflow
3/19/2026 at 11:44:38 PM
The people falling for social engineering now won't be protected by this either. You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.by anonym29
3/20/2026 at 6:08:16 AM
> You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.The problem with this line of reasoning is that it proves too much, which really gets to the heart of the issue.
If people are willing to be led to the slaughterhouse in a blindfold then it's not just installing third party code which is a problem. You can't allow them to use the official bank app on an approved device to transfer money because a scammer could convince them to do it (and then string them along until the dispute window is closed). You can't allow them to read their own email or SMS or they'll give the scammer the code. If the user is willing to follow malicious instructions then the attacker doesn't need the device to be running malicious code. Those users can't be saved by the thing that purportedly exists only to save them.
Whereas if you can expect them to think for two seconds before doing something, what's wrong with letting them make their own choices about what to install?
by AnthonyMouse
3/20/2026 at 11:45:06 AM
To add as a sad example, mother of a acquaintance of mine got scammed into withdrawing all her money from an ATM, gave it to the scammer person, then sold her car and apartment (!) and only then became aware of what was happening. And even though she is senior (early 60s) she did work her whole life in a senior engineering role (not IT related). Point is, the social engineering is, and will be to primary tool of scammers, as it was for the entirety of humanity. And no amount of tools and locks will prevent this. To make the argument further - we know that lock-picking exists, and can be very effective, yet we're not rolling out bigger and more complex door locks every year, or mandate people having 15 doors with 10 locks each - we just acknowledge that this tech is not perfect, but good enough. So clearly, the incentive of all these changes can't be "security", it's just plain stupid.by skandinaff
3/20/2026 at 8:30:08 AM
Exactly. They might give them their Gmail password, the 2fa code, their credit card number and cvc, etc etc.by bonoboTP
3/20/2026 at 1:56:18 AM
That's unfortunate if true but it isn't a convincing argument to force the rest of society to live in proverbial padded cells. There's a minimum bar here. Some people probably shouldn't have online accounts and aren't responsible enough to manage their own finances. The rest of us are (hopefully at least marginally) functional adults.by fc417fc802
3/20/2026 at 2:21:04 AM
This is actually a really interesting problem. Some portion of the public (nerds) are competent to understand what running software even means and the rest (let's call them "sheep") are naive and helpless. A portion of the nerds (Evil Hackers) are easily able to coach any sheep to do any action. Obviously everyone should default to being a Sheep, and obviously it would be ideal if Nerds could have root on their own damn hardware. But how can one ever self-certify that they're actually a Nerd in a way that an Evil Hacker can't coach a Sheep through? "Yes, now at the prompt that says 'Do not use this feature unless you are a software engineer. Especially don't click this button if someone contacts you and asks you to go through this process.'... type 'I am sure I know what I am doing' and click 'Enable dangerous mode.'"by xp84
3/20/2026 at 5:58:26 AM
> Obviously everyone should default to being a SheepThis isn't actually that obvious, for a number of reasons.
The first is that it causes there to be more sheep. If you add friction to running your own software then fewer people start learning about it to begin with. Cynical cliches about the government wanting a stupid population aside, as a matter of policy that's bad. You don't want a default that erodes the inherent defenses of people to being victimized and forces them to rely on a corporate bureaucracy that doesn't always work. And it's not just bad because it makes people easier to scam. You don't want to be eroding your industrial base of nerds. They tend to be pretty important if you ever want anything new to be invented, or have to fight a war, or even just want to continue building bridges that don't fall down and planes that don't fall out of the sky.
Another major one is that it's massively anti-competitive. If the incumbents get a veto, guess what they're going to veto. This is, of course, the thing the incumbents are using the scams as an excuse to do on purpose. But destroying competition is also bad, even for sheep. Nobody benefits from an oligopoly except the incumbents.
And it's not just competition between platforms. Think about how "scratch that itch" apps get created: Some nerd writes the app and it has only one feature and is full of bugs, but they post it on the internet for other people to try. If trying it is easy, other people do, and then they get bug reports, other people contribute code, etc. Eventually it gets good enough that everyone, including the sheep, will want to use it, and by that point it might even be in the big app store. But if trying it is hard when it's still a pile of bugs and the original author isn't sure anybody else even wants to use it, then nobody else tries it and it never gets developed to the point that ordinary people can use it.
So maybe the scam we should most be worried about here is the one where scams are used as an excuse to justify making it hard for people to try new apps and competing app stores, and deal with the other scams in a different way. Like putting the people who commit fraud in prison.
by AnthonyMouse
3/20/2026 at 3:13:44 AM
> easily able to coach any sheep to do any actionNo. This assumption is the core fault with the entire line of reasoning. The typical sheep will not do arbitrary things for a stranger such as sending you his entire bank account because you told him he needed to pay an IRS penalty in crypto to avoid being picked up by the state police who are already en route in 15 minutes.
It's a continuum. The question is how much of the low end needs to be protected by the system.
Binning into discreet blocks to match your example, the question is where to place the dividers between the three categories - nerd, sheep, and incompetent. We don't care to accommodate the third.
by fc417fc802
3/20/2026 at 1:52:42 PM
This is if nothing else an interesting postulate. Default all devices to nerd mode and sheep mode is an opt-in at setup time.In theory I have no problem with the idea of hanging the incompetents out to dry, when I imagine them as unsympathetic idiots, the same people who litter, and can’t drive correctly. But actually I think most of us would be horrified when it turns out that category of incompetents includes our parents and grandparents, or, increasingly, our children (Gen Z has been increasingly falling victim to scams, partly because they have no idea how computers work since modern ones present only highly abstract surfaces to them, and I suspect Alpha will be the same).
by xp84
3/20/2026 at 10:01:16 PM
> Default all devices to nerd mode and sheep mode is an opt-in at setup time.The entire point here is that sheep do not need an overly protective mode. It's a false premise.
I know plenty of them. I help them navigate modern tech. I install fdroid on their phones. They lie on a continuum and none of them are going to turn on developer mode (or whatever BigTech wants to call it) because a stranger on the phone told them to.
There is a small sliver on the far end of the continuum that will do things like that. But in general they are sufficiently gullible that no measure that can be bypassed will ever work for them. They require a Fisher-Price device.
BigTech wants to hold that small sliver up as justification for their anticompetitive practices.
by fc417fc802
3/21/2026 at 12:07:01 AM
I agree mostly with you, especially that last line! I just think we disagree on how big that sliver is. I think it's at least 20-25% of the public that is very uncomfortable with the technology they use, and with the right social engineering, absolutely can be taught to do harmful things to themselves.You (or another commenter) are right though that blocking sideloading eliminates but one avenue for this abuse, which at first makes us feel good that we then shouldn't have to give this freedom up! Now, the bad news is that from Big Tech's pov, the open Web is the next enemy in the crosshairs. The future "Sheep mode" may simply be App Store (only sanctioned scams, paying their 30% cut, are allowed there!) + a "Web Browser" without an address bar, which can open any of the "Thousands of Safe Sites" on the OS Vendor's allow-list. Getting on the list is of course "easy," and just requires a $999/year subscription, and proving SOC2, GDPR, and CCPA compliance.
by xp84
3/20/2026 at 12:14:47 AM
Nothing is perfect, but by what percentage would you think scams that leverage sideloading would drop? 1%? 10%? 50%? 90%? 99%?by dataflow
3/20/2026 at 1:30:17 AM
Compared the current paradigm, where you already need to enable developer options, allow installation from untrusted sources, and tap through a warning screen for each apk to be installed?Maybe 10-20%, generously. The people who are falling for it under current protections clearly are not reading anything they're looking at or thinking about security at all, they've fallen for social engineering scams and sincerely believe they're at imminent risk of being arrested by the FBI or that their adult child is about to be killed. They're in fight or flight mode already, not critical thinking and careful deliberation mode.
If you were to rank everyone by gullibility, these people would largely be clustered in the top 1-2% of most gullible people. There is very little you can do to protect these people, realistically.
by anonym29
3/20/2026 at 6:56:23 AM
> They're in fight or flight mode already, not critical thinking and careful deliberation mode.That actually sounds like an argument is favor of this restriction. If someone is in a position of deep trust with the scammer then waiting a day is nothing. But if they're in a panic, not thinking things through or calling anyone for advice, that state probably won't last 24 hours.
by Dylan16807
3/20/2026 at 2:35:40 AM
I guess I just don't believe your estimate. I think you're grossly underestimating how far we can get through these kinds of approaches.by dataflow
3/20/2026 at 3:26:27 AM
That's fair, reasonable minds can disagree on the numbers and even magnitude here.What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%? Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users? Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
by anonym29
3/20/2026 at 5:20:42 AM
It really feels like you're replying to a completely different comment than mine? Absolutely nothing you're responding to here is consistent with what I wrote (except your very first sentence)...> What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
There's nothing to challenge here. The method I proposed keeps you fully in control and owning your device. Anybody can follow that process if they want. It's not like I said each person has to get approval from Google before enabling developer mode on their phone.
> Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%?
This is not some kind of paradox like you're making it out to be. A very reasonable starting point would be "get this scam rate down to match {that of another less-common scam}". Iterate until/unless new data comes along suggesting otherwise.
> Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users?
"Too"?! Where did I ever suggest root should be "completely unavailable" to all Android users?
> Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
Where did I suggest any of this?
by dataflow
3/20/2026 at 10:41:50 PM
I think there has been a fundamental misunderstanding. I am not accusing you of having suggested any of this - these are escalating hypotheticals about what lengths it is appropriate to go to in the name of protecting vulnerable users.When you say "Iterate until/unless new data comes along suggesting otherwise", does that mean you will want to continue adding more friction and more restrictions as long as a number or percentage of people (that exceeds some threshold) continue to get scammed?
What I am asking you to do, as a thought exercise, is to define that threshold, and then to consider that if we never meet that threshold, how far are you willing to go with iterating and adding more friction, stripping user control in pursuit of it?
It seems to me that you have a mental model where some small, reasonable changes will dramatically reduce the number of scam victims to near zero. All I'm asking you to do is sincerely consider what your preferred course of action looks like if you are wrong about how effective each additional layer of controls are.
by anonym29
3/21/2026 at 5:50:22 PM
> When you say "Iterate until/unless new data comes along suggesting otherwise", does that mean you will want to continue adding more friction and more restrictions as long as a number or percentage of people (that exceeds some threshold) continue to get scammed?All it means is "keep reevaluating the situation and your approach based on the data." I can't possibly claim to have all the answers for every hypothetical available right here.
> It seems to me that you have a mental model where some small, reasonable changes will dramatically reduce the number of scam victims to near zero.
Replace "will...near zero" with "has a reasonable chance of...low enough that the fish becomes too small to fry" and you might be capturing my thoughts better.
> All I'm asking you to do is sincerely consider what your preferred course of action looks like if you are wrong about how effective each additional layer of controls are.
I am not a prophet (or a dictator). I'm an engineer. I see a potential solution or mitigation, I evaluate the trade-offs, and if it seems worthwhile, I suggest/try it. If it works out well, great. If not, I reevaluate everything based on the facts at that point. "I don't have any good idea anymore" is certainly a possibility I could reach, as is "I have another idea"...
Clearly there are a million factors to consider in each situation. Some predictable, some not. Just to list a few obvious ones off the top of my head: how fast we get there, how users react, how governments and lawmakers react, the magnitude of the scamming (not just rate! but also monetary amount), what other threats pop up in the meantime, what threats go away, what other mitigations or alternatives are available to try next, what the financial system even looks like at that point... these are all relevant. I can't predict what we should do in a vague, underspecified hypothetical where the only concrete premise seems to be that my predictions are wrong. (!) What I can see and suggest some solution for is the reality right now.
by dataflow
3/20/2026 at 12:57:33 PM
Are scam apps really a significant portion of scams? Is it not people calling and telling you to buy gift cards and give them codes anymore?by duskdozer
3/19/2026 at 11:12:49 PM
I'm going to break your kneecaps. Oh, what's that? You don't like it? Well, what's your solution to P=NP?by dminik
3/19/2026 at 11:10:07 PM
If cooldowns work, put them on granting permissions.There are just as many scam apps in play store and this system does nothing to help with those.
by singpolyma3
3/20/2026 at 4:46:22 PM
If I proposed putting mandatory cameras in all homes and you objected, would it then be fair for me to demand that you justify your position by proposing a better alternative to combat domestic violence?Locking down computing is just fundamentally wrong and leads to an unfree society.
by ulrikrasmussen
3/20/2026 at 7:19:57 AM
The choice is not between "individuals are on their own against scammers" and "users are locked into Google vetting their phone". Users should be able to choose another organisation to do the vetting. They bought a phone, they didn't sell their life to Google.by ajb
3/19/2026 at 11:38:15 PM
Tell the unsophisticated users that they would be safer inside the ecosystem that has always been a walled garden.Why destroy the ecosystem that gives you the freedom to shoot yourself in the foot?
Turning Android into another walled garden removes user choice from the equation.
by GeekyBear
3/20/2026 at 3:55:51 PM
So there's no scamming happening in Apple's fully walled garden, "Only approved apps allowed" system, right?https://blog.lastpass.com/posts/warning-fraudulent-app-imper...
Oh, turns out they just let you pretend to be the real company to sell your scam app.
What a load of good that "Approval" process does.
by mrguyorama
3/20/2026 at 9:28:14 AM
Enable unknown sources in developer options, have the user type out in order to proceed "If I am typing this and don't know what I am doing, I am likely being scammed".by KoolKat23
3/19/2026 at 11:26:35 PM
I suppose you could make the cooldown apply to the actual installed app. Like... when it's first installed it won't work for 24 hours and the clock doesn't start until you reboot. And then on boot it scares you again before starting the clock. And then "scares" you again after the cooldown.by fluidcruft
3/20/2026 at 6:44:20 AM
Force the phones to be open so I can install my own OS on them.Then Google can do whatever they want with their OS and I can do what I need with mine. You might actually get phone OS competition. This is what the walled garden is actually meant to prevent.
by themafia
3/20/2026 at 5:25:35 AM
China just executed couple of them that operated in Myanmar. Since we are hurling towards the bad parts in their dystopia anyway, why not also get the good ones?by ReptileMan
3/20/2026 at 12:33:46 AM
Like the ones constantly advertising across Google's plethora of platforms without any repercussions or possibility of recourse with Google? For my safety, of course.by passwordoops
3/20/2026 at 3:57:29 PM
Education is the only solution to this.You can’t feasibly protect someone that believes the person on the phone is their family member or the chief of police.
This kind of thing has to be verified like how they try drugs. Just randomly doing things will surely be useless, similar to how randomly optimizing parts of a program is generally worthless.
by ozgrakkurt
3/20/2026 at 12:40:51 PM
Are scammers using sideloaded apps when they can use whatever remote connexion the apps in the store allow ?I think a big warning in red "Warning :If you don't personally know the person asking you to install this app, you are getting scammed. No legitimate business or Institution will ask you to install this app"
by poulpy123
3/20/2026 at 12:58:25 PM
Why would you need to sideload anything when scammers can just use Teamviewer or any remote operation software, readily available in the Play Store, that will surely pass whatever "checkmark" process Google uses to validate "safe" apps?by rawbot
3/20/2026 at 4:56:05 AM
We need to remove the play store from Android phones. People have been scammed there more than any other store.by jaimex2
3/20/2026 at 3:05:42 AM
"Warning: if someone is talking to you and walking you through this screen, you may be being scammed!"Done.
by JoshTriplett
3/20/2026 at 7:53:11 AM
As if Google Play itself isn't a cesspool full of scammers, or Google ads, or Youtube. As long as Google get their cut they don't give a shit about scams. For a reality check, turn off your adblockers and you'll see how much Google profits from scams. Any solution to scamming can't involve Google, since they long have been a willing tool for scammers.Pretending that this is about anything but Google's greed is giving them far too much credit.
by kryptiskt
3/20/2026 at 1:39:31 AM
Something called personal responsibility and intelligence....which clearly companies don't want, because complacent mindless idiots are easier to brainwash, control, and milk.
by userbinator
3/20/2026 at 1:07:26 AM
But this has nothing to do with combating scammers in the first place, have you never used the play store before? It's overwhelmingly scam apps with the most intrusive ad/tracking shit imaginable. There are scammers openly buying sponsored search results for names of popular apps so their malicious app with similar name appears as the first result.by lyu07282
3/20/2026 at 2:38:34 PM
> what's your solution to combat scammers?I'd wipe the Play Store off the face of the earth. Have you looked at the garbage on there that Google considers legit?
This: https://news.ycombinator.com/item?id=47447600
is is the shit people are exposed to when they go through the Play Store. You don't find that on F-droid.
The second thing I'd do to combat scammers is the same thing I'd do to combat child porn and disinformation: educate people. This silly process is a technical answer to a social problem, and those rarely work well.
by troyvit
3/20/2026 at 5:05:58 PM
Arrest the scammersby gzread
3/20/2026 at 12:48:15 PM
I wonder how this will help combat scammers. Do you really think they don’t have $25 for a fee?Furthermore, this verification system also functions as a US sanction mechanism—one that can be triggered against any entity the US decides to ban.
by AlfeG
3/20/2026 at 3:46:39 PM
educationby nazgulsenpai
3/20/2026 at 7:14:29 AM
Don't install crap on your phoneby steve_woody
3/19/2026 at 11:13:27 PM
[flagged]by skeaker
3/19/2026 at 11:24:15 PM
You didn't even slightly research the topic of phone malware, browse /r/isthisascam for starters. I don't say the problem is an "epidemic" and it doesn't have to be an epidemic to be addressed.by wswin
3/19/2026 at 11:19:56 PM
It's very obviously not irrelevant. Google is not going to let their main phone app product become associated with Grandma losing her savings! That's not going to help the free software folks... it's going to send everyone over to iOS.by scoofy
3/20/2026 at 12:17:01 AM
> Google is not going to let their main phone app product become associated with Grandma losing her savings!How did they manage to survive as the grandma-account-draining brand for over 15 years, though? They're still the market leader.
One of the best arguing tactics the pro-control side has come up with is "The way it works right now is JUST not good enough". And then you don't need to argue any further or substantiate that. You just force your opponent into coming up with new measures because obviously right now we have an emergency that must be dealt with immediately. So far, this reasoning has worked for program install restrictions, de-anonymizing internet users, all sorts of other random attestation and verification measures, and it will be used for so much more.
My question to all that is - what has happened NOW that changed the situation from how it was just a couple years back?. Google hasn't been sitting idle for all these years, they've been adding measures to Android to detect malicious software and prevent app installs by clueless users - measures that were striking a balance between safety and freedom. Why is everything safety-related in the last few years suddenly an emergency that must be rectified by our corporate overlords immediately and in the most radical ways? How did we even survive the 2010s if people are less secure and more prone to being scammed with the new restrictions right now than they were back then?
I'm not saying there's not an issue, but without hard stats, these issues will always be magnified by companies as much as possible as the wedge to put in measures that benefit them in ways other than the good-natured safeguarding of the consumer. In an open society, there's always a point where you balance the ability to act freely with ensuring that the worst actors can't prosper in the environment. Only one of these things is bad, but you can't have both. You need a middle ground.
by tavavex
3/20/2026 at 1:22:42 AM
It's for the same reason governments all over started to implement "age verification" laws all of a sudden, they never tell us their real motivation. That we can only speculate on, but for many people it seems they just go along with it and believe them all on face value, that's what all the media does anyway. The overarching goal they all work towards seems to be total control and surveillance of people's information sources and communication.by lyu07282
3/20/2026 at 12:37:29 AM
> How did they manage to survive as the grandma-account-draining brand for over 15 years, though?15 years ago ransomware effectively didn't exist and virtually nobody's grandparents did their banking on their phones.
by scoofy
3/20/2026 at 7:04:39 AM
Insufficient answer. "The past 15 years" is asking about that entire period. If you want to compare a specific point in time, they asked what changed since "a couple years ago". A fair point-in-time comparison might stretch "couple" as far back as 2020 because of how they talked about surviving the 10s, but no further.So, 2020 or 2023 or so. Plenty of ransomware, plenty of phone banking. What changed since then?
by Dylan16807
3/19/2026 at 11:32:17 PM
I wonder whether scammers will switch to using PWA.by fluidcruft
