It is amazing how Volkswagen keeps messing up.
I am currently in the market for a new car, an EV specifically. Volkswagen brands were at the top of my list for many reasons, among them the excellent driving assist implementation.
I got an offer from a dealer three weeks ago and was going to order the car, then the API for the community integration got turned off. I decided to hold back and see what comes from it. Now this, which ultimately - since I am a GrapheneOS user - makes me completely cancel my plans.
I really do not understand VWs thinking here. It would cost them little to nothing to continue not blocking the the inofficial API and not block GrapheneOS (or other non Play Protect androids) users. It would have no adverse effects on the average Joe, but it would gain a lot of support and enthusiasm from heavy users, differentiating from other brands. Not to mention the fact that it is the USERS data in the first place
VW is obviously not thinking that any noticable portion of the userbase uses Graphene, and someone (somewhere) is going to get a promo by making VW infra adhere to "standards" or something
I don't use Graphene, but now I'm out of the market for a VW.
Vendor lock-in to Play services is ridiculous.
A car is a big purchase, and ideally not something I discard after a few years. I'd like it to not treat me like a second-class citizen and renter who can't make decisions over how to extend the life of my purchase.
It's ridiculous, but are we only saying that because we're on HN or is it because the portion of the userbase who thinks it's actually a bad thing is the larger one?
Actually we need to force our European governments to use services that do not depend on foreign services (ie. Google or Apple). Then I guess it will only then become obvious to them how crazy the situation has become.
The company's have done their thing to ensure that the average guy wouldn't even try escaping their lock-in. So chances are becoming smaller and smaller to hope for a critical mass of users to complain.
which is why shaming them is a valid attempt to get them to "think". it has worked in the past (particularly with bmw!).
specially because no car really supports grapheneos, but it can be used in any car supporting regular android provided google play is installed which ensures google's certification and validation is being preserved. if i get this right bmw is actively blocking this, which would be just a dick move.
> Volkswagen brands were at the top of my list for many reasons
You should definitely reevaluate how you constructed your list. VW has a history of being scummy (https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal) and their ICE cars are notorious for being unreliable compared to the Japanese car-makers. To be fair, EVs do change the equation a bit, but given their scandal plagued past, there's no way I would put them at the top of any list.
Said owner cares about their experience above the environment. Sure people care about the environment, but it is always lower than all the other factors in their personal list of things they worry about.
That is why so many rich fly private jets to environment conferences. People put Greenpeace and similar bumper stickers on their SUVs that never go off road and rarely have more than one person inside. They care about the environment, but only when it doesn't impact anything else in their life.
> Sure people care about the environment, but it is always lower than all the other factors in their personal list of things they worry about.
Emissions scale with performance, and inversely of fuel efficiency. So the environment may not be the most important point, but I'm pretty sure fuel efficiency is high on the list when you're picking a compact or long-range car that is supposed to be fuel efficient.
Also, by advertising as compliant to green specs something that wasn't, means people may have been swayed to purchase irregular cars despite them not being really green, only due to the fact that they may have received rebates and contributions for the purchase, regardless of whether "being greener" ranked high on their decision metrics.
Data point: I bought a Skoda because of its claimed efficiency. It wasn’t the only factor, but in the balance of weighing things up, I cared that the stated emissions and fuel efficiency were better than some of the competitors.
I was lied to. Had I known that was the case there is a good chance I would have gone with a different car.
My car was recalled and reprogrammed and it no longer had the torque it had at first.
Of course now it’s clear that most if not all manufacturers were doing the same trick, they just weren’t caught at it.
Cute. If I buy an A+ washing machine, but it turns out to use tons of electricity to wash the clothes better than expected, the solution isn’t to wash less clothes or do so less often — it’s calling the shop and returning it because its rating is fraud.
> their ICE cars are notorious for being unreliable compared to the Japanese car-makers.
I always read this online, but my personal experience in EU doesn't match that at all in quite a sample of people and cars over the last ~15 years. At least not for older cards. The reliability after 100k km seems to be somewhat similar.
The repairability of VW-group stuff in 3rd party services is soo much better and cheaper. The WV-group is huge and many models across the brands share same parts and full engines. There exist non-OEM alternatives and people know how to fix those cars.
I have never bought new car. But driving anything but VW got expensive fast.
Toyota cars can have bespoke parts even between different months of the same year for the same model. Continuous improvement isn't really that cool for cars.
Outside Western Europe, VW is priced like a premium upmarket brand (not quite luxury). Maintenance and general upkeep for a VW are easily two to three times the cost of an equivalent Japanese car.
Which wouldn't be an issue if the cars were actually built to their price point. But the VW cars we get here are shittier versions built in nasty factories. They break down if you look at them wrong. The build quality is nonexistent. They are absolutely an awful deal, no matter how you look at them. You also have to personally import parts from wherever they're available, because otherwise only the dealerships have parts and they are absurdly overpriced.
Also, European brands are afraid of exporting EVs. If you want an EV, you buy a Chinese car. There is no other option. It is as simple as that.
I currently own a 10 year old Seat Leon with not a single out of maintenance repair (if we ignore the cosmetic repair due to a wildlife encounter). My parents have owned multiple VW vehicles, with each of these lasting >15 years without major issues. I know they have a reputation of being unreliable compared to Toyota, but that hasn't been my personal experience and equally important: they do not look like a Toyota. And Mazda has awful EVs
Putting these factors aside: they are usually cheaper than their peers in insurance and they have dealerships absolutely everywhere. I've had multiple Skoda and VW EV rentals and the experience has been nothing but pleasant. Hence my priorities.
Seat has been a refreshing alternative since the Arona came out, specifically the one with the amazing sound system. They’ve come a long way and are making some no-nonsense cars.
Same here. I'll be in a market soon and I had my eyes on a VW i4 or a Škoda Enyaq, but this makes me seriously reconsider. I really wanted to support local industry and buy a European product this time, but they are making it seriously difficult (no, don't get me even started on Stellantis).
Mercedes has some interesting EV options, and they have some models at the moment that are not necessarily that expensive. Through the grapevine I overheard something about surplus production due to mandate to build a certain number of EVs.
If you don’t want/need a new car, the used car market in Germany is pretty active with EQAs and EQBs.
Mercedes is terrible for EVs. Adaptive Cruise Control for example is a paid feature with a recurring subscription. Don't encourage "Car as a Service" concepts.
I was hesitating between a VW ID.4 and Peugeot 5008 (7 seater, much space). In the end I went for the Peugeot and it's fine. The ID was much more fun to drive, but I would have lost space and paid a lot more.
Peugeot is reasonable and works. Charging could be faster and WLTP longer, and once I had the screens restart while on the motorway which thankfully did not affect driving but was pretty terrifying. All that to say - go ahead and buy European. You'll have some issues but for me all better than to get a china car with who knows what data exfiltration and hidden issues, or a Tesla that will lock you in when the car burns. EU companies are too boring to spy and too risk averse to have tesla-like issues..
German companies, especially old school industrial ones like VW, have a very hard time understanding open platforms. The view everything through the lense of liability and compliance first. Their thinking is that if someone runs their app on a custom ROM and uses that to manipulate the app in any way, and that causes some extremely hypothetical damage, that they might be held liable for not having prevented this situation.
Obviously, the chances of that are virtually zero. But they'd rather make their product worse than assume with any kind of risk, even if it is virtually zero. That is simply the way in which German enterprises operate.
I mean, the only reason they did it was to be able to comply with the requirements of the test.
But the reality is that every once in a while you have a scandal like this or something like Wirecard, and it happens, because the culture is such that absolutely nobody thinks it possible. That includes officials and regulators whose first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.
>because the culture is such that absolutely nobody thinks it possible
Only naive laymen or newcomers to Germany think it's not possible. German business leaders, lawyers and politicians know exactly how much corruption and scamming is going on in the business sector, and it's not a little.
>first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.
That was purely malicious to try to protect Wirecard, not because the regulators couldn't possibly imagine corruption and law breaking exists, that was the story they used as cover for their corruption.
Like you're a regulator and instead of doing the thing you were hired for and look at the evidence The Economist showed you, you instead "use your instincts" to decide not to do your job and not look into Wirecard because you can't imagine something bad can ever happen? Come on! All those regulators should have been fired and tried for corruption and/or accessory to crime.
I am pretty sure that was not the engineers, but someone higher up the food chain ordering people to do that. I might be wrong, but maybe I missed the obvious "/s" or "/i" here.
Clearly the engineering team didn't know ahead of time that Electrify America would be the end result of dieselgate. Had they known, perhaps they would have been more eager to do the engineering work though! haha
It was just a fun inside joke, since nobody could have assumed the fines would create Electrify America. Personally I'm glad Electrify America exists, though the way it happened was probably not the best path to get here.
EA even has successfully moved on from just being an org forced into existence and are actively trying to take care of customers and produce a good product now that they have some competition.
If I had to guess it’s liability concerns around the app-based remote unlock and parking + R155 and CRA. A lot of european companies have moved to require attestation in their apps, likely spurred on by the CRA.
But why? I'd understand (though not approve) them tightening down everything about the car firmware to the max. They are responsible for the app, sure (it's a "digital element"), but they aren't responsible for the OS the app runs on. The CRA should not be used as an excuse to enact stupid restrictions.
Unfortunately, due to the nature of these things, you cannot verify an app is unmodified without also verifying the OS running it is also unmodified. So if VW decides that only their unmodified app may access APIs, then they kind of are stuck verifying the OS.
They can, given basic competence in SW engineering, also verify against GrapheneOS' published release keys. The reason they don't is the same reason Google closed my ticket asking them to include Graphene keys in Play Integrity checks: they don't care.
The reason they don't is the same reason Google closed my ticket asking them to include Graphene keys in Play Integrity checks: they don't care.
I think the reasons are very different. VW maybe doesn't care. Google does it because it would undermine their stronghold over the platform. If they would allow GrapheneOS, what would block Samsung or another OEM from also sandboxing Play Services and not preinstalling a bunch of Google apps and requesting the same?
This shows why attestation is in the wrong hands. Whether a particular device is attested should be purely based on the security of the device (which would also exclude a bunch of certified devices that Google will happily attest now), not on maintaining a smartphone duopoly.
Alternatively: don't add inherently-unsafe functionality which requires attestation in order to have a veneer of "safety".
As media piracy and game cheating has shown: no matter how hard you try, there will always be ways around it. You should assume that 3rd-party device you have zero control over is already compromised, so why not use the API as the boundary layer, stop pretending you can secure the app, and open it up to 3rd-party access like it already is in practice?
Yeah, in the case at hand it's quite silly anyway. We have a VW car and the primary things you can do with the app is check the charging state, stop charging, and turn on the heating/airco.
Unless I overlook something, the worst attack vector for a compromised phone is: you could drain the battery by repeatedly turning on the airco.
Though I guess they are rolling out phone-based car keys, which may be the incentive.
That itself though speaks for a broken company culture. If one part of the company is completely disaligned with the values of good engineering, why should anyone still trust the company as a whole? It seems they at the very least severely lack a good vision then, to uphold the company values or what should be the company values.
That’s how megacorps are. VW has almost 700K employees. Enforcing a company culture on that scale is a very diffuse and difficult thing. If you are evaluating whether you should trust a company based on their ability to enforce values throughout all their orgs, you really shouldn’t trust any company unless it’s a tiny one where this sort of thing can be a lot easier to hold the line on.
You don't understand, both comes from the same motivation and way of thinking: You see, compliance in Germany is about pretending to be super-compliant and not getting caught. Everyone will do the dance, make all the moves, and if you seem to make all the moves, you are assumed to be compliant. Supervisory authorities will not really check thoroughly except if you are annoying them or making them look bad. Especially if you are partially state-owned like VW.
In Dieselgate VW got caught, made the supervisory authorities and politicians look bad, which is why the authorities also weren't inclined to sweep it under the rug completely. They just shielded VW from the financial consequences in Germany (German VW customers got shafted).
Blocking GrapheneOS is the useless "pretending" part of compliance. They don't really want to do security, because that would cost money, so they pick some actions that seem drastic, harsh and don't cost them anything to implement. Later, when there is a security incident, they will point to their huge heap of pretend compliance, whine a bit about state sponsored actors, high criminal intent and other obvious deflecting bullshit. But they will get away with it, because they did the compliance dance, so they are obviously compliant and did nothing wrong. Nobody in authority will look twice als long as they are neither annoyed or made to look bad.
Yes? These things directly follow one another: VW are obsessed with letter-of-the-law compliance, so things like end-runs around test routines are obvious solutions.
And VW didn't single-handedly destroy the diesel market; economics and physics did. Almost every other manufacturer was also fudging the tests results in some way. But more importantly, building a passenger car diesel that meets NOx targets doesn't work; by the time a passenger car diesel meets modern NOx targets honestly, the car contains a ludicrous precious metal loading in the catalyst and is only a few percentage points more efficient in terms of consumption and CO2 emissions than a petrol car and the math doesn't add up. Diesel is just not a practical solution for passenger cars; it never was in most ways, but it took the EU a long time to restrict NOx pollution to a sustainable level and expose the physical issues at hand.
This was official EU policy, based on french reports, as the french and italian manufacturers actually came up with common rail diesels first. The EU then changed regulations to tax based on CO2, which diesels are better at. They also made diesel taxes lower, to offset the higher prices for diesel cars (often 2000+ euros more than the petrol versions). This was all done in the framework of reducing foreign oil imports.
What VW did was to save money from ThinkBlue systems. Not every manufacturer failed the tests, especially the ones who used exhaust gas treatment did pass, and were more economical than petrol engines. After that, the EU changed emission standards and made them more strict, so VW switched to using dual exhaust treatment. Which made the cars more expensive.
What finally killed diesels was the removal of the tax reduction on diesel fuel. Since it is now taxed the same as petrol, there is no more any advantage that can offset the higher purchasing costs of the cars.
If they have concerns about the security of their app on some platform, they have the choice to either put "security" into the app, or to trust the platform vendor to provide the security. The correct solution is the first way. Deferring trust to the platform provider is the lazy way.
If their APIs are done correctly, they shouldn't be afraid to expose them.
Google has a pretty good legal team. Their developer ToS that absolves them of any sort of liability for anything. So this means VW is just being lazy and not seeking legal protection.
They don't care about legal recourse. If there's something wrong, they'll just change the laws. That's why they don't care about GrapheneOS users, or any EU regulation which could harm them.
It will look better for the project lead if there's an issue though. You can say that you enabled everything recommended by Google or w/e, following best practices, and still got pwned instead of arguing that your own security model had a tiny little flaw that no one recognized. And it frees up project hours which can either be the difference between doing the project or not doing it and/or allow you to have other project work billed to this project.
How else would you build "security" into the app (in the sense of not allowing third-party modifications of it that would open them up to liability), except relying on hardware attestation that the app has not been modified? That attestation necessarily requires the platform provider to be involved.
You don't, the app runs on a user-supplied device. They should secure the part that runs on the car and consider the interface between the app and the api to be a user interface.
Volkswagon has no jurisdiction over how I manage my fob, which is the client for the vehicle's unlock and start API. Once you hand a bearer token to me that governs full access to the vehicle, including the accelerator and steering wheel, it's not your job to babysit whether I chose to use it while drunk or hand it over to someone else.
Except it is their job, that is why certain signals on the car are protected from manipulation. Any attempt to circumvent this and succeeding would require direct action from VW. If they cannot prove that they did everything possible to prevent that, then they are legally liable to the authorities.
Same way that banking apps don’t care if you could screw up your account anyway, they will ban rooted phones just to avoid the risk. Because when something happens, what do you think is more likely? That the customer accepts full responsibility for using a rooted device and says that’s on me? Or that they blame the bank for losing all their savings?
> If they cannot prove that they did everything possible to prevent that, then they are legally liable to the authorities.
Laws mostly don't work like that. The seller of gasoline doesn't have to prove they did everything possible to design the product to prevent anyone from using it for arson, nor should they because that's preposterous.
> Because when something happens, what do you think is more likely? That the customer accepts full responsibility for using a rooted device and says that’s on me? Or that they blame the bank for losing all their savings?
You're making the assumption that rooted phones are more likely to be compromised, but it's entirely the opposite. The stock software on phones regularly goes out of support and has known unpatched vulnerabilities (but will still pass Play Protect) and the only way to get a patched system on that device is to install a newer third party ROM. On top of that, GrapheneOS has better security than stock Android even for the same version.
Moreover, that has nothing to do with liability. When the user with the vendor-supplied firmware still gets pwned and has their account drained, they're still going to go to the bank looking to get their money back. All the bank does by going out of their way to block third party firmware is to make that marginally more likely.
Easy: separate the systems into the safety-critical ones required for driving, and the nice-to-have ones used for things like entertainment. You can now give the car's owner full access to the latter via all sorts of weird 3rd-party apps, as there's no way for that access to cause serious issues.
They should be doing this anyways, or else you end up with your Jeep being crashed via wifi [0], and having the blast radius of a corrupt album image [1] restricted to infotainment is probably a really good idea too.
So you don't have a VW employee coming by your house in the evening to check if the key fob is still in you possession? Sometimes he even does a testdrive to make sure it still works with the car.
It sends very weird signals when the EU will fine an American company over some data moving in a direction they don't like while at the same time EU governments will allow home grown companies to de facto force people into using products from those same American companies all while lecturing us about duopolies and privacy only to re-enforce those same problematic patterns. It is absurd.
All countries are more lenient with their own companies. Remember who started grounding the 737 Max? It wasn't the FAA, an otherwise highly respected organization.
Who is paranoid about Chinese routers while spying on everyone? Etc.
No, it's not weird at all. They're each just an outcome of two different regulatory philosophies about how to protect users. We might want both because we're coming from an individualist hacker mindset, and thus see them as similar issues. But this is not how regulatory environments work (unfortunately).
From what I can surmise, the German/EU philosophy is more of a closed world approach - accepting that companies will keep control, then government regulates the companies to stop the companies-with-control from causing harm. If you don't like the harm, your recourse-focus is to petition the government to stop it (eg GDPR). Whereas the US philosophy is more open world - once someone "chooses" to patronize a company, then the company is free to do whatever they want. Your recourse-focus is to stop using that company.
They both have shortcomings and glaring loopholes, of course.
> The view everything through the lense of liability and compliance first.
Wow, so they must really want to avoid the liability of spying after their users and keeping all that data, and to be extra sure to comply with the GDPR, they must keep only the absolute minimum of data, right?
It looks like the software development at Volkswagen is done by mixed bag of different deparments with different quality.
On one hand you have: Linux at Volkswagen
"Software development without Linux is no longer possible within automotive environment. Therefore Volkswagen Group IT created and maintains a Linux distribution for our developers. This short talk will highlight our starting goal to integrate into the existing environment, highlight our integration problems and solutions with contributing to upstream. Furthermore we will show where Linux desktop need to improve in future iteration to be a good fitting replacement for other systems."
On the other hand you have insecure implementation of telemetry: Wir wissen wo dein Auto steht
"Bewegungsdaten von 800.000 E-Autos sowie Kontaktinformationen zu den Besitzern standen ungeschützt im Netz. Sichtbar war, wer wann zu Hause parkt, beim BND oder vor dem Bordell.
Welche Folgen hat es, wenn VW massenhaft Fahrzeug-, Bewegungs- und Diagnosedaten sammelt und den Schlüssel unter die Fußmatte legt?"
I’ve spent time doing software at VW and a few of its subsidiaries, and this matches my experience.
Compliance is everything, and SAFe (Scaled Agile) is deployed as a blunt instrument.
Management treats software exactly like hardware production lines—everything is just an "engineering process" that can be optimized on a spreadsheet.
The underlying assumption is that individual engineering talent is just an interchangeable commodity. Once you view developers as replaceable cogs, outsourcing the entire infrastructure to the lowest bidder in India becomes the logical conclusion.
It’s a textbook case of process-over-people driving institutional tech debt.
> Management treats software exactly like hardware production lines
That's exactly my observation as well. Classic hardware-producing companies have an immense respect on the step of entering mass-production, as whatever issue that slipped through will be multiplied and physically spread across the world.
So they come from the mindset that the dominant mindset is to minimize the SURFACE-area of potential risk. This makes it really hard for them to compete in software-space, because in software the dominant mindset is to just estimate risk.
Neither is wrong, but applied vice-versa is.
- If you treat software like hardware, you end up cutting out everything that could make your product fit more than your decided main use-case.
- If you treat hardware like software, you're placing a bet on behalf of your customer that the product "will be fine", and a (very expensive) bet that this product won't create an aftermath which may destroy your entire company.
Companies which can't manage the distinction here end up putting hardware in the hands of customers they should have built differently and then spend all their resources on software updates just to somehow keep the core function working.
Why shouldn’t software be treated with the same rigor at Volkswagen scale?
Pretty much all software products typically talked about on HN are laughable at that scale, they have crashes or weird bugs way more often than the six sigma norm of 99.9999% reliability.
For example, I don’t think it’s even possible nowadays to buy a new iPad and use it with default apps and settings for any significant duration continuously. It’s well under 1 million minutes of uptime before failure and a hard restart is needed.
So anything more complex than the simplest possible use case of an iPad is even more of a joke under hardware norms.
> Why shouldn’t software be treated with the same rigor at Volkswagen scale?
No one said that it shouldn't.
What I wrote is, that the approach of minimizing any SURFACE of risk in software creates the (subjectively good and solid) software of previous car-generations (in Volkswagen terms: MIB2 ~ a bit downhill already in MIB3): A solid, predictable and closed product fulfilling its core use-case.
But it DOESN'T create a user experience with those "fun" niche features, competitive remote-access Smartphone features, exposed API's, sudden new features during lifecycle, funny "ludicrous modes" etc.
And today's customers are demanding those features, it's now a hygiene factor for a premium experience on Smartphones as well as on cars.
A Tesla is not considered a "Premium" car because of its premium hardware or manufacturing quality. They disrupted the car-industry by being the first to apply a software-dev mindset to it, and the consumer perceives this as premium.
I guess this mentality makes sense if your products’ failures may lead to actual people dying. And in VW’s case it’s the correct culture working as it is supposed to? My Toyota sometimes feels like it was designed by a lawyer. But I somewhat understand given their history of being badly sued.
That being said, at this day and age they probably need to evolve to accommodate some UE principles from the consumer electronics industry. Especially given how cars are getting more computer centric. Hitting a good balance between the old compliance/safety mentality and UE mentality will be hard.
The same company that supposedly views everything through the lens of liability and compliance does this:
> When the cars were operating under controlled laboratory conditions - which typically involve putting them on a stationary test rig - the device appears to have put the vehicle into a sort of safety mode in which the engine ran below normal power and performance. Once on the road, the engines switched out of this test mode.
>
> The result? The engines emitted nitrogen oxide pollutants up to 40 times above what is allowed in the US.
They have to, because German society is extremely litigious and based on finding loopholes in rules.
You know how some religious groups will string a rope between two houses, count it as a roof as long as they're within a certain horizontal distance of it, so they can follow the rope on occasions when the religion says they have to stay inside, and they think God enjoys them finding these loopholes?
Germany is like that, but with lawsuits. If anyone with money finds a technicality to sue you on, they will. So you have to be extremely liability averse if you want to be successful in business. Also, liability is almost always unlimited. You can be bankrupted by a single bad lawsuit.
Same. It doesn't sound at all familiar, but Germans are a relatively litigious bunch (so many have legal insurance). Suing your neighbour because their cigarette smoke wafts into your kitchen. That sort of thing.
But "unlimited liabilities" gives entirely the wrong impression. German courts do not award punitive damages, and fees are generally capped below that amount in dispute.
No idea what's your source on this, but I see you're spanning quite some "rope" from
a.) a global company in the car-industry being cautious of exposing ANY risk-surface in a product because every issue making it to the field doesn't just bear the risk of very expensive recalls/fines but may also put people's ACTUAL lives in danger, to
b.) the country Germany and its whole society
> If anyone with money finds a technicality to sue you on, they will.
In the car-industry you don't need anyone with money to sue you. If you ship a car which is found to endanger participants of traffic, your company may not recover from the aftermath for years...
They have a hard time to understand software in general, software developers have a very low standing in German engineering and engineering culture has long been replaced by finance people.
And I don't think the liability is the primary problem, they have a problem with freedom and fear that they lose some mechanism for monetisation. This is why you get subscriptions for heating your arse.
I'm kinda glad that it's VW blocking GrapheneOS users in a cynical way. When my parents got a VW Jetta they never stopped complaining about it and never bought one again. So it tracks that they'd also be the car manufacturer to block GrapheneOS and stomp on their user's privacy.
It's an easy market to win at this point. The bar has been lowered so much. Already have a nice car? Just don't display utter disdain for your user's privacy and you get our $$.
I think there was no specific thinking in that space at all. They went for attestation of the app for security reasons of the API and their testing only runs on normal android and iOS devices. Consequently, they realized later this and write a response pointing to their tested platforms.
So understanding why they drop it is IMHO easy. Understanding why they use only attestation based API despite and forcing their third party ecosystem out is stupid. Companies do not understand open communities.
I've had the same Golf since I bought it new in 2014. I like my Golf, so it should be an easy sale for VW to sell me a replacement.
However, VW just seem to make gaff after gaff. Collecting information they shouldn't, exposing information they shouldn't have to hackers via lax security practices.
How many rakes can a company step on?
Now, they're blocking GapheneOS? They've got two hopes of selling me another 'Dub.
They appear to have no clue about what customers want. We’ve had VWs in the family for as long as I can remember. After I sold my Polo, a car I truly liked, that was the last of it.
Nobody wanted the crazy touch dashboards, data collection, emissions nonsense, etc.
Just make the damn car you’ve always made. Be reliable.
I've test driven pretty much all VW brands (that fall within my budget) and thus far, the Cupra Born has been my favorite.
I have test driven the Kia EV4 and EV3, but I am not a huge fan. I do not enjoy the look of the EV3 and while the EV4 was a nice drive, I kept bumping my leg against the direction selector (which is below the handle for the wipers; But this is a huge nitpick since I am fairly tall, so not really an issue for 99% of drivers).
The main issue with Kia across the board is that their are so darn expensive for insurance. At my current provider, the EV4s insurance would have been 500 EUR more expensive than an roughly equally priced Cupra Born.
Not a huge SUV fan, but the Skoda Elroq and Skoda Enyaq were very nice vehicles as well
Been mostly interested in ev6. Just compared insurance cost and Polestar 2 was almost double. Born was also 50% more than kia ev4. Maybe different in the us if you are there?
Zeekr is getting up there too, but Tesla is going to be leader for ages - most car availability, easiest to service, most hackable software, best in class privacy, tons of third party options.
I am in Germany, so even if I was in the market for a truck (which I am absolutely not), Rivian does not have vehicles here.
Beyond the politics involving Tesla, I just do not like the car. I had a Test ride with a Model Y and it just was not a good experience. I hate the touchscreen centered everything, etc. Beyond that, I just want a compact vehicle, which Tesla simply does not offer.
Given Tesla‘s features like the Live camera access and their allegations of employees sharing pictures recorded with the interior cameras of the car, I have as little trust in Teslas privacy promises as with any other manufacturer. They‘re also very expensive in insurance
> I got an offer from a dealer three weeks ago and was going to order the car, then the API for the community integration got turned off. I decided to hold back and see what comes from it. Now this, which ultimately - since I am a GrapheneOS user - makes me completely cancel my plans.
Make sure that dealers know why you changed your mind.
As a dealer, it would be frustrating especially because it is so silly.
Basically, if they report any of this to HQ, it would be along the line of "I am losing the sale of a whole car over some stupid app block".
What is the risk of letting them know that someone lost trust in VW's features due to a boneheaded decision of their software group and decided not to buy that brand at all?
Net Promoter Scores is the only thing that the marketing department cares about. So fill out that customer satisfaction survey, give them a 1 out of 5, and say why. Passives (2-4) are not even considered lol.
I think that it is not fair comparison. More likely X % changed their mind and did not go through the purchase. Nobody except this one told the reason? If only this is said aloud, dealers might even make assumptions that maybe others did the decision for same reason, but just did not say it.
I wonder what a Venn Diagram of people that use GrapheneOS and people that wish to purchase a Volkswagen vehicle looks like.
As of April 2026, the operating system had approximately 400K active users. https://en.wikipedia.org/wiki/GrapheneOS
I wish that Volkswagen would care about this, but I suspect they have little incentive to do so.
Volkswagen has a 10% market share in Europe (25% if you consider the whole group: Audi, Cupra, etc.)
Assuming 25% (might be overinflated) of GrapheneOS are European, that’s 10000 European GrapheneOS users who would buy a Volkswagen car (assuming an unbiased distribution of GrapheneOS users, which is probably not the case though).
I don’t think Volkswagen is in a strong position to say they don’t care about 10000 sales in Europe only.
Let me get this straight, you are considering buying an EV, or any modern car for that sake, but you care about privacy (by using GrapheneOS).
You are driving the biggest trojan horse of spyware ever created. You voluntarily drive around with that thing spying on you AND me. I hate parking at a parking lot now because every car and its 300 cameras are spying on me, putting my face, car and appearance in a database used to track everyone around you.
I genuinely don't know how people like you sleep at night knowing you're raping everyone around you by enabling mass privacy violations. Grow a spine.
It's just a direct security risk for them no. Less control can lead to unpredictable behavior from their cars in the future. Why would they want to allow the environment which enables that.
I can't even consider them after diesel gate. When I start thinking about it, it's quite sad how many car brands are terrible. I own two Mazdas. Still terrible but the least I could find.
This is sadly not even the full extent of it. What they did is, they locked their api entirely for anything that is not play protect certified. That means, all the cool stuff that was doable via community-driven projects is now dead in the water.
The "app" they provide is 60% advertisement, 30% features, and I unironically preferred using a Home Assistant connection instead of of it for everything. Even for automations like "when to preheat the car", since that was easier and more intuitive outside of their native function.
This also means, that charge control from the cars side is not possible to automate anymore.
Sure, one could take the position "but it was never officially promised", but for some people, including me, having the api (which is paid btw) was a selling point.
I feel you. From my side I try to complain / rate / review every time, even if it's a low effort action, to cost them time and in the case of the regulated companies, to slightly worsen their complaint stats.
There's enough of users to start making a difference. Really, even a low effort action raising valid concerns (security theater, a lie, google's monopolistic position, anti-competitive, etc), keywords that will make their response more careful and potential complaint to the regulator more impactful.
Things like this can actually be a good way to nudge a company in the right direction sometimes. Nobody uses those internal review systems, and sometimes their stats are actually important. A handful of users might make up a really big chunk of the reviews.
In a similar vein, I once met a woman who told me how she would enter every single one of those stupid contests that you'd see printed on cereal boxes and ice cream containers because literally five people enter into those things, so you're odds of winning are surprisingly high. Apparently she won a bunch of them, but her favorite was when got a week long vacation that included going on a fishing trip with Ben and Jerry of "Ben and Jerry's".
So "Play Protect" is doing all the damage to the third-party ecosystem that it'd seemed designed for.
I've slowly but surely been moving away from any service provider of any type who does not allow me to use their service without their often Play Services-dependent app. Changing vehicles would be a lot harder though.
Developers have to go out of their way to implement triggering Play Integrity API checks in their app and then retrieve the results to check on their services. They're putting a lot of effort into banning anything not licensing Google Mobile Services. It's definitely not a security feature since it permits devices with no security updates for more than 8 years but not a far more secure OS than anything Google certifies. Google doesn't allow GrapheneOS to obtain certification and certification comes with highly anti-competitive rules which would be completely unacceptable. Their licensing system has been ruled illegal in South Korea and other countries should not only do the same but ban the Play Integrity API and other related anti-competitive features. These are not actual security features and that's an excuse for the actual purpose of enforcing their GMS licensing model including forcing including a bunch of Google apps with extremely privileged access and using their builds of many OS components shipped from the Play Store.
I feel like that should be a warranty claim. You sold me one car with a specific set of features and now you've updated it into a different one lacking those features. It's not the same car. You broke it. Fix it or pay me for it's value.
Car apps, beside Tesla, are universally awful to use. Even Tesla's is not beyond reproach (app size is massive, for one), but at least it doesn't make me want to poke my eyes out. Apple should make a "Cars" app that's like the "Watch" app and let them standardize.
Why does a car even need an Internet connection? I'd prefer a car without. I recently bought a 2024 model Chinese EV, and it doesn't seem to have an internet connection of its own. Neither does it seem to have an app.
Reasons I could think of for an app: Remotely check battery charge, and that would purely be for interest rather than necessity.
I get why people might like or want remote heating/cooling as well, and I'd probably use it if I had it, but it would be an exceedingly rare occurrence (although I'm more sensitive than most as to becoming a 'soft' human being).
Starting my heating/airco at a distance, checking whether the car is charged so I can continue my trip, exporting charging session for my accountant, ...
Rivian would have gone out of business a year ago if VW had not approached them with an offer of $5.8B to rewrite all of VW's car software [0]. Because VW knew their own software sucked.
I wonder if this is a result of Rivian writing VW's software or if that effort hasn't yet borne fruit.
Driving a rental car in Germany almost makes me cheer for the ongoing bankruptcy of their auto industry. It really needs a full reset at this point. Sad thing is EU law mandates for a modem in the car as well as intrusive driving aids that actually make driving less safe by constantly driving your attention away from the road[1]. So there is no hope to get a minimally decent car in Europe in the near future, unless a wider reset also happens at the political and social level.
Whoever came up with the idea that the car should beep loudly even close to the speed limit has clearly never driven a car.
The best way to silence it is to constantly be over the speed limit or well below.
This thing makes me crazy. But I can somehow ignore my Skoda’s whining. The other car was bought months before this regulation happened and I will keep it as long as I can.
Probably made worse by the fact that _every_ VW brand car I’ve driven has read about 10% high on the speedometer. I think I’m going 100 kph, but timing using the km markers on the highway show I’m going about 90.
When I talked to the dealers, they said that the speedometers only have to be accurate +/- 10% according to the SAE specifications.
After DieselGate I assumed that the high reading was to game the fuel consumption game.
A little nice thing the cars could do is automatically calibrate the speedometer from GPS when on a long stretch of a road. You would get the accuracy of GPS and the reliability of speedometer even when in city jungle, underground, during slow speed manoeuvres etc.
Ah, mine is quite precisely 10 years younger, and also European if that matters, sounds like yours might be Mexican if it's in the US unless I'm mistaken. I guess there is some tuning process at the end of fabrication/production, maybe just "wild luck" either way.
> When I talked to the dealers, they said that the speedometers only have to be accurate +/- 10% according to the SAE specifications.
I believe the requirement is only one way - they can read high by a certain % but they cannot read low. Which makes sense. But that means in reality they will usually read a little high.
Was in an Uber in Korea recently traveling from the airport and the car literally beeped every 30 seconds for the entirety of the one hour drive with what presumably was a speed limit warning - a beep AND a verbal message. Seemed to be only marginally over the limit. Drove me insane. I don't know how the driver dealt with it - he must experience it all day every day.
I guess you just filter it out after a while but it definitely makes me think I need to do some research before getting a new car any time soon.
Yes, let’s make people focus less on the road and instead worrying about 1km/h speeding. And where I live expensive photos are only taken way way later than the car starts beeping.
It’s the real life equivalent of the cookie banner.
Each km/h over the speed limit can decide between coming to a stop at the right moment or killing somebody. Don't try to put it into the wrong perspective. The beeping is fine.
No, good driving, which includes focusing does that. People hit other people in the parking lot.
There’s a reason some countries have significant higher death counts in traffic and no amount of beeping will change that.
I recently saw a reportage about emergency call-takers. As you watch them work you'll notice they get an automatic call from the crashed car long before any human calls them, presumably from that modem.
I'm not arguing that the modem should be mandatory, or that you shouldn't be able to control what it does. But forcing car vendors who want to built in a modem to make this modem do an automatic emergency call by default, that seems quite sensible. Even more sensible would be if the modem did nothing unless you allow it, except when it detects that crash, but... profits.
This is already sorta-kinda the case, and it is leading to a lot of issues right now.
The eCall functionality isn't exactly trivial, and due to its safety use there are probably some rather strict regulations around it. In practice this has led to many car manufacturers opting to use dedicated off-the-shelf modules for them, which are completely separate from all the connected infotainment stuff.
However, early modules were built around 2G/3G cellular technology, and cars with those were still sold well into 2025. Not a huge surprise, because its application doesn't require 4G/5G data speeds. Buuuut many countries are now actively retiring their 2G/3G networks, leaving those cars unable to place emergency calls, and with a functioning eCall module often being legally required it would mean some 2-year-old cars would no longer be road legal...
Recently I rented Cupra for a week, its assistants were non intrusive, and helpful. It was a pleasant surprise. Now don't get me started on Toyota or Hyundai assitants... BTW the video you linked features a Toyota.
- beeps about the speed limit, especially if it misses a sign. For example every time starting on a parking lot it keeps the 5 kph even after multiple turns
- warns about leaving the lane, including trying to stay on the lane by slightly couter steering while ignoring yellow construction lines
- Sometimes when moving off from a standstill in a queue, it triggers all "careful you're about to crash into something"-warnings. I suspect it's detecting exhaust gasses from a car in front?
- You must not, ever, touch the turn signal to announce your will switch lanes soon, while there is still a car next to you. You'll get a loud, obnoxious warning tone. This one is especially annoing as it makes sleeping as a passenger on the autobahn basically impossible.
> ... it makes sleeping as a passenger on the autobahn basically impossible.
Which people often do when sharing the driving on long drives. So, another case of it making driving more dangerous, if the spare driver can not rest properly.
My 2024-model Chinese EV allows for volume to be turned down for various things - and these volume settings are kept across 'reboots'. It makes the occasional 'bing' or 'bong' that I need to look at the screen to work out why (which is probably a 'new' safety issue caused by 'safety' settings), but it's nowhere near loud enough to awaken a sleeping passenger.
My sister-in-law has to reconfigure all of the cars safety settings every time she turns the car on as they reset to their seemingly maximal defaults upon boot.
> constantly driving your attention away from the road
Absolutely agree! After a few minutes you realise you forgot to disable one of the 'features' and then get distracted trying to do that.
Lane keep assist is broken and dangerous
Auto high beam assist is broken and dangerous
Auto cruise control is broken and dangerous
Collision detection-avoidance is broken and dangerous (thinks you're going to crash quite often in our narrow, built-up areas in the UK)
Speed sign detection is broken
Hell, even automatic wipers, after all these years, is far from perfect. I feel they should have had to prove themselves with that before being given anything more important
How are all these "broken and dangerous"? In my car (Volvo) they work rather well. Perhaps sign detection sometimes misses signs, but so do I so I can't fault it. The others though, I rank them all somewhere between "genuinely useful" and "absolutely awesome"
N.B. I didn't write /all/ were "broken and dangerous"
But some personal examples:
- Auto high beam assist saw a car at a side junction, turned off high beam, then turned back on, mimicking a 'flash' to let the car out, which they acted on by pulling out. I had to brake hard to avoid them. I was doing 60 mph
- I was on the motorway and a stranded vehicle was on the hard shoulder and the driver decided to exit from the side closest to my lane. I went to move over slightly to give space and avoid him, and the lane assist pushed me back towards him (there was too much traffic for me to change lanes)
- Driving in built-up areas with lots of parked cars and narrow sections, the collision avoidance has pre-activated with huge beeping warnings that massively distracted me, causing me to actually nearly hit something
These were all different modern (but not high end) vehicles
Auto cruise control doesn't take into account vehicles in other lanes etc. It encourages disengagement in dangerous situations/surroundings. It is by definition dangerous
edit: and speed sign detection is probably the most broken. The constant beeping and flashing. I mean, I don't have to explain that do I? Distraction -> danger.
PSA: Flashing someone is never a signal that you're giving them priority. That is explicitly forbidden in the highway code and dangerous. Flashing someone, like using the horn, only means "I'm here, just in case you didn't see me". If someone flashes you, you should make your own determination whether it is safe to perform a manoeuvre, making no assumptions about anything that the person who flashed you might be seeming to be promising.
> PSA: Flashing someone is never a signal that you're giving them priority.
Uh. I guess you've not many US highway miles under your belt. If nothing else, it's a very common nighttime signal to let passing truckers know that they've room to get back in the rightmost lane. I can't imagine that the signalling situation is much different in other places that have a large population of generally-decently-skilled drivers.
> If someone flashes you, you should make your own determination whether it is safe to perform a manoeuvre...
Sure. The operator of a vehicle is ultimately the person who's responsible for its safe operation.
Having said that, few drivers are interested in killing their fellow travelers. Especially at night, determining the "time of arrival" of oncoming traffic, or the distance between the end of your bigass trailer and traffic behind you can be quite difficult. If it's customary in your area to use headlight flashing to indicate to traffic ahead of you that it's safe for them to perform whatever maneuver that they may be uncertain about, then it's not unreasonable to assume that the driver that uses that signal isn't attempting to kill you with misinformation.
Automatic high-beam-togglers don't really care about anything, [0] so that's definitely one piece of malfunctioning tech that makes the roads less safe.
Admittedly mine is somewhat high end, and I have seen broken implementations (which is what I think you describe; e.g. for auto high beam assist mine will redirect the beams around isolated cars, won't completely switch to low beams except in heavy /heavier traffic; and when it does, it takes at least several seconds to switch back - which makes it impossible to do the kind of "flash" you describe).
But I'm kinda' surprised by the cruise control, I don't think I ever drove a car, even a rental, where cruise control wasn't at least "genuinely useful". Even the non-automatic one. How does it "not take into account vehicles in other lanes"/ what makes it dangerous?
Nobody had ever angrily flashed their lights at me until the first time I drove a new car with automatic lights. On one occasion blasted someone 50-100' away, which there's no way I've ever done. There's a long dark road I drive on often where every time there's at least one car I can tell left its brights on too long, and it's blinding.
I rented a VW EV (the ID 5) 1 year ago in Germany and had no issues.
The driving aids can be annoying (especially when there are works on highways or similar and you need to drift beyond lines but lane assist wants to keep going in that direction) but they actually saved me from crashing the car in the parking!
I completely did not see a small wall behind the car and the car emergency broke before I made major damage.
I don't know how large a group who will do this is - but if the UK bans VPNs I can see Graphene having a very large target on its back.
- Buy Pixel, Get Graphene
- Use FDroid, don't sign up for Google Play, download Tor browser
- Censorship resistant access to the internet without handing over your ID.
Pixel being a fairly popular phone in the UK is the interesting bit - if you had to buy some niche device I couldn't see it hitting more than a few hundred people doing it, but there are likely 100k pixels in the UK, and it's still possible to buy one and put Graphene on it.
The squeeze on the free internet happened so quick by the UK (well it took years of indifference and a failure to enshrine protections - but once they started moving the did so super fast)
Realistically we're speed running ID being tied to internet usage - create your escape hatch while you can!
There must be 10s of millions of x86 PCs with unlocked bioses in the UK. The issue won't be running an open device. The problem is software - what does someone running Linux do if the government mandates online services require proprietary attestation APIs?
It's scary how quickly the banning is moving. The problem is what happens next. When they realise that banning things doesn't really work. The next logical step is severely limiting internet traffic.
> what does someone running Linux do if the government mandates online services require proprietary attestation APIs?
One dual-boots to a reputable Linux vendor’s signed/sealed OS image with secure boot enabled in BIOS, so that the attestations are valid; financially supports said vendor; contacts them quarterly with check-ins on the status of their lockdown+attestation roadmap and uses professional journalism approaches to highlight their (in/)action; and, contacts one’s relevant governing body to petition for the addition of that vendor’s signed/sealed product line to be added to the authorized signatures list by both government-sponsored apps and to the verification platforms of the competing vendors (in order to balance the necessities of attestations with an appropriate degree of anti-monopolistic protections for consumers).
> It's scary how quickly the banning is moving. The problem is what happens next. When they realise that banning things doesn't really work
This confidence that ‘attestation doesn’t really work’ is the same sort of confidence that lead the Linux user community to largely scoff at, and ignore, attestation’s threat from when it was ballistically launched three decades ago towards the future. Options are now very limited for stopping it, and largely reduced to ‘getting some Linux into the approval list’. Severe compromises in user freedom will be required for the signed+sealed distro images to receive government approvals.
Imagine if Linux were an app on a video game console and you start to see the outcome: it’s a perfectly great working environment into which all of /usr/local and /opt and /home are writable, but the lockdown prevents you from modifying the OS in any way that could defeat the attestation protections. Apps you install into /opt can only access their own /opt/prefix, apps you install into /usr/local can access $HOME. The apps you install can choose to write session data (such as digital age verification certificates) to a system-protected /data store keyed first by the kernel’s signature, and second by the vendor signature the kernel reads from the app; with the understanding that an attestation latch-forward after an exploit patch will wipe that store, and that dual-booting to a different vendor will suspend access to sessions stored by that vendor.
This is, to climb on my hobby horse for a moment, why I continue to believe that Valve will be the first Linux vendor to receive government attestation approval alongside Apple / Google / Microsoft have previously across the desktop and mobile spaces. I’d really prefer that to be Graphene, Ubuntu, and Valve — but Graphene’s customer base is hostile to this, Ubuntu doesn’t have any incentive to care, and of the Linux vendors out there, Valve has a decade-long head start on the need for a locked-down and attested platform for business reasons. All of the above falls out naturally from considering how to defend one app from another on Android, iOS, Steam Deck, and Xbox. So far as I can tell today, though, Linux intends to be left out in the cold on all this. Oh well.
This way we will just have unremovable age verification, spyware, online accounts to use the os, name another bs from other vendors. What's the point of Linux then? The moment big corps and the state can seal spyware into your computer, they'll happily do it.
I'd rather have a separate burn device with whatever os for state services which lives in a faraday cage most of the time and have a proper OS I control on the main device than give somebody control over it.
I’m with you in spirit, but the ship is sinking, man. Your arguments were already made in the 90s when the first puff of smoke from all this was on the horizon. Thirty years of chicken little later, I’ve moved past being upset about this and am trying instead to persuade the Linux community to step up before the window of opportunity closes on GP computing altogether. Do something, act, if you want a better future; or do nothing if you don’t. What actions do you suggest people take in support of your viewpoint?
> We have a helicopter on Mars yet they still can't master a installation wizard.
Unexpectedly, the 'bootable thumb drive' models are actually pretty great — not the installers, but the ones that boot straight into a GUI that works and is usable. I haven't used one as my personal Linux uses predated thumb drives, but I have always (mistakenly?) assumed that once you're booted into a liveCD, you can click 'Install on a drive partition' and it will actually do something coherent and GUI and reasonable. Have I been too optimistic? Probably, yeah :(
Not really, that is essentially the experience I've always had installing different distros from a live USB; it's mostly just seamless if you're not doing anything weird.
I would never ever trust Linux from a vendor. If it's not installed by myself, I refuse to use it.
When you accept government gift in approval consider it tapped. At any point they can return to the vendor and go "install this". No? Okay bye to your certification.
> I would never ever trust Linux from a vendor. If it's not installed by myself, I refuse to use it.
I bet you would, though, if the built OS image were 100% reproducible except for the signature. Once you have a fully reproducible Linux OS build, you can literally copy paste the cryptosig from the vendor and it will work with the image you built yourself from source that you inspected yourself. Then it’s impossible for the government to tap it without breaking the reproducible image checksum and thus the published cryptosig. It’s a better defense than any warrant canary would be, and it satisfies your concerns fully.
Arch shows only 15 packages left for their core OS to be built reproducibly; what I don’t see at their dashboard is the state of their ISO build reproducibility, but I imagine that’s the same as the core, so maybe it’s just unstated for obviousness. https://reproducible.archlinux.org/
Does GrapheneOS publish their repro build efforts as a dashboard anywhere?
> I bet you would, though, if the built OS image were 100% reproducible except for the signature.
CryptoSecure, depends how it's done but again neither can be trusted. Especially when you have no control over the silicon running the OS.
I don't trust Linux now. Microsoft got its mits with WSL. RedHat sold-out to IBM and Debian got in bed with Canonical. Arch & Valve I might trust slightly more. They've got to make money somehow /shrug.
I use FreeBSD and I don't trust that either unless I can do make install world, even then I have my suspicions.
They do with enterprise but not the way they do with consumers. There is no point selling data for ads on couple thousand servers for pennies when they make millions with licensing and support.
All the code microsoft, redhat and canonical contribute to linux is open source anyways.
Linux intends to be left out of all this attestation garbage because it completely undermines the point of fully owning and controlling your own devices. I don't want or need to ask permission before I run a program - not from random megacorporations, and ESPECIALLY not from any of the various governments. If some third party service wants to make sure I'm not doing anything nefarious, they should do it at the border of their servers and the services they offer.
> what does someone running Linux do if the government mandates online services require proprietary attestation APIs?
So, in the scenario posed (quoted above again for context) that I’m responding to, where the government has mandated attestation online, it seems like you’re arguing that Linux should continue to opt-out of attestation, and thus be forced into non-internet uses only. Do I misunderstand your intended outcome to the scenario here? I took for granted that Linux users would want to retain access to the internet as a critical priority, given how strongly they’re objecting to attestation of internet apps (and eventually internet access), but if I’m mistaken then I’m happy to reverse course!
The idea is that enough users insist on non-attestation devices and platforms that governments and mega corps aren't able to require them for critical services. And loudly protest, switch to different services, etc when they DO attempt to be required. Example: already personally switched banks when they tried to require a validated Android device, and let them know directly and in reviews all over the place.
Don't fall for the trap that all of this is inevitable, you have to try and resist it first.
> Don't fall for the trap that all of this is inevitable, you have to try and resist it first.
Been resisting for years, since I learned of that first Intel presentation, as best as I knew how at each of the various life phases. At least for the last few years people started to pay attention as it starts to affect them personally, rather than just dismissing it as an implausible scenario back when it could have been stopped by regulations for the first twenty-five. Note that protesting through boycott requires not buying any big-three mobile phone or big-three video game console (each of these is a beachfront for widespread attestation), which is essentially a dealbreaker right out of the gate for most theoretical objectors. I remain hopeful that my cynical outlook will be disproven in outcome, but I also continue honing this high-level plan for any Linux that would ship sealed/signed OS images with gov't approval. One need not simply bet on red or black, after all!
The first wave will be to mandate ID verification for online services. Some people will then start using p2p services, so the next step is to ban devices that can run non-approved software. Probably having your own VPS running your own software will also not be allowed. And like that, all the avenues for escaping control will be closed… for your safety, of course.
And some including mullvad already accept payment in crypto, there will always be some dodgy VPN company in some dodgy jurisdiction that will take your BTC in exchange for an account.
- drop wireguard / OpenVPN packets crossing the country border
- analyze https traffic to detect traffic patterns not matching https fully and block such connections
Are you taking from the experience that this is not blockeable in Russia?
EDIT: I might be confusing vless/xray/reality but seems like there are no problems to block it based on ip reputation + tls fingerprint + amount of connections https://habr.com/ru/articles/1044396/
Of course this would block some valid websites but when has government cared about that
The IPs are Cloudflare, the TLS fingerprint is uTLS Chrome, and the number of connections with xhttp is the same as your normal browsing.
If you are willing to block browsing all ordinary web sites fronted with a CDN, then yes you can block reality/xhttp. You cannot, however, differentially block it via any of the three things you mentioned.
They can make it impractical for most people by repeatedly banning VPNs by IP address. Users have to pay upfront to figure out if their chosen VPN even works, then it could still break later.
Probably by forcing VPNs to only allow approved operating systems to connect to the Internet via hardware attestation, then those operating systems will only allow users to install signed apps, and only government-approved VPNs will be allowed.
“Every time we see a Google Pixel, we suspect it might belong to a drug dealer,” said a police official leading the anti-drug operation in Catalonia.."
Seems like some countries/areas are already targeting the Pixel (really its because of GrapheneOS)
It is far more likely that it is due to scams and grifts that pretend to be GrapheneOS, associated with GrapheneOS, or based on GrapheneOS, rather than GrapheneOS itself. Criminals tend to be not that bright.
I regret not signing up for Discord when they first introduced facial recognition and middle schoolers were trivially spoofing their ID checks with meme pics.
There's really something to be said for greedily signing up for most things and trying to get grandfathered before the zipcuffs tighten.
IRL, though, fuck this. Home depot added flock cams and broad facial recognition, grocery store installed turnstiles, haven't stepped foot in either since. I'm just dropping out of the IRL retail economy left and right.
VW blocking third party to access their servers is one thing, the thing that I find shocking is that you need to access VW servers to obtain your charging data while this should be directly available locally from the car.
The historical data is aggregated in some "cloud" rather than in the car, but if you want to collect and aggregate the data locally, you can still, for now at least. Car Scanner Pro and ABRP (A Better Route Planner) are both really popular for EVs for this exact use case, and both support VW EVs; they read battery charge state / voltage / temperature and operating states (speed, consumption, etc) using both standard OBD and proprietary manufacturer diagnostic IDs over the OBD port and then redo the aggregation and math that VW are doing on their end.
I've seen some great successes using HomeAssistant combined with one of these that connects your vehicle's various CANbuses (via OBD port) to Wifi/BLE. https://www.meatpi.com/products/wican
Google Play has been a huge drag on innovation and security in the mobile ecosystem. I'm actually looking forward to the time when AI kills the mobile app ecosystem so that every phone manufacturer can bundle their own "vibe-code-your-own-app" system with their devices, and the Google Play monopoly is broken.
I don't think that will happen. Sure for a minority of users the same as people running linux for their daily driver, and I definitely support it!
It's possible that we get to a place where everyone cooks their own meal (vibe coded app), and only goes out to eat sometimes (official app store). Spreadsheets are the same, you can get a lot of milage, and most still buy and use closed source software.
Let's rewind 15 years ago when everyone was jumping and praising mobile Eco-systems. Did no one ever see this happening or were most too gullible with Facebook hugs and pokes
And some early skepticism: "iPhone SDK And Restrictions: Some Of The Details Aren’t Great" (7 Mar 2008) <https://news.ycombinator.com/item?id=131171> Mostly concerns limitations on the API and what capabilities are exposed.
And for those who care to do more digging, a couple of searches bounded on 5 Mar 2008 -- 6 Mar 2012, the first 4 years of the App store:
Yes, I am 37. What about you? I was hosting an IRCd on my 33.2k modem at night using Hybrid-IRCd before that ratbox. I recall XFree86 before Xorg and running Linux on my 486dx running kernel 2.x
My first mobile phone was a Siemens m35i, eventually followed by a Sony Ericsson k500.
Where the Nokia 3310 phone couls receive animated icons via SMS messages that displayed on the background as well as looking at ascii smut via WAP at the age of 15.
So yes, what do you take me for? A disappointed cynical 37 year old who's watched the world burn in to a walled garden of hell that folk enjoy licking the grey walls of.
I do recall the rainbow fences where one could happily jump over if you got bored. Where anxiety wasn't a thing and folk were in touch with nature.
Every semi-smart phone I used before the iPhone existed either had no app ecosystem, or it had a super walled-off one that nobody complained about because it was probably unused.
Which is kinda where I'm at with cars. Idk what this stuff about VW supporting a mobile OS means, cause my car can't really talk to any phone unless you count Bluetooth audio.
There were a lot of companies who thought an app was preferable to a mobile website (which is still true today). For example, around 2010-11 I was working on Etsy API stuff at the time but had no interest in making a mobile app for anything, and saw a few developers and apps acquihired by Etsy.
I see a future where it is easier for startups to create their own mobile devices than to deliver certain functionality through the Google and Apple platforms where your own data will be used against you and where their devices can record you 24/7 without any remediation to ensure privacy.
VW won't be missed!
Cars weren't meant to be computers on wheel.
I bought a 2025 Suzuki because it is a manual and there is no firmware update, no internet connection, GOS Android Auto is all I get and only if my phone connects with the car.
It is so weird how companies in 2026 still making such bad mistakes.
Connected cars can be convenient though. E.g. when doing larger trips, we usually take a break when we need to charge (get some tea, food, etc.) and it's really handy to get a notification when the car is done charging.
Also in the heat of the summer, it's nice to be able to start the air conditioning a few minutes before leaving.
I've used a 2023 Suzuki S-Cross (manual fwiw) and this doesn't match my experience. Which model are you using?
They have an app [0] (which doesn't sync correctly for me, and their support is awful). When working it shows things like where you last parked, fuel efficiency, and allows you to remotely lock the vehicle, so it has internet access.
I sent Suzuki a Subject Access Request as a workaround to gain access to the data, and received months of extremely accurate location, speed, etc data.
There are also software updates, you just have to do them yourself [1]. They also didn't work for me.
Software aside however, they are extremely reliable cars, most of which seems down to their simplicity.
> In my opinion, the most useful next step is to contact Volkswagen support in a coordinated and technically precise way [...] Smartphone: Google Pixel Operating system: GrapheneOS
I strongly recommend saying that the operating system is one of "Android" (there are many variants), "Android (GrapheneOS)", or "GrapheneOS Android".
But if you say only "GrapheneOS", you are practically telling VW to respond that they do not support that operating system.
I want a law that requires publishing your API for apps like this as well as allowing users to crate their own frontend based on it. That would enable more privacy aware versions of these apps.
If you pay for the privilege of using the app, that makes sense. I can't imagine such a law would ever be made for free apps as controlling the client experience is key for enabling them to offer it for free. The reason free apps often don't have a paid tier is because the folks who would pay for it are often the key demographic they need to not pay for the entire thing to be profitable for subsidizing the less desirable demographics.
I'm not trying to suggest that these sorts of things should be this way, but if there is a server involved in the economics of maintaining that endpoint come into play and can't be ignored. Ideally things were federated and you could point your car or whatever device at and endpoint you maintain, but that comes at a cost as well as maintaining software where both client and server are controlled by the same party is an order of magnitude easier than cases where they aren't the same.
Because I frequently supply to the automotive industry, I fully understand all these issues. No matter how good many open source projects are, companies always have to face lawsuits and liability. That is why, no matter how good Linux servers are, factories use Microsoft servers. Regarding the responsibility for that software, if a problem occurs, the company that signed the contract takes on the liability. Ultimately, they shift the security responsibility to Google. It is unfortunate for open source enthusiasts, but if they do not restrict open source and an accident happens, the possibility of a lawsuit being filed against Volkswagen would be the real problem.
Grapheneos is compatible with over 99% of android apps. The only apps that don't work either actively block Grapheneos or have bugs caught by Grapheneos exploit protections which can be disabled.
You don't have to do anything extra to support Grapheneos, just don't add in attestation which does nothing for security and limits user freedom.
This is fundamentally different from not choosing to use Linux servers. It's more similar to not letting a customer enter your store because of the color of their skin saying they aren't regular humans. It's pure discrimination because just as the functionality of android doesn't depend on these extra checks, the customer works the same regardless of how they look.
I have 38 apps on my GOS phone and none have had any issues.
GOS may be much more technologically advanced and secure than Android. But that doesn't mean it has official safety certifications that can be submitted to courts and insurance companies in the event of an accident. Because GOS cannot pass hardware-based keystore authentication. I generally think open source is often better. The problem is that there is no entity to take responsibility.
There are banks that officially support Grapheneos through their hardware attestation. Android has an open and secure attestation, but Google pushes play integrity because it enables their monopoly. Companies making apps aren't exposed to these alternatives because of Google's power so that's what they choose, it's not because of security.
My 2016 car has the old version of Android auto. My phone has the new one, I think from 2019 or 2020. They are incompatible. Did I miss something by not integrating my phone with my car? I don't think so. I call with Bluetooth and navigate with the screen of the phone. The only thing I'm using is the mic and speaker of the car. The mic is probably substantially better than any earpiece I could buy, because I suspect that it's designed to filter out noises from the car and from the road.
> My 2016 car has the old version of Android auto.
I don't know if an AAWireless adapter might operate in a way that could bridge that compatibility gap, but it might be worth a shot if you can borrow one to try it out.
I've been decently happy with it in a ~2020 car. Compared to a direct USB connection, there are some privacy implications with how it's running a low-power access point in the car, but bluetooth etc. are already a risk there.
> Did I miss something by not integrating my phone with my car? I don't think so. I call with Bluetooth and navigate with the screen of the phone.
For me the the main feature for Android Auto (over just a bluetooth connection) is navigation on the car's larger touchscreen that already has a good fixed position.
That's the thing that gets me about all this car tech. The actual car will last far longer than the tech stuff will be supported. I suspect it's done intentionally to help phase out old cars faster by making them less functional.
I've begun rejecting any hardware that depends on some kind of external service. I won't buy anything that requires an app or a remote server anymore because they always kill the app long before the hardware is dead.
I have no plans to buy a car but I'm curious: what is the sensible choice for technical people with a reasonable amount of money?
I rent cars whenever I travel to the US and I've never not been pissed off by a car's software.
If you live in a country that makes it practica/affordable and you don't need too much range, I wonder if buying an old car with a broken engine and paying someone to do an electric conversion is a good choice?
Or maybe generally just buy a ~10 year old car, find a mechanic and say "I want this car to last a really long time, if we can build a trust relationship I will spend a lot of money in your business" and just budget for extensive proactive maintenance? Maybe with this approach you can still save money relative to a new car?
Or, is it possible to buy a newish car and then just rip out and completely replace the infotainment/climate control/etc while still keeping stuff like the parking cameras working?
> I'm curious: what is the sensible choice for technical people with a reasonable amount of money?
I am probably the extreme minority, but I prefer cars with as little "tech" as possible. I don't need "drive assist" and sorts.
All my cars are 10+ old benzes, Nissans, Toyotas. All under good maintenance routine so giving me very little headache.
I had all sorts of stupid issues with modern cars while renting. One toyota scared the crap out of me while it imagined some pedestrian and yelled with all signs while I was going 100+ km/h on highway. Horrible crap
- Camera for parking. I guess sensors too. These are just unbelievaly useful IMO, it makes parking trivial in cases that used to require quite intense focus. I see the appeal of fully automated parking, but with cameras and a car that you have lots of experience parking I think I am fine Austin-Powers-ing into any space that the car physically fits into.
- I guess, maybe, I kinda like the thing where it automatically watches your blindspot and has a little orange light to remind you that there's a car there.
I dunno, when did cars get all that stuff? (Cruise control was basically universal in the US before I was even born I think, but not sure when the others showed up).
But then there's some non-driving tech that I do want:
- Completely frictionless navigation and media control. Android Auto just seems to be fucking nonfunctional so I think maybe what I want here is actually just a Qi mount and a reliable bluetooth controller?
- I've never had it but I bet remote climate control is really nice (warm up the wheel 5 mins before you set off on a frozen morning / turn on the AC 2 mins before you get into a car that you couldn't park in the shade).
I am in market for a Car within a year or two, and I promise it won't be one from Volkswagen, if a company supports OSS platforms in cars and is available in APAC I will buy from them even if it costs 2x for the same specs (preferably a Hybrid but EV works too I guess).
I had a used 2016 VW Golf and it was a lemon. It would have an average of one serious problem a month. I finally gave up being a professional car maintainer and dumped it, taking a huge loss because it was effectively worthless on the car market despite only being 8 years old. Fun car to drive, but what's the point if it doesn't work reliably? I completely lost my trust for VW vehicles after that.
Not surprising to me at all that their software is a similar high quality experience, but in general I think it's weird that cars have to be connected to the Internet anyways and I doubt the competition is substantially better.
Microsoft is also doing this, Microsoft Authenticator, no longer works under GrapheneOS for corporate creds, and coming in July they will delete any Entra-related IDs from your phone.
Modern cars are such enshittified garbage. I was in a modern Toyota recently and every time you start it, the screen shows a "Guest mode activated" that you need to explicitly dismiss. The only way to disable this is to install some stupid Toyota app which I would never install. Then you dismiss the popup and the home screen is "Experience Drive Connect" which is some stupid Toyota subscription which I would never subscribe to. What a piece of garbage. I'd probably just disconnect the whole screen entirely.
Tell the dealer you won't buy unless they disable all that garbage. They may say they can't, and if they let you walk out maybe they really can't. Then ask them for a discount so you can replace the head unit with one that doesn't spy on you.
This is actually mostly impossible these days, there is no "head unit" like cars had a couple decades ago, and the infotainment systems are integrated with all the other computer systems in the car. Disabling anything is difficult and will affect the car's functionality.
This is how toyota and VW comply with legal requirements and regulations. Same reason why you cannot disable many Assistent functions permanently, they always come back. Because to get high NCAP scores, the functions must be activated.
It's not your car anymore, you're just renting someone else's hardware and access to their restricted platforms. Some recent cars even deny starting your car engine if the always on camera facing the driver thinks the driver isn't capable of driving "safely".
This is the WEF future your conspiracy uncle was telling you about during family gatherings. Well.
Sort of, there're more posts about graphene in the year 2026 & they get much more attention. Aggregated some data and plotted it with my agent: https://boop.icu/Pr.png
GrapheneOS has an official partnership with a large OEM (Motorola), has near perfect app compatibility, is constantly improving upon user experience, and has been well known and regarded in the privsec community and by many trusted security experts. It appears to be gaining more mainstream awareness as a result.
Oh, and Android 17 has been released so there is hype for that.
VW needs to go back to building simple, reasonably priced cars that are easy to service. Chasing the premium/luxury car brands, while they own both premium and luxury brands, is doing them in.
The GrapheneOS users are understandably upset, but yes, this doesn't seem like an update targeted at blocking GrapheneOS or /e/OS. It's Volkswagen updating their app and using newer APIs. Technically they are probably doing "the correct" thing in terms of how Google suggests that you develop for the PlayStore API and that blocks alternative operating systems.
It still sucks, but what are they suppose to do, not use the "safer" API and risk getting told that they don't care about security? And for what, pleasing a very small minority of users?
There could be some branding value in targeting more technical users and have them act as brand ambassadors, but for a car I doubt that's worth much.
I hate that cars are every day more and more crammed with software, when car manufacturers can't seem to be able to make half-working code in the first place (looking at you Nissan, who just can't even put the correct timestamp on your GPS data points…)
My car won't let me flick the windshield wipers while the car is parked. I don't know why, maybe they think I'm throwing rain onto... already wet pedestrians? Similar problem with auto-folding mirrors. My mirror was frozen shut one day, and I didn't notice until I'd been driving for a few blocks (which is on me). Figured I'd just cycle the fold-unfold a few times to pop it free, but the button is disabled when the car is in motion.
Increasingly my vision of retirement is a life of luxury surrounded by hardware from before the internet era, things that do what I tell them, rather than telling me what I am and am not allowed to do.
I'm filling my shop with machining equipment without all the extras, but my first 6 years of retirement will be fixing those machines before I can make anything... (and family history doesn't give me good odds of living that long - which is average.)
> when car manufacturers can't seem to be able to make half-working code in the first place (looking at you Nissan, who just can't even put the correct timestamp on your GPS data when car manufacturers can't seem to be able to make half-working code in the first place (looking at you Nissan, who just can't even put the correct timestamp on your GPS data points…)
Nissan sells a ton of cars to subprime borrowers, quality isn’t exactly their focus. Hyundai/Kia and Stellantis
also target the same buyers.
Buy a used car from a few years ago… do some research and make sure it doesn’t have anti features. This is the only option until manufacturers stop this crap
Marketing-it-harder has some effect, but it's limited.
If a monopolist can insist on terms (e.g., Amazon mandating lowest price guarantees from sellers, or Google mandating auth / compliance / KYC exclusivity to Google Play Services privileged devices by app devs), then threats to the compelled party (sellers, app devs) will be minimally effective.
Class action lawsuits, regulation, and legislation, are required for effective relief.
No. You're not required to use the app. You're not even entitled to use the app. If you want to use the app, you have to play by their rules. Plenty of device manufacturers have chosen to only offer iOS apps. No one talked about mandating that apps were available on competing platforms.
If you choose to use something like GrapheneOS, you are signing up for the fact that almost no one will test on your platform and plenty of things will be broken.
Sure the app is not required, though one loses on all of the remote-control functionality (remote start, remote climate control, etc.).
Maybe then app developers should be mandated to open fully their server-side protocols, so people can create apps for platforms that are not supported by default. No more undocumented APIs, anybody can get an API key, no API serving limits!
The issue here is not that they didn't test on alternative distributions of Android, the issue is that they went out of their way to prevent anything but the officially blessed distributions.
The app worked until a few weeks ago. GrapheneOS does not miss any functionality (nor security) for the app to work. The only change is that they started blocking non-GMS Android through the thoroughly anti-competitive Play Integrity.
Hypothetically, if GrapheneOS wanted to become a certified Android, it would probably not be blocked on technical reasons, only that becoming certified (last time a contract was leaked) requires running privileged Google Play Services (which is less secure) and pre-installing a bunch of Google apps that should not be uninstallable.
The basis of your argument, that users want these developers to support another platform, does not make sense, because GrapheneOS does not require apps add explicit support for it. GrapheneOS has 99% android app compatibility.
The issue is not that this application isnt tested on GOS, its that an anticompetitive, illegal tool is being used to ban non-certified OSs when these apps would work perfectly otherwise.
This is one of the most ignorant comment I ever read on Hacker News. Are you from VW?
Obviously VW broke the app for GrapheneOS (or any other custom ROM) on purpose, and ironically, things usually works fine for custom ROMs than some Chinese OEM customized ROMs, and when it works, it means the developer went extra miles to implement workaround to cater the flawed OS.[1]
The difference here is that the devs specifically chose to stop allowing the app to work on the OS without any known compatibility issue? The app just works fine on Android should they let it run.
Supporting mainstream OEM variants can already be enough of a nightmare in behavioural differences. What motivation do most companies have to support Graphene, which will be a handful of customers at best? Developers may be fine with offering a best effort support model, but legal certainly wouldn't.
The funny thing is, nothing needs to be done to support GOS. GOS has 99% android app compatibility. The issue isnt that GOS requires changes in the app to support it, rather, the tools they are using explicitly ban non-certified OSs.
Dont let their boilerplate responses fool you, tools like play integrity only serve to push anticompetitive practices. The claims about not being able to support GOS are nonsense, and all they did was break existing support.
The issue here is the Google-only remote attestation nonsense. It seems pointless to me. A device passing Google's attestation check tells you nothing. The device could well have malware on it and you won't know it. Integrity is a misnomer. The integrity scope is tiny.
My daily driver is a de-Googled LineageOS device, but I purchased a $50us iPhone SE 3 for FaceTime.
I have moved most of the my finance activity to it, along with my license and passport. I would never trust a Google device with this much, and the convenience has been profound in a few circumstances.
I would relegate any intrusive apps here, and happily deny them cross-app tracking privileges.
- RCS doesn't work at all on non-Owner accounts, switching to the owner account is necessary to receive them (I use a secondary account for my "main" account, the owner is left empty except for a Google Fi associated account)
- Immediate auto-update can cause phone to turn off and not turn on overnight (you can change the setting)
- Google Wallet won't work for payments (in Europe you can instead use Curve)
- The default AOSP app selection is in general worse than the Google provided ones (you can install them, after installing Google Play Services, which is sandboxed)
- Getting Google Fi to work required some fiddling initially, pretty sure it was because of my use of the non-Owner account
- Some banking apps will refuse to work (mine work fine)
- You can get Android Auto working, but by default so many things are sandboxed that applications and TTS won't show up unless you spend the time enabling permissions
Overall I am happy with it. It does feel a bit less polished than stock Android (because of the interaction of apps and more strict sandboxing), but for most people who don't care about Google Wallet and are ok installing Play Services and any necessary Google apps, the experience feels pretty much like a de-Gemini'd/de-bloated Android.
Isn't this for the same reason why you can't do banking on an unlocked bootloader phone?
There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
GrapheneOS requires a locked bootloader and supports using deveice attestation via the generic attestation functionality in the Android Open Source Project.
Play integrity is an anticompetitive tool that ignores this, and artificially limits itself on GrapheneOS. It is not due to any incompatibility.
The GrapheneOS supporters are not on our sides, apparently. The seem to actually like remote attestation. They just don't like that they are not in on Play Integrity. But what is won if attestation includes official GrapheneOS releases but would still otherwise be exactly the same evil stuff that takes control of the user's device?
I still am hoping that at one point they understand the full consequences of remote attestation. There are some signs they start to notice, but it's slow...
Note that I am a GrapheneOS supporter. You seem to have a few misconceptions.
GrapheneOS is one of, if not the most vocal organization against the abuse of attestation mechanisms. GrapheneOS and its userbase feel the consequences of play integrity every single day.
Im not sure where you got the idea that all GrapheneOS wants is to be accepted by play integrity, because that is not the case. GrapheneOS has been working with regulators to get play integrity banned. Being accepted by play integrity, but nothing else changing, is not good enough for GrapheneOS. It would only be a small victory along the path of abolishing this nonsense.
So, no, GrapheneOS and its community are definitely against play integrity. The "signs" that they are "starting to notice" are not there. They are already fully aware of what attestation is and how it can be abused. They are definitely not ignorant on the subject.
You might be confusing root based attestation with pinned attestation. Root based attestation is flimsy and allows tools like play integrity to ban operating systems they do not like. Pinned attestation, on the other hand, has real security properties and cannot be abused to block certain operating systems. GrapheneOS uses pinned attestation as a part of their Auditor app, and it has other cool uses we could see in the future.
My opinion: Any kind of attestation that is delivered to a non-user-controlled server about the state of a user's end device that the user (possibly using means outside of the end device) cannot change will be abused, e.g for anti-competitve purposes.
I am hearing lots of arguments that grapheneOS is more secure (it is) and should therefore be included in remote attestation.
The pinning you are proposing, does it imply that there is again some certification of the "official" GrapheneOS, versus e.g. the user's own fork of GrapheneOS?
How would any of the existing proponents of remote attestation agree to anything like this, given what we consider abuse is exactly their reason of implementing it in the first place?
Here, VW wants to stop use of the API by anything else than their App, in order to stop hobbyists and sell API access to commercial middle men. If the user could pin their own software's attestation or even register an arbitrary public key to cover updates, then the user would as well be able to code his own API client that just emulates the attestation.
Is there any write up or discussion of the pinning you propose?
I am really not yet convinced how you want to counter the inevitable abuse that app developers and service providers will subject the user to if the OS security model gives them that kind of power over the user's end device.
To start, all attestation is remote. It fundamentally has to be remote, be it a server or another device.
GrapheneOS points out how its improved privacy and security should mean that it is accepted in a system like play integrity. But this is just to outline how flawed the logic of play integrity is. It is by no means an endorsement of play integrity. GrapheneOS wants people to know that google is lying and breaking the law, and uses its own exclusion as that evidence. Even if GrapheneOS were accepted into play integrity, it would still exclude any and all forks and self-signed builds of GOS, which is unacceptable. If companies absolutely insist on using this approach despite its flaws, they should use the generic attestation available in android, and permit using 3rd party roots of trust in some form, rather than outsourcing this verification to 3rd parties like google.
As for the pinned attestation approach, that is Trust On First Use, and is used to verify the integrity of a device based on the security of the devices early bootchain. The initial attestation is what future attestation is pinned to. This allows you to verify a device is the same one, it has not been downgraded, has not been tampered with, etc. This is awesome, and lets you do things like what GrapheneOS does with Auditor. But this is not used to restrict what operating systems are used. Root based attestation somewhat tries to resolve the Trust On First Use approach, but is used to arbitrarily ban operating systems in practice. It is super flimsy as any leaked keys can bypass it.
My only concern is your claim that GrapheneOS is for this technology when it is most certainly against it. The nuance is that pinned attestation is a different approach with different properties, and advocating for it does not mean GrapheneOS is not an ally against play integrity.
Auditor also functions as a proof of concept for the potential of attestation, check here for more info: https://attestation.app/about
GrapheneOS users can hold two opinions at the same time in a consistent way:
- Remote attestation is bad, anti-competitive, and reduces privacy.
- Given in a world where remote attestation exists, GrapheneOS should pass attestation, since there are no security reasons not to.
Both battles should be fought at the same time, because if governments do not want to ban remote attestation, you want to make sure that at least it's not in the hands of companies that abuse it to maintain their duopoly.
Focusing on only one of them can lead to worse outcomes.
The VW app can't do remote unlock so that's not a problem. It allows you to turn on the aircon or start charging and that's about it. That only works 50% of the time anyway.
The electronic key fob is typically not copyable, so you need OBD-II access to provision a new one even if you have proper equipment.
I do not know the VW app, but other electronic key systems do not require you to have physical access to the car in order to make copies. The keys are meant to be device bound and to have policy (such as I'm giving out access for a week), but that can only be assured via a chain-of-custody attestation system from the boot loader to the app and a hardware attestation that the secure element is proper.
> There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
I get that Google doesn't want to be sued for failing to protect its users and indirect users of the mobile phones sold by other companies, but for advanced users there should be an option to update the signing keys used by the bootloader, so that you can unlock, flash your custom ROM, update keys, and relock bootloader. Such a phone should still be considered "trusted" by Google Integrity APIs. But currently there's no way to do this, so basically you don't really own your hardware.
I gave up on custom ROMs trying to extend my devices' lives and bought a Fairphone instead, so I have the assurance from the vendor that I will have software updates for a very long time.
Note that Fairphone does not provide software updates for anywhere near as long as they claim, and using a modern device with 7 years of support, such as a pixel or iphone, will be far better in the long term. Fairphone is basically e-waste out of the box.
Somehow that stands in stark contrast with the many Fairphone users that I know use their device for many years. One of them uses it as their primary computing device, not owning something like a laptop because the Ubuntu Touch that runs on it plugs into a screen and keyboard and works like a desktop as well as a phone for them. I don't understand why the derogatory statement about that being e-waste out of the box when it obviously works great, at least for those willing to pay the premium for as-fair-as-they-can-make-it part sourcing
Im not disputing the ability to use the device for many years. Using the device for a long time and the device being supported for a long time are different things.
Fairphone doesnt make their own phones, its outsourced to an ODM and Fairphone has very little input on how its designed. They havent "sourced" anything. Fairphone also stops providing kernel updates very quickly and delays userspace/driver/firmware backports for months. They delay yearly updates for years too. This doesnt even touch upon the fact they used public signing keys in the past.
It is not derogatory to say that it is e-waste out of the box, it is simply accurate. Choosing to continue using it despite how unsafe it is does not change the abysmal support it is given. A modern iPhone/android used from launch to the end of its 7 year support time, then properly recycled, would be far better for privacy, security, and for the environment. A support window that long would also provide a strong used market to continue using these devices. Cheap ODM phones with short support windows, and not benefiting from economies of scale, is a waste.
> There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
I don't see how the second half of the sentence follows from the first half.
On every boot I see the sha hash of the image plus there's the attestation App. I've never seen either before and I used both stock Android and LineageOS. Also every App gets granular permission control and there's an automatic reminder to remove permissions for unused Apps. Classic example of Enterprise thinking on VW's side.
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's Usage Policy. To request an adjustment pursuant to our Cyber Verification Program based on how you use Claude, fill out https://claude.com/form/cyber-use-case.
I got an iPad as backup with my 2fa stuff, and so I can keep an eye on kids in Apple ecosystem. When my iPhone mini does I'll go for /e/OS or GrapheneOS. And then I'll have the iPad lying at home for all the shenanigans that are nice but I don't even really need. My phone must serve me.
I am confused here... this is the car, that person buys and person owns. It is used to haul said user's butt from point A to point B. (a) like wtf? (b) what is it about these companies that want to commoditize everything?
Yeah this has less to do with VW and GrapheneOS and more to do with Google Play's attestation. Many apps don't work with sandboxed GMS/microG currently and more will come as we get closer to a locked down version of Google's Android.
I am split. I am a grapheneOS user, been so for several years now. So i am mad. But i also see no reason why i would want my phone to pair/connect/share/mate with my car's OS. So a car that actively ignores my phone? That may be a good thing.
Well, I didn't know it before I bought tesla (and have since sold it), but it's really convenient to pair the phone to the car and let it act as a key. I never had to worry about getting the keys, I just took my phone and it opened the doors.
Also I have to say, setting charge times remotely is mighty handy, if one pays the market/pool prices for electricity which fluctuate from hour to hour.
I am annoyed that the EU allows this in the first place, that car manufacturers sniff off data from people. And, on top of that, block open source alternatives.
To me this smells like a cartel. Why is the EU not doing anything?
It is. There are incoming EU regulations about consumers needing free access to their data that is sent to a cloud server on their behalf. That doesn’t mean all the functionality of an app needs to be implemented.
My feeling is that this change plus the recent API lock for a few days ago are in fact part of a reworking to enable this EU legislation.
The solution is not to try to shame or force Volkswagen to support GrapheneOS, the solution is to (legally) force them to allow the car to run a custom CarOS, for which the community can write their own app
Why should they ?! Do you also want to force them to design their cars so the engine is easily replaceable by a Custom Engine OS so that the community can build their own engines ?!?
I would guess there are a couple of orders of magnitude difference between the complexity of interfaces comparing the head unit with wheels and tires.
Like, the head unit is in control of all that happens on the slow bus of the car, and needs to pass independent safety certifications for a complex system.
Because laws are (mostly) a reflection of what society wants.
People are growingly concerned with both the car manu and Apple/Google control over their car and related extra software goodies.
Laws are really needed when businesses don’t play nicely. I don’t know the legal specifics, but I’m sure glad I don’t need to buy $1000’s of specialty tools to maintain my vehicle, and sure glad that replacement parts are readily available (and will be for decades).
Just image how much worse society would be if car manus did the same thing as Apple and had ID-paired parts. Sorry! Your AC doesn’t work anymore, please install a genuine Honda oil filter at your nearest Authorized Honda Shop, available for a minimum of $500.
> People are growingly concerned with both the car manu and Apple/Google control over their car and related extra software goodies.
10 out of random 10 drivers out there don't care about the software running in the car.
> Laws are really needed when businesses don’t play nicely. I don’t know the legal specifics, but I’m sure glad I don’t need to buy $1000’s of specialty tools to maintain my vehicle, and sure glad that replacement parts are readily available (and will be for decades).
You drive a self-maintained car. Nothing wrong with that, but I would guess 95 out of 100 drivers on the road don't care about the car at all - they just want reliable transportation from A to B and perhaps some confort.
> Just image how much worse society would be if car manus did the same thing as Apple and had ID-paired parts. Sorry! Your AC doesn’t work anymore, please install a genuine Honda oil filter at your nearest Authorized Honda Shop, available for a minimum of $500.
I don't have to imagine that al all, all premium car manufactures digitally id their components and will not accept 3rd party replacements.
Honda isn’t a premium car manufacturer, but also can you please show a source for “all premium car manufactures digitally id their components and will not accept 3rd party replacements.” I know plenty of mechanics and while OEM is usually the way to go there are many aftermarket parts that get installed regularly.
That's a non-starter in most countries. Since the car software is tied into a number of important safety features and regulated controls, custom operating systems will never be supported.
There are already massive problems with people miswiring head units to play videos while driving and updating their ECU to spew pollution into the air. You're not going to convince any significant number of people that it's a good idea to allow arbitrary code to run and control most of the other systems too.
They're not. Use any car's heads up display and you can configure an enormous number of things. Even if there was somehow a pure separation, things such as "playing video while the car is moving" are regulated in many jurisdictions and would land firmly in the "UI" layer.
You can detect the car is in motion or not without talking to the engine computer. Just like my phone can tell I'm in motion without connecting to the car at all. You're trying to justify a bad design with bad reasoning
Not with the necessary precision. GPS doesn't work in tunnels or parking garages and can be wildly inaccurate in city centers with skyscrapers blocking line of sight, for instance.
The built-in, offline mapping in my Honda uses a whole host of local-only sensors to handle these situations where GPS is intermittent. It works rather well at figuring out where the car is on the map, and when it deviates from the prescribed route.
It works in tunnels. It works in cities with tall buildings. It works on Lower Wacker Drive in Chicago.
Is there some technological limitation that precludes using this data to determine whether or not a movie can be played?
(It's not like it's new tech. It's decades-old. Honda started using it over 20 years ago.)
There's no need when OBD does just fine for this purpose.
It's also not clear what the purpose of this line of argument is. Some sensor says "car is moving". The operating system in the car/head unit is responsible for enforcing that signal, and it could ignore it equally from either OBD or some pile of gyroscopes. Where that signal comes from has nothing to do with why you will not see cars accepting custom operating systems.
The point of argument is that it no longer becomes a security issue to allow customOS on the infotainment system because it absolutely has no connection to the engine computer.
This is not an architectural issue. The threat isn't a bad OS causing the car to explode. This is a safety issue where the car is required to prohibit certain things - such as video playback.
> It's also not clear what the purpose of this line of argument is.
It completely dismantles your previous goalposts, which were planted firmly on GPS:
>> Not with the necessary precision. GPS doesn't work in tunnels or parking garages and can be wildly inaccurate in city centers with skyscrapers blocking line of sight, for instance.
(I guess we all have the freedom to be as flexible with our goalposts as we wish. I didn't come here for a tireless argument that is motivated by nothing but the desire to argue, though. Have a great day!)
My line of argument is "the head unit is responsible for not allowing video playback while in motion". Anything to do with detecting motion came after that.
You'd hope so but I fear that many safety critical aspects run on the same system as the infotainment system... And that's a perfect excuse for manufacturers to keep these things completely closed
One person's "controlling their own engines" is another "spewing nitrous oxides, carbon monoxide, and other pollutants into the air, giving cancer to neighbors and destroying the atmosphere". We tried the "don't regulate" path and it ended in a multitude of disasters.
I don't think "enormous costs" is a strong argument here. The annual MOT is usually under £50, and that includes a fairly comprehensive roadworthiness check and emissions check. A stronger argument would be that a car owner could change some settings on their car specially to pass the emissions check, and then set them back to dirty afterwards each year.
An MOT is a cost to every driver every year - significant in money and in time - plus the cost of running the infrastructure to provide the testing. All so that a few people can tune engines? No thanks.
> AED estimates that the emissions controls have been removed from more than
550,000 diesel pickup trucks in the last decade. As a result ofthis tampering, more than 570,000
tons of excess oxides of nitrogen(NOx) and 5,000 tons of particulate matter (PM) will be emitted
by these tampered trucks over the lifetime of the vehicles. [https://int.nyt.com/data/documenttools/epa-on-tampered-diese...]
The reason diesel folks delete emissions is because the way the new diesel motors are set up actually kills the motor. Buying a new motor (or a whole truck!) is extremely expensive. Now if the automotive industry came out with an efficient diesel that also ran well for more than 100k miles, we’d see a lot less deletions.
All 550K diesels with modded emissions are not rolling coal, that is a wild extrapolation
I didn’t ask the multiplier of badness of a single individual doing a bad and stinky thing, I asked what you think the _scale_ is. Do you believe that all people with trucks modified to do this are doing it at all times? Or even half the time? How many people do you think are doing it?
In the States, for example: Every state I've looked at has laws that make it illegal to roll coal.
And at least in my own state (Ohio), it's a primary offense. A person can be pulled over and ticketed for this even if they're doing everything else by the book. It's super easy to spot.
It seems that it persists not because of a lack of laws, but because of a lack of enforcement.
I would rather they continue to exist than the alternative of a horrifically authoritarian sterile controlled-society dystopia, which is what certain parts of the world are rapidly heading towards.
We live in a country where freedom is predicated on allowing certain things that others don't like. Being loud and obnoxious is just a natural part of the culture of expressing that freedom. They're not doing it all the time anyway.
> Since the car software is tied into a number of important safety features and regulated controls, custom operating systems will never be supported.
Then that's a poor design that should go the way of the dodo. Someone hacking the entertainment system should not be able to take over control of the engine. The entertainment system on planes do not allow one to hack into the autopilot. There should be no need for a firewall, they should have no shared wires between them.
"Safety critical" isn't just the drivetrain. I don't work in automotive and won't pretend to understand all the rules, but off the top of my head, some things that my car uses the head unit for:
* Backup Camera
* Turning traction control on/off
* Turning auto hold (maintaining the brake pedal while stopped) on/off
* Window defrosting
Many cars are even more integrated - are there any physical buttons inside a Tesla or is it all through the touchscreen?
That's unacceptable, because intelligence needs a way to steer your car into oncoming traffic if required to do so due to confidential national security reasons.
It is amazing how Volkswagen keeps messing up. I am currently in the market for a new car, an EV specifically. Volkswagen brands were at the top of my list for many reasons, among them the excellent driving assist implementation.
I got an offer from a dealer three weeks ago and was going to order the car, then the API for the community integration got turned off. I decided to hold back and see what comes from it. Now this, which ultimately - since I am a GrapheneOS user - makes me completely cancel my plans.
I really do not understand VWs thinking here. It would cost them little to nothing to continue not blocking the the inofficial API and not block GrapheneOS (or other non Play Protect androids) users. It would have no adverse effects on the average Joe, but it would gain a lot of support and enthusiasm from heavy users, differentiating from other brands. Not to mention the fact that it is the USERS data in the first place
VW is obviously not thinking that any noticable portion of the userbase uses Graphene, and someone (somewhere) is going to get a promo by making VW infra adhere to "standards" or something
I don't use Graphene, but now I'm out of the market for a VW.
Vendor lock-in to Play services is ridiculous.
A car is a big purchase, and ideally not something I discard after a few years. I'd like it to not treat me like a second-class citizen and renter who can't make decisions over how to extend the life of my purchase.
It's ridiculous, but are we only saying that because we're on HN or is it because the portion of the userbase who thinks it's actually a bad thing is the larger one?
Who cares if it's the larger one, so long as they are the correct one?
VW, presumably.
Actually we need to force our European governments to use services that do not depend on foreign services (ie. Google or Apple). Then I guess it will only then become obvious to them how crazy the situation has become.
The company's have done their thing to ensure that the average guy wouldn't even try escaping their lock-in. So chances are becoming smaller and smaller to hope for a critical mass of users to complain.
Yes, the EU calls it "digital sovereignty" and is currently "in" with the EU.
which is why shaming them is a valid attempt to get them to "think". it has worked in the past (particularly with bmw!).
specially because no car really supports grapheneos, but it can be used in any car supporting regular android provided google play is installed which ensures google's certification and validation is being preserved. if i get this right bmw is actively blocking this, which would be just a dick move.
> Volkswagen brands were at the top of my list for many reasons
You should definitely reevaluate how you constructed your list. VW has a history of being scummy (https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal) and their ICE cars are notorious for being unreliable compared to the Japanese car-makers. To be fair, EVs do change the equation a bit, but given their scandal plagued past, there's no way I would put them at the top of any list.
The emissions scandal is completely different, because in that case they were illicitly making the car work better for its owner.
Unless, of course, said owner cared for the environment
Said owner cares about their experience above the environment. Sure people care about the environment, but it is always lower than all the other factors in their personal list of things they worry about.
That is why so many rich fly private jets to environment conferences. People put Greenpeace and similar bumper stickers on their SUVs that never go off road and rarely have more than one person inside. They care about the environment, but only when it doesn't impact anything else in their life.
> Sure people care about the environment, but it is always lower than all the other factors in their personal list of things they worry about.
Emissions scale with performance, and inversely of fuel efficiency. So the environment may not be the most important point, but I'm pretty sure fuel efficiency is high on the list when you're picking a compact or long-range car that is supposed to be fuel efficient.
Also, by advertising as compliant to green specs something that wasn't, means people may have been swayed to purchase irregular cars despite them not being really green, only due to the fact that they may have received rebates and contributions for the purchase, regardless of whether "being greener" ranked high on their decision metrics.
Data point: I bought a Skoda because of its claimed efficiency. It wasn’t the only factor, but in the balance of weighing things up, I cared that the stated emissions and fuel efficiency were better than some of the competitors.
I was lied to. Had I known that was the case there is a good chance I would have gone with a different car.
My car was recalled and reprogrammed and it no longer had the torque it had at first.
Of course now it’s clear that most if not all manufacturers were doing the same trick, they just weren’t caught at it.
They can always drive less frequently or more slowly, that's within their power.
Cute. If I buy an A+ washing machine, but it turns out to use tons of electricity to wash the clothes better than expected, the solution isn’t to wash less clothes or do so less often — it’s calling the shop and returning it because its rating is fraud.
> cared for the environment
It wasn't "more CO2" grade, it was "more NOx" grade. This in urban settings will actually kill more people with respiratory problems.
VW's "clever hack" probably, statistically, killed people.
As opposed to the rest of the auto industry which has a stellar track record of adhering to emissions and fuel economy regulations /s
https://en.wikipedia.org/wiki/Diesel_emissions_scandal https://en.wikipedia.org/wiki/Defeat_device
They all cheated and everyone knew it. It was the only way diesels could be so economical yet so powerful.
And they lobbied governments to keep the tests a joke (e.g. test emissions on downwhill roads):
https://www.theguardian.com/environment/2015/sep/24/uk-franc...
Of course the governments probably lobbied for this stuff because it improves their car industry tax profits/employment numbers.
> their ICE cars are notorious for being unreliable compared to the Japanese car-makers.
I always read this online, but my personal experience in EU doesn't match that at all in quite a sample of people and cars over the last ~15 years. At least not for older cards. The reliability after 100k km seems to be somewhat similar.
The repairability of VW-group stuff in 3rd party services is soo much better and cheaper. The WV-group is huge and many models across the brands share same parts and full engines. There exist non-OEM alternatives and people know how to fix those cars.
I have never bought new car. But driving anything but VW got expensive fast.
Toyota cars can have bespoke parts even between different months of the same year for the same model. Continuous improvement isn't really that cool for cars.
The keyword here is "in the EU".
Outside Western Europe, VW is priced like a premium upmarket brand (not quite luxury). Maintenance and general upkeep for a VW are easily two to three times the cost of an equivalent Japanese car.
Which wouldn't be an issue if the cars were actually built to their price point. But the VW cars we get here are shittier versions built in nasty factories. They break down if you look at them wrong. The build quality is nonexistent. They are absolutely an awful deal, no matter how you look at them. You also have to personally import parts from wherever they're available, because otherwise only the dealerships have parts and they are absurdly overpriced.
Also, European brands are afraid of exporting EVs. If you want an EV, you buy a Chinese car. There is no other option. It is as simple as that.
It depends which market you're in.
I currently own a 10 year old Seat Leon with not a single out of maintenance repair (if we ignore the cosmetic repair due to a wildlife encounter). My parents have owned multiple VW vehicles, with each of these lasting >15 years without major issues. I know they have a reputation of being unreliable compared to Toyota, but that hasn't been my personal experience and equally important: they do not look like a Toyota. And Mazda has awful EVs
Putting these factors aside: they are usually cheaper than their peers in insurance and they have dealerships absolutely everywhere. I've had multiple Skoda and VW EV rentals and the experience has been nothing but pleasant. Hence my priorities.
Seat has been a refreshing alternative since the Arona came out, specifically the one with the amazing sound system. They’ve come a long way and are making some no-nonsense cars.
Same here. I'll be in a market soon and I had my eyes on a VW i4 or a Škoda Enyaq, but this makes me seriously reconsider. I really wanted to support local industry and buy a European product this time, but they are making it seriously difficult (no, don't get me even started on Stellantis).
Go with Dacia, though their EVs seem to have very low range.
2022 Dacia Sandero is a great car. Analog buttons, good build quality, well designed. And it’s cheap.
Possibly the single ugliest recent car though
And yet still has more personality than the latest Ferrari.
> Possibly the single ugliest recent car though
I checked it out. It seems like the 100th indistinguishable car design in our sea of nearly identical cars.
This to say that the "est" part of ugliest confuses me a little.
looks completely generic. I googled it expecting a new Fiat Multipla or Chrysler PT Cruiser and I was disappointed.
Mercedes has some interesting EV options, and they have some models at the moment that are not necessarily that expensive. Through the grapevine I overheard something about surplus production due to mandate to build a certain number of EVs.
If you don’t want/need a new car, the used car market in Germany is pretty active with EQAs and EQBs.
Mercedes is terrible for EVs. Adaptive Cruise Control for example is a paid feature with a recurring subscription. Don't encourage "Car as a Service" concepts.
Didn’t know, thanks
Renault makes good electric vans.
Not quite an SUV, but maybe fits the same use case?
I was hesitating between a VW ID.4 and Peugeot 5008 (7 seater, much space). In the end I went for the Peugeot and it's fine. The ID was much more fun to drive, but I would have lost space and paid a lot more.
Peugeot is reasonable and works. Charging could be faster and WLTP longer, and once I had the screens restart while on the motorway which thankfully did not affect driving but was pretty terrifying. All that to say - go ahead and buy European. You'll have some issues but for me all better than to get a china car with who knows what data exfiltration and hidden issues, or a Tesla that will lock you in when the car burns. EU companies are too boring to spy and too risk averse to have tesla-like issues..
German companies, especially old school industrial ones like VW, have a very hard time understanding open platforms. The view everything through the lense of liability and compliance first. Their thinking is that if someone runs their app on a custom ROM and uses that to manipulate the app in any way, and that causes some extremely hypothetical damage, that they might be held liable for not having prevented this situation.
Obviously, the chances of that are virtually zero. But they'd rather make their product worse than assume with any kind of risk, even if it is virtually zero. That is simply the way in which German enterprises operate.
VW didn’t seem too concerned with compliance when they were rigging their pollution tests.
They'd have you know they actually cared a bit too much about said compliance itself.
*appearance of compliance
The Lady doth comply too much!
I mean, the only reason they did it was to be able to comply with the requirements of the test.
But the reality is that every once in a while you have a scandal like this or something like Wirecard, and it happens, because the culture is such that absolutely nobody thinks it possible. That includes officials and regulators whose first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.
>because the culture is such that absolutely nobody thinks it possible
Only naive laymen or newcomers to Germany think it's not possible. German business leaders, lawyers and politicians know exactly how much corruption and scamming is going on in the business sector, and it's not a little.
>first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.
That was purely malicious to try to protect Wirecard, not because the regulators couldn't possibly imagine corruption and law breaking exists, that was the story they used as cover for their corruption.
Like you're a regulator and instead of doing the thing you were hired for and look at the evidence The Economist showed you, you instead "use your instincts" to decide not to do your job and not look into Wirecard because you can't imagine something bad can ever happen? Come on! All those regulators should have been fired and tried for corruption and/or accessory to crime.
I think germans are fine with corruption as long as delude themselves greece has more.
That was just engineers engineering their way into creating Electrify America :)
I am pretty sure that was not the engineers, but someone higher up the food chain ordering people to do that. I might be wrong, but maybe I missed the obvious "/s" or "/i" here.
I think the latter on this one.
Yes, but Hans, that one rogue guy in engineering, did get assigned 100% of the blame from the PR dept.
LOL exactly, It was not meant in seriousness :)
Clearly the engineering team didn't know ahead of time that Electrify America would be the end result of dieselgate. Had they known, perhaps they would have been more eager to do the engineering work though! haha
It was just a fun inside joke, since nobody could have assumed the fines would create Electrify America. Personally I'm glad Electrify America exists, though the way it happened was probably not the best path to get here.
EA even has successfully moved on from just being an org forced into existence and are actively trying to take care of customers and produce a good product now that they have some competition.
Them cheating the tests WAS them ensuring THAT compliance.
In fact, that's how a lot of compliance works in industries where there's little little enforcement and relies a lot on self regulation.
“Compliance” only matters when their own interests aren’t involved
And since they saw what it cost them, they are now VERY concerned with compliance.
If I had to guess it’s liability concerns around the app-based remote unlock and parking + R155 and CRA. A lot of european companies have moved to require attestation in their apps, likely spurred on by the CRA.
But why? I'd understand (though not approve) them tightening down everything about the car firmware to the max. They are responsible for the app, sure (it's a "digital element"), but they aren't responsible for the OS the app runs on. The CRA should not be used as an excuse to enact stupid restrictions.
Unfortunately, due to the nature of these things, you cannot verify an app is unmodified without also verifying the OS running it is also unmodified. So if VW decides that only their unmodified app may access APIs, then they kind of are stuck verifying the OS.
They can, given basic competence in SW engineering, also verify against GrapheneOS' published release keys. The reason they don't is the same reason Google closed my ticket asking them to include Graphene keys in Play Integrity checks: they don't care.
The reason they don't is the same reason Google closed my ticket asking them to include Graphene keys in Play Integrity checks: they don't care.
I think the reasons are very different. VW maybe doesn't care. Google does it because it would undermine their stronghold over the platform. If they would allow GrapheneOS, what would block Samsung or another OEM from also sandboxing Play Services and not preinstalling a bunch of Google apps and requesting the same?
This shows why attestation is in the wrong hands. Whether a particular device is attested should be purely based on the security of the device (which would also exclude a bunch of certified devices that Google will happily attest now), not on maintaining a smartphone duopoly.
Alternatively: don't add inherently-unsafe functionality which requires attestation in order to have a veneer of "safety".
As media piracy and game cheating has shown: no matter how hard you try, there will always be ways around it. You should assume that 3rd-party device you have zero control over is already compromised, so why not use the API as the boundary layer, stop pretending you can secure the app, and open it up to 3rd-party access like it already is in practice?
Yeah, in the case at hand it's quite silly anyway. We have a VW car and the primary things you can do with the app is check the charging state, stop charging, and turn on the heating/airco.
Unless I overlook something, the worst attack vector for a compromised phone is: you could drain the battery by repeatedly turning on the airco.
Though I guess they are rolling out phone-based car keys, which may be the incentive.
Yeah sure, the company behind Dieselgate and single handedly destroyed the diesel market is worried about compliance? Give me a break.
VW is large enough that different parts of the company can have very different opinions.
I mean, the app services department doesn't exactly have a track record of perfect compliance (privacy) either, so there is that.
That itself though speaks for a broken company culture. If one part of the company is completely disaligned with the values of good engineering, why should anyone still trust the company as a whole? It seems they at the very least severely lack a good vision then, to uphold the company values or what should be the company values.
That’s how megacorps are. VW has almost 700K employees. Enforcing a company culture on that scale is a very diffuse and difficult thing. If you are evaluating whether you should trust a company based on their ability to enforce values throughout all their orgs, you really shouldn’t trust any company unless it’s a tiny one where this sort of thing can be a lot easier to hold the line on.
You don't understand, both comes from the same motivation and way of thinking: You see, compliance in Germany is about pretending to be super-compliant and not getting caught. Everyone will do the dance, make all the moves, and if you seem to make all the moves, you are assumed to be compliant. Supervisory authorities will not really check thoroughly except if you are annoying them or making them look bad. Especially if you are partially state-owned like VW.
In Dieselgate VW got caught, made the supervisory authorities and politicians look bad, which is why the authorities also weren't inclined to sweep it under the rug completely. They just shielded VW from the financial consequences in Germany (German VW customers got shafted).
Blocking GrapheneOS is the useless "pretending" part of compliance. They don't really want to do security, because that would cost money, so they pick some actions that seem drastic, harsh and don't cost them anything to implement. Later, when there is a security incident, they will point to their huge heap of pretend compliance, whine a bit about state sponsored actors, high criminal intent and other obvious deflecting bullshit. But they will get away with it, because they did the compliance dance, so they are obviously compliant and did nothing wrong. Nobody in authority will look twice als long as they are neither annoyed or made to look bad.
tl;dr: compliance in Germany is performative
Yes? These things directly follow one another: VW are obsessed with letter-of-the-law compliance, so things like end-runs around test routines are obvious solutions.
And VW didn't single-handedly destroy the diesel market; economics and physics did. Almost every other manufacturer was also fudging the tests results in some way. But more importantly, building a passenger car diesel that meets NOx targets doesn't work; by the time a passenger car diesel meets modern NOx targets honestly, the car contains a ludicrous precious metal loading in the catalyst and is only a few percentage points more efficient in terms of consumption and CO2 emissions than a petrol car and the math doesn't add up. Diesel is just not a practical solution for passenger cars; it never was in most ways, but it took the EU a long time to restrict NOx pollution to a sustainable level and expose the physical issues at hand.
You can have high-mileage diesel cars or low-emissions diesel cars but not both at the same time.
VW knew this but lied to customers and told them they could have both. Dieselgate was their attempt to convince everybody the lie was true.
This was official EU policy, based on french reports, as the french and italian manufacturers actually came up with common rail diesels first. The EU then changed regulations to tax based on CO2, which diesels are better at. They also made diesel taxes lower, to offset the higher prices for diesel cars (often 2000+ euros more than the petrol versions). This was all done in the framework of reducing foreign oil imports.
What VW did was to save money from ThinkBlue systems. Not every manufacturer failed the tests, especially the ones who used exhaust gas treatment did pass, and were more economical than petrol engines. After that, the EU changed emission standards and made them more strict, so VW switched to using dual exhaust treatment. Which made the cars more expensive.
What finally killed diesels was the removal of the tax reduction on diesel fuel. Since it is now taxed the same as petrol, there is no more any advantage that can offset the higher purchasing costs of the cars.
If they have concerns about the security of their app on some platform, they have the choice to either put "security" into the app, or to trust the platform vendor to provide the security. The correct solution is the first way. Deferring trust to the platform provider is the lazy way.
If their APIs are done correctly, they shouldn't be afraid to expose them.
You're proving the previous commenter's point. VW doesn't want liability. They do not care about "security" just liability.
When they leave the "security" to the platform they can blame them in a lawsuit.
Google has a pretty good legal team. Their developer ToS that absolves them of any sort of liability for anything. So this means VW is just being lazy and not seeking legal protection.
https://play.google/developer-distribution-agreement.html
> VW is just being lazy
Maybe they rather be lazy and be able to shift blame, even without much legal recourse.
They don't care about legal recourse. If there's something wrong, they'll just change the laws. That's why they don't care about GrapheneOS users, or any EU regulation which could harm them.
>Their developer ToS that absolves them of any sort of liability for anything.
This is... obviously not true?
If you could (somehow) meaningfully damage a car via the app, do you think VW wouldn't be liable because of the Google Play developer ToS?
My point was that Google would not be liable. VW cannot evade liability from app misbehavior by using Google Play Protect, so why do they do it?
It will look better for the project lead if there's an issue though. You can say that you enabled everything recommended by Google or w/e, following best practices, and still got pwned instead of arguing that your own security model had a tiny little flaw that no one recognized. And it frees up project hours which can either be the difference between doing the project or not doing it and/or allow you to have other project work billed to this project.
How else would you build "security" into the app (in the sense of not allowing third-party modifications of it that would open them up to liability), except relying on hardware attestation that the app has not been modified? That attestation necessarily requires the platform provider to be involved.
You don't, the app runs on a user-supplied device. They should secure the part that runs on the car and consider the interface between the app and the api to be a user interface.
Volkswagon has no jurisdiction over how I manage my fob, which is the client for the vehicle's unlock and start API. Once you hand a bearer token to me that governs full access to the vehicle, including the accelerator and steering wheel, it's not your job to babysit whether I chose to use it while drunk or hand it over to someone else.
Except it is their job, that is why certain signals on the car are protected from manipulation. Any attempt to circumvent this and succeeding would require direct action from VW. If they cannot prove that they did everything possible to prevent that, then they are legally liable to the authorities.
Same way that banking apps don’t care if you could screw up your account anyway, they will ban rooted phones just to avoid the risk. Because when something happens, what do you think is more likely? That the customer accepts full responsibility for using a rooted device and says that’s on me? Or that they blame the bank for losing all their savings?
> If they cannot prove that they did everything possible to prevent that, then they are legally liable to the authorities.
Laws mostly don't work like that. The seller of gasoline doesn't have to prove they did everything possible to design the product to prevent anyone from using it for arson, nor should they because that's preposterous.
> Because when something happens, what do you think is more likely? That the customer accepts full responsibility for using a rooted device and says that’s on me? Or that they blame the bank for losing all their savings?
You're making the assumption that rooted phones are more likely to be compromised, but it's entirely the opposite. The stock software on phones regularly goes out of support and has known unpatched vulnerabilities (but will still pass Play Protect) and the only way to get a patched system on that device is to install a newer third party ROM. On top of that, GrapheneOS has better security than stock Android even for the same version.
Moreover, that has nothing to do with liability. When the user with the vendor-supplied firmware still gets pwned and has their account drained, they're still going to go to the bank looking to get their money back. All the bank does by going out of their way to block third party firmware is to make that marginally more likely.
Easy: separate the systems into the safety-critical ones required for driving, and the nice-to-have ones used for things like entertainment. You can now give the car's owner full access to the latter via all sorts of weird 3rd-party apps, as there's no way for that access to cause serious issues.
They should be doing this anyways, or else you end up with your Jeep being crashed via wifi [0], and having the blast radius of a corrupt album image [1] restricted to infotainment is probably a really good idea too.
[0]: https://www.kaspersky.com/blog/blackhat-jeep-cherokee-hack-e...
[1]: https://www.theregister.com/software/2022/02/10/radio-statio...
So you don't have a VW employee coming by your house in the evening to check if the key fob is still in you possession? Sometimes he even does a testdrive to make sure it still works with the car.
Maybe I have to ask that guy some questions....
I wonder if they would be ok with letting users sign a waiver to gain unrestricted API access.
Germans will talk a lot about data privacy but then do stuff like this regularly.
One is people one is companies.
It sends very weird signals when the EU will fine an American company over some data moving in a direction they don't like while at the same time EU governments will allow home grown companies to de facto force people into using products from those same American companies all while lecturing us about duopolies and privacy only to re-enforce those same problematic patterns. It is absurd.
All countries are more lenient with their own companies. Remember who started grounding the 737 Max? It wasn't the FAA, an otherwise highly respected organization. Who is paranoid about Chinese routers while spying on everyone? Etc.
No, it's not weird at all. They're each just an outcome of two different regulatory philosophies about how to protect users. We might want both because we're coming from an individualist hacker mindset, and thus see them as similar issues. But this is not how regulatory environments work (unfortunately).
From what I can surmise, the German/EU philosophy is more of a closed world approach - accepting that companies will keep control, then government regulates the companies to stop the companies-with-control from causing harm. If you don't like the harm, your recourse-focus is to petition the government to stop it (eg GDPR). Whereas the US philosophy is more open world - once someone "chooses" to patronize a company, then the company is free to do whatever they want. Your recourse-focus is to stop using that company.
They both have shortcomings and glaring loopholes, of course.
> The view everything through the lense of liability and compliance first.
Wow, so they must really want to avoid the liability of spying after their users and keeping all that data, and to be extra sure to comply with the GDPR, they must keep only the absolute minimum of data, right?
Wrong: https://www.theregister.com/security/2025/01/06/data-describ...
https://dailysecurityreview.com/security-spotlight/volkswage...
When a company behaves as your enemy, don't invent wild justifications how they're actually not. At least leave it to their PR team.
It's more about rules than hypothetical liability for Germans.
It's inconceivable that someone would want to use a car outside of it's specified rules.
It looks like the software development at Volkswagen is done by mixed bag of different deparments with different quality.
On one hand you have: Linux at Volkswagen
"Software development without Linux is no longer possible within automotive environment. Therefore Volkswagen Group IT created and maintains a Linux distribution for our developers. This short talk will highlight our starting goal to integrate into the existing environment, highlight our integration problems and solutions with contributing to upstream. Furthermore we will show where Linux desktop need to improve in future iteration to be a good fitting replacement for other systems."
https://media.ccc.de/v/4486-linux-at-volkswagen
On the other hand you have insecure implementation of telemetry: Wir wissen wo dein Auto steht
"Bewegungsdaten von 800.000 E-Autos sowie Kontaktinformationen zu den Besitzern standen ungeschützt im Netz. Sichtbar war, wer wann zu Hause parkt, beim BND oder vor dem Bordell.
Welche Folgen hat es, wenn VW massenhaft Fahrzeug-, Bewegungs- und Diagnosedaten sammelt und den Schlüssel unter die Fußmatte legt?"
https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-vo...
I’ve spent time doing software at VW and a few of its subsidiaries, and this matches my experience.
Compliance is everything, and SAFe (Scaled Agile) is deployed as a blunt instrument.
Management treats software exactly like hardware production lines—everything is just an "engineering process" that can be optimized on a spreadsheet.
The underlying assumption is that individual engineering talent is just an interchangeable commodity. Once you view developers as replaceable cogs, outsourcing the entire infrastructure to the lowest bidder in India becomes the logical conclusion.
It’s a textbook case of process-over-people driving institutional tech debt.
> Management treats software exactly like hardware production lines
That's exactly my observation as well. Classic hardware-producing companies have an immense respect on the step of entering mass-production, as whatever issue that slipped through will be multiplied and physically spread across the world.
So they come from the mindset that the dominant mindset is to minimize the SURFACE-area of potential risk. This makes it really hard for them to compete in software-space, because in software the dominant mindset is to just estimate risk.
Neither is wrong, but applied vice-versa is.
- If you treat software like hardware, you end up cutting out everything that could make your product fit more than your decided main use-case.
- If you treat hardware like software, you're placing a bet on behalf of your customer that the product "will be fine", and a (very expensive) bet that this product won't create an aftermath which may destroy your entire company.
Companies which can't manage the distinction here end up putting hardware in the hands of customers they should have built differently and then spend all their resources on software updates just to somehow keep the core function working.
Why shouldn’t software be treated with the same rigor at Volkswagen scale?
Pretty much all software products typically talked about on HN are laughable at that scale, they have crashes or weird bugs way more often than the six sigma norm of 99.9999% reliability.
For example, I don’t think it’s even possible nowadays to buy a new iPad and use it with default apps and settings for any significant duration continuously. It’s well under 1 million minutes of uptime before failure and a hard restart is needed.
So anything more complex than the simplest possible use case of an iPad is even more of a joke under hardware norms.
> Why shouldn’t software be treated with the same rigor at Volkswagen scale?
No one said that it shouldn't.
What I wrote is, that the approach of minimizing any SURFACE of risk in software creates the (subjectively good and solid) software of previous car-generations (in Volkswagen terms: MIB2 ~ a bit downhill already in MIB3): A solid, predictable and closed product fulfilling its core use-case.
But it DOESN'T create a user experience with those "fun" niche features, competitive remote-access Smartphone features, exposed API's, sudden new features during lifecycle, funny "ludicrous modes" etc.
And today's customers are demanding those features, it's now a hygiene factor for a premium experience on Smartphones as well as on cars.
A Tesla is not considered a "Premium" car because of its premium hardware or manufacturing quality. They disrupted the car-industry by being the first to apply a software-dev mindset to it, and the consumer perceives this as premium.
It's considered premium until you see the amount of recalls they do for important things like brakes braking and wheels staying attached to the car.
https://www.go-parts.com/garage/brake-pedal-tesla-cybertruck...
https://www.tparts.com/blogs/tesla-latest-news/tesla-issues-...
https://tesorb.com/cybertruck-rwd-recall-173-wheel-stud/
I guess this mentality makes sense if your products’ failures may lead to actual people dying. And in VW’s case it’s the correct culture working as it is supposed to? My Toyota sometimes feels like it was designed by a lawyer. But I somewhat understand given their history of being badly sued. That being said, at this day and age they probably need to evolve to accommodate some UE principles from the consumer electronics industry. Especially given how cars are getting more computer centric. Hitting a good balance between the old compliance/safety mentality and UE mentality will be hard.
The same company that supposedly views everything through the lens of liability and compliance does this:
> When the cars were operating under controlled laboratory conditions - which typically involve putting them on a stationary test rig - the device appears to have put the vehicle into a sort of safety mode in which the engine ran below normal power and performance. Once on the road, the engines switched out of this test mode.
>
> The result? The engines emitted nitrogen oxide pollutants up to 40 times above what is allowed in the US.
https://www.bbc.com/news/business-34324772
The first thing I did when I read the parent comment was to double-check if I mixed-up my German companies.
There's only one reason why they're doing this: it benefits them in some way.
They have to, because German society is extremely litigious and based on finding loopholes in rules.
You know how some religious groups will string a rope between two houses, count it as a roof as long as they're within a certain horizontal distance of it, so they can follow the rope on occasions when the religion says they have to stay inside, and they think God enjoys them finding these loopholes?
Germany is like that, but with lawsuits. If anyone with money finds a technicality to sue you on, they will. So you have to be extremely liability averse if you want to be successful in business. Also, liability is almost always unlimited. You can be bankrupted by a single bad lawsuit.
What do you base this information on? I live in Germany and have no idea what you're talking about.
Same. It doesn't sound at all familiar, but Germans are a relatively litigious bunch (so many have legal insurance). Suing your neighbour because their cigarette smoke wafts into your kitchen. That sort of thing.
But "unlimited liabilities" gives entirely the wrong impression. German courts do not award punitive damages, and fees are generally capped below that amount in dispute.
No idea what's your source on this, but I see you're spanning quite some "rope" from
a.) a global company in the car-industry being cautious of exposing ANY risk-surface in a product because every issue making it to the field doesn't just bear the risk of very expensive recalls/fines but may also put people's ACTUAL lives in danger, to
b.) the country Germany and its whole society
> If anyone with money finds a technicality to sue you on, they will.
In the car-industry you don't need anyone with money to sue you. If you ship a car which is found to endanger participants of traffic, your company may not recover from the aftermath for years...
They have a hard time to understand software in general, software developers have a very low standing in German engineering and engineering culture has long been replaced by finance people.
And I don't think the liability is the primary problem, they have a problem with freedom and fear that they lose some mechanism for monetisation. This is why you get subscriptions for heating your arse.
I'm kinda glad that it's VW blocking GrapheneOS users in a cynical way. When my parents got a VW Jetta they never stopped complaining about it and never bought one again. So it tracks that they'd also be the car manufacturer to block GrapheneOS and stomp on their user's privacy.
It's an easy market to win at this point. The bar has been lowered so much. Already have a nice car? Just don't display utter disdain for your user's privacy and you get our $$.
I think there was no specific thinking in that space at all. They went for attestation of the app for security reasons of the API and their testing only runs on normal android and iOS devices. Consequently, they realized later this and write a response pointing to their tested platforms.
So understanding why they drop it is IMHO easy. Understanding why they use only attestation based API despite and forcing their third party ecosystem out is stupid. Companies do not understand open communities.
I've had the same Golf since I bought it new in 2014. I like my Golf, so it should be an easy sale for VW to sell me a replacement.
However, VW just seem to make gaff after gaff. Collecting information they shouldn't, exposing information they shouldn't have to hackers via lax security practices.
How many rakes can a company step on?
Now, they're blocking GapheneOS? They've got two hopes of selling me another 'Dub.
(Bob and No).
> How many rakes can a company step on?
All of em.
Or, for the Australians: Buckley's and none
They appear to have no clue about what customers want. We’ve had VWs in the family for as long as I can remember. After I sold my Polo, a car I truly liked, that was the last of it.
Nobody wanted the crazy touch dashboards, data collection, emissions nonsense, etc.
Just make the damn car you’ve always made. Be reliable.
What else was on your list? Haven't looked seriously but WV, kia, Polestar has been on my list.
I've test driven pretty much all VW brands (that fall within my budget) and thus far, the Cupra Born has been my favorite.
I have test driven the Kia EV4 and EV3, but I am not a huge fan. I do not enjoy the look of the EV3 and while the EV4 was a nice drive, I kept bumping my leg against the direction selector (which is below the handle for the wipers; But this is a huge nitpick since I am fairly tall, so not really an issue for 99% of drivers).
The main issue with Kia across the board is that their are so darn expensive for insurance. At my current provider, the EV4s insurance would have been 500 EUR more expensive than an roughly equally priced Cupra Born.
Not a huge SUV fan, but the Skoda Elroq and Skoda Enyaq were very nice vehicles as well
Been mostly interested in ev6. Just compared insurance cost and Polestar 2 was almost double. Born was also 50% more than kia ev4. Maybe different in the us if you are there?
Not sure if Tesla is on your list, but FWIW Tesla app works fine on GrapheneOS
Indeed it does, but Tesla is firm on my no buy list
Insane take for HN. It's either Rivian or Tesla.
Zeekr is getting up there too, but Tesla is going to be leader for ages - most car availability, easiest to service, most hackable software, best in class privacy, tons of third party options.
I am in Germany, so even if I was in the market for a truck (which I am absolutely not), Rivian does not have vehicles here.
Beyond the politics involving Tesla, I just do not like the car. I had a Test ride with a Model Y and it just was not a good experience. I hate the touchscreen centered everything, etc. Beyond that, I just want a compact vehicle, which Tesla simply does not offer.
Given Tesla‘s features like the Live camera access and their allegations of employees sharing pictures recorded with the interior cameras of the car, I have as little trust in Teslas privacy promises as with any other manufacturer. They‘re also very expensive in insurance
Oh it’s on a list alright
> I got an offer from a dealer three weeks ago and was going to order the car, then the API for the community integration got turned off. I decided to hold back and see what comes from it. Now this, which ultimately - since I am a GrapheneOS user - makes me completely cancel my plans.
Make sure that dealers know why you changed your mind.
>Make sure that dealers know why you changed your mind.
"Some nerd couldn't use their nerd phone."
What incentive does a dealer have to know or care about this?
As a dealer, it would be frustrating especially because it is so silly. Basically, if they report any of this to HQ, it would be along the line of "I am losing the sale of a whole car over some stupid app block".
You could make a similar argument about voting in democratic elections. It's still important to vote.
What is the risk of letting them know that someone lost trust in VW's features due to a boneheaded decision of their software group and decided not to buy that brand at all?
Net Promoter Scores is the only thing that the marketing department cares about. So fill out that customer satisfaction survey, give them a 1 out of 5, and say why. Passives (2-4) are not even considered lol.
What incentive does a dealer have to know or care why a sale fell through? Bizarre question
I'm thinking that the effort required to make that one sale in a thousand is not worth it. The 999 others didn't complain about that.
I think that it is not fair comparison. More likely X % changed their mind and did not go through the purchase. Nobody except this one told the reason? If only this is said aloud, dealers might even make assumptions that maybe others did the decision for same reason, but just did not say it.
I wonder what a Venn Diagram of people that use GrapheneOS and people that wish to purchase a Volkswagen vehicle looks like. As of April 2026, the operating system had approximately 400K active users. https://en.wikipedia.org/wiki/GrapheneOS
I wish that Volkswagen would care about this, but I suspect they have little incentive to do so.
Volkswagen has a 10% market share in Europe (25% if you consider the whole group: Audi, Cupra, etc.)
Assuming 25% (might be overinflated) of GrapheneOS are European, that’s 10000 European GrapheneOS users who would buy a Volkswagen car (assuming an unbiased distribution of GrapheneOS users, which is probably not the case though).
I don’t think Volkswagen is in a strong position to say they don’t care about 10000 sales in Europe only.
Good point. I wasn't considering the different concentrations of interests by area.
That number might grow substantially when Motorola releases GrapheneOS phones.
Uh the driving assist is pretty bad for north american roads. I wonder if Germany has immaculately painted and well maintained roads?
My buzz loves trying to jerk the steering wheel when it can't figure out how the lanes work.
Let me get this straight, you are considering buying an EV, or any modern car for that sake, but you care about privacy (by using GrapheneOS).
You are driving the biggest trojan horse of spyware ever created. You voluntarily drive around with that thing spying on you AND me. I hate parking at a parking lot now because every car and its 300 cameras are spying on me, putting my face, car and appearance in a database used to track everyone around you.
I genuinely don't know how people like you sleep at night knowing you're raping everyone around you by enabling mass privacy violations. Grow a spine.
Its simple really
VW is for people that can't afford a BMW or Audi.
BMW/Audi is for people who can't afford a Porsche
Porsche is for people that can't afford a Ferrari.
Once you understand that ladder, just stay off of it, and its all good.
You're speaking of a company that made special programs to cheat on CO2 emissions during car inspections.
It's just a direct security risk for them no. Less control can lead to unpredictable behavior from their cars in the future. Why would they want to allow the environment which enables that.
Companies just don't realize how personal computing is.
An analogy is trying to make users wear certain clothes when they use your product, and then asking why it doesn't fly.
I can't even consider them after diesel gate. When I start thinking about it, it's quite sad how many car brands are terrible. I own two Mazdas. Still terrible but the least I could find.
This is sadly not even the full extent of it. What they did is, they locked their api entirely for anything that is not play protect certified. That means, all the cool stuff that was doable via community-driven projects is now dead in the water.
The "app" they provide is 60% advertisement, 30% features, and I unironically preferred using a Home Assistant connection instead of of it for everything. Even for automations like "when to preheat the car", since that was easier and more intuitive outside of their native function.
This also means, that charge control from the cars side is not possible to automate anymore.
Sure, one could take the position "but it was never officially promised", but for some people, including me, having the api (which is paid btw) was a selling point.
Yes, I registered specifically for this comment.
I feel you. From my side I try to complain / rate / review every time, even if it's a low effort action, to cost them time and in the case of the regulated companies, to slightly worsen their complaint stats.
There's enough of users to start making a difference. Really, even a low effort action raising valid concerns (security theater, a lie, google's monopolistic position, anti-competitive, etc), keywords that will make their response more careful and potential complaint to the regulator more impactful.
Things like this can actually be a good way to nudge a company in the right direction sometimes. Nobody uses those internal review systems, and sometimes their stats are actually important. A handful of users might make up a really big chunk of the reviews.
In a similar vein, I once met a woman who told me how she would enter every single one of those stupid contests that you'd see printed on cereal boxes and ice cream containers because literally five people enter into those things, so you're odds of winning are surprisingly high. Apparently she won a bunch of them, but her favorite was when got a week long vacation that included going on a fishing trip with Ben and Jerry of "Ben and Jerry's".
%s/you\'re/your/
So "Play Protect" is doing all the damage to the third-party ecosystem that it'd seemed designed for.
I've slowly but surely been moving away from any service provider of any type who does not allow me to use their service without their often Play Services-dependent app. Changing vehicles would be a lot harder though.
Developers have to go out of their way to implement triggering Play Integrity API checks in their app and then retrieve the results to check on their services. They're putting a lot of effort into banning anything not licensing Google Mobile Services. It's definitely not a security feature since it permits devices with no security updates for more than 8 years but not a far more secure OS than anything Google certifies. Google doesn't allow GrapheneOS to obtain certification and certification comes with highly anti-competitive rules which would be completely unacceptable. Their licensing system has been ruled illegal in South Korea and other countries should not only do the same but ban the Play Integrity API and other related anti-competitive features. These are not actual security features and that's an excuse for the actual purpose of enforcing their GMS licensing model including forcing including a bunch of Google apps with extremely privileged access and using their builds of many OS components shipped from the Play Store.
I feel like that should be a warranty claim. You sold me one car with a specific set of features and now you've updated it into a different one lacking those features. It's not the same car. You broke it. Fix it or pay me for it's value.
They have plenty of boilerplate in the warranty to be sure they don't have to pay you for this.
Fortunately the government has demonstrated that it can regulate the terms of warranties.
Car apps, beside Tesla, are universally awful to use. Even Tesla's is not beyond reproach (app size is massive, for one), but at least it doesn't make me want to poke my eyes out. Apple should make a "Cars" app that's like the "Watch" app and let them standardize.
Why does a car even need an app? Don't they have a screen and internet connection on the car itself?
It's for when you are not in the car. E.g. notifying you the car has finished charging or to start heating in winter.
Why does a car even need an Internet connection? I'd prefer a car without. I recently bought a 2024 model Chinese EV, and it doesn't seem to have an internet connection of its own. Neither does it seem to have an app.
Reasons I could think of for an app: Remotely check battery charge, and that would purely be for interest rather than necessity.
I get why people might like or want remote heating/cooling as well, and I'd probably use it if I had it, but it would be an exceedingly rare occurrence (although I'm more sensitive than most as to becoming a 'soft' human being).
> I recently bought a 2024 model Chinese EV, and it doesn't seem to have an internet connection of its own.
That you know of...
/s
tesla is worse and starts from zero - you can't buy a tesla without installing the app.
Starting my heating/airco at a distance, checking whether the car is charged so I can continue my trip, exporting charging session for my accountant, ...
Rivian would have gone out of business a year ago if VW had not approached them with an offer of $5.8B to rewrite all of VW's car software [0]. Because VW knew their own software sucked.
I wonder if this is a result of Rivian writing VW's software or if that effort hasn't yet borne fruit.
[0] https://en.wikipedia.org/wiki/Rivian_and_Volkswagen_Group_Te...
It hurts anytime there is a subscription intermediary and people are being trained to think this should be the case.
Iroh networking can't become a standard fast enough.
https://www.iroh.computer/
Driving a rental car in Germany almost makes me cheer for the ongoing bankruptcy of their auto industry. It really needs a full reset at this point. Sad thing is EU law mandates for a modem in the car as well as intrusive driving aids that actually make driving less safe by constantly driving your attention away from the road[1]. So there is no hope to get a minimally decent car in Europe in the near future, unless a wider reset also happens at the political and social level.
[1] https://www.youtube.com/watch?v=f-S76WEl25k
Whoever came up with the idea that the car should beep loudly even close to the speed limit has clearly never driven a car. The best way to silence it is to constantly be over the speed limit or well below.
This thing makes me crazy. But I can somehow ignore my Skoda’s whining. The other car was bought months before this regulation happened and I will keep it as long as I can.
Probably made worse by the fact that _every_ VW brand car I’ve driven has read about 10% high on the speedometer. I think I’m going 100 kph, but timing using the km markers on the highway show I’m going about 90.
When I talked to the dealers, they said that the speedometers only have to be accurate +/- 10% according to the SAE specifications.
After DieselGate I assumed that the high reading was to game the fuel consumption game.
Never again, VW auto group…
Just use the speed reported by your GPS. Most navigation apps show the GPS-based speed.
A little nice thing the cars could do is automatically calibrate the speedometer from GPS when on a long stretch of a road. You would get the accuracy of GPS and the reliability of speedometer even when in city jungle, underground, during slow speed manoeuvres etc.
I have a GTI and with cruise control on, the speedo and my phone's gps reads exactly the same speed.
I have a Audi A3, speedometer reads ~6km/h too high compared to GPS and various "speed-showing signs" I've driven past.
My 18 year old A3 reads about 1mph higher than the true speed at motorway speeds. It's pretty spot-on, which is very unusual.
Ah, mine is quite precisely 10 years younger, and also European if that matters, sounds like yours might be Mexican if it's in the US unless I'm mistaken. I guess there is some tuning process at the end of fabrication/production, maybe just "wild luck" either way.
I believe the only Audi car made in Mexico is the Q5. My US model 2025 A3, btw, is dead on (+/- 1 mph).
> When I talked to the dealers, they said that the speedometers only have to be accurate +/- 10% according to the SAE specifications.
I believe the requirement is only one way - they can read high by a certain % but they cannot read low. Which makes sense. But that means in reality they will usually read a little high.
Wow TIL. I have observed that my rental cars in Europe all have faulty speedometer. Multiple brands, multiple countries. So this is why.
Was in an Uber in Korea recently traveling from the airport and the car literally beeped every 30 seconds for the entirety of the one hour drive with what presumably was a speed limit warning - a beep AND a verbal message. Seemed to be only marginally over the limit. Drove me insane. I don't know how the driver dealt with it - he must experience it all day every day.
I guess you just filter it out after a while but it definitely makes me think I need to do some research before getting a new car any time soon.
Well, just don't drive fast than the speed limit and nothing will beep at you. Simple as that.
Positive side effect: No expensive photos will be taken, too.
Yes, let’s make people focus less on the road and instead worrying about 1km/h speeding. And where I live expensive photos are only taken way way later than the car starts beeping. It’s the real life equivalent of the cookie banner.
Each km/h over the speed limit can decide between coming to a stop at the right moment or killing somebody. Don't try to put it into the wrong perspective. The beeping is fine.
No, good driving, which includes focusing does that. People hit other people in the parking lot. There’s a reason some countries have significant higher death counts in traffic and no amount of beeping will change that.
Wait what brand does that? I need to know what car to not buy.
Every new car sold in the EU. Most make it easy to turn off but it does default to on when you start the car.
That’s terrible. Means I better drive my old Ford long enough for them to fix that ridiculous regulation.
I don't see them fixing it, in fact I wouldn't be surprised if they doubled down and restricted the cars speed according to the local limits.
That is one of the best, most profound and prescient videos I have ever seen.
I recently saw a reportage about emergency call-takers. As you watch them work you'll notice they get an automatic call from the crashed car long before any human calls them, presumably from that modem.
I'm not arguing that the modem should be mandatory, or that you shouldn't be able to control what it does. But forcing car vendors who want to built in a modem to make this modem do an automatic emergency call by default, that seems quite sensible. Even more sensible would be if the modem did nothing unless you allow it, except when it detects that crash, but... profits.
This is already sorta-kinda the case, and it is leading to a lot of issues right now.
The eCall functionality isn't exactly trivial, and due to its safety use there are probably some rather strict regulations around it. In practice this has led to many car manufacturers opting to use dedicated off-the-shelf modules for them, which are completely separate from all the connected infotainment stuff.
However, early modules were built around 2G/3G cellular technology, and cars with those were still sold well into 2025. Not a huge surprise, because its application doesn't require 4G/5G data speeds. Buuuut many countries are now actively retiring their 2G/3G networks, leaving those cars unable to place emergency calls, and with a functioning eCall module often being legally required it would mean some 2-year-old cars would no longer be road legal...
Recently I rented Cupra for a week, its assistants were non intrusive, and helpful. It was a pleasant surprise. Now don't get me started on Toyota or Hyundai assitants... BTW the video you linked features a Toyota.
Our Mercedes:
- beeps about the speed limit, especially if it misses a sign. For example every time starting on a parking lot it keeps the 5 kph even after multiple turns
- warns about leaving the lane, including trying to stay on the lane by slightly couter steering while ignoring yellow construction lines
- Sometimes when moving off from a standstill in a queue, it triggers all "careful you're about to crash into something"-warnings. I suspect it's detecting exhaust gasses from a car in front?
- You must not, ever, touch the turn signal to announce your will switch lanes soon, while there is still a car next to you. You'll get a loud, obnoxious warning tone. This one is especially annoing as it makes sleeping as a passenger on the autobahn basically impossible.
> ... it makes sleeping as a passenger on the autobahn basically impossible.
Which people often do when sharing the driving on long drives. So, another case of it making driving more dangerous, if the spare driver can not rest properly.
My 2024-model Chinese EV allows for volume to be turned down for various things - and these volume settings are kept across 'reboots'. It makes the occasional 'bing' or 'bong' that I need to look at the screen to work out why (which is probably a 'new' safety issue caused by 'safety' settings), but it's nowhere near loud enough to awaken a sleeping passenger.
My sister-in-law has to reconfigure all of the cars safety settings every time she turns the car on as they reset to their seemingly maximal defaults upon boot.
> constantly driving your attention away from the road
Absolutely agree! After a few minutes you realise you forgot to disable one of the 'features' and then get distracted trying to do that.
Lane keep assist is broken and dangerous
Auto high beam assist is broken and dangerous
Auto cruise control is broken and dangerous
Collision detection-avoidance is broken and dangerous (thinks you're going to crash quite often in our narrow, built-up areas in the UK)
Speed sign detection is broken
Hell, even automatic wipers, after all these years, is far from perfect. I feel they should have had to prove themselves with that before being given anything more important
How are all these "broken and dangerous"? In my car (Volvo) they work rather well. Perhaps sign detection sometimes misses signs, but so do I so I can't fault it. The others though, I rank them all somewhere between "genuinely useful" and "absolutely awesome"
N.B. I didn't write /all/ were "broken and dangerous"
But some personal examples:
- Auto high beam assist saw a car at a side junction, turned off high beam, then turned back on, mimicking a 'flash' to let the car out, which they acted on by pulling out. I had to brake hard to avoid them. I was doing 60 mph
- I was on the motorway and a stranded vehicle was on the hard shoulder and the driver decided to exit from the side closest to my lane. I went to move over slightly to give space and avoid him, and the lane assist pushed me back towards him (there was too much traffic for me to change lanes)
- Driving in built-up areas with lots of parked cars and narrow sections, the collision avoidance has pre-activated with huge beeping warnings that massively distracted me, causing me to actually nearly hit something
These were all different modern (but not high end) vehicles
Auto cruise control doesn't take into account vehicles in other lanes etc. It encourages disengagement in dangerous situations/surroundings. It is by definition dangerous
edit: and speed sign detection is probably the most broken. The constant beeping and flashing. I mean, I don't have to explain that do I? Distraction -> danger.
PSA: Flashing someone is never a signal that you're giving them priority. That is explicitly forbidden in the highway code and dangerous. Flashing someone, like using the horn, only means "I'm here, just in case you didn't see me". If someone flashes you, you should make your own determination whether it is safe to perform a manoeuvre, making no assumptions about anything that the person who flashed you might be seeming to be promising.
> PSA: Flashing someone is never a signal that you're giving them priority.
Uh. I guess you've not many US highway miles under your belt. If nothing else, it's a very common nighttime signal to let passing truckers know that they've room to get back in the rightmost lane. I can't imagine that the signalling situation is much different in other places that have a large population of generally-decently-skilled drivers.
> If someone flashes you, you should make your own determination whether it is safe to perform a manoeuvre...
Sure. The operator of a vehicle is ultimately the person who's responsible for its safe operation.
Having said that, few drivers are interested in killing their fellow travelers. Especially at night, determining the "time of arrival" of oncoming traffic, or the distance between the end of your bigass trailer and traffic behind you can be quite difficult. If it's customary in your area to use headlight flashing to indicate to traffic ahead of you that it's safe for them to perform whatever maneuver that they may be uncertain about, then it's not unreasonable to assume that the driver that uses that signal isn't attempting to kill you with misinformation.
Automatic high-beam-togglers don't really care about anything, [0] so that's definitely one piece of malfunctioning tech that makes the roads less safe.
[0] ...yet!
Yes...but the "feature" is still broken and dangerous
Admittedly mine is somewhat high end, and I have seen broken implementations (which is what I think you describe; e.g. for auto high beam assist mine will redirect the beams around isolated cars, won't completely switch to low beams except in heavy /heavier traffic; and when it does, it takes at least several seconds to switch back - which makes it impossible to do the kind of "flash" you describe).
But I'm kinda' surprised by the cruise control, I don't think I ever drove a car, even a rental, where cruise control wasn't at least "genuinely useful". Even the non-automatic one. How does it "not take into account vehicles in other lanes"/ what makes it dangerous?
The auto high beam blinds other drivers when it fails to detect them
So do other drivers that fail to switch to low beams - even my old car was better than me in switching to low beams.
Nobody had ever angrily flashed their lights at me until the first time I drove a new car with automatic lights. On one occasion blasted someone 50-100' away, which there's no way I've ever done. There's a long dark road I drive on often where every time there's at least one car I can tell left its brights on too long, and it's blinding.
I rented a VW EV (the ID 5) 1 year ago in Germany and had no issues.
The driving aids can be annoying (especially when there are works on highways or similar and you need to drift beyond lines but lane assist wants to keep going in that direction) but they actually saved me from crashing the car in the parking!
I completely did not see a small wall behind the car and the car emergency broke before I made major damage.
I don't know how large a group who will do this is - but if the UK bans VPNs I can see Graphene having a very large target on its back.
Pixel being a fairly popular phone in the UK is the interesting bit - if you had to buy some niche device I couldn't see it hitting more than a few hundred people doing it, but there are likely 100k pixels in the UK, and it's still possible to buy one and put Graphene on it.
The squeeze on the free internet happened so quick by the UK (well it took years of indifference and a failure to enshrine protections - but once they started moving the did so super fast)
Realistically we're speed running ID being tied to internet usage - create your escape hatch while you can!
There must be 10s of millions of x86 PCs with unlocked bioses in the UK. The issue won't be running an open device. The problem is software - what does someone running Linux do if the government mandates online services require proprietary attestation APIs?
It's scary how quickly the banning is moving. The problem is what happens next. When they realise that banning things doesn't really work. The next logical step is severely limiting internet traffic.
> what does someone running Linux do if the government mandates online services require proprietary attestation APIs?
One dual-boots to a reputable Linux vendor’s signed/sealed OS image with secure boot enabled in BIOS, so that the attestations are valid; financially supports said vendor; contacts them quarterly with check-ins on the status of their lockdown+attestation roadmap and uses professional journalism approaches to highlight their (in/)action; and, contacts one’s relevant governing body to petition for the addition of that vendor’s signed/sealed product line to be added to the authorized signatures list by both government-sponsored apps and to the verification platforms of the competing vendors (in order to balance the necessities of attestations with an appropriate degree of anti-monopolistic protections for consumers).
> It's scary how quickly the banning is moving. The problem is what happens next. When they realise that banning things doesn't really work
This confidence that ‘attestation doesn’t really work’ is the same sort of confidence that lead the Linux user community to largely scoff at, and ignore, attestation’s threat from when it was ballistically launched three decades ago towards the future. Options are now very limited for stopping it, and largely reduced to ‘getting some Linux into the approval list’. Severe compromises in user freedom will be required for the signed+sealed distro images to receive government approvals.
Imagine if Linux were an app on a video game console and you start to see the outcome: it’s a perfectly great working environment into which all of /usr/local and /opt and /home are writable, but the lockdown prevents you from modifying the OS in any way that could defeat the attestation protections. Apps you install into /opt can only access their own /opt/prefix, apps you install into /usr/local can access $HOME. The apps you install can choose to write session data (such as digital age verification certificates) to a system-protected /data store keyed first by the kernel’s signature, and second by the vendor signature the kernel reads from the app; with the understanding that an attestation latch-forward after an exploit patch will wipe that store, and that dual-booting to a different vendor will suspend access to sessions stored by that vendor.
This is, to climb on my hobby horse for a moment, why I continue to believe that Valve will be the first Linux vendor to receive government attestation approval alongside Apple / Google / Microsoft have previously across the desktop and mobile spaces. I’d really prefer that to be Graphene, Ubuntu, and Valve — but Graphene’s customer base is hostile to this, Ubuntu doesn’t have any incentive to care, and of the Linux vendors out there, Valve has a decade-long head start on the need for a locked-down and attested platform for business reasons. All of the above falls out naturally from considering how to defend one app from another on Android, iOS, Steam Deck, and Xbox. So far as I can tell today, though, Linux intends to be left out in the cold on all this. Oh well.
>signed/sealed OS image
This way we will just have unremovable age verification, spyware, online accounts to use the os, name another bs from other vendors. What's the point of Linux then? The moment big corps and the state can seal spyware into your computer, they'll happily do it.
I'd rather have a separate burn device with whatever os for state services which lives in a faraday cage most of the time and have a proper OS I control on the main device than give somebody control over it.
I’m with you in spirit, but the ship is sinking, man. Your arguments were already made in the 90s when the first puff of smoke from all this was on the horizon. Thirty years of chicken little later, I’ve moved past being upset about this and am trying instead to persuade the Linux community to step up before the window of opportunity closes on GP computing altogether. Do something, act, if you want a better future; or do nothing if you don’t. What actions do you suggest people take in support of your viewpoint?
Make the installer KISS. Linux installation still host the realm of complex verbose jargon.
"Starting anaconda", "Enable Kdump", on anything RedHat.
Debian spews an ancient terminal window of options upon options and who knows how to install Arch.
Linux installations has never been click, click go. Installation wizards are still designed for the tech enabled and not the common user.
We have a helicopter on Mars yet they still can't master a installation wizard.
> We have a helicopter on Mars yet they still can't master a installation wizard.
Unexpectedly, the 'bootable thumb drive' models are actually pretty great — not the installers, but the ones that boot straight into a GUI that works and is usable. I haven't used one as my personal Linux uses predated thumb drives, but I have always (mistakenly?) assumed that once you're booted into a liveCD, you can click 'Install on a drive partition' and it will actually do something coherent and GUI and reasonable. Have I been too optimistic? Probably, yeah :(
Not really, that is essentially the experience I've always had installing different distros from a live USB; it's mostly just seamless if you're not doing anything weird.
I'm not sure that is even possible with Secure Boot
I would never ever trust Linux from a vendor. If it's not installed by myself, I refuse to use it.
When you accept government gift in approval consider it tapped. At any point they can return to the vendor and go "install this". No? Okay bye to your certification.
Call me paranoid.
> I would never ever trust Linux from a vendor. If it's not installed by myself, I refuse to use it.
I bet you would, though, if the built OS image were 100% reproducible except for the signature. Once you have a fully reproducible Linux OS build, you can literally copy paste the cryptosig from the vendor and it will work with the image you built yourself from source that you inspected yourself. Then it’s impossible for the government to tap it without breaking the reproducible image checksum and thus the published cryptosig. It’s a better defense than any warrant canary would be, and it satisfies your concerns fully.
Arch shows only 15 packages left for their core OS to be built reproducibly; what I don’t see at their dashboard is the state of their ISO build reproducibility, but I imagine that’s the same as the core, so maybe it’s just unstated for obviousness. https://reproducible.archlinux.org/
Does GrapheneOS publish their repro build efforts as a dashboard anywhere?
> I bet you would, though, if the built OS image were 100% reproducible except for the signature.
CryptoSecure, depends how it's done but again neither can be trusted. Especially when you have no control over the silicon running the OS.
I don't trust Linux now. Microsoft got its mits with WSL. RedHat sold-out to IBM and Debian got in bed with Canonical. Arch & Valve I might trust slightly more. They've got to make money somehow /shrug.
I use FreeBSD and I don't trust that either unless I can do make install world, even then I have my suspicions.
>They've got to make money somehow /shrug
They do with enterprise but not the way they do with consumers. There is no point selling data for ads on couple thousand servers for pennies when they make millions with licensing and support.
All the code microsoft, redhat and canonical contribute to linux is open source anyways.
> Does GrapheneOS publish their repro build efforts as a dashboard anywhere?
Instructions to fully reproduce a build are here: https://grapheneos.org/build#reproducible-builds (disclaimer: I never tried using them).
Linux intends to be left out of all this attestation garbage because it completely undermines the point of fully owning and controlling your own devices. I don't want or need to ask permission before I run a program - not from random megacorporations, and ESPECIALLY not from any of the various governments. If some third party service wants to make sure I'm not doing anything nefarious, they should do it at the border of their servers and the services they offer.
> what does someone running Linux do if the government mandates online services require proprietary attestation APIs?
So, in the scenario posed (quoted above again for context) that I’m responding to, where the government has mandated attestation online, it seems like you’re arguing that Linux should continue to opt-out of attestation, and thus be forced into non-internet uses only. Do I misunderstand your intended outcome to the scenario here? I took for granted that Linux users would want to retain access to the internet as a critical priority, given how strongly they’re objecting to attestation of internet apps (and eventually internet access), but if I’m mistaken then I’m happy to reverse course!
The idea is that enough users insist on non-attestation devices and platforms that governments and mega corps aren't able to require them for critical services. And loudly protest, switch to different services, etc when they DO attempt to be required. Example: already personally switched banks when they tried to require a validated Android device, and let them know directly and in reviews all over the place.
Don't fall for the trap that all of this is inevitable, you have to try and resist it first.
> Don't fall for the trap that all of this is inevitable, you have to try and resist it first.
Been resisting for years, since I learned of that first Intel presentation, as best as I knew how at each of the various life phases. At least for the last few years people started to pay attention as it starts to affect them personally, rather than just dismissing it as an implausible scenario back when it could have been stopped by regulations for the first twenty-five. Note that protesting through boycott requires not buying any big-three mobile phone or big-three video game console (each of these is a beachfront for widespread attestation), which is essentially a dealbreaker right out of the gate for most theoretical objectors. I remain hopeful that my cynical outlook will be disproven in outcome, but I also continue honing this high-level plan for any Linux that would ship sealed/signed OS images with gov't approval. One need not simply bet on red or black, after all!
Am currently trying to open a business bank account in the UK, several banks require running a proprietary ID validation app.
I want to downvote your comment to register my displeasure with the banks' actions.
Don't use those services. You're not gonna miss most of the crap after a few weeks anyways. Everything else is consent.
The first wave will be to mandate ID verification for online services. Some people will then start using p2p services, so the next step is to ban devices that can run non-approved software. Probably having your own VPS running your own software will also not be allowed. And like that, all the avenues for escaping control will be closed… for your safety, of course.
I think a lot of them already do, considering you can do things like digitally sign legally binding contracts.
Who said the UK is going to ban VPN?
Genuine question. That's news to me and I'm here.
When they realise their social media ban for children doesn't work
Think of the children that will bypass all of the "protections" recently adopted by the UK.
How would they even do that? A VPN is just a remote machine. Anything can be a VPN
And some including mullvad already accept payment in crypto, there will always be some dodgy VPN company in some dodgy jurisdiction that will take your BTC in exchange for an account.
I don’t think that will stop them trying though
Like in Russia
The state of the art, "xray-reality", is not blockable. It's a legit tls connection with data smuggled inside it.
Are you taking from the experience that this is not blockeable in Russia?
EDIT: I might be confusing vless/xray/reality but seems like there are no problems to block it based on ip reputation + tls fingerprint + amount of connections https://habr.com/ru/articles/1044396/
Of course this would block some valid websites but when has government cared about that
The IPs are Cloudflare, the TLS fingerprint is uTLS Chrome, and the number of connections with xhttp is the same as your normal browsing.
If you are willing to block browsing all ordinary web sites fronted with a CDN, then yes you can block reality/xhttp. You cannot, however, differentially block it via any of the three things you mentioned.
They are willing to break some cloudflare-fronted websites. That's already a reality in Russia.
The government (any government) hates its citizens and the freedoms it had to allow them
They can make it impractical for most people by repeatedly banning VPNs by IP address. Users have to pay upfront to figure out if their chosen VPN even works, then it could still break later.
Probably by forcing VPNs to only allow approved operating systems to connect to the Internet via hardware attestation, then those operating systems will only allow users to install signed apps, and only government-approved VPNs will be allowed.
https://xcancel.com/BBCBreakfast/status/2066788360606138759
https://stateofsurveillance.org/articles/government/uk-lords...
It mostly happened already and it's in motion.
The "Technology Secretary" is actively investigating it[0].
[0]: https://www.birminghammail.co.uk/news/midlands-news/new-vpn-...
They said so. "Nothing is off the table" was the quote, iirc.
Apologies for the youtube shorts link, but Liz Kendall was on LBC yesterday talking about VPNs:
https://youtube.com/shorts/WvHl3G6KojI
I believe they're "doing research" into it, which basically means they don't understand how any of it works.
https://www.androidauthority.com/google-pixel-organized-crim...
“Every time we see a Google Pixel, we suspect it might belong to a drug dealer,” said a police official leading the anti-drug operation in Catalonia.."
Seems like some countries/areas are already targeting the Pixel (really its because of GrapheneOS)
It is far more likely that it is due to scams and grifts that pretend to be GrapheneOS, associated with GrapheneOS, or based on GrapheneOS, rather than GrapheneOS itself. Criminals tend to be not that bright.
* the criminals we know about
I regret not signing up for Discord when they first introduced facial recognition and middle schoolers were trivially spoofing their ID checks with meme pics.
There's really something to be said for greedily signing up for most things and trying to get grandfathered before the zipcuffs tighten.
IRL, though, fuck this. Home depot added flock cams and broad facial recognition, grocery store installed turnstiles, haven't stepped foot in either since. I'm just dropping out of the IRL retail economy left and right.
aren't online purchases even easier to track though?
> - create your escape hatch while you can!
I really, really, really dont understand why people keep avoiding saying the obvious.
DON'T TREAT YOUR PHONE AS YOUR PRIMARY ENTERTAINMENT DEVICE.
Have two phones. One is the real one. The one you use. The other one is the "cops and bank" phone.
VW blocking third party to access their servers is one thing, the thing that I find shocking is that you need to access VW servers to obtain your charging data while this should be directly available locally from the car.
The historical data is aggregated in some "cloud" rather than in the car, but if you want to collect and aggregate the data locally, you can still, for now at least. Car Scanner Pro and ABRP (A Better Route Planner) are both really popular for EVs for this exact use case, and both support VW EVs; they read battery charge state / voltage / temperature and operating states (speed, consumption, etc) using both standard OBD and proprietary manufacturer diagnostic IDs over the OBD port and then redo the aggregation and math that VW are doing on their end.
I've seen some great successes using HomeAssistant combined with one of these that connects your vehicle's various CANbuses (via OBD port) to Wifi/BLE. https://www.meatpi.com/products/wican
Google Play has been a huge drag on innovation and security in the mobile ecosystem. I'm actually looking forward to the time when AI kills the mobile app ecosystem so that every phone manufacturer can bundle their own "vibe-code-your-own-app" system with their devices, and the Google Play monopoly is broken.
I don't think that will happen. Sure for a minority of users the same as people running linux for their daily driver, and I definitely support it!
It's possible that we get to a place where everyone cooks their own meal (vibe coded app), and only goes out to eat sometimes (official app store). Spreadsheets are the same, you can get a lot of milage, and most still buy and use closed source software.
Reminds me of this: https://www.robinsloan.com/notes/home-cooked-app/
Let's rewind 15 years ago when everyone was jumping and praising mobile Eco-systems. Did no one ever see this happening or were most too gullible with Facebook hugs and pokes
My recollection of HN 15 years ago includes a lot of annoyance with apps that could have been a website and how these walled gardens harm our freedom
Got my date wrong. What about twenty years ago?
In 2006, before Android, the iPhone, or app store existed? Were you even alive 20 years ago?
Keep in mind that the 1st-gen iPhone only supported a small set of built-in apps. Third-party apps didn't appear until 2008.
<https://www.macstories.net/stories/10-years-of-app-store-a-t...>
HN discussion at the time:
- Apple iPhone SDK Event: iFund - $100 Million for iPhone Devs <https://news.ycombinator.com/item?id=130686>
And some early skepticism: "iPhone SDK And Restrictions: Some Of The Details Aren’t Great" (7 Mar 2008) <https://news.ycombinator.com/item?id=131171> Mostly concerns limitations on the API and what capabilities are exposed.
And for those who care to do more digging, a couple of searches bounded on 5 Mar 2008 -- 6 Mar 2012, the first 4 years of the App store:
"iphone sdk": <https://hn.algolia.com/?dateEnd=1331078400&dateRange=custom&...>
"iphone apps": <https://hn.algolia.com/?dateEnd=1331078400&dateRange=custom&...>
"iOS apps": <https://hn.algolia.com/?dateEnd=1331078400&dateRange=custom&...>
A very cursory eyeball of those shows some interest, but nothing overwhelmingly panglossian or critical. But I've not looked in depth.
Yes, I am 37. What about you? I was hosting an IRCd on my 33.2k modem at night using Hybrid-IRCd before that ratbox. I recall XFree86 before Xorg and running Linux on my 486dx running kernel 2.x
https://distrowatch.com/table-mobile.php?distribution=icepac...
My first mobile phone was a Siemens m35i, eventually followed by a Sony Ericsson k500.
Where the Nokia 3310 phone couls receive animated icons via SMS messages that displayed on the background as well as looking at ascii smut via WAP at the age of 15.
So yes, what do you take me for? A disappointed cynical 37 year old who's watched the world burn in to a walled garden of hell that folk enjoy licking the grey walls of.
I do recall the rainbow fences where one could happily jump over if you got bored. Where anxiety wasn't a thing and folk were in touch with nature.
Every semi-smart phone I used before the iPhone existed either had no app ecosystem, or it had a super walled-off one that nobody complained about because it was probably unused.
Which is kinda where I'm at with cars. Idk what this stuff about VW supporting a mobile OS means, cause my car can't really talk to any phone unless you count Bluetooth audio.
> everyone was jumping and praising mobile Eco-systems.
Literally who?
The app-devs were salivating on striking it rich on a garbage app.
The rest of us groan when we hear "DOWNLOAD OUR APP" or grocery stores that want you to install their spyware coupon app.
These days, nost apps are just data exflitrators, spyware portals, and surveillance pricing initiatives, wrapped up with a "FREE THINGY" wrapping.
> These days, nost apps are just data exflitrators, spyware portals, and surveillance pricing initiatives, wrapped up with a "FREE THINGY" wrapping.
This describes almost every "tech" product
There were a lot of companies who thought an app was preferable to a mobile website (which is still true today). For example, around 2010-11 I was working on Etsy API stuff at the time but had no interest in making a mobile app for anything, and saw a few developers and apps acquihired by Etsy.
I see a future where it is easier for startups to create their own mobile devices than to deliver certain functionality through the Google and Apple platforms where your own data will be used against you and where their devices can record you 24/7 without any remediation to ensure privacy.
Unlikely for most. For some situations yes, but for most situations customers are going to demand that you work with their existing phone.
If this is a deal breaker, then you want to avoid KIA. The KIA connect app also doesn't work on GrapheneOS due to the use of NSHC DxShield [1].
[1] https://en.nshc.net/
VW won't be missed! Cars weren't meant to be computers on wheel.
I bought a 2025 Suzuki because it is a manual and there is no firmware update, no internet connection, GOS Android Auto is all I get and only if my phone connects with the car.
It is so weird how companies in 2026 still making such bad mistakes.
Connected cars can be convenient though. E.g. when doing larger trips, we usually take a break when we need to charge (get some tea, food, etc.) and it's really handy to get a notification when the car is done charging.
Also in the heat of the summer, it's nice to be able to start the air conditioning a few minutes before leaving.
I've used a 2023 Suzuki S-Cross (manual fwiw) and this doesn't match my experience. Which model are you using?
They have an app [0] (which doesn't sync correctly for me, and their support is awful). When working it shows things like where you last parked, fuel efficiency, and allows you to remotely lock the vehicle, so it has internet access.
I sent Suzuki a Subject Access Request as a workaround to gain access to the data, and received months of extremely accurate location, speed, etc data.
There are also software updates, you just have to do them yourself [1]. They also didn't work for me.
Software aside however, they are extremely reliable cars, most of which seems down to their simplicity.
[0]: https://play.google.com/store/apps/details?id=suzuki.app.a02...
[1]: https://www.infotainment-system.com/en/device/summary
> In my opinion, the most useful next step is to contact Volkswagen support in a coordinated and technically precise way [...] Smartphone: Google Pixel Operating system: GrapheneOS
I strongly recommend saying that the operating system is one of "Android" (there are many variants), "Android (GrapheneOS)", or "GrapheneOS Android".
But if you say only "GrapheneOS", you are practically telling VW to respond that they do not support that operating system.
I want a law that requires publishing your API for apps like this as well as allowing users to crate their own frontend based on it. That would enable more privacy aware versions of these apps.
https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty... from 1975, but is has more of what you were asking for than you might guess. And it was written about info-tainment systems (radios).
If you pay for the privilege of using the app, that makes sense. I can't imagine such a law would ever be made for free apps as controlling the client experience is key for enabling them to offer it for free. The reason free apps often don't have a paid tier is because the folks who would pay for it are often the key demographic they need to not pay for the entire thing to be profitable for subsidizing the less desirable demographics.
I'm not trying to suggest that these sorts of things should be this way, but if there is a server involved in the economics of maintaining that endpoint come into play and can't be ignored. Ideally things were federated and you could point your car or whatever device at and endpoint you maintain, but that comes at a cost as well as maintaining software where both client and server are controlled by the same party is an order of magnitude easier than cases where they aren't the same.
https://www.stopkillinggames.com/en
Because I frequently supply to the automotive industry, I fully understand all these issues. No matter how good many open source projects are, companies always have to face lawsuits and liability. That is why, no matter how good Linux servers are, factories use Microsoft servers. Regarding the responsibility for that software, if a problem occurs, the company that signed the contract takes on the liability. Ultimately, they shift the security responsibility to Google. It is unfortunate for open source enthusiasts, but if they do not restrict open source and an accident happens, the possibility of a lawsuit being filed against Volkswagen would be the real problem.
Grapheneos is compatible with over 99% of android apps. The only apps that don't work either actively block Grapheneos or have bugs caught by Grapheneos exploit protections which can be disabled.
You don't have to do anything extra to support Grapheneos, just don't add in attestation which does nothing for security and limits user freedom.
This is fundamentally different from not choosing to use Linux servers. It's more similar to not letting a customer enter your store because of the color of their skin saying they aren't regular humans. It's pure discrimination because just as the functionality of android doesn't depend on these extra checks, the customer works the same regardless of how they look.
I have 38 apps on my GOS phone and none have had any issues.
GOS may be much more technologically advanced and secure than Android. But that doesn't mean it has official safety certifications that can be submitted to courts and insurance companies in the event of an accident. Because GOS cannot pass hardware-based keystore authentication. I generally think open source is often better. The problem is that there is no entity to take responsibility.
There are banks that officially support Grapheneos through their hardware attestation. Android has an open and secure attestation, but Google pushes play integrity because it enables their monopoly. Companies making apps aren't exposed to these alternatives because of Google's power so that's what they choose, it's not because of security.
So is this problem of german (or EU) laws?
Are you saying Microsoft ever paid damages for problems with Windows (e.g. a non-bootable computer after an OS update)?
I think they didn't, so I don't see why them having the responsibility matters.
My 2016 car has the old version of Android auto. My phone has the new one, I think from 2019 or 2020. They are incompatible. Did I miss something by not integrating my phone with my car? I don't think so. I call with Bluetooth and navigate with the screen of the phone. The only thing I'm using is the mic and speaker of the car. The mic is probably substantially better than any earpiece I could buy, because I suspect that it's designed to filter out noises from the car and from the road.
> My 2016 car has the old version of Android auto.
I don't know if an AAWireless adapter might operate in a way that could bridge that compatibility gap, but it might be worth a shot if you can borrow one to try it out.
I've been decently happy with it in a ~2020 car. Compared to a direct USB connection, there are some privacy implications with how it's running a low-power access point in the car, but bluetooth etc. are already a risk there.
> Did I miss something by not integrating my phone with my car? I don't think so. I call with Bluetooth and navigate with the screen of the phone.
For me the the main feature for Android Auto (over just a bluetooth connection) is navigation on the car's larger touchscreen that already has a good fixed position.
That's the thing that gets me about all this car tech. The actual car will last far longer than the tech stuff will be supported. I suspect it's done intentionally to help phase out old cars faster by making them less functional.
I've begun rejecting any hardware that depends on some kind of external service. I won't buy anything that requires an app or a remote server anymore because they always kill the app long before the hardware is dead.
I have no plans to buy a car but I'm curious: what is the sensible choice for technical people with a reasonable amount of money?
I rent cars whenever I travel to the US and I've never not been pissed off by a car's software.
If you live in a country that makes it practica/affordable and you don't need too much range, I wonder if buying an old car with a broken engine and paying someone to do an electric conversion is a good choice?
Or maybe generally just buy a ~10 year old car, find a mechanic and say "I want this car to last a really long time, if we can build a trust relationship I will spend a lot of money in your business" and just budget for extensive proactive maintenance? Maybe with this approach you can still save money relative to a new car?
Or, is it possible to buy a newish car and then just rip out and completely replace the infotainment/climate control/etc while still keeping stuff like the parking cameras working?
> I'm curious: what is the sensible choice for technical people with a reasonable amount of money?
I am probably the extreme minority, but I prefer cars with as little "tech" as possible. I don't need "drive assist" and sorts.
All my cars are 10+ old benzes, Nissans, Toyotas. All under good maintenance routine so giving me very little headache.
I had all sorts of stupid issues with modern cars while renting. One toyota scared the crap out of me while it imagined some pedestrian and yelled with all signs while I was going 100+ km/h on highway. Horrible crap
The "driving" tech I want in my car is:
- Cruise control.
- Camera for parking. I guess sensors too. These are just unbelievaly useful IMO, it makes parking trivial in cases that used to require quite intense focus. I see the appeal of fully automated parking, but with cameras and a car that you have lots of experience parking I think I am fine Austin-Powers-ing into any space that the car physically fits into.
- I guess, maybe, I kinda like the thing where it automatically watches your blindspot and has a little orange light to remind you that there's a car there.
I dunno, when did cars get all that stuff? (Cruise control was basically universal in the US before I was even born I think, but not sure when the others showed up).
But then there's some non-driving tech that I do want:
- Completely frictionless navigation and media control. Android Auto just seems to be fucking nonfunctional so I think maybe what I want here is actually just a Qi mount and a reliable bluetooth controller?
- I've never had it but I bet remote climate control is really nice (warm up the wheel 5 mins before you set off on a frozen morning / turn on the AC 2 mins before you get into a car that you couldn't park in the shade).
I would get a Rivian because you can disable all connections.
I am in market for a Car within a year or two, and I promise it won't be one from Volkswagen, if a company supports OSS platforms in cars and is available in APAC I will buy from them even if it costs 2x for the same specs (preferably a Hybrid but EV works too I guess).
Happy voting with your wallet folks. See ya.
I had a used 2016 VW Golf and it was a lemon. It would have an average of one serious problem a month. I finally gave up being a professional car maintainer and dumped it, taking a huge loss because it was effectively worthless on the car market despite only being 8 years old. Fun car to drive, but what's the point if it doesn't work reliably? I completely lost my trust for VW vehicles after that.
Not surprising to me at all that their software is a similar high quality experience, but in general I think it's weird that cars have to be connected to the Internet anyways and I doubt the competition is substantially better.
Microsoft is also doing this, Microsoft Authenticator, no longer works under GrapheneOS for corporate creds, and coming in July they will delete any Entra-related IDs from your phone.
https://www.theregister.com/on-prem/2026/03/10/microsoft-tig...
Modern cars are such enshittified garbage. I was in a modern Toyota recently and every time you start it, the screen shows a "Guest mode activated" that you need to explicitly dismiss. The only way to disable this is to install some stupid Toyota app which I would never install. Then you dismiss the popup and the home screen is "Experience Drive Connect" which is some stupid Toyota subscription which I would never subscribe to. What a piece of garbage. I'd probably just disconnect the whole screen entirely.
Tell the dealer you won't buy unless they disable all that garbage. They may say they can't, and if they let you walk out maybe they really can't. Then ask them for a discount so you can replace the head unit with one that doesn't spy on you.
> if they let you walk out maybe they really can't
Toyota's have such a backlog of orders that they're marking cars up above MSRP
This is actually mostly impossible these days, there is no "head unit" like cars had a couple decades ago, and the infotainment systems are integrated with all the other computer systems in the car. Disabling anything is difficult and will affect the car's functionality.
This is how toyota and VW comply with legal requirements and regulations. Same reason why you cannot disable many Assistent functions permanently, they always come back. Because to get high NCAP scores, the functions must be activated.
It's not your car anymore, you're just renting someone else's hardware and access to their restricted platforms. Some recent cars even deny starting your car engine if the always on camera facing the driver thinks the driver isn't capable of driving "safely".
This is the WEF future your conspiracy uncle was telling you about during family gatherings. Well.
The conspiracy uncle was right after all.
The difference between conspiracy theory and established fact are 10 years time.
Side note. Has anyone else noticed an uptick in GrapheneOS posts lately or am I crazy?
Sort of, there're more posts about graphene in the year 2026 & they get much more attention. Aggregated some data and plotted it with my agent: https://boop.icu/Pr.png
Can you add CopperheadOS data 2014-2018 and AndroidHardening Project from 2018-2019?
Probably because it's quickly becoming the only reasonable option on mobile
GrapheneOS has an official partnership with a large OEM (Motorola), has near perfect app compatibility, is constantly improving upon user experience, and has been well known and regarded in the privsec community and by many trusted security experts. It appears to be gaining more mainstream awareness as a result.
Oh, and Android 17 has been released so there is hype for that.
The UK government has just create an upsurge of interest in digital privacy, so that might be why
I am not a lawyer, but this is clearly illegal under EU law.
As a EU citizen, please sign this petition https://www.change.org/p/eu-data-act-durchsetzen-autoherstel...
VW needs to go back to building simple, reasonably priced cars that are easy to service. Chasing the premium/luxury car brands, while they own both premium and luxury brands, is doing them in.
It's not VW. It's Google doing this in the end.
The GrapheneOS users are understandably upset, but yes, this doesn't seem like an update targeted at blocking GrapheneOS or /e/OS. It's Volkswagen updating their app and using newer APIs. Technically they are probably doing "the correct" thing in terms of how Google suggests that you develop for the PlayStore API and that blocks alternative operating systems.
It still sucks, but what are they suppose to do, not use the "safer" API and risk getting told that they don't care about security? And for what, pleasing a very small minority of users?
There could be some branding value in targeting more technical users and have them act as brand ambassadors, but for a car I doubt that's worth much.
I hate that cars are every day more and more crammed with software, when car manufacturers can't seem to be able to make half-working code in the first place (looking at you Nissan, who just can't even put the correct timestamp on your GPS data points…)
My car won't let me flick the windshield wipers while the car is parked. I don't know why, maybe they think I'm throwing rain onto... already wet pedestrians? Similar problem with auto-folding mirrors. My mirror was frozen shut one day, and I didn't notice until I'd been driving for a few blocks (which is on me). Figured I'd just cycle the fold-unfold a few times to pop it free, but the button is disabled when the car is in motion.
Increasingly my vision of retirement is a life of luxury surrounded by hardware from before the internet era, things that do what I tell them, rather than telling me what I am and am not allowed to do.
I'm filling my shop with machining equipment without all the extras, but my first 6 years of retirement will be fixing those machines before I can make anything... (and family history doesn't give me good odds of living that long - which is average.)
> when car manufacturers can't seem to be able to make half-working code in the first place (looking at you Nissan, who just can't even put the correct timestamp on your GPS data when car manufacturers can't seem to be able to make half-working code in the first place (looking at you Nissan, who just can't even put the correct timestamp on your GPS data points…)
Nissan sells a ton of cars to subprime borrowers, quality isn’t exactly their focus. Hyundai/Kia and Stellantis also target the same buyers.
Kia's GPS datapoints are pretty low effort (you only get a few, median distance between two points being 30km) but at least they aren't wrong!
I might be soon moving to Europe and would need to get a new car, replacing my (mostly) beloved Toyota bz4x. Well I guess VW is out.
Buy a used car from a few years ago… do some research and make sure it doesn’t have anti features. This is the only option until manufacturers stop this crap
Easy fix --- block VW from your car ownership.
Well you'll end up blocking all car ownership. Markets do not care about individuals.
> Markets do not care about individuals.
If most would do this, they are not individuals anymore.
Marketing-it-harder has some effect, but it's limited.
If a monopolist can insist on terms (e.g., Amazon mandating lowest price guarantees from sellers, or Google mandating auth / compliance / KYC exclusivity to Google Play Services privileged devices by app devs), then threats to the compelled party (sellers, app devs) will be minimally effective.
Class action lawsuits, regulation, and legislation, are required for effective relief.
Answer from VW:
> Please note that the use of the Volkswagen app is only supported on iOS devices and Android devices with supported operating system versions.
Is it time to mandate app developers support all operating systems for a device?
No. You're not required to use the app. You're not even entitled to use the app. If you want to use the app, you have to play by their rules. Plenty of device manufacturers have chosen to only offer iOS apps. No one talked about mandating that apps were available on competing platforms.
If you choose to use something like GrapheneOS, you are signing up for the fact that almost no one will test on your platform and plenty of things will be broken.
"tEsT yOuR PlatTfORM"
Fuck that.
Sure the app is not required, though one loses on all of the remote-control functionality (remote start, remote climate control, etc.).
Maybe then app developers should be mandated to open fully their server-side protocols, so people can create apps for platforms that are not supported by default. No more undocumented APIs, anybody can get an API key, no API serving limits!
Unfortunately, Volkswagen has an API, but made it much harder to use it since a few weeks ago:
https://news.ycombinator.com/item?id=48319509
Here it is, the true hacker mentality.
Understanding how those around you operate makes you no less of a hacker.
It can even make you a great/better one…
They don’t just understand, they basically promote it.
It felt more resigned than promotional to me; but yes, normalization is a fine line!
Sir, this is a VC bro website.
Increasingly these kinds of apps are a requirement for a lot of features so ...
The issue here is not that they didn't test on alternative distributions of Android, the issue is that they went out of their way to prevent anything but the officially blessed distributions.
The app worked until a few weeks ago. GrapheneOS does not miss any functionality (nor security) for the app to work. The only change is that they started blocking non-GMS Android through the thoroughly anti-competitive Play Integrity.
Hypothetically, if GrapheneOS wanted to become a certified Android, it would probably not be blocked on technical reasons, only that becoming certified (last time a contract was leaked) requires running privileged Google Play Services (which is less secure) and pre-installing a bunch of Google apps that should not be uninstallable.
How is that not anti-competitive?
The basis of your argument, that users want these developers to support another platform, does not make sense, because GrapheneOS does not require apps add explicit support for it. GrapheneOS has 99% android app compatibility.
The issue is not that this application isnt tested on GOS, its that an anticompetitive, illegal tool is being used to ban non-certified OSs when these apps would work perfectly otherwise.
This is one of the most ignorant comment I ever read on Hacker News. Are you from VW?
Obviously VW broke the app for GrapheneOS (or any other custom ROM) on purpose, and ironically, things usually works fine for custom ROMs than some Chinese OEM customized ROMs, and when it works, it means the developer went extra miles to implement workaround to cater the flawed OS.[1]
[1]: ref: Years of Android community experience
The difference here is that the devs specifically chose to stop allowing the app to work on the OS without any known compatibility issue? The app just works fine on Android should they let it run.
Just support a certain Android API level?
That's a starting point, but it seems the VW app is using a Google SDK for integrity checks, so maybe we need certain SDKs to be banned.
Supporting mainstream OEM variants can already be enough of a nightmare in behavioural differences. What motivation do most companies have to support Graphene, which will be a handful of customers at best? Developers may be fine with offering a best effort support model, but legal certainly wouldn't.
The funny thing is, nothing needs to be done to support GOS. GOS has 99% android app compatibility. The issue isnt that GOS requires changes in the app to support it, rather, the tools they are using explicitly ban non-certified OSs.
Dont let their boilerplate responses fool you, tools like play integrity only serve to push anticompetitive practices. The claims about not being able to support GOS are nonsense, and all they did was break existing support.
The issue here is the Google-only remote attestation nonsense. It seems pointless to me. A device passing Google's attestation check tells you nothing. The device could well have malware on it and you won't know it. Integrity is a misnomer. The integrity scope is tiny.
My daily driver is a de-Googled LineageOS device, but I purchased a $50us iPhone SE 3 for FaceTime.
I have moved most of the my finance activity to it, along with my license and passport. I would never trust a Google device with this much, and the convenience has been profound in a few circumstances.
I would relegate any intrusive apps here, and happily deny them cross-app tracking privileges.
Bolt a magnet mount on the dashboard. Slap your phone.
I noticed after the recent GOS update Uber would crash continuously.
Lol not surprised by VW. Had a long fight with them because of this takata thing
Tangentially speaking what are the downsides to running graphene?
The things I've found:
- RCS doesn't work at all on non-Owner accounts, switching to the owner account is necessary to receive them (I use a secondary account for my "main" account, the owner is left empty except for a Google Fi associated account)
- Immediate auto-update can cause phone to turn off and not turn on overnight (you can change the setting)
- Google Wallet won't work for payments (in Europe you can instead use Curve)
- The default AOSP app selection is in general worse than the Google provided ones (you can install them, after installing Google Play Services, which is sandboxed)
- Getting Google Fi to work required some fiddling initially, pretty sure it was because of my use of the non-Owner account
- Some banking apps will refuse to work (mine work fine)
- You can get Android Auto working, but by default so many things are sandboxed that applications and TTS won't show up unless you spend the time enabling permissions
Overall I am happy with it. It does feel a bit less polished than stock Android (because of the interaction of apps and more strict sandboxing), but for most people who don't care about Google Wallet and are ok installing Play Services and any necessary Google apps, the experience feels pretty much like a de-Gemini'd/de-bloated Android.
A few apps won't work.
It's not as customizable as Samsung for instance.
It only runs on Pixel phones (next year hopefully some Motorola phones).
I wonder if all VW brands will follow this path.
Isn't this for the same reason why you can't do banking on an unlocked bootloader phone?
There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
GrapheneOS requires a locked bootloader and supports using deveice attestation via the generic attestation functionality in the Android Open Source Project.
Play integrity is an anticompetitive tool that ignores this, and artificially limits itself on GrapheneOS. It is not due to any incompatibility.
The GrapheneOS supporters are not on our sides, apparently. The seem to actually like remote attestation. They just don't like that they are not in on Play Integrity. But what is won if attestation includes official GrapheneOS releases but would still otherwise be exactly the same evil stuff that takes control of the user's device?
I still am hoping that at one point they understand the full consequences of remote attestation. There are some signs they start to notice, but it's slow...
Note that I am a GrapheneOS supporter. You seem to have a few misconceptions.
GrapheneOS is one of, if not the most vocal organization against the abuse of attestation mechanisms. GrapheneOS and its userbase feel the consequences of play integrity every single day.
Im not sure where you got the idea that all GrapheneOS wants is to be accepted by play integrity, because that is not the case. GrapheneOS has been working with regulators to get play integrity banned. Being accepted by play integrity, but nothing else changing, is not good enough for GrapheneOS. It would only be a small victory along the path of abolishing this nonsense.
So, no, GrapheneOS and its community are definitely against play integrity. The "signs" that they are "starting to notice" are not there. They are already fully aware of what attestation is and how it can be abused. They are definitely not ignorant on the subject.
You might be confusing root based attestation with pinned attestation. Root based attestation is flimsy and allows tools like play integrity to ban operating systems they do not like. Pinned attestation, on the other hand, has real security properties and cannot be abused to block certain operating systems. GrapheneOS uses pinned attestation as a part of their Auditor app, and it has other cool uses we could see in the future.
My opinion: Any kind of attestation that is delivered to a non-user-controlled server about the state of a user's end device that the user (possibly using means outside of the end device) cannot change will be abused, e.g for anti-competitve purposes. I am hearing lots of arguments that grapheneOS is more secure (it is) and should therefore be included in remote attestation.
The pinning you are proposing, does it imply that there is again some certification of the "official" GrapheneOS, versus e.g. the user's own fork of GrapheneOS?
How would any of the existing proponents of remote attestation agree to anything like this, given what we consider abuse is exactly their reason of implementing it in the first place? Here, VW wants to stop use of the API by anything else than their App, in order to stop hobbyists and sell API access to commercial middle men. If the user could pin their own software's attestation or even register an arbitrary public key to cover updates, then the user would as well be able to code his own API client that just emulates the attestation. Is there any write up or discussion of the pinning you propose?
I am really not yet convinced how you want to counter the inevitable abuse that app developers and service providers will subject the user to if the OS security model gives them that kind of power over the user's end device.
To start, all attestation is remote. It fundamentally has to be remote, be it a server or another device.
GrapheneOS points out how its improved privacy and security should mean that it is accepted in a system like play integrity. But this is just to outline how flawed the logic of play integrity is. It is by no means an endorsement of play integrity. GrapheneOS wants people to know that google is lying and breaking the law, and uses its own exclusion as that evidence. Even if GrapheneOS were accepted into play integrity, it would still exclude any and all forks and self-signed builds of GOS, which is unacceptable. If companies absolutely insist on using this approach despite its flaws, they should use the generic attestation available in android, and permit using 3rd party roots of trust in some form, rather than outsourcing this verification to 3rd parties like google.
As for the pinned attestation approach, that is Trust On First Use, and is used to verify the integrity of a device based on the security of the devices early bootchain. The initial attestation is what future attestation is pinned to. This allows you to verify a device is the same one, it has not been downgraded, has not been tampered with, etc. This is awesome, and lets you do things like what GrapheneOS does with Auditor. But this is not used to restrict what operating systems are used. Root based attestation somewhat tries to resolve the Trust On First Use approach, but is used to arbitrarily ban operating systems in practice. It is super flimsy as any leaked keys can bypass it.
My only concern is your claim that GrapheneOS is for this technology when it is most certainly against it. The nuance is that pinned attestation is a different approach with different properties, and advocating for it does not mean GrapheneOS is not an ally against play integrity.
Auditor also functions as a proof of concept for the potential of attestation, check here for more info: https://attestation.app/about
GrapheneOS users can hold two opinions at the same time in a consistent way:
- Remote attestation is bad, anti-competitive, and reduces privacy.
- Given in a world where remote attestation exists, GrapheneOS should pass attestation, since there are no security reasons not to.
Both battles should be fought at the same time, because if governments do not want to ban remote attestation, you want to make sure that at least it's not in the hands of companies that abuse it to maintain their duopoly.
Focusing on only one of them can lead to worse outcomes.
> or enable criminals to unlock and drive away with your car
Has this ever happened?
The VW app can't do remote unlock so that's not a problem. It allows you to turn on the aircon or start charging and that's about it. That only works 50% of the time anyway.
Actually, it can (at least for my combination of country and vehicle).
a criminal can just steal your keys and take the car too... why is the phone subject to more stringent restrictions?
The electronic key fob is typically not copyable, so you need OBD-II access to provision a new one even if you have proper equipment.
I do not know the VW app, but other electronic key systems do not require you to have physical access to the car in order to make copies. The keys are meant to be device bound and to have policy (such as I'm giving out access for a week), but that can only be assured via a chain-of-custody attestation system from the boot loader to the app and a hardware attestation that the secure element is proper.
> There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
I get that Google doesn't want to be sued for failing to protect its users and indirect users of the mobile phones sold by other companies, but for advanced users there should be an option to update the signing keys used by the bootloader, so that you can unlock, flash your custom ROM, update keys, and relock bootloader. Such a phone should still be considered "trusted" by Google Integrity APIs. But currently there's no way to do this, so basically you don't really own your hardware.
I gave up on custom ROMs trying to extend my devices' lives and bought a Fairphone instead, so I have the assurance from the vendor that I will have software updates for a very long time.
Note that Fairphone does not provide software updates for anywhere near as long as they claim, and using a modern device with 7 years of support, such as a pixel or iphone, will be far better in the long term. Fairphone is basically e-waste out of the box.
Somehow that stands in stark contrast with the many Fairphone users that I know use their device for many years. One of them uses it as their primary computing device, not owning something like a laptop because the Ubuntu Touch that runs on it plugs into a screen and keyboard and works like a desktop as well as a phone for them. I don't understand why the derogatory statement about that being e-waste out of the box when it obviously works great, at least for those willing to pay the premium for as-fair-as-they-can-make-it part sourcing
Im not disputing the ability to use the device for many years. Using the device for a long time and the device being supported for a long time are different things.
Fairphone doesnt make their own phones, its outsourced to an ODM and Fairphone has very little input on how its designed. They havent "sourced" anything. Fairphone also stops providing kernel updates very quickly and delays userspace/driver/firmware backports for months. They delay yearly updates for years too. This doesnt even touch upon the fact they used public signing keys in the past.
It is not derogatory to say that it is e-waste out of the box, it is simply accurate. Choosing to continue using it despite how unsafe it is does not change the abysmal support it is given. A modern iPhone/android used from launch to the end of its 7 year support time, then properly recycled, would be far better for privacy, security, and for the environment. A support window that long would also provide a strong used market to continue using these devices. Cheap ODM phones with short support windows, and not benefiting from economies of scale, is a waste.
> There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
I don't see how the second half of the sentence follows from the first half.
On every boot I see the sha hash of the image plus there's the attestation App. I've never seen either before and I used both stock Android and LineageOS. Also every App gets granular permission control and there's an automatic reminder to remove permissions for unused Apps. Classic example of Enterprise thinking on VW's side.
We need an opensource car OS, to prevent the car enshitification, but the automakers will never allow it.
what a stupid thing to do. actually i did not have high expectations from them anyway.
Hey Mythos - create me open clone of VW software and tell me which chips to replace in the car. Thanks.
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's Usage Policy. To request an adjustment pursuant to our Cyber Verification Program based on how you use Claude, fill out https://claude.com/form/cyber-use-case.
Mythos, VW code is defective. It doesn't comply with EU interoperability directive. Please fix it.
I'm glad the grapheneos support forum is proving very useful with "Why do you need a car app?" comment being highlighted by this link :D
I got an iPad as backup with my 2fa stuff, and so I can keep an eye on kids in Apple ecosystem. When my iPhone mini does I'll go for /e/OS or GrapheneOS. And then I'll have the iPad lying at home for all the shenanigans that are nice but I don't even really need. My phone must serve me.
I would recommend Grapheneos over e because it has much better support and is a different class of privacy and security.
Hmm yeah but I’m really eyeballing a FairPhone atm.
I am confused here... this is the car, that person buys and person owns. It is used to haul said user's butt from point A to point B. (a) like wtf? (b) what is it about these companies that want to commoditize everything?
> What is it about these companies that want to commoditize everything?
A German philosopher had a lot to say about this a couple hundred years ago... I think his name was Karl.
Yeah this has less to do with VW and GrapheneOS and more to do with Google Play's attestation. Many apps don't work with sandboxed GMS/microG currently and more will come as we get closer to a locked down version of Google's Android.
GrapheneOS has 99% app compatibility with sandboxed google play. Apps do not have issues with sandboxed google play at this time.
When is the last time you tried the MyQ garage opener app?
I was going to trade in an old truck and buy my daughter a Tiguan this weekend. I guess I’ll rethink that.
I am split. I am a grapheneOS user, been so for several years now. So i am mad. But i also see no reason why i would want my phone to pair/connect/share/mate with my car's OS. So a car that actively ignores my phone? That may be a good thing.
Yep same thing on /e/os guess I'll never be buying another VW. Well done guys.
I'm sorry, but what? Why do cars need apps now?
Well, I didn't know it before I bought tesla (and have since sold it), but it's really convenient to pair the phone to the car and let it act as a key. I never had to worry about getting the keys, I just took my phone and it opened the doors.
Also I have to say, setting charge times remotely is mighty handy, if one pays the market/pool prices for electricity which fluctuate from hour to hour.
Not sure why you're getting downvoted, it sounds like a reasonable reason.
It can also be nice to switch climate control on a few minutes before you enter the car.
I am annoyed that the EU allows this in the first place, that car manufacturers sniff off data from people. And, on top of that, block open source alternatives.
To me this smells like a cartel. Why is the EU not doing anything?
It is. There are incoming EU regulations about consumers needing free access to their data that is sent to a cloud server on their behalf. That doesn’t mean all the functionality of an app needs to be implemented.
My feeling is that this change plus the recent API lock for a few days ago are in fact part of a reworking to enable this EU legislation.
The solution is not to try to shame or force Volkswagen to support GrapheneOS, the solution is to (legally) force them to allow the car to run a custom CarOS, for which the community can write their own app
Why should they ?! Do you also want to force them to design their cars so the engine is easily replaceable by a Custom Engine OS so that the community can build their own engines ?!?
Next thing you know these dirtbags are going to want to choose what wheels and tires to put on these things. The nerve!
(Yes, repairability and standardization are encouraged where feasible.)
I would guess there are a couple of orders of magnitude difference between the complexity of interfaces comparing the head unit with wheels and tires.
Like, the head unit is in control of all that happens on the slow bus of the car, and needs to pass independent safety certifications for a complex system.
I was replying to the bit on replacing the engine.
Because laws are (mostly) a reflection of what society wants.
People are growingly concerned with both the car manu and Apple/Google control over their car and related extra software goodies.
Laws are really needed when businesses don’t play nicely. I don’t know the legal specifics, but I’m sure glad I don’t need to buy $1000’s of specialty tools to maintain my vehicle, and sure glad that replacement parts are readily available (and will be for decades).
Just image how much worse society would be if car manus did the same thing as Apple and had ID-paired parts. Sorry! Your AC doesn’t work anymore, please install a genuine Honda oil filter at your nearest Authorized Honda Shop, available for a minimum of $500.
> People are growingly concerned with both the car manu and Apple/Google control over their car and related extra software goodies.
10 out of random 10 drivers out there don't care about the software running in the car.
> Laws are really needed when businesses don’t play nicely. I don’t know the legal specifics, but I’m sure glad I don’t need to buy $1000’s of specialty tools to maintain my vehicle, and sure glad that replacement parts are readily available (and will be for decades).
You drive a self-maintained car. Nothing wrong with that, but I would guess 95 out of 100 drivers on the road don't care about the car at all - they just want reliable transportation from A to B and perhaps some confort.
> Just image how much worse society would be if car manus did the same thing as Apple and had ID-paired parts. Sorry! Your AC doesn’t work anymore, please install a genuine Honda oil filter at your nearest Authorized Honda Shop, available for a minimum of $500.
I don't have to imagine that al all, all premium car manufactures digitally id their components and will not accept 3rd party replacements.
Honda isn’t a premium car manufacturer, but also can you please show a source for “all premium car manufactures digitally id their components and will not accept 3rd party replacements.” I know plenty of mechanics and while OEM is usually the way to go there are many aftermarket parts that get installed regularly.
That's a non-starter in most countries. Since the car software is tied into a number of important safety features and regulated controls, custom operating systems will never be supported.
There are already massive problems with people miswiring head units to play videos while driving and updating their ECU to spew pollution into the air. You're not going to convince any significant number of people that it's a good idea to allow arbitrary code to run and control most of the other systems too.
Those two set of systems are separate and very distinct.
They're not. Use any car's heads up display and you can configure an enormous number of things. Even if there was somehow a pure separation, things such as "playing video while the car is moving" are regulated in many jurisdictions and would land firmly in the "UI" layer.
You can detect the car is in motion or not without talking to the engine computer. Just like my phone can tell I'm in motion without connecting to the car at all. You're trying to justify a bad design with bad reasoning
People watch videos on their phone while drive and will continue to do so no matter what infotainment OSes allow or don't allow.
"Some people break the law" is not a reason to not have laws. Don't let perfect be the enemy of good.
Not with the necessary precision. GPS doesn't work in tunnels or parking garages and can be wildly inaccurate in city centers with skyscrapers blocking line of sight, for instance.
The built-in, offline mapping in my Honda uses a whole host of local-only sensors to handle these situations where GPS is intermittent. It works rather well at figuring out where the car is on the map, and when it deviates from the prescribed route.
It works in tunnels. It works in cities with tall buildings. It works on Lower Wacker Drive in Chicago.
Is there some technological limitation that precludes using this data to determine whether or not a movie can be played?
(It's not like it's new tech. It's decades-old. Honda started using it over 20 years ago.)
There's no need when OBD does just fine for this purpose.
It's also not clear what the purpose of this line of argument is. Some sensor says "car is moving". The operating system in the car/head unit is responsible for enforcing that signal, and it could ignore it equally from either OBD or some pile of gyroscopes. Where that signal comes from has nothing to do with why you will not see cars accepting custom operating systems.
The point of argument is that it no longer becomes a security issue to allow customOS on the infotainment system because it absolutely has no connection to the engine computer.
This is not an architectural issue. The threat isn't a bad OS causing the car to explode. This is a safety issue where the car is required to prohibit certain things - such as video playback.
> It's also not clear what the purpose of this line of argument is.
It completely dismantles your previous goalposts, which were planted firmly on GPS:
>> Not with the necessary precision. GPS doesn't work in tunnels or parking garages and can be wildly inaccurate in city centers with skyscrapers blocking line of sight, for instance.
(I guess we all have the freedom to be as flexible with our goalposts as we wish. I didn't come here for a tireless argument that is motivated by nothing but the desire to argue, though. Have a great day!)
My line of argument is "the head unit is responsible for not allowing video playback while in motion". Anything to do with detecting motion came after that.
You'd hope so but I fear that many safety critical aspects run on the same system as the infotainment system... And that's a perfect excuse for manufacturers to keep these things completely closed
“Users shouldn’t be same to control their own engines actually” hmm well ok then
One person's "controlling their own engines" is another "spewing nitrous oxides, carbon monoxide, and other pollutants into the air, giving cancer to neighbors and destroying the atmosphere". We tried the "don't regulate" path and it ended in a multitude of disasters.
You can regulate emissions without preventing custom tunes
In practice, no, you can't. Certainly not without enormous costs such as mandatory regular vehicle inspections.
I don't think "enormous costs" is a strong argument here. The annual MOT is usually under £50, and that includes a fairly comprehensive roadworthiness check and emissions check. A stronger argument would be that a car owner could change some settings on their car specially to pass the emissions check, and then set them back to dirty afterwards each year.
An MOT is a cost to every driver every year - significant in money and in time - plus the cost of running the infrastructure to provide the testing. All so that a few people can tune engines? No thanks.
It's not just so that a few people can tune engines. The majority of the MOT is the roadworthiness check.
May I introduce you to the "rolling coal" morons?
do you really think there’s no way to prevent or penalize that behavior without preventing the user from owning and operating their own engine?
also, what scale of harm do you think exists from those people?
do you really believe that control of one’s own engine should be removed from all vehicle owners if a few people misuse it?
do you understand that vehicle manufacturers use their proprietary systems that control the vehicle to exploit customers?
> also, what scale of harm do you think exists from those people?
Serious health complications, particularly to cyclists and pedestrians. Significant pollution surges:
> According to government estimates, the practice can increase nitrogen oxide emissions as much as 310 times, non-methane hydrocarbons 1,400 times, and carbon monoxide 120 times. [https://www.rawstory.com/raw-investigates/rolling-coal-donal...]
> AED estimates that the emissions controls have been removed from more than 550,000 diesel pickup trucks in the last decade. As a result ofthis tampering, more than 570,000 tons of excess oxides of nitrogen(NOx) and 5,000 tons of particulate matter (PM) will be emitted by these tampered trucks over the lifetime of the vehicles. [https://int.nyt.com/data/documenttools/epa-on-tampered-diese...]
The reason diesel folks delete emissions is because the way the new diesel motors are set up actually kills the motor. Buying a new motor (or a whole truck!) is extremely expensive. Now if the automotive industry came out with an efficient diesel that also ran well for more than 100k miles, we’d see a lot less deletions.
It's far more expensive to run a chemical plant where you just dump your waste products in the river, but that doesn't make it right or legal.
All 550K diesels with modded emissions are not rolling coal, that is a wild extrapolation
I didn’t ask the multiplier of badness of a single individual doing a bad and stinky thing, I asked what you think the _scale_ is. Do you believe that all people with trucks modified to do this are doing it at all times? Or even half the time? How many people do you think are doing it?
I am absolutely certain that more people are rolling coal than are tinkering with their engine timings for benign performance reasons.
No need. I've seen them.
In the States, for example: Every state I've looked at has laws that make it illegal to roll coal.
And at least in my own state (Ohio), it's a primary offense. A person can be pulled over and ticketed for this even if they're doing everything else by the book. It's super easy to spot.
It seems that it persists not because of a lack of laws, but because of a lack of enforcement.
IMO they exist in spite of the laws (and more broadly "woke" science) and I'd expect much more of them if they became legalised.
I would rather they continue to exist than the alternative of a horrifically authoritarian sterile controlled-society dystopia, which is what certain parts of the world are rapidly heading towards.
We live in a country where freedom is predicated on allowing certain things that others don't like. Being loud and obnoxious is just a natural part of the culture of expressing that freedom. They're not doing it all the time anyway.
Your right to swing your fists ends where my face - or my lungs - begin.
> Since the car software is tied into a number of important safety features and regulated controls, custom operating systems will never be supported.
Then that's a poor design that should go the way of the dodo. Someone hacking the entertainment system should not be able to take over control of the engine. The entertainment system on planes do not allow one to hack into the autopilot. There should be no need for a firewall, they should have no shared wires between them.
"Safety critical" isn't just the drivetrain. I don't work in automotive and won't pretend to understand all the rules, but off the top of my head, some things that my car uses the head unit for:
* Backup Camera
* Turning traction control on/off
* Turning auto hold (maintaining the brake pedal while stopped) on/off
* Window defrosting
Many cars are even more integrated - are there any physical buttons inside a Tesla or is it all through the touchscreen?
> Many cars are even more integrated - are there any physical buttons inside a Tesla or is it all through the touchscreen?
If you're going to use the worst example as the comparison, then we'll get no where fast.
The free-software and right-to-repair communities have a different weighing of tradeoffs than you do.
Could it be a right-to-repair issue? That seems to be the only legal wrench available for forcing automakers to open up access to anything.
It absolutely is a right to repair issue
That's unacceptable, because intelligence needs a way to steer your car into oncoming traffic if required to do so due to confidential national security reasons.