[arsome]

A lot happened - many more recent phones, especially from big brands like Samsung heavily restrict unlocking of their bootloaders. Google implemented SafetyNet, meaning anyone who wants to use things like Google Pay, Netflix, even Pokemon Go and others now has to jump through hoops. Additionally, things like Netflix are still restricted from HD playback on unlocked devices due to hardware DRM.

Android has also gotten a lot better - many of the modifications people were doing just aren't as necessary anymore, most of the features I used from GravityBox back in the day are now part of the OS. The difference between major versions has dwindled. Back in 2014 we had some of the most hackable devices just starting to age out when new Android releases with major changes were hitting and manufacturers refusing to support them.

Personally I still root and stick to Pixel and OnePlus devices where it's easy to do so. Magisk makes it relatively easy to achieve a safetynet bypass and having things like Advanced Charging Controller around means my device is going to last for years longer, but it's no longer as simple as it once was. With the Android improvements though it's hard for even me to rationalize the need to load custom ROMs until my manufacturer has abandoned my device though.

[tumblewit]

DRM is a problem everywhere including linux and running ChromiumOS. There is a protected path from the stream to the display that needs to be "certified" in order to support something like 1080p. I guess for payments it's similar. Its really unnecessary and waste of resources imo. But creators probably want some kind of assurances and so we are stuck with it.

[skynet-9000]

You are forgetting that DRM stopped all that piracy that bankrupted the movie industry. That's also why there were so few movies released in the last 15 months or so.

It really debunks that myth that open source software could ever handle the strong encryption that's so desperately needed to protect new movies and TV shows from showing up on The Pirate Bay.

I for one welcome this cogent and secure technological response to a market issue.

[vorpalhex]

You're going to get so many responses missing your sarcasm.

[skynet-9000]

True. :) but adding /s is not as much fun, especially on April 1st.

[Qwertious]

Pretending to be an idiot is not a prank. Idiots are normal, nobody is a fool for thinking the person saying idiotic things on the internet genuinely is an idiot.

[skynet-9000]

I'd like to take a moment and refute these silly arguments that I made.

> You are forgetting that DRM stopped all that piracy that bankrupted the movie industry. That's also why there were so few movies released in the last 15 months or so.

DRM didn't stop anything, and the movie industry is not bankrupt.

One could easily argue that there might be other reasons why few movies were released since the start of 2019.

> It really debunks that myth that open source software could ever handle the strong encryption that's so desperately needed to protect new movies and TV shows from showing up on The Pirate Bay.

The myth? Do you realize that literally every single web browser is built on an open source foundation? And how is decryption in the browser going to keep a determined person from grabbing the screen output or even grabbing the keys?

Remember, not your keys, not your lock.

> I for one welcome this cogent and secure technological response to a market issue.

Why would a technological response be appropriate for a market issue?

[oooooooooooow]

I call nonsense on this one. Anything that's on current streaming services (especially the popular stuff, aka the money makers) can be easily found on p2p networks. DRM has never won a single battle that I know of.

These services are not successful because of exclusivity, but because of convenience, feature richness, legality, speed of access... in other words they are worth the price.

It's important to be aware of this: the media streaming landscape becoming more and more fragmented directly impacts the most important reason why people are paying for these (convenience), which could lead to a harsh reality check for production companies.

[yyyk]

>DRM has never won a single battle that I know of.

You need to define 'victory' in a proper manner.

Businesspeople don't really care if some lone hacker in some forsaken internet forum broke their DRM. They don't need to fulfill the perfect technical victory condition. So long as they've limited the use of the devices for nearly all users for the commercial lifespan of the device*, and (most importantly) so long they think they make more money than without, they've won as far as they're concerned.

Their criteria is far more realistic and relevant to the world at large than the technical 'never ever get hacked' criteria. There's a good argument that perfect protection (if it were possible) would actually be counterproductive to the bottom line.

* Just look at how general computing has been getting more and more restricted.

[tumblewit]

More like ISP StreamingService partnership did this since it is far cheaper for them to streaming from edge boxes at their own CDNs than p2p which hurt the ISPs because they have to pay for peering bandwidth. Also streaming services are just too mature these days and easy to use compared to p2p. There are plenty of free licence movies and tv shows but even those prefer streaming platform over p2p. It has almost nothing to do with DRM.

[argon0]

I don't know what you're talking about. As long as you can videotape a screen in a dark room and get audio out a 3.5mm jack, piracy will continue. The only way to prevent piracy is either:

A) only allow movies to be played in theaters

B) watermark all content, and vigorously track down freeloaders based on the watermarks

You can still find most movies/TV/books/music for free on the open web as long as you use a search engine other than google.

[eptcyka]

Bankrupting? When has a Hollywood movie not been a massive success in viewership but a massive loss on the balance sheet? I wouldn't trust Hollywood accountants.

[sumtechguy]

Even star wars was a failure.

[ddalex]

> payments it's similar

Without the protected path, how do you know that a malicious program doesn't use a low-level API to start a payment from your account without you noticing ?

[berdario]

1- You don't, but it's not a real problem since non-cryptocurrency payments are reversible and trackable, so scammers won't use them. They'll rather exploit analog ways to get money out of you, recent example: https://www.youtube.com/watch?v=VrKW58MS12g#t=7m18s

2- You don't, but sandboxing should be enough to isolate untrustworthy apps from OS-level APIs that could do what you're afraid of.

[anoncake]

The problem is that people have to run untrustworthy software to begin with.

[colordrops]

Android is still horrible until you can control background activity or at least background network traffic. There is no way to shut those off completely. I assume this is an intentional decision by google as it would severely limit the platform for analytics and marketing.

[NotPavlovsDog]

A simple approach without root is using a fake VPN blocker such as Blokada (FOSS) https://blokada.org/

Scary to see all the hits. For complete - requires a lot of work and the custom ROM builders do not appear to be so interested.

[colordrops]

I do use a fake VPN blocker, and that's how I found out that you can't do it. You can either block completely, or you have to allow background network. There needs to be a "only allow data while in foreground" but google is a sociopathic company (as are most public companies) and wouldn't do something like this that is user friendly but revenue unfriendly.

[NotPavlovsDog]

As you outline, only a partial blocking is possible when google services and applications are on the phone (today this includes most apps from the g-store).

A "pure" analytics service may be blocked when reaching to a known spyware server. Bundled spyware and telemetry (is that "google core") are unfortunately not blocked.

[birksherty]

I still root for fine tuned privacy (through xprivacyLua) and app backups (through titanium backup). These 2 apps provide features that are not available in any other os.

[arsome]

Interesting, looks like there's an Xposed solution that passes safetynet easily these days. Might have to give XPrivacyLua a proper go.

[_e]

I have used XPrivacyLua for years. It is great but not perfect.

Daniel Micay,author of GrapheneOS (an Android fork), pointed out some shortcomings of XPrivacyLua on reddit[0]:

You do probably want the ability to force apps to see fake data, but this doesn't do that. It's a client-side check inserted into the app that the app can bypass (even unintentionally, by using a different client-side implementation) or disable.

It does not provide any isolation and cannot fundamentally improve privacy / security because it's based on client side checks, which is not a working approach. It relies on apps not accessing the data via other approaches or alternate implementations of the client-side code, which isn't uncommon. Apps can also detect it and simply work around it directly. This will only give you a false sense of privacy / security. Apps will likely use the fake data for their user-facing functionality, making you think that it works, but a tracking SDK bundled with the app can easily bypass this and harvest your data if you allow the permissions via the OS. This is harmful approach...

[0] https://www.reddit.com/r/GrapheneOS/comments/ch5kv8/is_magis...

[birksherty]

Why does he say client side only, yes it provides fake data to apps and doesn't isolate, that's not what xprivacy says it does anyway. How is that bad? What are those ways client can easily bypass? It definitely improves privacy for me. Looks like he was promoting graphene os without giving any proper information.

[Mediterraneo10]

Plus, several countries have announced that their COVID vaccination passports will exist mainly in app form, since paper certificates are supposedly too easy to forge. Since only a tiny minority of techies like us around here run alternative Android images and app developers have come to expect Google Play Services everywhere, it is almost certain that those COVID passport apps will require Play Services (or even Safety Net, which means MicroG wouldn't be a workaround).

[eikenberry]

A lot of people still use flip/feature phones as well and other people just don't have cell phones. I guess these people are just forbidden to travel.