Privacy is dying (for real this time)

Image collage of various issues regarding the past year in privacy

10 years ago

If I were to tell you the only way to install an app on your own Android device that you developed would be to send Google your state-issued ID, you wouldn’t believe me.

If I were to tell you Linux distros would have to check the age of their users, you wouldn’t have even understood what I had just said.

If I were to tell you Samsung would remove the ability for official firmware to be flashed on their mobile devices, you would have laughed and called it nonsense.

If I were to tell you mass private message scanning would be incentivized or even forced by governments without prior suspicion, you would’ve probably said we lived in a democracy, where this could never legally happen for various reasons (unless you were from a country like China).

Unfortunately, this will soon happen, and it has already begun!

The state of privacy and freedom as of March 2026

Age verification

Several countries are pushing for online regulation of content deemed inappropriate for children, which may sound good, but the way it’s being implemented comes at the price of mass surveillance and free speech, while other less invasive methods already exist.

The EU is pushing for but also somewhat fighting against Chat Control, while other countries and states already have similar laws in place (e.g. the Online Safety Act in Australia and the UK).

The proposed solutions start with age verification systems, which require scanning your face or your state-issued ID, or both. This is a major security risk; you don’t want to give away your ID or passport to some random website or company. And if you’re OK with that, then you should also be OK with your ID being exposed in a data breach and giving up control.

Some people also find it scary to have a government ID tied directly to your online presence, not to mention that such solutions absolutely obliterate the right to anonymity. There are already better zero-knowledge solutions to age verification, which do not require scanning your ID for each website or app.

California passed a verification law that tries to enforce age verification at the OS level, which takes effect on January 1st 2027. Yikes! Not to mention that other states are following suit with much stricter requirements. These laws would require your OS constantly transmitting your age to all your apps.

As if systemd didn’t already suck enough, a guy named Dylan M. Taylor, who works for what appears to be a suspicious looking and possibly unethical credit company has pushed a PR paving the way to future endorsement and compliance with the Californian age verification law. Dylan has hit many other big open source projects such as Arch Linux and Ubuntu. Yes, it’s literally a field in a file at this point in time that anyone for some time will be able to lie about, but that doesn’t mean the idea won’t be built upon in the future, and this is exactly what others in the open source community fear. On the flip side, open source is open source, and you can still remove or add whatever you like to it, the problem is that the majority of people will still use what’s available, hence the backlash. Let’s just hope the law won’t actually be enforced anytime soon.

Someone on Reddit traced back $2 billion in lobbying efforts and various PACs to pass verification laws, which are beneficial to big tech companies (most notoriously Meta).

Mobile freedom

Looking at the mobile market, it seems that we are speedily heading towards a future, where the software (and firmware for that matter) on your mobile device is not controlled (or in some cases even installed by you) but by whoever is in control (be it the vendor and/or the government).

I’ve already seen stories of people on XDA, who say their bank requires them to have their app installed in order to log in (even from the desktop). This is and was the case with Revolut from the beginning, which cannot be installed on some custom Android ROMs because of Play Integrity and other shenanigans.

About 2–3 months ago I installed a custom GSI on a new Samsung tablet using some really niche (and smart) methods that few know of, but in order to do that I still had to unlock the bootloader (OEM unlock toggle in settings). 2 months ago I wanted to put on a new GSI and do a clean install, so I flashed the latest firmware and to my surprise the OEM toggle wasn’t anywhere to be found. It turns out Samsung had silently removed the option to unlock the bootloader in One UI 8.0, and so I had just locked myself out, bootloader locked, forever. You can’t downgrade because you would blow a physical fuse, which would hard brick the device (thanks Samsung! I just don’t get what this protects the user from!).

What’s more, Samsung has doubled down and has started removing the option to flash official firmware for Samsung devices. In the best case scenario, you will still have to go through hoops to re-enable it. Imagine a Samsung update corrupts your phone’s system, and you can’t flash the official firmware on it… And yes, doing a factory reset is sometimes not enough, or you might not even be able to boot into recovery mode to do it. This is really concerning seeing that the mobile vendor market share of Samsung in the USA is about 20%.

Perhaps the worst news of all is Google killing alternate open source stores such as F-droid by requiring developers to give up their government IDs is order to install those APKs locally, even if they don’t want to have their app on the Play store.