this post was submitted on 19 Mar 2024
9 points (90.9% liked)

deGoogle

180 readers
1 users here now

founded 1 year ago
MODERATORS
[email protected]
9
Situations where a Google account is essential -- feedback wanted (infosec.pub)
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

I would like to collect the scenarios in which people are forced to enter Google’s #walledGarden (that is, to establish and/or maintain an account).

If someone needs a Google service to access something essential like healthcare or education, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

  • right to life
  • healthcare
  • freedom of expression
  • freedom of assembly and of association
  • right to education
  • right to engage in work and access to placement services
  • fair and just working conditions
  • social security and social assistance
  • consumer protection
  • right to vote
  • right to petition
  • right of access to (government) documents
  • right to a nationality (passport acquisition)
  • right of equal access to public service in his country

Below is what I have encountered personally, which serves as an example of the kind of experiences I want to hear about:

  • Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:
    • major medical provider (megathread)
    • emergency apps (e.g. that dial 112 in Europe or 911 in the US)
    • banking apps
    • apps for public services (e.g. public parking)
    • others?
  • (education) Google docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped in pursuit of education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.
  • (education) A public university’s wi-fi network involved a captive portal and the only way to gain access was to supply credentials for a Google or Facebook account.

I’ve noticed that when creating an account for a public service I often have the option to supply credentials for Google or Facebook to bypass the verification process. In all cases of this kind of registration shortcut being used for public service, there was an alternative Google-free way to open the account. But in the private sector, I’ve seen this style of registration that absolutely required a proxy login via some shitty walled garden (like the university wi-fi). So I wonder if there are any situations where a government (anywhere in the world) requires a Google account in order to get service.

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 5 months ago (1 children)

While technically you don't need an account to access Play Store (e.g. via Aurora Store), the Austrian eID service ("ID Austria") is only available there. This is true for both apps, the "Digitales Amt" and "A-Trust Signatur".

[–] [email protected] 4 points 5 months ago* (last edited 5 months ago)

I’m collecting this info to document the extent that Google’s walled garden has a trapping effect. I regard Aurora Store as an illegal hacker option in this context because Aurora Store gives just two options:

  • supply your Google creds (which neglects to escape the walled garden)
  • use an anonymous account, which is actually a shared account that violates Google’s ToS

I personally will not do either of those because I believe that by using the exclusive app, it signals to the bank (or whatever establishment) that they successfully got the app to me and that there is no problem with their way of operating.

Anyway, I appreciate the info on the “ID Austria”. That’s indeed a noteworthy factor in documenting the Google trap.

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago)

In India a lot of payment happens through UPI. UPI apps can be used without Google but all apps use "Play Integrity API". The tests can only be passed by Google approved software and hardware, especially on recent versions of android - which Google forces on you in the name of security.

Also all banking apps use Play Integrity API. Not just UPI based payment apps.

Google WEI is a step in similar direction for web.