I'm shocked by people and state using the crutch of cyber crime or scams to push a totalitarian solution to a problem that is better solved by improved education and targeted campaigns against common security pitfalls.
I abhor any decision that robs even a grain of my individual freedom.
India is currently run by a nationalist regime headed by the so called "butcher of Gujarat"[1], there isn't much that would shock me wrt to that lot's totalitarian tendencies.
Mate, this isn't even remotely "nationalist". This stuff is being pushed across the world. Digital ID? The only people really desperate for it are our rulers.
How so? In Sweden we have digital ID and it's great! Super practical and I struggle to think of how it would be used to spy on citizens, given that it has the same legal protections as banks have regarding your account transactions etc.
Like sure you could in theory see every document I've ever signed if you have a warrant for BankID servers, but you could probably glean most of that if you had a warrant for the banks servers anyway, so it's not really a new capability.
The best implementation I know of digital ID is the one in Estonia. It comes with a data tracker, such that each citizen can see who exactly has been looking at their data [1].
Done more or less like that in Belgium too. Basically, if any civil servant look at your data, this is recorded in the "Banque Carrefour de la Sécurité Sociale". Your eid is used to authentify/authorize you on various state web site (which is OK)
The problem isn't where digital ID starts, it's where it ends. It will start by being benign enough, and end with the ability to cut off dissidents in an instant. I'm aware that some Swedes are already getting microchipped. If you want to be branded and tracked by the state, that is your choice... Don't force it on the rest of us.
> Like sure you could in theory see every document I've ever signed if you have a warrant for BankID servers, but you could probably glean most of that if you had a warrant for the banks servers anyway, so it's not really a new capability.
It's a single point of failure. Digital ID servers on creation because as valuable to compromise as value_of_bank_hack*bank_count plus whatever other services are rolled in.
Furthermore now only one warrant is needed, or one illegal executive order. Take the USA as a live example - legal protections aren't actually real, a government official with enough political power can just do whatever they want while the courts struggle to keep up, and then just ignore court orders.
If your identity is spread out in many different ways, at least then there's more friction to compromise. Just because one bank capitulates doesn't mean the actor immediately has health information on you, for example. Just because the unemployment office capitulates doesn't mean the actor has your financial records.
I think a lot of people in the US are clinging to the hope that this type of friction, along with judicial decisions, will cause the process of removing our legal protections to stall out. I'm not optimistic that this is the case, because the party currently driving the federal incursion on private and state-held data is the one that until recently was opposed to things like national ID. Anything can be done in the name of protecting people from N, if you can get a majority to be afraid of N.
I don’t really get why people seem convinced that the government is removing protections for all citizens under a smokescreen of illegal immigration handling, as opposed to taking limited and temporary measures to deal with an unusual situation.
My current interpretation is that they are fear mongering about violence because they are actually way more racist than they admit publicly, and might want to remove more people than they were letting on initially.
So okay you can definitely disagree with that, and how you feel about it can definitely be influenced by how much you feel threatened (personally or network) and that’s valid.
But why do we think that they are using this as a ruse to like become despotically authoritarian in general? Do we think that the borders were opened intentionally to fabricate this “crisis”? If not, it would be such a huge coincidence, because there are a zillion reasons to be concerned about the demographic situation without needing to use it as a smokescreen, what are the odds that this problem organically appeared and then they happen to be able to take advantage of it?
Note that I’m not asserting that the borders weren’t opened intentionally to fabricate this problem to which they can react with a “solution”, that sounds exactly like something a government would do. I just don’t hear anyone saying that out loud, at least, and having personal network or moral values or whatever threatened and reacting to that just seems a lot more likely to me as a reason why people feel like the world is ending.
> I don’t really get why people seem convinced that the government is removing protections for all citizens under a smokescreen of illegal immigration handling, as opposed to taking limited and temporary measures to deal with an unusual situation.
Probably because the actions being taken are against people of every category; illegal immigrants, legal immigrants, and naturally born citizens.
As has been noted, _anyone_ not being entitled due process means _nobody_ is entitled to due process. Because then can kidnap you, claim you're "of a group not entitled to due process", and do whatever they want to you. And you can't push back because you're not in that group... because you need due process to do that.
> But why do we think that they are using this as a ruse to like become despotically authoritarian in general?
At some point, you have to call a duck a duck. They're doing things that despotically authoritarian would do, over and over. They may or may not _think_ that's what their goal is, but it clearly is.
What actions are being taken against legal immigrants and naturally born citizens?
Are you referring to getting arrested and released due to some suspicion (let’s say the suspicion is always fabricated for the sake of argument), or deported, or something else?
On due process, if someone accidentally gets a free flight to a foreign country, that totally sucks and they should be paid compensation, but let’s not pretend that deportation is the same as what authoritarian regimes typically do. Have people disappeared off the face of the earth? I think the Germans of the ‘30s would have a very different reputation if they had simply attempted to deport all the Jews…
Of course this is where it starts. If you ever find yourself in the situation of saying “at least it’s not as bad as Nazi Germany” then you’re probably not heading in a good direction.
A citizen being rounded up by the state and bundled off to a foreign country illegally and with no process is absolutely kidnapping regardless of how much you want to pretend otherwise.
> what are the odds that this problem organically appeared and then they happen to be able to take advantage of it?
Quite low. Borders weren't open to fabricate an excuse to engage in authoritarianism - the excuse was simply fabricate, whole-cloth, with no basis in reality to justify it.
There is no immigration problem in the USA. Large portions of the American economy are dependent on immigration, documented or otherwise. Immigrants, documented or otherwise, commit less crimes per-capita than USA citizens.
So, the current government is using immigration as a flash-point to get themselves elected, and as an ongoing distraction away from their failure to address their other platform (affordability). Getting to be more authoritarian is the stated goal, based on the plan outlined in "Project 2025."
Well this is a controversial statement. Many people have thought there was an immigration problem in the USA since well before Trump entered politics.
If I pretend to believe that there is definitely no immigration problem, though, then I agree with you. But like I said, that is a controversial statement.
Would you believe that the people who support this just do believe there is an immigration problem? People are allowed to care about things other than the economy and crime stats, by the way.
What is it about being a US citizen that increases criminality? Shouldn't we expect that crime comes down as the US has been a leader in immigration, considering immigrants commit less crime? Has crime come down in Europe as it became a leader?
I've been trying to make sense of the statistics. Interested to hear any explanation that can reconcile these contrasting observations.
There are schemes, where e.g. KYC would require centralized storage of identifying information, which is equivalent or stronger than Digital ID. I'm not sure why Digital ID servers would store your health records.
Sweden's population is only around 11 million people, and you're geographically concentrated in the southern mainland provinces or near Stockholm. Both of those make thing a lot more practical to manage and make it a lot harder to abuse because you don't have the scale to make profit as attractive, or the distance to make oversight more difficult. You're also relatively culturally similar.
It doesn't seem like those should matter so much, but it really does make everything about democracy easier.
Things get much weirder when the population isn't so low or isn't relatively concentrated.
I mean, I can do all my voting, tax filings, etc. etc.
All the way from Mexico, with no issues. You're right that most of that must of the Swedish population resides in the south, but, as someone who grew up in Northern Sweden, it's not like we're marginalised or anything, not really.
the singaporean "singpass" has been an amazing convenience. at this point its like why is any company still asking you to fill in personal particulars on forms? they should ask for access to singpass and you just authorize them.
you apply to or for anything.. and they just give you the option of authorizing via singpass.. and you use your passkey-like singpass app to authorize it... and its done!
you go to hospital and they need your medical records? singpass
you go to university and they need your academic history? singpass
you apply for bank loan? insurance? license? food handling permit? singpass
Doesn't this mean that it's not only your hospital that sees your medical records, but... everyone who would otherwise only need your name and telephone number?
Or is there some way to restrict which party gets which data?
I don't think any of the national id services I've heard of stores all your data in a centralized place. Usually the national id service only provides identification to the service providers that request it. Each service provider (like, your bank, hospital, pension provider) will store their own data as they've always done, they just use the service to identify you.
For now you may need a warrant. However, after just a simple law change, it will all be available without a warrant. I'm not saying there will be a law change, only saying that it brings us one step closer to data.
Sweet how the OP is about something that exactly corresponds to what EU wants badly too - chat control - but you decide to talk about Digital ID. OK wait a bit more, then your beautiful DID will start making more sense.
In CZ, we have a so-far-somewhat-nonintrusive digital identity that is mostly used to access government services.
Yet we already had an interesting situation which shows just how complicated trust is. Sberbank, the Russian bank, was slated to issue digital identity certifications in March 2022. Then Russia invaded Ukraine and Sberbank got booted out of the country before actually gaining that capability.
What if it was March 2021 instead? How would we treat signatures on documents verified by Sberbank a day before the invasion etc.? What if the content of that document was really suspicious? Etc.
In the US (approximately) everyone has a social security number and a driver's license. In practice, those are equivalent to universal ID, just more annoying to use in everyday life.
That’s sort of how all this type of policy is pushed through
Convenience - what you’re describing is convenience
It’s totally fine if you prioritize that over everything else, but my only thought here is that everyone should be crystal clear in what they are trading off for convenience
It’s convenient for the government too, tk have a single identifier to thread a persons entire life
We are, sadly, well beyond any expectation of privacy, but we should at least be aware of it and try to not make it worse
Again,I struggle to think of how it'd be used gather any data not already available.
Yes it's selling point is convenience. Convenience is good.
In this particular case I disagree that there's a price in privacy. At least currently, and the way the Swedish electronic ID is implemented, I don't see it.
With other variations there might be problems of course, though I'd worry more about someone messing up the security of it rather than privacy
I used to think like that. Now in my country we have a president who would use that to deport or target political opponents, track people who criticize Israel, etc.
You can never put the genie back in the bottle and you never know who will be in charge in 20 years
The president isn't supposed to have that much power in the US either. The federal government in general wasn't supposed to have much power; power is supposed to be reserved to the states except for specific scenarios enumerated in our constitution. Unfortunately, a century of blatantly illegal power grabs by the federal government, combined with Congress (which should've acted as a check upon the president) willingly giving their power over to the president, we are in a pretty bad spot. However, if it happened to us it could happen to any country. At the end of the day the constitution of a nation is only meaningful to the extent that people will actually enforce it.
There’s not a lot of privacy ins Sweden anyway. Way too much private stuff is public and continuously scraped by private companies.
For those who don’t know: by just looking up a name, you can find a persons birthday, address, who also lives there. Oh and the person’s salary is public too.
The point is that the more identifiable information that the monopoly on violence has the easier it is for something, anything really, to be used against you should your tribal affiliation conflict with the ruling party.
"Hey now guys we just voted this law, now you need to use your BankID to login to your phone the first time. Because, think of the children! And well, if you have pictures we deem forbidden, you'll be reported."
Once the infrastructure for mass surveillance is available, States are tempted to use it.
Also even if it may be ok in Sweden for cultural reasons, the rest of the world unfortunately isn't (but can enjoy private washing machines in exchange).
Yep, I'm with you, I agree that the underlying power plays are fully harmonious with global (and globalist) trends.
With "nationalist" I was referring to the BJP's "hindutva" ideology, which is essentially a nation-centric ideology of "India for Hindus" (minorities and non-upper-caste/non-brahmanic forms of Hinduism be damned).
1. Modi is considered Other Backward Class which is a low caste.
2. Hindutva ideology according to Savarkar, who came up with the term, is that Hindu is a national identity not a religious one. Sindu became Hindu in Persian, and Indus in Greek. And the Sindu was a river. So the Hindutva ideology is in reference to the people on the other side of the Sindu river. This is why Hindutva literally translates to Hinduness. I understand that this doesn't always translate into religious tolerance of Muslims (yes, I say specifically Muslims) but that is because the RSS was formed to counter attacks on Hindus by Muslims in the 1920s. Hedgewar (Founder of Rashtriya Swayamsevak Sangh): A Definitive Biography by Sachin Nandha was a super informative deep dive into the BJP/RSS.
3. Modi has a 70%+ approval rate even after more than 10 years in power. So his government is popular and the results of the BJP's power are hard to ignore in terms of the infrastructure and India now being the 4th largest economy.
Speaking specifically to this law I think the government is just setting up a back doors of sorts with the recent bomb attack in Delhi and the terror networks founds in India.
> that is because the RSS was formed to counter attacks on Hindus by Muslims in the 1920s.
> Founded on 27 September 1925,[18] the initial impetus of the organisation was to provide character training and instil "Hindu discipline" in order to unite the Hindu community and establish a Hindu Rashtra (Hindu nation).
> ....After reading Vinayak Damodar Savarkar's ideological pamphlet, Essentials of Hindutva, published in Nagpur in 1923, and meeting Savarkar in the Ratnagiri prison in 1925, Hedgewar was extremely influenced by him, and he founded the RSS with the objective of "strengthening" Hindu society.
Please stop spreading baseless opinions as fact when you yourself know no better. And for matters involving communal issues, I would much rather trust a crowd-sourced knowledge base rather than the opinions of a half-assed biography.
An ugly truth, one that must never be spoken too loudly, is that most of the people designated "lower castes" by the "upper caste" Hindus, and others designated "tribals" (adivasis), follow a variety of ancient pagan personal "religions" (belief systems) that are "Hindu" in name only. They don't actually consider themselves "Brahminical Hindus", and are forced to identify (by the "Brahminical Hindus") as Hindu because that's the only choice available to them, in census forms, etc.
And what about their traditions makes their religion not Hindu but makes the “Brahmanical Hindu” traditions Hindu?
The claim that there aren’t other religions is not true because a lot of lower caste folks have explicitly converted to Christianity and or Dalit Buddhism as promoted by Ambedkar who was the driving force behind rights for lower castes in India.
"Brahminical Hindus" is new concept I heard for the first time. From an academic perspective, I would more than likely challenge the word "hindu" being used as a religion name. Most religions are more defined/codified. At the end of the day its all a tool to manage power/people, boundaries or groups can be created with almost any data point. Your comment/observation just happens to define/declare one new type of boundary
From what I know, religions except Christianity and Islam are generally grouped under Hinduism for most things(marriage law for instance) and by default you're considered a Hindu(you can't be officially an atheist).
The lack of digital ID is a huge problem in many domains and enables a lot of scams and crime in the first place.
Requiring identification in situations that don't need it is where the problems start, but that's possible with analog IDs as well, and is often even worse there (since these provide neither security against digital copies, nor privacy, which digital ID can, e.g. via zero knowledge proofs).
The problem with digital ID is that it can be switched off in an instant. I was talking to some people in a strike picket line about this. They seemed unaware of it. Suddenly you would be unable to travel, pay your bills and access internet etc for doing the wrong thing.
> Requiring identification in situations that don't need it is where the problems start
Which is exactly the argument against digital ID, because it reduces the friction to asking for ID in situations that don't need it, causing it to become epidemic.
Meanwhile nearly all the instances where ID actually should be required are also instances where showing up in person should be required, like taking out your first line of credit with a financial institution, or signing on to a new job. Because the entire point is to verify that that person is the person on the ID and not someone in Russia who managed to hack their phone.
Personally, I liked the low-tech solution of code cards + password (2FA), used by e.g. Denmark as digital ID, now discontinued. I am aware that it is imperfect, and if you are not careful with MITM attacks you can get in trouble, but it was a good compromise to avoid the temptation to track citizens. Something like a hardware TAN generator, but with protection against MITM, would be an ideal compromise. The current trend of moving towards mobile apps that require hardware attestation is worrying.
Definitely, requiring the entire smartphone to be "trusted" is way too much.
Small external signers with a display and confirmation button are a nice compromise (and also largely solve MITM!), since I don't mind an external device being under somebody else's administrative control as long as I can run what I want on my smartphone or computer.
But people don't want to carry two things... Hopefully we can at least have both as alternatives going forward.
True, but that's already a much less clean separation between the credential issuer's and my domain on many dimensions other than security.
As an example, this was the security model for mobile contactless payments for the longest time, and arguably as a result these never really took off until Google came up with a software-only alternative for Android. The potential for rent seeking of the hardware vendor is often too great, and even absent that, it requires close cooperation of too many distinct entities (hardware vendor, OS developer, bank, maybe a payment scheme etc).
(Apple had no issues, because their ecosystem is already a fully walled garden, and they can usually get away with charging access fees even for non-security-relevant hardware interfaces.)
With a contactless smartcard, I might have to carry one more plastic card than strictly necessary, but the technology for that is pretty mature (wallets), and I can migrate to a new phone without any hassle or use my credential on somebody else's device in a pinch.
It's like people want to hand over scans of their passport and/or driving license to random businesses again and again, every time the need to prove who they are; and have their ID documents littered in Outlook mailboxes or company file shares with zero permissions.
Or be forced to install yet another ID app from a private service that requires you have an iPhone or "compatible" Android.
The debate about this in the UK is just crazy. Notwithstanding the current "febrile" state of politics. It has always received weirdly vitriolic push back.
What really is the Government going to do with a digital ID service that they can't do already?
I just want to be able to give estate agents, solicitors, a bank, etc my ID number and a time-limited code that proves I am in control of that ID (or however that might work), and be done with it.
> What really is the Government going to do with a digital ID service that they can't do already?
In 20 years, the UK suffers a terrorist attack just before an election, and then elects a ultra right wing government on a platform of "remigrating foreigners." You're a British born citizen but your mom fled from Iran in the 80s and immigrated to the UK.
If you don't have digital ID, and the government decides to "remigrate all Iranians," they have to collect information from several different government groups, e.g. maybe your mom got a passport in which case one government agency may just know she's a non-native British citizen but nothing more. Maybe your immigration agency stands up to the government and engages in legal battles to prevent turning over immigration information.
However if there's a digital ID system that lets the government instantly know everything about a person, you lose the protection of friction.
I believe this is one of the fundamental premises of representative liberal democracy, and one of its most redeeming features: balance of power is spread not just between branches of government, but through ministries/departments/agencies, which makes it much harder for a despot to do despotism.
I broadly agree on the theory of administrative friction increasing the resiliency of societies against non-democratic government action, but I wonder if that ship hasn't sailed with the digitziation of most governments: All that data is already present in some database, public or private (with the government able to coerce access in many cases).
So I get the historical aversion to IDs as the stepping stone of governments to gaining access to potentially democracy-subverting informational hazmat, but these days, I feel like the downsides of not having a ubiquitous and privacy-preserving ID scheme vastly outweigh the little bit of extra friction of it will ever add.
> However if there's a digital ID system that lets the government instantly know everything about a person, you lose the protection of friction.
"Digital ID" doesn't necessitate that all data is collected into one gigantic store with centralised access. Just that you can use the same attestation of identity to access the various systems. And you can also grant others access to a limited subset of the data.
If the government wanted to they could already have set up some direct access from (say) the passport office to HMRC. It's all digital anyway, backwards as the UK government can be, they're not sending people to pore over paper ledgers in person like in The Jackal.
Some of the system already works like this anyway with the share codes for permission to work for foreigners and proving your driving licence.
Theoretically you would also be able to have an audit log of who asked for attestation for access to which system using that ID. Which you currently don't have when everyone is doing it by passport scans, NI numbers given over the phone and so on.
What it does allow is a creeping over-attestation where you need to use the ID to do things that were previously anonymous or at least potentially anonymous. But since you currently need to use a driving license or selfie to look at boobies, that's already a thing.
“ICE was confirmed by independent review and U.S. judges to have violated laws including the Immigration Act of 1990 by interrogating and detaining people without warrants or review of their citizenship status”
Being able to break the law is never a good thing. Immigration agencies can still fight whatever after people have been kicked out as has been decided. Government inefficiency should never be celebrated.
> Immigration agencies can still fight whatever after people have been kicked out as has been decided.
Given that dragnet operations result in all sorts of random people being deported, including citizens, and given that sometimes these people are deported to countries where they face violence or death, you are arguing for state-sponsored violence without due process. Other than people immigrating, what other circumstances do you feel justify the elimination of due process?
Can anyone explain the history of "self ID" rules and laws in the UK? It seems like you do not have to prove your ID to the police. It is the reverse. As an outsider, I don't understand it.
The fundamental proposition on which all of English culture flows from is that of innocence. For example, in court, you do not have to prove your innocence because you are presumed innocent.
In the case of ID cards and the like, the state does not rule over the populace, it rules on behalf of the populace. I am innocent and they work for me. Hence, I do not have to prove to some random government agent who I am unless it is relevant to the task they perform, e.g.
- the police have a reasonable and justifiable suspicion that I am engaged in criminal activity
- an immigration officer may only ask for my details when I am crossing a border or, again, have some reasonable and justifiable suspicion that I am in need of deportation etc.
- Or perhaps I just need some documents from my local municipal office, and they rightly ask who I am and to prove it before giving out my private info.
Me going about my business is no business of the government's until I start abusing the rules.
The opposite view is that:
- I am ruled over
- Any agent of the government can question me and prevent me from going about my business
Of course, in practice, the application of such liberal principles like not requiring ID to go about my day are often not done well, but to change the principle is to change the entire character of the most fundamental aspects of Englishness. You'll note, much of the continent lurches between different forms of collectivist oppressive government whereas, until of late, the UK has not. This is because of the lack of this fundamental principle there, I am sure of that, and those calling for these kind of ID laws, digital or otherwise, are not to be entertained.
The most interesting case will be the USA, where they still care about the principles of English liberty, far more than the English do.
This theory mixes up the distinct concepts of the government, as a trusted entity (where applicable), issuing identity document for the use of its citizens (including in person-to-person or person-to-private-company scenarios), and that of the government requiring its citizens to identify themselves to it on demand.
Sure, its slightly harder to have a government issue credentials to everybody and not have them abuse the possibilities that come with it, but if a society can pull it of, there are vast benefits in many areas of life.
On top of that, the flip side of people regularly not carrying any identification documents seems to be a police force much more eager to arrest people on the spot to figure out their identity. (Presented as an observation without value judgement: This way of doing things does lower the likelihood of the police arresting somebody because of not carrying identification.)
Successive governments have been determined to change this.
A good current example is the Children's Wellbeing and Schools Bill which very much is based on the idea that the state, rather than parents, is primarily responsible for children. The Online Safety Act reflects much the same thinking.
I think there has been a cultural change. Both from the state, and from people who expect to be told what to do to a greater extent than the past.
> It has always received weirdly vitriolic push back.
Because, as the Home Secretary herself observed, it would fundamentally change the relationship between the individual and the state.
> What really is the Government going to do with a digital ID service that they can't do already?
This gives the impression of having done no research into a topic of which you now opine opposition to be "weirdly vitriolic". We live in an age of search engines and GPTs, free encyclopaedias and entire lecture series online, and even libraries are still open and free, but you've done nothing to get past the very first thoughts you've had on the subject.
Was that weirdly vitriolic, or someone pointing out that an argument to undermine everyone's rights should have some effort behind it?
I dunno man, your reply doesn't sound _kind_. Maybe you could try to explain the point you're defending rather than ad hominem and overextrapolate a perceived insult. I genuinely want to learn and it's frustrating that your comment does not do that.
If what you say were to be true then an accusation of ad hominem would itself be ad hominem.
I addressed their unkind and ad hominem argument. If you think me unkind then I will shrug and say, in hacker parlance, they should RTFM. They have not put in the slightest work before opining and criticising, and on something as important as this?
May they receive such weird vitriol until they learn to at least Google first. Doesn't it automatically run a GPT for you now? They, and surely the people around them, will thank me for instilling such basic discipline.
Calling their objections “weirdly vitriolic” belies both a complaint about “kindness”, and shows an explicit desire to not learn a single thing. Perhaps, if you have genuine curiosity in the future, you should be thoughtful about the questions you ask, and the ad hominem attacks you make in the asking, rather than whining after the fact because people didn’t excuse your lack of tactful interaction sufficiently?
Or just complain about “kindness” more - it’s easier to accuse others of being mean than to look in a mirror, I suppose.
The person to whom you are replying is not the person who said the "weirdly vitriolic" remark. You're chastising someone who didn't do the thing you are (rightly) opposing.
I was talking about this one policy. The mentality is not particular to India. The abuse of the so called Fourth Industrial Revolution is everywhere to see.
It's funny how it's all rolling out right around the same time. Almost like they get together and plot this stuff at big meetings multiple times a year, where they get lavish meals and entertainment, get wined and dined by the rich and elite, and... well. Must be good to be kings.
It's really 4 horsemen of the infocalypse garbage being trotted out, and the general population is clueless and credulous. "They're in charge, surely they must know what they're doing! They wouldn't lie to us! They most assuredly have our collective best interests in mind, and they'll do the right thing!"
Most average people assume competence and good faith from people in charge. Most people don't question, aren't skeptical, and go through life in a fog. That's not most people here, but it's like Gell-Mann amnesia applied to politics. 99% of the time, when politicians put forth a plan to do things in a domain you're competent in, they look like morons. It's exceedingly rare for them to do things well.
People trust elected officials, they trust institutions, they trust "experts", the media, the academics. A vast majority of people don't realize the scale of ineptitude amongst the people who wield power. Most of the "elites" are not overqualified geniuses, but instead average bumbling idiots who stumbled their way into office, or sociopaths, or physically attractive. Most political systems do not reward competence and diligence.
You could swap out all 535 congress people in the US for randomly selected citizens and I guarantee you that outcomes would improve. Things are going so badly because they're intended to go badly, because unethical people wield power for self enrichment and cronyism. The purpose of a system is what it does.
Having lived in lower trust vs higher trust societies, you can see it in how people assume their leaders think. High trust places like Sweden, people have pretty high faith in their leaders to do the right thing. Personally, I much prefer quality of life in a higher trust society. It is exhausting needing to second guess everyone everywhere all the time!
In Sweden, something like 40% of the population work directly or indirectly for Wallenberg family owned companies according to one stat. That will exclude the businesses who make money off people employed by them. So who is really in charge of Sweden?
It's a situation of turkeys preferring to live on the farm, except in the lead-up to Thanksgiving. It's quite good until it's suddenly very bad. It's fine if it's used to track down murderers etc, but we are seeing this now with various countries tracking down people who don't like Israel.
No it's kinda expected from the EU, Chat Control and other free speech restricting matters have been passed/trying to pass under the guise of protection.
He has been the PM For last 11 years. Your so called labelling doesn't stand scrutiny. India is prospering, with problems, but prospering for every religion sect and culture
It doesn't. But judicial scrutiny under a government clearly opposed to him does clear the mislabelling. And how does it even help the discussion here?
You are either being disingenuous or ignorant if you think the courts or anything else for that matter are truly impartial in India. Judges get killed, politicians get bought out, law and other enforcement agencies become puppets.
It does help the discussion here, the comment correctly points out how this literal 1984-esque action plays into the current regime's totalitarian tendencies which go way before the 2002 pogrom and of course their parent org, RSS which is a whole other can of worms.
Impartiality factors less when the entire Federal government apparatus is used to investigate some one for more than a decade. Also, by that reasoning should we start believing in the principle "guilty before proven otherwise"?
> It does help the discussion here, the comment correctly points out how this literal 1984-esque action plays into the current regime's totalitarian tendencies which go way before the 2002 pogrom and of course their parent org, RSS which is a whole other can of worms.
Who decided that those riots were a progrom? That term itself is misleading.
I am not fan of this step but the problems it's designed to tackle are huge in India and it's very much an option unless there are solid alternatives.
The EU is not run by butchers of anything, but they push Chat Control nonetheless.
Politicians crave power and control, it is that simple, and the current tech can give it to them quite easily. Not even Stalin could put a secret cop into every living room, but secret coppery can now be efficiently automated.
Your comment is inflammatory, biased, agenda driven and totally irrelevant to the topic under discussion.
I note that you are posting under an anonymous id.
Anybody who has even a passing knowledge of network/endpoint security knows that you need state intervention in the absence of widespread knowledge of cyber security threats in the populace. And no this is not a danger to the largest democracy in the world.
A state intervention in the form of mandatory app installation that no user can deny is a danger, especially given that the current government has allegedly used cyber surveillance to plant "evidence" in the computers of dissidents like Stan Swamy who subsequently died in custody.
Probably not. Though, for a decade after that the Federal government was controlled by a key opposition party. Essentially they(people who accused him) had all the time to investigate him.
Difficult to say. For one, they aren't appointed by the government in power, but have created their own "collegium" system where one batch of judges selects their own replacements.
They've also restricted the government's ability to change this system.
Pakistani spotted. You cannot impose western standards on India. India is in a unique situation where a lot of terrorist attacks come from both across the border and from terrorists within. USA is separated from terrorist countries by thousands of miles. India, unfortunately, is not. Surveillance is the only solution to protect citizens.
Please don't engage in nationalistic battle on HN. The guidelines ask us to be kind and to avoid flamebait and using HN for political battle. Please take a moment to read the guidelines and avoid this kind of thing when participating here https://news.ycombinator.com/newsguidelines.html
Yeah, yeah. India is a heaven and its people are angels, but terrorist groups are making it a hell. Honestly, grow up. How many people are killed by terrorist attacks, and how many are killed by rape, homicide, political conflict, gang violence, government mismanagement, pollution, corruption, etc.? More people die in India due to corruption than anything else, excluding the natural causes. Hold your government accountable first.
Please don't engage in nationalistic battle on HN. The guidelines ask us to be kind and to avoid flamebait and using HN for political battle. Please take a moment to read the guidelines and avoid this kind of thing when participating here https://news.ycombinator.com/newsguidelines.html
I was there during this, literally text my wife when got notice and said “I do not know when I will be able to text next so keep an eye on your email”.
Maybe but there’s a fair amount of corruption going on in India. For example, they got caught spraying water near air quality monitors (at them?) to make the data seem better than it is instead of actually tackling the problem.
Same dumbness applies to people who are supposed to enforce these laws. Enforcement authorities will often tell you to settle privately - “just return the money and ask your victim to rescind the case”. They don’t care for average consumer.
Considering that AI companies are strategically/financially in the same position as other market cornering companies like uber, imagine how much dumber things can get.
It's articles like these that make me comfortable saying you are part of the problem. Your materialist fear of losing a wholly replaceable phone is manufacturing consent for disaster.
I shouldn't have to accept government surveillance just because 15% of the population is functionally illiterate. We should have support structures for those people as a society, but "dumb people exist" is a fucking horrible argument for why I should have my freedom restricted
There doesn't need to be a solution that works for everyone. It doesn't matter how many barriers you put in place, people will always get scammed - so don't punish the other capable 85%.
You do in fact need a system that works for the vast majority. If your system flat out doesnt work for 15% of the population, you'd have mass riots and unrest.
Well, we are talking about a government that declared 95% currency in circulation as invalid to nullify “black money” and rationed out currency for months. Currently they are doing an electoral list validation by asking everyone to submit a form so they can keep their voting rights. The policies are made with a strong “ruler” attitude.
The SIR has been carried out historically many times in India. In the recent years a lot of Bangladeshi illegal immigrants (who ironically hate India) have registered as voters. A lot of political parties have changed policies to cater to these illegals. So this was due for a long time.
This is propaganda from the fascist ruling party BJP/RSS. After the Bihar SIR exercise, not even a single illegal immigrant was found. All this talk of illegal immigrants is classic anti muslim dog whistle.
It's especially annoying that democracies do that.
Give it a few years and suddenly China is no longer worse than democracies.
Modi and his clique are authoritarian though. It's interesting that so many indian vote for that clique. They seem to not understand the problem domain; similar to Hungary, too. (Don't even get me going on Trump's clique of superrich running the show. I recently watched CNN in the last days and I fail to see how CNN is any better than Foxnews - they manipulate people via what they broadcast. For instance, yesterday some random US general basically convincing people that nobody in the military would do double-tap, not even Hegseth, when the exact opposite has actually happened. Or some female today in a show trying to explain that the first attack on a fisher boat was "legal" anyway. People don't even realise how much they are manipulated by these private media entities. These are basically owned by superrich influencing people one way or the other.)
The problem iscontrolling people at intimate thought level. Sure education is part of it. But state controlled device tracking everything they say, where they go and who they are exchanging with is also a tool to leverage on in that perspective.
IMO the goal is a bit different. It'd be just way too much data to track people successfully, even with on-device filtering, especially because everyone with ill intentions would just use non-backdoored devices for their malicious activities.
A much more achievable goal is digging up dirt on specific people and opponents. In the end governments can struggle to justify how they got their hands on info about an affair you had or that you shocked dogs ~~on stream~~.
Such device backdoors are just a get-out-court-free card and a way for the media to justify not asking any serious questions.
I share your abhorrence but are you really shocked? "Think of the children", "Stop the terrorists," these have been the foundations for the erosion of personal liberty for the past thirty years.
I am unconvinced from a practical standpoint that this vision of the world that you wish to live in is even possible today due to the increase in sectarian communal tensions, dense cities, widely available cars/guns/etc and stresses from cost of living and income inequality, as well as the spread of ideas that mass casualty attacks might be a thing to do (the US did not have school attacks until it became an unfortunate "thing" in the culture that sick people glommed onto).
An absence of surveillance causes increased frequency of terrorist attacks which causes people to demand solutions (necessarily involving surveillance and other authoritarian measures) which leads to increased surveillance. It's an unfortunate negative feedback loop.
If you lack solutions for too long, the negative feedback loop becomes severe and instead of just surveillance within a liberal democratic context, you get public safety authoritarians like Bukele or Duterte.
"Surveillance doesn't materially reduce terrorist attacks" - I am not sure about that based on the number of arrests of plotters and the lack of visibility I have into the tools and methods they used to find those plotters.
"Terrorist attacks still happen even with surveillance" - Yes, but if they happen less frequently, this reduces the demand from the public to ratchet up authoritarianism. See the problem?
"Terrorist attacks are a price worth paying for our freedom." - I mostly agree, but feeling like this doesn't make any difference to the negative feedback loop, does it? Regular people want public safety from physical danger almost as much as food and water.
In most countries, death by terrorist is at least an order of magnitude less likely than death by bee. Strangely, we do not seem to be on a campaign to lock all humans in-doors to protect them from bees, nor have we declared a global war on beeism. These stats hold from before the modern surveillance regime, and so can hardly be credited to it. It's not actually a problem in particular need of urgent solving. Regular people are safe from terrorism, much safer than they are against most kinds of tragic accidents. What regular people are actually in danger of is losing all of their human rights to fearmongerers, who constantly invoke terrorism to erode them further and further.
Bukele and Duterte did not rise out of an environment of terrorism, so I don't know why you thought it relevant to bring them up. I think it is really sad to see comments on HN of all places advocating that if we don't implement chat control we'll spiral into a lawless hellscape.
Sincerely, you misunderstand what I am saying, or you didn't read until the end where I said that some level of terrorism is a price worth paying in my subjective judgment.
My point is that my subjective judgment counts for nothing, because the negative feedback loop that I described is a society-wide phenomenon beyond my control as an individual. Asking the majority of people to think the way you do about terrorism is somewhere between wishcasting and virtue signalling. It doesn't interrupt the causality behind the negative feedback loop, so it therefore fails to outline a path that can be trodden in the real world to achieve your desired vision of no surveillance.
I urge everyone to banish this mode of thinking which fixates on what "should" happen without first checking whether that desired end state is a possible world we can exist in once you factor in the second and third order effects beyond the control of any individual.
> Bukele and Duterte did not rise out of an environment of terrorism
Move your abstraction one level higher. They arose out of public safety concerns around murder and drugs and gangs. Those are not terrorism, but they fit under the same umbrella of public safety concerns that motivate regular people to demand authoritarian solutions.
India saw 779 million dollars lost to cyber fraud in the first 5 months of 2025.
The degree of cyber fraud in India is beyond insane.
Also - funnily enough - Indian telecom companies are meant to be fined for every SIM card given out under false data. There is already meant to be a check that stops this.
> I abhor any decision that robs even a grain of my individual freedom.
This is extreme and just as bad as any other extreme.
We have to find a way to maximise freedom across society. Being fixated on personal freedom won't turn out well. Whose personal freedom are we talking about? Should your neighbour be free to move the fence into your land? Didn't think so.
I will, however, give the benefit of the doubt and assume you mean giving up freedom without gaining anything. I don't see how this isn't a net loss for society.
Assuming it would do the stated job in addition to being a state way to your phone - it is a better solution, you ain't gonna educate you grandma easily, but if she can buy phone that protects her without having to look for it...
...of course, it won't work and even if they honestly tried it will be outpaced by scam industry. Or at worst case be state exploit that then will be exploited by other state (or just malicious actors) coz of lack of security in "security" software
As a non-Indian, the amount of scams and other external negative impacts coming from the country are extremely disproportionate, so if this evens things out a bit, I'm for it.
It's all happening really quickly, so I haven't been able to keep up. I know Starmer said that digital ID will be mandatory to work in the UK. Did he mention how that would be implemented? Is the UK going to issue and official device to everyone in country, or are the people supposed to pay for it? What about homeless, poor, and the provisional residents?
There’s a famous article by Terence Eden about the kind of devices that people are forced to use to interact with the UK Government, written with his experiences working for the government.
The devices include: A Playstation Portable. The latest stats include thousands of visits from XBox and Playstation consoles.
All modern smartphone requirements boil down to Play Integrity and iOS AppStore attestations.
The UK government hasn't decided yet how digital ID will work, currently it's just a talking point. Probably it will be an app that you install, like the NHS app. Nobody is proposing that it be installed by default.
Apple separately announced that a Digital ID feature will be built into iOS[0] which the UK may use or not use.
> few who don't, so I'm curious what the plan is to bring them in line
They will be told by their employer to get it otherwise they will lose their job. Just the same as now, only at the moment you need a paper passport rather than a smartphone.
> Probably it will be an app that you install, like the NHS app. Nobody is proposing that it be installed by default.
Whether it comes pre-installed or not is a distinction without difference if you need it for daily life
Edit: In fact, it would be better if it came pre-installed (and be removable) because then you don't need to agree to Google's terms of service to get the APK file. You would get it straight from your OS vendor which is presumably a trusted party if you intend on using that device. (Governments are usually not so forward-thinking that they let you get the APK file from the govt website directly without needing to go through commercial entities for something as essential as a national healthcare app. That would be an even better solution...)
> Probably it will be an app that you install, like the NHS app.
You do not have to use the NHS app. There is a website version.
> Just the same as now, only at the moment you need a paper passport rather than a smartphone.
Which demonstrates how little it achieves. People already need some form of ID for lots of things (notably work and renting housing). It does not have to be a passport though.
I wish the article talked more about this app India wanted to pre-install. Forcing the pre-install of apps is worrisome in general, but there's some nuance that is missed by not explaining what is being forced on the citizens. "Cybersecurity app" can mean a lot. From the looks it's a government-sponsored "brick my phone"-kind of app for disabling stolen phones?
> With more than 5 million downloads since its launch, the app has helped block more than 3.7 million stolen or lost mobile phones, while more than 30 million fraudulent connections have also been terminated.
I might be reading this wrong but these numbers seem very weird. Did more than half the people who downloaded the app block a stolen phone? And did each person who downloaded the app terminate 6 fraudulent connections?
It's not rare to have multiple phone numbers registered to a person's name fraudulently in India. Therefore, in this aspect the app will list out all the connections under the user's Aadhar (Indian Digital ID).
It will be a garbage app that most likely will not work, considering the historical incompetence of the Indian government's expertise in all things tech.
I am pretty certain Apple and Samsung will pay off someone in the government.
You are confounding intent with the implementation.It might be a garbage app to start with, but there is no opt out for the users. Given the payoff and endless iterations resources will be thrown at it and it would eventually get better.
> Given the payoff and endless iterations resources will be thrown at it and it would eventually get better.
Allow the user to download and install it if it turns out to be great. Do not shove things down people's throat against their wishes, like an authoritarian govt. Otherwise you start to resemble Stalin's Soviet Union.
RBI pushed an entire new second level TLD to India’s entire banking system with a 6 month deadline. It was a botched rollout but now every bank in India is using .bank.in, despite two of India’s largest bank owning their own TLDs (.hdfc, and .sbi).
It was a very insecure rollout with zero customer awareness, but it happened and almost every large bank moved. Sometimes silly pronouncements do result in silly change.
No. UPI. It's an initiative by the Indian government.
It's controlled by the RBI, just through a complex public-private corporate structure through NPCI.
UPI is much larger and more international than PIX. It's currently processing iirc something like 200 billion transactions. UPI is also used in several countries, France being among the most recent examples.
As such UPI has a broader scope than PIX and requires a public-private corporate structure with stakeholders from both sides.
But this is off topic. The competence of the Indian government to at the very minimum partner with Industry shows that such software preloaded on phones is a threat to the civil liberties of people that the State shouldn't encroach on. This is a violation of individual privacy.
All that couldn be as simple as educating people that there is no such thing as "digital arrest".
You are just telling the whole world about the average IQ of an Indian and how they believe in foolish things like "digital arrest".
And an app doesn't solve that. Digital literacy is a need for today, but the entire country is getting the latest smartphone, with dirt cheap data and zero knowledge of how to operate and own that technology.
Presumably the point is what they wrote, e.g. "an app doesn't solve that. Digital literacy is a need for today"
Not saying I agree or disagree but your reply comes across as passive aggressive to me. Not that the parent post makes pleasant insinuations either, to be fair...
How do you think operators built a database of spammers?
I've been reporting spammers since 2005, since DND rules came into place.
Only in the last year have I seen the spam slow down. Earlier operators would dismiss the complaint saying to it was a "transactional communication," now it's logged with TRAI and the operator and they have less room to manipulate the complaint.
I don't think the government is going to treat it like a local district website. IRCTC, UPI, e-Filing portal seem to be working fine for the most part, so pretty sure they can make this work eventually.
IRCTC is a private company.
UPI isn't government either.
Which e-filling portal is working nicely for you? My ITR was stuck for more than a year because some lame ass dev couldn't show proper error message other than suggesting that something needed to be done by my bank (which wasn't the case and only a year later did I decide to dig into th3 dev tools).
To praise Indian government is the most unlikely thing one should be doing for their mediocrity at developing things.
Same is the case with Aadhar, Digiyatra, etc. My government is hella incompetent at safeguarding data and privacy (unless it's their own data). And this app is 100% going to be a huge security hole on every device.
> It will be a garbage app that most likely will not work, considering the historical incompetence of the Indian government's expertise in all things tech.
Wait until "they" outsource it (on the pretext of national security interests) to countries that have deep talent in cybersecurity (like the US/Israel/Russia/China).
I wonder if this will cause a reduction in remote jobs for citizens. Compliance with US laws like HIPAA and FERPA have strict requirements regarding access. Many employees use 2FA on their personal devices, which if passed this law would interfere with.
I wouldn’t venture in the direction that many here will take.
I will point out that India have the highest number of victims of cyber-fraud. I personally know many people who have lost significant sums through social engineering attacks. The money is transferred to multiple mule accounts and physical cash is siphoned off to the fraudsters by the owners of those account. They choose helpless, illiterate, village dwelling account holders for this.
Another huge issue is unregulated loan apps. There are horror stories of people installing apps in order to take high-interest loans and then those apps stealing their private photos and contacts or accessing camera to take photos in private moments, and then sending those photos to contacts via WhatsApp when interest payment is overdue.
Then there are obvious security issues with terrorism and organized crime.
The government wants data. It's clear why. There is huge potential for misuse.
And you trust the government to only use it for good purposes? and not to track people who may be protesting or belong to opposing political/religious/cultural views? We know based on historical pegasus complaints that this trust has to be earned and can't be given.
There are lots of ways to solve for this, mandating that these companies own the identification process through their systems, report misuse, govern apps. Why taken on the ownership of a process that is better handled outside of government while the government holds them to account via huge fines and timelines but giving these large companies ownership of protection from scams or stolen phones etc...? win win and I think these large companies are due spending extra money to protect their users anyway.
I don't trust anyone blindly. The point of my comment was not to support the decision, but to show where it might be coming from.
What's inherent in the comment is- there are simply too many people to educate, "made aware", etc. So, this might be a knee-jerk reaction to fight cyber fraud. Not Big Brother sensorship.
I can say these because I know too much about the ground reality. An example from top of my head- SBI e-Rupee app doesn't launch in your phone if you have Discord installed. Yeah. Just because some scammers communicated through Discord.
Of course, I cannot guarantee that something sinister is not being planned or that this app won't be utilized for something bad.
There is also a small chance of some bureaucrat in management position taking this decision, so he can write in his report- "Made Sanchar Saathi app download soar up to X millions in 3 months through diligent effort..." just like highly placed PMs/SVPs in large tech companies eyeing a promotion.
Automatic mistrust of the government is a pretty juvenile take. Yes there are tons of ways, and having OEMs preload an app is the easiest one in a country of 1.1B mobile connections.
So, if you have tons of ways - you vote for the way that could lead to potentially the most exploitation of the population? No one is saying it "will" be exploited, but the potential itself should steer the solution clear off that direction.
> I will point out that India have the highest number of victims of cyber-fraud
Combined with worst enforcement and investigation efforts to tackle this issue. The default resolution on a cyber crime report is : Fraudster's account is blocked and they are given a choice to plead forgiveness from the accuser. They often return the money in lieu of the complaint being rescinded. Then fraudster is free to con others. Fraudsters know this is a numbers game that is why they hit every morsel they can get a bite.
Worse yet people use the cyber crime provision to take revenge. People can file frivolous cases without proof and ge others account locked. Banks will treat you with disdain and police will tell you to settle privately too.
What about investigations you ask? Very few cases reach that level. Local police file the FIR and they don't even know what is "cyber" in cyber crime. Fraudsters can continue playing the numbers game.
So, yes it is easy to talk about victims when the policies are lacking. And then this high number of victims can be used as a crutch to push insecure apps on everyone's phones. The worst part of it? They will get data and still remain clueless and inept in solving the high number of cyber crimes.
Gonna agree with you, even Singapore has announced several policy changes the past few weeks to deal with all the fraud - more severe punishment and forcing apple to change how iMessage spam with .gov.sg domains is handled.
I don't think this new app will resolve India's fraud issues unfortunately, there probably needs to be more policy changes at banks/fincos. As much as India obsesses with KYC processes, it doesn't seem to be working/enough. I don't see this new app being required as something totalitarian, it would be much easier for the gov to ask for that type of stuff to be tacked on to UPI apps anyways.
Yeah this is the wrong audience for this argument, but it has merit. An app like this can be both a massive government power grab and useful to protect many, many people who are vulnerable to fraud.
The number of my relatives that will just believe whatever someone tells them on the phone is terrifying.
> India is building a centralised backdoor into every phone in the country. That's a massive national security risk.
Are these what backdoors are? It's an app. It can be uninstalled, right? Are there physical backdoors like American agency NSA tried to install? Or like the Chinese phones that many suspect?
> way for the community to fight this is to keep finding holes in the app until they stop trying to put one on
I'm not familiar with Indian activist tradition. But if we look at other countries where this happened, the technical attacks didn't work. It had to be done through policy, instead.
How is it different from preloading apps like Netflix, GMail and other shady apps for profits that collects a lot of data.
Considering India's low literacy, having a state owned cyber safety app shouldn't be much of an issue. It's not like a backdoor, but safety of citizens, which is the prime mandate of a sovereign state.
The difference is restricting removal of the app. It takes away the user's choice. As far as I know all preloaded apps, at least on Android, can be disabled if not uninstalled.
> The November 28 order, seen by Reuters, gives major smartphone companies 90 days to ensure that the government's Sanchar Saathi app is pre-installed on new mobile phones, with a provision that users cannot disable it.
> It's not like a backdoor, but safety of citizens, which is the prime mandate of a sovereign state.
This sounds great in theory. But in practice this sort of thing is rife for abuse. Say, I have complete control over what this app installed on your phone does in the background. And you were my political opponent. Would you trust me to not use this backdoor into your phone to my advantage?
Apps like Netflix, GMail are not forced on users by a govt. It is an open marketplace. Users have options. They are free to buy phones that do not have those apps pre-installed.
> Pre-installed App must be Visible, Functional, and Enabled for users at first setup. Manufacturers must ensure the App is easily accessible during device setup, with no disabling or restriction of its features
While I can get behind the stated goals, the lack of any technical details is frustrating. The spartan privacy policy page[2] lists the following required permissions:
> For Android: Following permission are taken in android device along with purpose:
> - Make & Manage phone calls: To detect mobile numbers in your phone.
> - Send SMS: To complete registration by sending the SMS to DoT on 14422.
> - Call/SMS Logs: To report any Call/SMS in facilities offered by Sanchar Saathi App.
> - Photos & files: To upload the image of Call/SMS while reporting Call/SMS or report lost/stolen mobile handset.
> - Camera: While scanning the barcode of IMEI to check its genuineness.
Only the last two are mentioned as required on iOS. From a newspaper article on the topic[3]:
> Apple, for instance, resisted TRAI’s draft regulations to install a spam-reporting app, after the firm balked at the TRAI app’s permissions requirements, which included access to SMS messages and call logs.
Thinking aloud, might cryptographic schemes exist (zero knowledge proofs) which allow the OS to securely reveal limited and circumscribed attributes to the Govt without the "all or nothing", blanket permissions? To detect that an incoming call is likely from a spam number, a variant of HIBP's k-Anonymity[4] should seemingly suffice. I'm not a cryptographer but hope algorithms exist, or could be created, to cover other legitimate fraud prevent use cases.
It is a common refrain, and a concern I share, that any centralized store of PII data is inherently an attractive target; innumerable breaches should've taught everyone that. After said data loss, (a) there's no cryptographically guaranteed way for victims to know it happened, to avoid taking on the risk of searching through the dark web; (b) they can't know whether some AI has been trained to impersonate them that much better; (c) there's no way to know which database was culpable; and (d) for this reason, there's no practical recourse.
I recently explained my qualms with face id databases[5], for which similar arguments apply.
Looks like it's quire popular/established already, with over 10 million downloads. Basically a "portal" for basic digital safety/hygiene related services.
Quoting Perplexity regarding what facilities the app offers:
1. Chakshu: Report suspicious calls, SMS, or WhatsApp for scams like impersonation, fake investments, or KYC frauds.
2. Block Lost/Stolen Phones: Trace and block devices across all telecom networks using IMEI; track if reactivated.
3. Check Connections in Your Name: View and disconnect unauthorized numbers linked to your ID.
4. Verify Device Genuineness: Confirm if a phone (new or used) is authentic before purchase.
Every single Indian SIM holder got dozens of SMS from the regulator to push the app installations. When your marketing campaign is “Notify every Indian SIM holder”, 10M should be expected. Look at the reviews.
It doesn’t matter what the app does today it can be made to do anything they want after the fact.
Monitor speech, location, contacts, content, preserve evidence for prosecution, inspection your dinner choices or your sexual habits.
> It doesn’t matter what the app does today it can be made to do anything they want after the fact.
This is an extremely important point of universal application that can't be emphasized too much.
Even if one agrees with a current politician's position, once the precedent is set, there's nothing stopping an administration down the line extending the reach of an already installed and by then socially accepted mechanism.
Someone called this the "totalitarian tip toe"; that guy (who shall rename unnamed) was "a bit weird", but his concept stands anyway imo.
The more I see stuff like this, the more I think "you know, I don't think the world is collapsing, I think the old world is collapsing." Governments in their current form are increasingly becoming irrelevant (h/t to "The Fourth Turning") and actions like this prove it.
How is this demonstrating governments are irrelevant? It seems like it is demonstrating their continued power.
Steelmanning the argument, perhaps you see this as a demonstration that corporate power has gotten so large the government is being forced to react. I might believe that, but I can’t get from there to irrelevance.
Why you think so, pls elaborate. In the current form governments all over the world are increasingly having massive power over what citizens can do, don't and increasing it by degrees day after day.
It's a dangerous trend that is happening. From EU chat control to this, is like everybody is so interested to know what the hell I'm doing with my life. The problem is with my kids, they likely will not enjoy freedom as we did it.
Just another round in the decades-long battle of who owns your device: Industry or state. It's never you, mind you, who owns your device.
The perversion is that you are legally responsible for what happens with your device, but you are unable to prevent others from using it as they wish. An app like this is automation for putting people into jail. Just upload some illegal content and then "detect it". There's literally nothing you can do to defend against this attack, and it will work until it's overused.
So a pretty transparent way to tie IMEI to someone's identity and track their location under the guise of "finding lost phones" and "checking your phone's authenticity"
I think this is to crack down on sharing a SIM card which is registered to someone else. It ties identity + location + aggregates all SIMs registered to someone with their current location.
Not to mention they can probably payload anything into the app whenever they want.
That's already the case for most places around the world, unfortunately. Though, this does make the link rather obvious, which is a bit more surprising. Normally shady tracking just happens through a combination of data brokers and leaked databases.
It may be today. And you have no way to know for sure. But there is also no way to know what the app will do down the road when a politician you do not trust is in control of it.
This is great first hand feedback. I like these kinds of HN posts.
How do you think it works? Example: If enough people report, then some police agency investigates? Rinse and repeat enough times and the scam calls/SMS should fall?
It partially automates the process of lodging a complaint against a call, SMS, or WhatsApp communication.
On IOS, you still have to copy/paste the incoming number into a form, provide a screenshot of the message, date/time and it uploads the complaint to their systems.
They inform you that they will not send updates.
What I've observed is a huge drop in scammers, and new scammers get tagged as potential spam by the operator upfront. So they're doing something on the back end.
You can only file a police complaint if you actually suffered monetary loss. I haven't, so I don't know how that works.
The other benefit is that you can keep an eye on id theft used to get connections using your info. This is a huge problem in rural India. Scammers use this to create bank accounts to move money.
Basically IMEI stamping because sim card purchase with ID has come to be viewed as flawed/compromised by NatSec types in India. Here's some additional context from a previous thread on HN [0]
Lots of old phones still exist, so a virtual/eSIM does nothing to give visibility into those devices.
Also, India wants to own the complete end-to-end supply chain for electronics like what China did in the early 2010s, so India has been subsidizing legacy, highly commodified electronic component manufacturing [0] - of which physical SIMs are a major component because they both help subsidize semiconductor packaging as well as IoT/Smart Card manufacturing. A mix of international [1][2] and domestic players [3] have been leveraging physical SIM manufacturing in India as a way to climb up the value chain.
On a separate note, this is why I keep harping about India constantly - I'm starting to see the same trends and strategies arising in Delhi like those we'd see the PRC use in the late 2000s and early 2010s, but no one listened to me about China back then because they all had their priors set to the 1990s.
No one took the PRC seriously until it was too late, and a similar thing could arise with India - we as the US cannot win in a world where 3 continental countries (Russia, China, India) are ambivalent to antagonistic against us. Even Indian policy papers and makers increasingly reference and even copying the Chinese model when thinking about policy or industrial development, and I've started seeing Indian LEO types starting to operate abroad in major ASEAN and African countries helping their vendors build NatSec capacity (cough cough Proforce - not the American one - and their Offensive Sec teams).
Ironically, I've found Chinese analysts to be much more realistic about India's capacity [4][5] unlike Western commentators - and China has taken action as a result [6][7][8]
Do they actually have a choice? Usually with laws and orders from the government, you can't do much than either go with the flow, try to lobby against it afterwards, or straight up refuse and leave the market. Considering Apple's ties to India, I feel like Apple is unlikely to leave, so that really only leaves Apple with the first; comply and complain.
Yes. Apple's revenues are half as much as the government of India's [1][2]. That's a resource advantage that gives Cupertino real leverage against New Delhi.
Like any business Apple needs growth to satisfy the shareholders. New growth would come from India and China. Apple didn't leave China and neither it will leave India. India can and will survive without Apple. Though having it in the country would be good for optics.
The moment mobile companies locked down sideloading, ability to uninstall bundled software, etc., they made it impossible to argue techincally against bundled, uninstallable software from the government.
> Apple didn't leave China and neither it will leave India. India can and will survive without Apple
They can both survive without each other. But neither is going to break the arrangement without a lot of pain. They have mutual leverage with each other, and that becomes particularly material when one stops treating India as a monolith.
> India can and will survive without Apple. Though having it in the country would be good for optics
Apple has built an entire alternative iMessage+iCloud setup in China to comply with government regulation. They also bowed to the UK's demands to disable E2EE backups.
They'll probably try to make the app as non-shitty as they possibly can, and will probably leverage all kinds of geographical restrictions and whatnot to isolate the impact of these changes, but when threatened with a large market share hit, Apple will comply.
> Apple need India though. They’re moving a lot of their manufacturing there to derisk from a China
That creates obligations both ways. Put another way, Apple is an increasingly-major employer in India.
The real carrot New Delhi has is its growing middle class. The real carrot Apple has is its aspirational branding.
> they gave in to the CCP and always say ‘we obey the laws of the countries in which we operate'
Apple regularly negotiates and occasionally openly fights laws its disagrees with. This would be no different. Cupertino is anything but lazy and nihilistic. Mandated installation opens a door they've fought hard to keep shut because it carries global precedent.
I fear (Apple) will do something that allows the government to do what it wants (with a bit more work) without explicitly installing something.
For example, with the UK encryption debacle, Apple removed Advanced Data Protections (e2e encryption) for iCloud users in the UK. So users' notes, photos, emails are possibly open.
As concerning as it is, this is just another addition to the pile of malware that a modern smartphone is. Everyone including SoC manufacturer, RF baseband manufacturer, OEM, OS developer, browser developer and app developers add their own opaque blobs, hidden executable rings, lockdown measures, attestation layers, telemetry, trojan apps, hidden permissions and more.
We lost the game when we allowed these players to impose limits on us in the way we can use the device that we bought with our hard earned money. Even modifying the root image of these OSes is treated like some sort of criminal activity. And there are enough people around ready to gaslight us with the stories about grandma's security, RF regulations, etc. Yet, its the extensive custom mods like Lineage OS that offer any form of security. Their extensive lockdown only leads to higher usage costs and a mountain of malware.
We really need to demand control over our own devices. We should fight to outlaw any restrictions on the ways we can use our own devices. We should strongly condemn and shame the people who try to gaslight us for their greed and duplicity.
I completely agree with you but I'm not sure I can really think of a solution for the RF baseband problem. I really don't want to live in a world where everyone's wifi signal is terrible because lots of stupid software devs decided to boost the RF power for their product to make it work better.
> I will be suprised if companies like apple comply though
They will.
All tech companies already comply with India's IT Act. And India now manufactures 44% of all iPhones sold in the US [0] while dangling the stick of a $38B anti-trust fine [6] but also the carrot of implementing China-style labor laws [10] that Apple lobbied for [11], so Apple doesn't have much of a choice because both China and Vietnam (the primary competitors for this segment of manufacturing) have similar regulations while not shielding them from Chinese competitors. Samsung is in the same boat at 25% of their manufacturing globally being done in India in CY24 [1] while is also trying to further entrench itself [2][8][9] due to existential competition from Chinese vendors [3][7].
Heck, Apple complied with similar regulations in Russia [7] before the Ukraine War despite being a smaller market than India with no Apple manufacturing, engineering, or capex presence.
All large companies who face existential threats from Chinese competitors have no choice but to entrench in India as it's the only large market with barriers against direct Chinese competition - ASEAN has an expansive FTA with China which has lead both South Korea, Japan, and Taiwan to lose their staying power in countries like Vietnam, Indonesia, and Thailand where Chinese competitors are being given the red carpet, and Brazil is in the process of one as well.
And the Indian government is taking full advantage of this to get large companies to bend to Indian laws, as can be seen with the damocles sword of tax enforcement on Volkswagen [4] while negotiating an FTA with the EU and a potential $38B anti-trust fine against Apple [5] while negotiating a BTA with the US. It's the same playbook China used when it was in India's current position in the late 2000s and early 2010s.
Finally, India was in a de facto war earlier this year against Pakistan (Chinese manufactured missiles landed near my ancestral home along with plenty of Turkish and Chinese drones) along with a suicide bombing in India's Tiannamen Square (the Red Fort) a couple weeks ago [12], so anything national security has a bit more credence and leeway.
Even an open platform would do nothing. If you are a suspect, your phone would be checked in person (India doesn't have the concept of the 4th Amendment, and police demanding physical access to your phone during a search is routine) and if you were using something like GrapheneOS, it would be used as evidence against you. Indian law enforcement has already used access to Signal and Telegram as circumstantial evidence in various cases, and it's a simple hop to create a similar circumstantial evidence trail with someone using GrapheneOS.
And anyhow, major Android vendors like Samsung have aligned with the policy as well.
> and it's a simple hop to create a similar circumstantial evidence trail with someone using GrapheneOS.
I think this is a bit exaggerated for effect. No one in India considers having a Linux laptop as being circumstantial evidence in case of a crime. Whereas having Tor installed would be.
That distro is promoted ad nauseam here, most cybersecurity experts write their arguments to warn people but it gets tiresome to repeat the same arguments over and over again every week.
There is a search box on the bottom of this page, just research for yourself and learn what this is about.
Even in mainland China, where iOS does have a large amount of changes to comply with local regulations, Apple does not pre-install any apps from anyone.
China doesn't require pre-installed apps but the Chinese government require all data processing and storage to be conducted within China with complete source code access.
India chose to back off on data sovereignty [0] because it would have had a side effect of making Indian IT Offshoring less competitive plus to help make negotiating a US-India BTA easier [1].
I don't think there is any reason to assume they would allow forced code execution just because they allow data residency for mainland accounts. And unfortunately, China is likely a much larger and more profitable consumer market than India - presumably they can still export phones produced inside India without this.
This is an interesting point. Is there anyone in mainland china that does do not install WeChat plus AliPay installed? It is hard to live without it! Literally, you can buy a kilo of veg from a wet market stall and pay with AliPay.
GFW does indeed have man in the middle capabilities per the recent leaks of Geedge tech used in it. Your laptop might throw a warning for the fake signed cert, but devices in China that trust Chinese root CAs would not.
From what I just heard on the Upgrade podcast, Apple only put a splash screen up when you first purchased your phone “encouraging” users in Russia to download the app. It didn’t force you to.
Why wouldn't they? If Apple doesn't comply, the Indian government could force them to withdraw from the market or otherwise make their lives difficult. I can't see Apple or their shareholders caring about privacy enough to abandon such a large market.
Mostly the fact that GrapheneOS only works on Google Pixel hardware currently and vendor unlock status. It's the only available phone hardware that provides full bootloader unlock capabilities AND suitable security protections baked into the secure enclave and boot process, including things like rate limiting in hardware like password cracking attempts via external brute-force input means, lockdown of usb ports until boot unlocked with a pin, etc. Their website spells out all the reasons.
Other phone makers could if they wanted to do the same, but do not as an active choice, or at least somebody's choice above them.
Custom ROMs fail device integrity, which means you cannot use banking, financial, government, payments and telcom apps, not to mention all the games that refuse to work.
I don't understand "just load GrapheneOS" sentiments. It only runs on extremely specific flagship devices with explicit features that allow it that are out of financial and technical reach for >99.9% of population of Earth and it still fully relies on AOSP. It's an escape hatch for mice. Or is it really not that way?
There are threads on YC almost every week/month promoting that dodgy distro. Inside them are the comments with proper details from plenty of other YC users.
For the sake of avoiding repetition or bias, just do your own research. There is a search box at the end of the page.
It is tiresome to repeat every single time the arguments that so many other cyber experts have also mentioned including here on YC. This is quite the common knowledge by now.
Kindly use the search box on the bottom of the page.
It will be used as evidence that the person who has GrapheneOS on their phone is attempting to break the law. Telegram and Signal chats are often used as circumstantial evidence of malfeasance in Indian national security cases, so the jump to using GrapheneOS as evidence of malfesance is tiny.
India already considers communications they can't monitor illegal. Specifically, satellite communication devices. Not just the crazy expensive satellite phones, but the satellite texting devices a lot of us backcountry types have. And some have been arrested for having them. Yeah, terrorists have used such stuff, but to us it's 911 for when we are far from the cell grid.
> European authoritarians and their enablers in the media are misrepresenting GrapheneOS and even Pixel phones as if they're something for criminals. GrapheneOS is opposed to the mass surveillance police state these people want to impose on everyone.
If it can be abused, it will be abused. Corruption exists anywhere humans exist. Convenience and security are the bait. Why do people want to be caged?
The clipper chip was brought to us by the country that proclaims to spread democracy across the world. Democracies can be authoritarian if you scare the public enough.
"With 5 million total downloads - the app has saved 3.7 million lost phones", this somehow doesn't add up for me, as this implies more than 74% of phones are stolen?
Or this this govt lying to pad the numbers to make the app look like a sheep in wolves clothing.
I didn't find any context for your claim so here is some reddit comment:
So it’s true 3,300 people were arrested for posts online. What they don’t tell you are the statistics or context. The actual law for these arrests covers EVERYTHING online. These arrests include those arrested for terrorism (if the planning/act of terror includes any online communication in the UK), threats of violence, racist abuse, hate speech and unwanted communication (including sending unsolicited sexual photos to strangers). It also includes spreading false information that could cause harm or affect an ingoing investigation.
If you look at convictions, only 137 people were actually sentenced in 2024.
The arrest is the punishment.
Here is a man getting arrested and subsequently harassed by the Police for 13 weeks for just posting a picture of himself with a shotgun in America.
We’re basically seeing this story through media summaries and Richelieu-Booth’s own account, which means the narrative reflects either what he says happened or brief police statements. There’s very little publicly available that allows anyone to independently confirm or contradict either side.
Stories like this are designed to provoke a reaction, but the truth could be far more mundane: he might be a completely unreasonable person who was genuinely stalking someone, and police might have had credible concerns. We simply don’t have the full picture.
For balance, West Yorkshire Police do have a reputation for being heavy handed. the same force that used drones during Covid to shame people walking alone on the moors.
My point is: this isn’t solid evidence of Orwellian decline. It’s difficult to draw sweeping conclusions about Britain from a single case built on incomplete information and media amplification.
> with the situation causing him considerable stress at a point where he was also dealing with an inquest into the deaths of his parents, who had both died in a car crash in 2023
so for some reason, there was something going on about his parents' death two years later. The article also states:
> He said the complaint against him was linked to an ongoing business dispute.
My take is that someone used his pictures of him holding guns (illegal in the UK) as support for a claim that he is an armed and dangerous stalker. Whatever got flagged regarding the inquest into his parents' deaths probably added suspicion. Police acted quickly (as they should, but probably too quickly) and made mistakes, but it looks like they couldn't accept that they were being used, so they decided to continue pressing onwards with the investigation, hoping they were still right and wouldn't be on the hook for a false arrest.
Getting falsely arrested is always terrible, but the way the media spins this as some kind of witch hunt about a LinkedIn post is misleading at best.
> These arrests include those arrested for terrorism (if the planning/act of terror includes any online communication in the UK), threats of violence, racist abuse, hate speech and unwanted communication
All of these attempts to "debunk" this statistic feel like they're missing the mark. How did the UK get a point where planning terrorism and making mean comments online go into the same statistic for arrests? Does it not seem strange that the second half of that list is worthy of arrest?
> If you look at convictions, only 137 people were actually sentenced in 2024.
This, again, does not help. Being arrested isn't a casual thing. It threatens everything from your job to your reputation and your relationships, even if you aren't convicted.
In many countries you do not get charged with every possible crime if there is a larger crime involve. If someone rob a place, they don't also need to have separate charges for illegally entering the place, destroying property when they broke the window, selling stolen goods, wire fraud for using the banking system, and money laundering for concealing that it is illegal money, and tax evasion. Each step is illegal on their own, but time crime statistics won't be written like that. The prosecutor may argue that if the accused are not found guilty for the primary, then secondaries may then be used.
The strange thing is that the UK are arresting people for abusing the telecom system, and not for the more serious crime like terrorism, death threats, harassment and sexual harassment.
> How did the UK get a point where planning terrorism and making mean comments online go into the same statistic for arrests?
In most publications: because the people reporting on these statistics can get more views and clicks that way. FUD sells. If someone online can defuse the statistics, the reporters that spread them also could've, but chose not to.
As for the second half of the list, "racist abuse, hate speech, and unwanted communication" are pretty common things to incriminate. Even the extremely liberal freedom of speech laws in the USA do not permit stalking ("unwanted communication") and racist abuse is criminalized in all kinds of cases (i.e. firing someone because of their race).
Thank you. I heard the number locally at a privacy conference. No hard data, but I saw them being terrified for 1984 becoming a reality.
Even if there's no sentence, the real result is self-censorship, which is NOT shown up in ANY statistics.
... following a police complaint about stalking, against a man involved in a business dispute, seemingly among other things. He may be innocent, but there's more to the story than the picture of the gun.
Ahh yes reddit the most accurate location of truth finding. Could you at least link the source of the comment or are we supposed to take a random redditor as fact?
UK has been self destructing for a looong time now. While things aren't great globally for free speech and privacy, I don't think pointing to UK as an example for anything makes sense. They have been on their path for many decades.
I don't know. You can bet these people were being obnoxious sh*ts to teachers and trying to rally some online mob to get their way. No much sympathy from me, even if arrest (and not a stern telling off and being told to set a good example for their kids and behave like adults) was a bit much.
More broadly it's been a huge issue for a while, tons of articles come out of the UK for people being arrested for criticizing politicians/policies. Even more dystopian is it's hard to report on, because the police might come after you for talking about it. Germany is having similar issues, it's easy to forget most of the world (including Europe) doesn't have free speech
the lowest resistance solution to e.g. cheating at school using ChatGPT will be spyware on kids' devices.
while nobody should be arrested for speech online, here on hacker news, people are downvoted for saying something unpopular (as opposed to whatever, i don't even know what the criteria is, but maybe it should be "toxic") all the time. you are preaching to the wrong audience, not the choir.
I've seen what's said online these days. Open racism and bigotry. This has always been the case but now it's done without shame by prominent people and influencers using their real account. Twitter is as bad as Stormfront these days.
We absolutely need to police hate speech.
> There has to be a line.
There is no line at all these days, with open hatred displayed. Fascism is on the rise across the world off the back of the hatred that's produced on social media.
> Every day 33 brits are arrested for what they say online.
They must be giving them tea and crumpets before releasing them to generate more hate online because it clearly isn't working.
I'd like to think that we all agree that you would be arrested for saying things in person (hate crimes, etc) would be the same things you'd be arrested for saying online... i'd place the line about there.
> we all agree that you would be arrested for saying things in person (hate crimes, etc) would be the same things you'd be arrested for saying online..
And that’s where you’d be wrong - lots of us belief that speech should not be a cause for arrest except in the most extreme circumstances. Hurting someone’s feelings is not that
> And that’s where you’d be wrong - lots of us belief that speech should not be a cause for arrest except in the most extreme circumstances. Hurting someone’s feelings is not that
what is an extreme circumstance?
At least in the UK, hate speech is a crime and is punishable by law, whether people agree or disagree is irrelevant, I do believe that if it's illegal on the street it should be illegal online, obviously in the relevant jurisdiction.
Want to check number of SIMs in your name? Download Sanchar Saathi to check:Links to Play store and App Store. Department of Telecom
I was getting these messages for sometime and installed it finally. It is the same app that is mentioned in the article. My phone is already in the system then.
Meanwhile the US has more than 4 different state owned cyber crime apps named after random things such as Google, Apple, Microsoft and Facebook, and many more. The kicker is they run all over the world.
Anyway, that doesn't in any way negate that this is shit for the people of India.
Apple's geotargetting was at least in the past tied to where device was sold. Example is FaceTime in UAE: phones sold there will never have working FaceTime anywhere but if you bring your American phone in, it seems to work.
But easy enough to tie it to iCloud region - you have to set your device and iCloud to Indian region to be able to use many of their region specific payment methods (ie UPI)
this last year i'm seeing very concerning behavior in students in the 14-20 range. complete addiction to their phones. very deep interests in things i was completely unaware that they existed. similar to how when i started noticing anime girlfriends/waifus in 2016.
about 40% are deep in discord communities where i literally cannot figure out a single sentence of what they're talking about.
if society doesn't do something, and soon, say goodbye to the cognitive ability of a large chunk of future generations.
> very deep interests in things i was completely unaware that they existed ... say goodbye to the cognitive ability of a large chunk of future generations
I would think very deep interests in niche or obscure topics is correlated with increased cognitive ability, not a decrease.
> very deep interests in things i was completely unaware that they existed
That's just a symptom of getting old. Young people always find stuff that baffles adults. When I was a teenager, Anime itself was like this - just being "into" anime was considered some kind of bizarre, obscure affectation by adults.
I think smartphones present real challenges (and I don't get how/why they're allowed in schools), but a lot of what you're describing is normal.
The children now love luxury; they have bad manners, contempt for authority; they show disrespect for elders and love chatter in place of exercise. Children are now tyrants, not the servants of their households. They no longer rise when elders enter the room. They contradict their parents, chatter before company, gobble up dainties at the table, cross their legs, and tyrannize their teachers.
Got some example words or phrases? When I hear stuff like this I'm curious how much is just your standard "out of touch adult" stuff and how much is genuinely bizarre niche rabbitholes.
The world is changing quickly, and many people may run into problems, but I'd rather let cultural solutions to these problems naturally arise. Relying on a government to impose top-down solutions on these complicated and poorly understood problems is a recipe for a disaster of unintended consequences.
And this is why we need unlockable bootloaders and stuff like Graphene and LineageOs. Having only two mobile Os is very convenient until stuff like this happens.
Honestly shocked it took this long for governments to start doing this; it seemed inevitable that governments would want all the data private entities have been enjoying.
More and more it seems like the benefits of being connected are not worth the cost of being so visible to so many hostile (state and non-state) actors
Yeah, internet is a dead star in so many ways this days. Repetitive, addictive and a private data sucker.
I'm already starting to buy programming books and offline content preparing for a radical semi-disconnection.
These things are more a factor of aggregate risk handling. As an example, if you have tuberculosis it is possible even in the US for the country to mandate that a doctor watch you take the treatment. Totalitarian? Authoritarian? A tool that could be used to force someone to have to show up to where a state-controlled authority could confirm that they are? Yes, all of these things could be words you could assign to that.
But societal combined risk is commonly handled in this way. In the US, if you employ someone you have to report that you paid them to a central federal government. Way to track someone? Surveillance state? All words you could use.
And the government previously restricted gambling and so on. The question isn't "why would a bad government do these things?". The question is "would a benevolent government do these things?" and "if so, why?". And the answer is quite straightforward, I think:
Someone in the government has observed that there is a great deal of cyber crime in India. A fairly uneducated population, with very high smart-phone penetration (85%+ apparently), and a large number of fraudulent actors that their federal government is unable to enforce against. So they're attempting to attack the problem where they can.
This is ultimately India. They don't need insidious "app on your phone" / stingray / any other sophisticated solution. The local politicians can manipulate local authorities to get your cell tower association data and SMS. And if they want your comms devices they will rubber-hose the secrets out of you.
Someone I know worked at a big FAANG. He's Indian so went back to Bangalore to see his ailing mother. One day he took an auto-rickshaw while wearing his FAANG sweatshirt. The driver took him to a makeshift jail where he, police officers, and a magistrate conspired to threaten the guy with prison unless he paid $10k. $10k is nothing to a FAANG engineer, so he paid up, was brought in front of court on some lesser charges and then had to pay a small fine (much less than $10k). And then he flew back to the West Coast and never returned to India. Trying to reason about this kind of place using the perspective of the West is meaningless.
I think it unlikely they're trying to use this as cyber-surveillance. India simply does not have the infrastructure necessary to do that at scale. And they have the infrastructure for the rubber-hose, and Indians wear their identification on their sleeve, so to speak. Names point to ethnic groups and castes. Primarily endogamous marriage means if you want to perform violence against groups you can simply spread out from one member of the family unit being visibly of that group.
Using an app to get access to someone's data there is sort of like using Heartbleed to get root on a machine on which you are in /etc/sudoers with NOPASSWD.
All good goals - but this can be done by the government forcing the private companies (Apple/Goog/Samsung) to build tools, reporting, support services around helping with both Scamming applications or Stolen phones etc....
This will keep the data out of governments hands, while pushing the cost burden to these companies and they would be better equipped to build around these goals than the government themselves.
We all know the govt doesn't have a great track record with using Pegasus etc... Giving away control to apps that can decide your phone is stolen and lock it opens the door to any possibility including a totalitarian regime. It would be naive to believe that even if this is done with good intentions, such control could be easily mis used by opposition parties, one malicious individual etc...
I don't think the Indian government realistically has the ability to enforce on Apple/Google/Samsung like that. Regardless, even if they did, India has a diversity of (what we would probably consider) garbage smartphones. For anyone who lives in the West and is used to the kind of state legibility and control here, I think they'd find India quite surprising. The state has limited visibility and control there, simply because they never built a trustable bureaucratic network of data transmission.
If you read the Internet, you will hear that India has strict controls on KYC for SIM cards and so on. But on my last trip there I acquired one without much fuss. I'm not sure how that happened but I didn't provide any ID! I suspect that in such an environment you can't really do the thing you're suggesting.
The average mobile phone store there had an absolutely mind-blowing profusion of smartphone brands that all sound like those Amazon drop-shipped Chinese brands: Vivo, Poco, Realme, Oppo. And those are the good ones! There is a Cambrian-like explosion of brands there from various manufacturers. It's an unusual place.
EDIT: I'm going to have to reply to you here because I'm rate-limited on comments. See below in response.
Is it contradictory? I imagine saying "install this app on your phones from the factory when selling here" is a lot more achievable than coordinating what you suggested which is:
> ...build tools, reporting, support services around helping with both Scamming applications or Stolen phones etc....
But perhaps you anticipate these to both require equivalent ability? If so, I think that's the crux of the disagreement. I don't think the Indian state has the power to set up a mechanism to set a standard for tools, reporting, and support services that meet some requirements to detect scammers etc.
In fact, I think that's a really high bar. I think perhaps only highly developed nations would have any success designing such a program. I think even the smaller EU member nations would fail at it, and I don't think any of the developing nations (barring China).
I feel like you are making a contradicting point, on one hand you say its all disorganized but "organized enough" to allow the govt to force install their app, but not enough so it can coordinate the same thing with the same people they are going to force to install the app?
What should have happened is that they should have forced mobile vendors to allow users to uninstall all apps. What actually happened is that they are asking for their app to be installed as well, sigh.
When the hell do we start to build these products here again like it was just 20 years ago? And let's stop with "it's too expensive here...". For God's sake, these are products we use every minute of our lives.
If the app requires an on device backdoor, Apple won’t likely cave to it. If it’s sandboxed, the amount of things it can do is limited to tracking user location, given Apple also disabled turning off location sharing
I assume that in the US, the major manufacturers of phones and their operating systems already have backdoors for national security reasons. I think back to the past leaks from Snowden regarding the PRISM program. That program specifically included Google and Apple cooperating with the government under the FISA Amendments Act of 2008.
So while this state-owned cyber safety app is authoritarian, I wonder if it reflects just the most practical way India’s government can achieve the same things that the US has.
I am not defending it's use but a secret program is a targeted program, you can't use it in sweeping arrests without parallel construction. Whereas with an openly existing program you can point out that someone has been talking to their friend about how to get abortion medication and arrest them.
The real issue with 100% enforcement of law is it requires a society with differing values to not just agree on which laws exist but what just punishment is. Without leeway for differing social judgement or bifurcation.
These are just excuses to convince yourself that what the US is doing is "not bad" but what India is doing is "terrible".
Both are doing similar things. You have no idea what the US is doing; I have some inkling, and it is terrible.
At least India is publicly disclosing what this app does, and that the phone has this app. Do you have any idea what the US does?
Hint: that big data center in Utah, what is it for?
Another hint: the US has given many billions of dollars to US telecom companies under the guise of "rural broadband" and "rural cell service". Has the state of rural service really changed much in the last 30 years?? Why has all that money been given, then?
the good news is that I'm personally on my last few years online. I don't think there's anything really worthwhile in this space to do as a contributor or even as a consumer
When Deep State is doing this through Google and Apple's backdoor, its okay. But when a democratically elected entity does this in its own region, they start getting lectures on freedom.
I abhor any decision that robs even a grain of my individual freedom.
reply