cross-posted from: https://infosec.pub/post/9936059
I would like to collect the scenarios in which people are forced to enter Google’s #walledGarden (that is, to establish and/or maintain an account).
If someone needs a Google service to access something essential like healthcare or education, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:
- right to life
- healthcare
- freedom of expression
- freedom of assembly and of association
- right to education
- right to engage in work and access to placement services
- fair and just working conditions
- social security and social assistance
- consumer protection
- right to vote
- right to petition
- right of access to (government) documents
- right to a nationality (passport acquisition)
- right of equal access to public service in his country
Below is what I have encountered personally, which serves as an example of the kind of experiences I want to hear about:
- Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:
- emergency apps (e.g. that dial 112 in Europe or 911 in the US)
- banking apps
- apps for public services (e.g. public parking)
- others?
- (education) Google docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped in pursuit of education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.
- (education) A public university’s wi-fi network involved a captive portal and the only way to gain access was to supply credentials for a Google or Facebook account.
I’ve noticed that when creating an account for a public service I often have the option to supply credentials for Google or Facebook to bypass the verification process. In all cases of this kind of registration shortcut being used for public service, there was an alternative Google-free way to open the account. But in the private sector, I’ve seen this style of registration that absolutely required a proxy login via some shitty walled garden (like the university wi-fi). So I wonder if there are any situations where a government (anywhere in the world) requires a Google account in order to get service.
Don't need Google account to access my bank. How does that work exactly? My bank has its own login setup, in no way reliant on a Google account. If your bank requires a Google account, get another bank.
Never needed an app to dial 911...the whole point of 911/999 is that it's easy to remember, easy to dial. Also, I haven't dialed 911 in 25 years, but I'm pretty sure opening the dialer and pressing 3 buttons isn't too difficult. Also, I don't see how having a Google account is required to dial 911 (or use an app? ) to do so.
The places where I see a major problems are education, where Google and Microsoft have entrenched these systems. Of all the places I see an opportunity for Open Source and Linux to have a major impact, it's there. I'd happily work for an org with goals to get OSS and Linux into schools as the base infrastructure (but also with Windows, OSX, iOS as part of everyone's curriculum).
I've also never seen a public service require Google or Facebook credentials. I've seen some companies/services use them for "user convenience", and even those typically offer other sign-on/verification processes. But never a public service (power/water/DMV/dtate/county, etc). If I did run into this, oh, I'd be raising a stink with some regulators, representatives, and reporters. Fuck that.
I have exactly one service I use my Google account for - Tailscale - and that's because I've been too lazy to switch to another method until I move it to production (think the offer a third party SSO or a hardware key).
Like most banks, a bank pushed an app exclusively via Google Playstore or Apple’s store. At the same time, that bank shut down their website and closed their walk-in over-the-counter service. Customers then had 3 choices to access their account: join Google’s walled garden, join Apple’s walled garden, or make an appointment for every single transaction which incurs fees. Alternatively, the Android app can be obtained using an app called Aurora and violate Google’s ToS by using a shared account to download the app.
I think that particular bank started making their app available in Huawei’s app store, so there is an alternative walled garden for Android users in that case. But Huawei is an uncommon option as more and more banks trend in the direction of forced-Google-patronage.
A 911 app was hypothetical but a 112 app certainly exists. You populate the app with important details like name and address. The app is capable of both voice and text (SMS) and IIRC can also connect via wi-fi if there is no GSM signal. If you can’t speak for some reason (choking, throat cut or you’re hiding from an intruder and must be silent) the app transmits all the data you configured plus whatever you can type.