Yeah these numbers should be reported in % of profits

Yeah try it. It is concerningly easy. Write a program that edits the users bashrc/zshrc. Have it append a line that adds something to the front of the path, and have it shim sudo. You can even have it forward the password to the real sudo.

Instead of waiting for the user to open another shell, you can also open a subshell. (E.g. your malicious program never returns/exits, it just appears to exit by opening a subshell with the modified path)

Immutable OS’s like nix and fedora silverblue still have sudo, they can still rm -rf /. If they can do it and maintain security, then Android can too.

I agree both the OTA and safe way of doing superuser requests could be heavy technical work. My bigger point is people who manage ROM’s shouldn’t demonize having full control of devices we own. Root can be done safely. Its not an inherent security risk, its just a technical problem waiting for a technical solution. “Just accept you dont need it” is not an acceptable response IMO.

Good guess about the federating problem. Thats a good reminder for me to change instances (was on lemm.ee before it died, .world was my backup).

OTA, While a fair point, again is a technical problem. Desktop systems get timely OTA updates. Its perfectly possible for rooted Android to get security updates that are on-par with rooted (e.g. basically any) Linux systems. The hash can be done on the incoming update instead (integrity hash) instead of on the system.

Linux has other tools and protections.

1. If there are protections they’re at the system level (not app space). Which means the ROM provider could/should add those same protections as Linux instead of saying “you dont need root, stop asking”.
2. AFAIK there are, unfortunately, basically no protections on Linux. Sudo can be trivially shimmed (add malicious exe to PATH) without even having sudo permissions, then the next time user inputs sudo an attacker would have their password. Its bad that its so easy, but its a double standard to say Linux is fine but an (up to date) Android with root is vulnerable.

What bothers me a bit more is, the OS could address a lot of what Graphene is talking about: there should be a builtin OS level “no overlays, no accessibility, allowed when superuser reqested, must use builtin OS controlled keyboard to input password”. I’m not saying the graphene team needs to do more work; their contributions are incredible. But they shouldn’t claim that having full control over a device you own is inherently a security flaw. Its a technical problem that can be resolved with ROM development.

If I can’t rm -rf my root directory, then I’m not happy

security risk

All those rooted concerns are true for desktop Linux / MacOS, and they still ship with sudo. If I can’t rm -rf the root partition then its not really my device.

The bootloader wall of shame is nice.

Yes, absolutely there is hope.

Phones that don’t support Google play services (AKA any hardcore privacy phone) will not be directly effected by Google restricting sideloading. The restriction is only for phones that use the Google suite. (source: https://9to5google.com/2025/08/25/android-apps-developer-verification/ “This requirement applies to ‘certified Android devices’ that have Play Protect and are preloaded with Google apps.”) Graphene OS isn’t going anywhere, AOSP is open source, even if Google tried to make that change in the OS, the community would hard-fork AOSP instantly and continue like nothing ever happened.

Realistically this is going to squeeze people “in the middle” towards fully-google controlled Android (one exteme) and towards fully-de-googled Android (the other extreme). Its just elminating the middle. Which is bad for people trying to gradually de-google their life, but not as dire as it might seem.

On the bright side, this is an opportunity for play-services spoofing to become commonplace and easy, and could cause more apps to avoid google play services. The EU also has a shot at forcing google to allow sideloading, since they’ve recently been forcing Apple to move in that direction.

So, while not a bright future, its far from hopeless for privacy respecting Android phones.

I actually talked with her recently! She didn’t know about Lemmy! So of course I told her last week.

She also said there wasn’t a group chat for sci-hub because of scammers trying to bring the project down from the inside. Which I thought was really sad. If someone creates a group chat and posts it on Lemmy though I feel like it would do really well.

I had some questions about scraping the data and I felt bad having to ask her directly for every little problem I had.

Yeah I think scribbling out the 30% with a 100% and saying “roundabouts” would make for a pretty good punchline. I figured I’d get complaints about AI being quick and low cost compared to road construction, which is why I ended up going with the “bikes” punchline instead.

Additionally (I still love roundabouts) there can be a max-wait-time problem when there is heavy traffic in one direction.

If a basketball game ends there can be 20,000 cars bumper-to-bumper trying to leave. Let’s say (looking at a map) they’re going left-to-right through an intersection.

If there’s 1 car trying to go top-to-bottom…

• If the intersection is a stoplight it doesn’t matter. Even if there were 20 million left-to-right cars; it’s still a 5 or 10min wait for the top-to-bottom car.
• If the intersection was a stop sign it also doesn’t matter; it’ll be the left-to-right cars turn then the top-to-bottom cars turn
• At a roundabout though (at least in the US), vehicles entering on the left always take priority over vehicles entering from the bottom. So the top-to-bottom guy could be there all night

Game days on my campus can cause a 2 hour wait on a 1 mile road. My campus is unusual, but just FYI absolutely insane wait times do happen regularly in some cities.

I mean I actually kinda agree with them. I don’t like vacuum chambers and some of the stuff on here really does ignore the practicality of people’s situations.

I’m on here for the good arguments and laughs, not getting in so deep that I think everyone can and should sell their car tomorrow.

Sorry if it came across that way, I don’t mean it pessimistically. The improvements the article talks about are great.

I just imagine asking random people “Is a 30% reduction in traffic exciting?” And they say “Yes–BUT only if you do it with AI and high-tech stuff Otherwise I couldn’t care less”.

Imagining that kind of response is hilarious to me.