Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
scottbez1 2 days ago

This is entirely unsurprising. It's been clear that Google has been into their Android duopoly-abusive stage for a while now, with more and more of their Android changes moving into GMS or non-AOSP Google apps (like camera, messages, location services, etc) over the last decade. Graphene has been doomed to this fate for a long time, and anyone who thought otherwise was naively optimistic.

The same is clearly coming for Chromium forks, which is why I've always thought the privacy and ad-blocking forks are a joke - if they ever gain enough marketshare, or if google just tires of the public open source charade, they have no chance of maintaining a modern browser on their own.

This is all the more likely now that Google has been emboldened by not having to sell off Chrome for anticompetitive reasons.

strcat 2 days ago | parent | next [-]

Security patches aren't being delayed for AOSP specifically but rather Android as a whole including the stock Pixel OS. The title is misinterpreting our reply. We didn't say they're delaying patches to AOSP specifically. Stock Pixel OS has delayed patches too.

A more detailed explanation is at https://x.com/GrapheneOS/status/1964754118653952027.

GrapheneOS has an OEM partner and early access to the security patches so our complaint isn't about us not having access. Google has added an exception to the embargo where binary-only patches can be released which we could use for a special security update branch but that's a ridiculous exception and it should be allowed to release the sources. It can be reversed from the security patches anyway and is trivial for Java and Kotlin. We can't break the embargo ourselves but we CAN publish the security patches early under the rules of the embargo via a special branch and people could reverse the patches from there which could then be applied to the regular GrapheneOS branch. The system is ridiculous and our hope is these changes are undone.

The title should really be changed from "for AOSP" to "for Android". There's a binary-only exception in the embargo now but that's not really about AOSP and isn't being used in practice even for Pixels. They've really just delayed all patches 4 months instead of 1 while also destroying any semblance of there being a real embargo (which was already very weak).

transpute 2 days ago | parent | next [-]

Thanks for the clarification. Delaying patches for all Android is even worse than delaying for AOSP. Excerpts below.

  .. Google recently made.. misguided changes to Android security updates.. almost entirely quarterly instead of monthly to make it easier for OEMs. They're giving OEMs 3-4 months of early access which we know for a fact is being widely leaked including to attackers.

 .. Google's existing system for distributing security patches to OEMs was already.. problematic. Extending 1 month of early access to 4 months is atrocious. This applies to all of the patches in the bulletins. This is harming Android security to make OEMs look better by lowering the bar.. The existing system should have been moving towards shorter broad disclosure of patches instead of 30 days. 

  .. Android's management has clearly overruled the concerns of their security team and chosen to significantly harm Android security for marketing reasons.. Android is very understaffed due to layoffs/buyouts and insufficient hiring.. Google does a massive portion of the security work on the Linux kernel, LLVM and other projects.. providing the resources and infrastructure for Linux kernel LTS releases. Others aren't stepping up to the plate.
This would be a good discussion topic for the Linux Plumbers conference in 3 months.
2 days ago | parent | prev [-]
[deleted]
ACCount37 2 days ago | parent | prev | next [-]

Just a year prior, I would have been against a decision to force Google to part with either Android or Chrome.

Now, I'm of the opinion that they should have been forced to sell off both, and maybe Chromebooks too, for the good measure.

No company with a direction as vile and openly user-hostile as what Google currently demonstrates should have anywhere near this level of control over the ecosystem.

thewebguyd 2 days ago | parent | next [-]

They should lose YouTube as well. Remember how they used their control over YouTube to kill Windows Phone back in the day also. They should have lost it right then.

Google is very clearly an abusive monopoly, and has been for a very long time. We all overlooked it because they were mostly benevolent. That is no longer the case.

overfeed 2 days ago | parent [-]

> YouTube to kill Windows Phone back in the day also.

I hope you're not referring to YouTube blocking the 3rd party YT Windows Phone client that didn't play or display ads? At the time, Microsoft was threatening Android OEMs with patent infringement (without disclosing the specific patents!), and making it go away if they agreed to make Windows phone models[1]. Google refusing to make a first-party YouTube client for Windows Phone was to be expected, it was an ugly, hand-to-hand fight and all parties used the weapons they had at hand.

1. The agreements were never made public, but HTC and Samsung disclosed they'd be making Windows phones in their respective agreements with Microsoft. Microsoft also initially filed an Amicus brief in Google v Oracle - supporting Oracle's position.

scottbez1 2 days ago | parent | prev | next [-]

The sad thing is I think Google keeping Chrome is actually likely the better of two possible bad outcomes... Anyone else interested and willing to pay the true value of owning the entire Internet ecosystem is almost certainly going to look to extract value from that, and that's almost certainly worse than what Google does today. E.g. using everyone's browser to extract training data for AI without getting IP blocked.

ACCount37 2 days ago | parent | next [-]

A year or so ago, I would have agreed. Not anymore.

Sure, a company can buy Chrome and proceed to sell user browsing habits data to the highest bidder, or use it as a backbone for decentralized scraping - backed by real user data and real residential IPs to fool most anti-scraping checks. But if they fuck with users enough, Chrome would just die off over time, and Firefox or various Chromium forks like Brave would take its place. This already happened to the browsing titan that was IE, and without the entire power of Google to push Chrome? It can happen again.

The alternative is Google owning Chrome for eternity - and proceeding with the most damaging initiatives possible. Right now, Google is seeking to destroy adblocking, tighten the control over the ad data ecosystem to undermine their competitors, and who knows what else they'll come up with next week.

overfeed 2 days ago | parent [-]

Why do suppose Chrome would die off for user-hostile actions under a non-Google entity (2nd paragraph), but not while being controlled by Google (3rd paragraph)?

AlotOfReading 2 days ago | parent [-]

Not the OP, but Google spent years advertising Chrome front and center on the Internet's most visited pages. Money doesn't buy that kind of real estate, ownership does.

ACCount37 2 days ago | parent | next [-]

OP, agreed.

Prior to Chrome, Google actually used to promote Firefox on its own pages instead - which was a major driver of Firefox adoption. Google did it because they had a partnership with Mozilla, and were very much in favor of users switching to a browser that's not Internet Explorer.

Then Google decided they wanted more control over Firefox. Mozilla decided that Google isn't going to get it. This resulted in Chrome.

Firefox was evicted from Google's promotion, and it never quite recovered.

overfeed 2 days ago | parent | prev [-]

> Money doesn't buy that kind of real estate, ownership does.

If this is the reason, the remedy doesn't attack the root of the matter. If Chrome were unbundled from Google, what's to stop Google from creating a new Chromium fork - and naming it Cobalt and marketing the hell out of it to achieve the same market share?

AlotOfReading 18 hours ago | parent [-]

Antitrust orders are more complicated than just declaring a business unit spontaneously independent. They usually include provisions to ensure the the situation is actually fixed, like prohibitions on the parent competing in that entire market and financial/infrastructure support for the new companies on their transition to independence.

overfeed 33 minutes ago | parent [-]

Are you able to share a case when an American court issued such a broad order on a F100 company? There was a stronger case for breaking up Microsoft, but the DoJ shied from that remedy, there was never a chance that Google could have been broken up in this case, IMO.

palata 2 days ago | parent | prev [-]

Split it to a point where no one company can own the entire Internet ecosystem. Apply antitrust laws to keep it like this.

Maybe the development will slow down, but let's be honest: we would still be fine if Android and iOS had stopped "improving" years ago. Now it's mostly about adding shiny AI features and squeeze the users.

gruez 2 days ago | parent [-]

>Split it to a point where no one company can own the entire Internet ecosystem. Apply antitrust laws to keep it like this.

Facebook was once small too. Yet people happily signed up, giving up their privacy in the process. What makes you think the remaining companies offering a free browser wouldn't try to monetize users in a similar way? How many people are willing to pay $5/month for a browser?

palata 2 days ago | parent | next [-]

> Yet people happily signed up, giving up their privacy in the process.

When Facebook started, it was a different era. And since then, Facebook has clearly abused their position with anti-competitive behaviours.

> How many people are willing to pay $5/month for a browser?

If they can keep using Google Chrome for free, we already know the answer. If the only way for them to have a reasonable browser would to pay... who knows? People pay more than that to access movies that they could download as torrents.

Also does it have to be 5$ per month? Do browsers need to keep adding so many features, and hence so many bugs and security issues, that only huge companies can keep up and nobody wants to pay for that work?

Maybe it's enough to pay 1$/year for a company to maintain a reasonably secure browser with the features that people actually need. Do people actually need QUIC? Not sure.

gruez 2 days ago | parent [-]

>When Facebook started, it was a different era. And since then, Facebook has clearly abused their position with anti-competitive behaviours.

Insurgents like tiktok show that even today, people will happily give up their privacy for some dopamine.

>If they can keep using Google Chrome for free, we already know the answer.

Why would google continue maintaining chrome if they can no longer derive any benefit from it?

>If the only way for them to have a reasonable browser would to pay... who knows? People pay more than that to access movies that they could download as torrents.

No, the contention is that people will go for free browsers that violate their privacy or monetize them somehow, not some future where all browsers cost money.

>Maybe it's enough to pay 1$/year for a company to maintain a reasonably secure browser with the features that people actually need. Do people actually need QUIC? Not sure.

Remember when whatsapp was also $1/year, ostensibly for similar reasons? How did that go?

palata 2 days ago | parent [-]

> Why would google continue maintaining chrome if they can no longer derive any benefit from it?

That is unrelated to the sentence you quote: if people can use Google Chrome for free, they don't pay for a browser. But if Chrome disappeared, they would still need a browser. Maybe they would pay if they didn't have a free choice?

> No, the contention is that people will go for free browsers that violate their privacy or monetize them somehow, not some future where all browsers cost money.

If there are more browsers instead of a monopoly, then websites will work on the paid, secure browser that I will use, so I'm happy. I don't want to prevent people from using bad software: I want to make it possible for companies to build good software.

By not using Chromium today, many times the websites don't work correctly because devs don't care, because Chromium is a monopoly. I say split it! Then websites will have to work on more than 1 browser.

> Remember when whatsapp was also $1/year, ostensibly for similar reasons? How did that go?

It was a huge success? WhatsApp is still a huge success.

cosmic_cheese 2 days ago | parent | prev [-]

Browsers should be classified as critical infrastructure and be run by NPOs or PBCs. There’d be no need for end users to pay anything if the tens of thousands of companies all relying on the web chipped in to sustain the infrastructure that allows them to exist and be profitable.

wmf 2 days ago | parent | prev | next [-]

I wonder if Android and Chrome would support open source even less as independent companies though.

SpaghettiCthulu 2 days ago | parent [-]

Why not spin them each off into an independent non-profit?

wmf 2 days ago | parent [-]

Because people don't just throw away money.

const_cast 2 days ago | parent [-]

Non-profits can make a lot of money, they just have to reinvest said money back into capital, labor, or R&D. Non-profits can absolutely charge a license as well, if they want. You can do that with OSS, too. Just make it GPL and then charge for a more generous license like Qt does.

izacus 2 days ago | parent | prev [-]

And by destroying the Android development team you'd achieve what exactly? Magical appearance of the security patches you're complaining about here?

Would you start to actually pay for all those hundreds of engineers maintaining the OS?

ACCount37 2 days ago | parent | next [-]

Either the new company takes over maintaining Android, or it fumbles the bag and the development becomes less centralized for a while - until some leader emerges and takes over.

Either way, the new control center of Android wouldn't be Google. A decade ago, I would have seen that as a very bad thing. Now, I'm almost certain that this would be a change for the better. Google is not what it once was.

wstrange 2 days ago | parent [-]

Or a more likely scenario is that Apple picks up even more market share, and we go from a duopoly to a monopoly.

rs186 2 days ago | parent [-]

Well, there is barely any new Android feature worth talking about for the past three years (no, new skins definitely don't count). I seriously doubt there is going to be any change in the market share if Android were controlled by a different company. We would have already seen that by now.

palata 2 days ago | parent | prev [-]

Drone manufacturers like Samsung, Xiaomi etc need an OS. Right now it's more profitable for them to just pay licences to Google. But if Google lost Android... they would need to find a solution.

I would like to see this, at least something would be happening.

thewebguyd 2 days ago | parent [-]

I could see sort of an Android consortium taking over developing it and keeping it going outside of Google. Samsung, Oppo, Xiaomi, Huwawei, Motorola, etc.

Honestly it'd probably be better off that way. Google has far too much influence and control.

izacus 2 days ago | parent [-]

None of those companies have a tiny little bit of interest of helping their competitors with joint development. I guess you're too young to remember the balkanization of Symbian among such companies?

palata a day ago | parent [-]

Those are companies, their only interest is to maximise profit. Apparently right now the most profitable is to pay Google for the Android licence.

Huawei found themselves on their own because of the ban, and decided to go for HarmonyOS NEXT. Probably they wouldn't come back to a "joint development AOSP" now.

Now if Google lost Android, what would happen for the others? Would they each try their luck with their own OS or would they try to go for a joint development?

cosmic_cheese 2 days ago | parent | prev | next [-]

Yep. If we’re gonna be forking browsers, Firefox should be the base, not Chromium. Mozilla is in much less of a position to abuse their position, and more Firefox forks means more chances that one catches on with some slice of the larger public and helps chip away at Blink hegemony.

dutchCourage 2 days ago | parent | next [-]

Fully agreed. I am however worried by the fact that Firefox is basically kept alive by Google. I assume it's just so that they can pretend Chrome isn't a monopoly, but the minute Firefox becomes an inconvenience they can stop financing it. I hope we can find a way for Firefox to sustain itself long term.

cosmic_cheese 2 days ago | parent | next [-]

It’s a valid concern, and it may not be possible to properly address so long as Mozilla in its current form continues to be the controlling party of Firefox/Gecko. The best scenario might actually be for Mozilla to collapse and some other NPO or PBC with better financial sense to pick up the projects and their engineers.

wmf 2 days ago | parent | prev [-]

Google pays Firefox for traffic acquisition, not out of pity. If Google stopped paying, another search engine like Bing or Perplexity would be happy to take over.

thewebguyd 2 days ago | parent [-]

True, but what happens when Firefox's marketshare decreases to the point where the amount of traffic lost by not having the Google deal stops mattering to Google?

If Google does the math one day, and determines that they won't lose out anymore by not paying Firefox they'll stop paying.

charcircuit 2 days ago | parent [-]

It's revenue share based, so the cost to google is the time it takes to renew the deal. This is a fixed cost that doesn't depend on the market share of Firefox.

2Gkashmiri 2 days ago | parent | prev [-]

Last time I suggested brave on hn to base off on Firefox and they said its pita but we have unpaid.volunteer run waterfox and others, then we have floorp, tor and others so I know for a fact brave not basing on Firefox is pure politics because of brendan

palata 2 days ago | parent | prev [-]

> This is all the more likely now that Google has been emboldened by not having to sell off Chrome for anticompetitive reasons.

Exactly. The only thing that can prevent this behaviour is regulations. But apparently nobody wants to regulate, so we're screwed.