I'm shocked by people and state using the crutch of cyber crime or scams to push a totalitarian solution to a problem that is better solved by improved education and targeted campaigns against common security pitfalls.
I abhor any decision that robs even a grain of my individual freedom.
Sounds so authoritarian. Luckily, in the UK you only have to scan your face and ID to access cat photos.
It's all happening really quickly, so I haven't been able to keep up. I know Starmer said that digital ID will be mandatory to work in the UK. Did he mention how that would be implemented? Is the UK going to issue and official device to everyone in country, or are the people supposed to pay for it? What about homeless, poor, and the provisional residents?
> Is the UK going to issue and official device to everyone in country, or are the people supposed to pay for it? What about homeless, poor, and the provisional residents?
What about provisional residents? The digital ID proves identity. It is not a work authorization. Provisional residents can have a digital ID whether they work or not.
As a foreign national living in the UK on a long-term visa I can only say that the decision to discontinue physical BRP (residence permit) cards in favour of eVisas is singularly idiotic and harmful. One piece of evidence being that there are still things you can only do using expired BRPs, which will be in a some kind of zombie mode until mid 2026. After that, eternal misery.
But this is basically nothing compared to what they are doing with their justice system, which mostly affects British citizens, so who am I to complain.
Digital ID isn't really an issue. Most people already have several government digital IDs (government gateway, unique taxpayer number, etc.)
They should have branded it "simplified ID" or something like that.
I'll probably get instinctive downvotes but I think it's important not to mix up the actually-fine stuff with stuff like chat control, otherwise the message becomes trivial to dismiss.
I assume that almost everyone in the UK who is able to work has a smartphone already.
If they were to require digital ID for pensions or disability benefits there would be more problems.
There’s a famous article by Terence Eden about the kind of devices that people are forced to use to interact with the UK Government, written with his experiences working for the government.
The devices include: A Playstation Portable. The latest stats include thousands of visits from XBox and Playstation consoles.
All modern smartphone requirements boil down to Play Integrity and iOS AppStore attestations.
https://shkspr.mobi/blog/2021/01/the-unreasonable-effectiven...
Even if that were the case, by what mechanism are they commandeering it? That's essentially what I was thinking about in this India case.
Undoubtedly most people will comply, but there will be a few who don't, so I'm curious what the plan is to bring them in line.
> Probably it will be an app that you install, like the NHS app. Nobody is proposing that it be installed by default.
Whether it comes pre-installed or not is a distinction without difference if you need it for daily life
Edit: In fact, it would be better if it came pre-installed (and be removable) because then you don't need to agree to Google's terms of service to get the APK file. You would get it straight from your OS vendor which is presumably a trusted party if you intend on using that device. (Governments are usually not so forward-thinking that they let you get the APK file from the govt website directly without needing to go through commercial entities for something as essential as a national healthcare app. That would be an even better solution...)
> Probably it will be an app that you install, like the NHS app.
You do not have to use the NHS app. There is a website version.
> Just the same as now, only at the moment you need a paper passport rather than a smartphone.
Which demonstrates how little it achieves. People already need some form of ID for lots of things (notably work and renting housing). It does not have to be a passport though.
You do not need any form of photo or biometric id to work in the UK. I have never given anything of the sort, and have worked here for decades.
All that is required is a national insurance number (equivalent of Social Security Number in US).
> Undoubtedly most people will comply, but there will be a few who don't, so I'm curious what the plan is to bring them in line.
Can you elaborate on what you mean by non compliance? Without the ID you will have significantly worse access to services and employers. I think the pressure will be on the people, not the government, to comply.
And if you have a pinephone or so?
Are you talking about downloading reddit, which is infested with the weirdest pornography that exists ?
While I am very much against facial scanning etc, it is quite clear that something needs to be done about the access of porn to kids. It is a drug like any other that we do not allow kids to consume.
I dont know why porn companies arent just sued into oblivion. There are already laws against distributing porn to minors in most places and porn companies do it routinely without any controls.
Virtually nobody has been able to demonstrate any tangible harm outside of weak "ooo morality" type arguments.
I get that intuitively porn is bad, but we are creatures with thousands of years of baggage. Practically every institution, everywhere, has spent trillions of dollars across hundreds of years to convince people sex is bad as a control mechanism. We don't even know if sex is addictive, there's a lot of disagreement about that among experts, let alone porn. All we have, really, is some anecdotes from people on Reddit that they stopped touching themselves and now they're not suicidal. Frankly, I don't think that's much of anything.
I'm not sure it's worth it giving up everything for a problem that we're not even sure exists.
All it takes is a cursory search on google scholar to find papers discussing the addiction potential of online pornography.
[dead]
So what is your plan on dealing with wikipedia? I accessed porn in 2011 when I was 11. I played Postal 2 when I was 10. But no English skills at that age means not much came out of that game at that time except cat silencers.
How many kids these days play 18+ rated games?
> So what is your plan on dealing with wikipedia?
Im not sure I understand. Are you saying wikipedia has porn?
Yes. It even has articles dedicated to specific sex positions. I definitely looked at those articles fairly often as a young teen.
But should I need to upload an ID to view that? I guess some people think North Korea has the right mindset with information control, so showing an ID to see who's seeing what makes sense. But I'm not of that mindset.
Yes. Not necessarily on any pages. Go to the commons and search with some obvious keywords.
Do a few nude photographs on wikipedia hold the same addiction potential as an infinite stream of short form HD videos - specifically optimized for attention capture - on platforms like reddit ?
I am not even sure whether I should take you seriously.
It is still incomparable for all intents and purposes to platforms like reddit etc.
Of course people go to great lengths to share porn. But we should also go to great lengths to protect kids (and adults) from incredibly addictive things like hard drugs, porn, gambling, lootboxes etc.
> Luckily, in the UK you only have to scan your face and ID to access cat photos.
Please wait for us, the relentless chat control legislation will make us (the EU) overtake you and mandatory age verification is pretty much a certainty at this point.
> With more than 5 million downloads since its launch, the app has helped block more than 3.7 million stolen or lost mobile phones, while more than 30 million fraudulent connections have also been terminated.
I might be reading this wrong but these numbers seem very weird. Did more than half the people who downloaded the app block a stolen phone? And did each person who downloaded the app terminate 6 fraudulent connections?
It's easy just use made up definitions for "helped", "fraudulent" and "terminated".
And also use made up numbers, just to be safe.
> And did each person who downloaded the app terminate 6 fraudulent connections?
That much is believable, if not on the low side. Spam there is intense.
It's not rare to have multiple phone numbers registered to a person's name fraudulently in India. Therefore, in this aspect the app will list out all the connections under the user's Aadhar (Indian Digital ID).
Indian government is big on pronouncements.
It will be a garbage app that most likely will not work, considering the historical incompetence of the Indian government's expertise in all things tech.
I am pretty certain Apple and Samsung will pay off someone in the government.
You are confounding intent with the implementation.It might be a garbage app to start with, but there is no opt out for the users. Given the payoff and endless iterations resources will be thrown at it and it would eventually get better.
> Given the payoff and endless iterations resources will be thrown at it and it would eventually get better.
Allow the user to download and install it if it turns out to be great. Do not shove things down people's throat against their wishes, like an authoritarian govt. Otherwise you start to resemble Stalin's Soviet Union.
Stalin did not force anyone to install apps. He was actually a good ruler. He took over the country with a plough and left it with a nuclear missile.
Right! It's a known fact that good rulers are creating death camps, doing multiple acts of genocide and multiple unprovoked military invasions to the neighbors.
Are saying Kim Jong Un is a good ruler as well? He ruled country during nuclear missile production.
You should praise Hitler as good ruler as well as stalin.
>He was actually a good ruler.
You've read stuff like this before, right?
https://en.wikipedia.org/wiki/Joseph_Stalin#Death_toll
https://en.wikipedia.org/wiki/Excess_mortality_in_the_Soviet...
RDS-1 (first nuclear bomb) was tested in 1949. Stalin died in 1953. So it was definitely under Stalin's rule that nuclear program was developed.
It is fun to read about Russian chauvinism under Stalin rule, given the fact that he wasn't Russian himself.
Isn't one of the largest payment processors in the world made by the Indian Government?
Personally I wouldn't risk my personal digital privacy on the incompetence of the government. I'd assume the opposite.
Not really, UPI is developed and operated by several large banks.
Maybe you were thinking about PIX in Brazil which is developed and operated by their central bank.
No. UPI. It's an initiative by the Indian government.
It's controlled by the RBI, just through a complex public-private corporate structure through NPCI.
UPI is much larger and more international than PIX. It's currently processing iirc something like 200 billion transactions. UPI is also used in several countries, France being among the most recent examples.
As such UPI has a broader scope than PIX and requires a public-private corporate structure with stakeholders from both sides.
But this is off topic. The competence of the Indian government to at the very minimum partner with Industry shows that such software preloaded on phones is a threat to the civil liberties of people that the State shouldn't encroach on. This is a violation of individual privacy.
I thought it was made by NPCI, which is owned by RBI, AND the IBA. It is ultimately a government organisation.
NPCI ownership is not with RBI and IBA. RBI does not have any NPCI shares.
I have this app installed on my phone, and it helped eliminate "digital arrest" scam calls from 5-6 calls per day to maybe one in 2 months.
It makes filing an online complaint against the incoming call almost frictionless.
Having said that, I don't believe it should be shoved down our throats.
All that couldn be as simple as educating people that there is no such thing as "digital arrest".
You are just telling the whole world about the average IQ of an Indian and how they believe in foolish things like "digital arrest".
And an app doesn't solve that. Digital literacy is a need for today, but the entire country is getting the latest smartphone, with dirt cheap data and zero knowledge of how to operate and own that technology.
And your point is what exactly?
When we're struggling with literacy itself, and people have lost huge amounts of money, and there have been several suicides linked to these scams, digital literacy in a passive mode is unlikely to work.
Bangalore is supposedly the most digital literate place in India. The data below speaks for itself.
Aggressive measures then might be justified.
It's very easy to make virtuous comments without knowing anything of the ground realities.
[0] https://www.moneycontrol.com/news/business/bengalureans-lose...
[1] https://www.hindustantimes.com/india-news/bengaluru-man-lose...
> I have this app installed on my phone, and it helped eliminate "digital arrest" scam calls from 5-6 calls per day to maybe one in 2 months.
Yeah, no. Correlation is not causation. Having the app installed doesn't eliminate calls. The app doesn't have the ability to block calls.
Operators like Airtel stepped up and started flagging spam/scam and now warn their users when they recieve a call from flagged numbers.
How do you think operators built a database of spammers?
I've been reporting spammers since 2005, since DND rules came into place.
Only in the last year have I seen the spam slow down. Earlier operators would dismiss the complaint saying to it was a "transactional communication," now it's logged with TRAI and the operator and they have less room to manipulate the complaint.
That's not my understanding.
The TRAI DND app, on IOS, generates a pre-formatted SMS which is sent to the operator on the standard number 1909.
The Sanchar Sathi app sends it to a DOT entity which then routes it to the operator while updating the govt database of reported spammers and scammers. The options are much extensive than just a spam call/sms.
You can report that the individual was impersonating a public official etc while you can not do than at all with the TRAI DND app.
I suggest you try out the platform on their website first before commenting further.
RBI pushed an entire new second level TLD to India’s entire banking system with a 6 month deadline. It was a botched rollout but now every bank in India is using .bank.in, despite two of India’s largest bank owning their own TLDs (.hdfc, and .sbi).
It was a very insecure rollout with zero customer awareness, but it happened and almost every large bank moved. Sometimes silly pronouncements do result in silly change.
I don't think the government is going to treat it like a local district website. IRCTC, UPI, e-Filing portal seem to be working fine for the most part, so pretty sure they can make this work eventually.
IRCTC is a private company. UPI isn't government either. Which e-filling portal is working nicely for you? My ITR was stuck for more than a year because some lame ass dev couldn't show proper error message other than suggesting that something needed to be done by my bank (which wasn't the case and only a year later did I decide to dig into th3 dev tools).
To praise Indian government is the most unlikely thing one should be doing for their mediocrity at developing things.
Same is the case with Aadhar, Digiyatra, etc. My government is hella incompetent at safeguarding data and privacy (unless it's their own data). And this app is 100% going to be a huge security hole on every device.
For me, ADB to the resuce.
> IRCTC is a private company.
Lol, at least do your research before writing random things.
not work will also mean it will siphon all the data and then leak it to hackers from around the world.
> It will be a garbage app that most likely will not work, considering the historical incompetence of the Indian government's expertise in all things tech.
Wait until "they" outsource it (on the pretext of national security interests) to countries that have deep talent in cybersecurity (like the US/Israel/Russia/China).
Ex: https://www.fdd.org/analysis/2025/06/11/india-orders-new-fig...
I wouldn’t venture in the direction that many here will take.
I will point out that India have the highest number of victims of cyber-fraud. I personally know many people who have lost significant sums through social engineering attacks. The money is transferred to multiple mule accounts and physical cash is siphoned off to the fraudsters by the owners of those account. They choose helpless, illiterate, village dwelling account holders for this.
Another huge issue is unregulated loan apps. There are horror stories of people installing apps in order to take high-interest loans and then those apps stealing their private photos and contacts or accessing camera to take photos in private moments, and then sending those photos to contacts via WhatsApp when interest payment is overdue.
Then there are obvious security issues with terrorism and organized crime.
The government wants data. It's clear why. There is huge potential for misuse.
> I will point out that India have the highest number of victims of cyber-fraud
Combined with worst enforcement and investigation efforts to tackle this issue. The default resolution on a cyber crime report is : Fraudster's account is blocked and they are given a choice to plead forgiveness from the accuser. They often return the money in lieu of the complaint being rescinded. Then fraudster is free to con others. Fraudsters know this is a numbers game that is why they hit every morsel they can get a bite.
Worse yet people use the cyber crime provision to take revenge. People can file frivolous cases without proof and ge others account locked. Banks will treat you with disdain and police will tell you to settle privately too.
What about investigations you ask? Very few cases reach that level. Local police file the FIR and they don't even know what is "cyber" in cyber crime. Fraudsters can continue playing the numbers game.
So, yes it is easy to talk about victims when the policies are lacking. And then this high number of victims can be used as a crutch to push insecure apps on everyone's phones. The worst part of it? They will get data and still remain clueless and inept in solving the high number of cyber crimes.
Local police stations often refuse to file even an FIR. The reason we have such good data, is possibly due to the banks reporting them.
If it were up to the police, then we wouldn’t even hear about 25% of the cases.
And you trust the government to only use it for good purposes? and not to track people who may be protesting or belong to opposing political/religious/cultural views? We know based on historical pegasus complaints that this trust has to be earned and can't be given.
There are lots of ways to solve for this, mandating that these companies own the identification process through their systems, report misuse, govern apps. Why taken on the ownership of a process that is better handled outside of government while the government holds them to account via huge fines and timelines but giving these large companies ownership of protection from scams or stolen phones etc...? win win and I think these large companies are due spending extra money to protect their users anyway.
I don't trust anyone blindly. The point of my comment was not to support the decision, but to show where it might be coming from.
What's inherent in the comment is- there are simply too many people to educate, "made aware", etc. So, this might be a knee-jerk reaction to fight cyber fraud. Not Big Brother sensorship.
I can say these because I know too much about the ground reality. An example from top of my head- SBI e-Rupee app doesn't launch in your phone if you have Discord installed. Yeah. Just because some scammers communicated through Discord.
Of course, I cannot guarantee that something sinister is not being planned or that this app won't be utilized for something bad.
There is also a small chance of some bureaucrat in management position taking this decision, so he can write in his report- "Made Sanchar Saathi app download soar up to X millions in 3 months through diligent effort..." just like highly placed PMs/SVPs in large tech companies eyeing a promotion.
Automatic mistrust of the government is a pretty juvenile take. Yes there are tons of ways, and having OEMs preload an app is the easiest one in a country of 1.1B mobile connections.
> Automatic mistrust of the government is a pretty juvenile take.
This statement seems naive at best and manipulative at worst.
So, if you have tons of ways - you vote for the way that could lead to potentially the most exploitation of the population? No one is saying it "will" be exploited, but the potential itself should steer the solution clear off that direction.
Automatic mistrust of the government is the only sensible point of view and the bedrock foundation of liberalism and democracy. Any other attitude toward government is fatally naïve.
Gonna agree with you, even Singapore has announced several policy changes the past few weeks to deal with all the fraud - more severe punishment and forcing apple to change how iMessage spam with .gov.sg domains is handled.
I don't think this new app will resolve India's fraud issues unfortunately, there probably needs to be more policy changes at banks/fincos. As much as India obsesses with KYC processes, it doesn't seem to be working/enough. I don't see this new app being required as something totalitarian, it would be much easier for the gov to ask for that type of stuff to be tacked on to UPI apps anyways.
Yeah this is the wrong audience for this argument, but it has merit. An app like this can be both a massive government power grab and useful to protect many, many people who are vulnerable to fraud.
The number of my relatives that will just believe whatever someone tells them on the phone is terrifying.
This is quite dismissive of the audience, how do you suggest this app protects the people from believing whatever someone says?
> I will point out that India have the highest number of victims of cyber-fraud
Based on what?
> Another huge issue is unregulated loan apps
You don't need to root everyone's phones to regulate financial crime.
> Then there are obvious security issues with terrorism and organized crime
India is building a centralised backdoor into every phone in the country. That's a massive national security risk.
> Based on what?
Yahoo Finance report that's 3 years old, puts India at #4: https://finance.yahoo.com/news/15-countries-most-cyber-crime...
But 2024 data from PIB puts the number of occurrence much higher at 2.27 million: https://www.pib.gov.in/PressNoteDetails.aspx?NoteId=155384&M...
> You don't need to root everyone's phones to regulate financial crime.
Yes, I agree. Read this comment: https://news.ycombinator.com/item?id=46113070
> India is building a centralised backdoor into every phone in the country. That's a massive national security risk.
Are these what backdoors are? It's an app. It can be uninstalled, right? Are there physical backdoors like American agency NSA tried to install? Or like the Chinese phones that many suspect?
- https://www.spiegel.de/international/world/privacy-scandal-n...
- https://www.cnet.com/tech/mobile/xiaomis-phones-had-a-securi...
The mandate says the app can't be uninstalled.
The way for the community to fight this is to keep finding holes in the app until they stop trying to put one on.
> way for the community to fight this is to keep finding holes in the app until they stop trying to put one on
I'm not familiar with Indian activist tradition. But if we look at other countries where this happened, the technical attacks didn't work. It had to be done through policy, instead.
Having a single CrowdStrike-like point of failure will probably make these problems worse overall, but burstier.
I wonder if this will cause a reduction in remote jobs for citizens. Compliance with US laws like HIPAA and FERPA have strict requirements regarding access. Many employees use 2FA on their personal devices, which if passed this law would interfere with.
How would this interfere with 2FA?
Depends on what permission this app have.
- Is this a (voice) call blocker?
- Can it intercept SMS?
- Can it enumerate installed app and read data from other apps?
Or, maybe it'll finally convince people that SMS is the worst of all worlds when it comes to security (and phone numbers for identity). Doubt it tho
I wish the article talked more about this app India wanted to pre-install. Forcing the pre-install of apps is worrisome in general, but there's some nuance that is missed by not explaining what is being forced on the citizens. "Cybersecurity app" can mean a lot. From the looks it's a government-sponsored "brick my phone"-kind of app for disabling stolen phones?
The more I see stuff like this, the more I think "you know, I don't think the world is collapsing, I think the old world is collapsing." Governments in their current form are increasingly becoming irrelevant (h/t to "The Fourth Turning") and actions like this prove it.
How is this demonstrating governments are irrelevant? It seems like it is demonstrating their continued power.
Steelmanning the argument, perhaps you see this as a demonstration that corporate power has gotten so large the government is being forced to react. I might believe that, but I can’t get from there to irrelevance.
Governments in their current form.
Why you think so, pls elaborate. In the current form governments all over the world are increasingly having massive power over what citizens can do, don't and increasing it by degrees day after day.
What does this app actually do, in detail? Anyone know?
It doesn’t matter what the app does today it can be made to do anything they want after the fact. Monitor speech, location, contacts, content, preserve evidence for prosecution, inspection your dinner choices or your sexual habits.
This is on the far end of the spectrum of bad.
> It doesn’t matter what the app does today it can be made to do anything they want after the fact.
This is an extremely important point of universal application that can't be emphasized too much.
Even if one agrees with a current politician's position, once the precedent is set, there's nothing stopping an administration down the line extending the reach of an already installed and by then socially accepted mechanism.
Someone called this the "totalitarian tip toe"; that guy (who shall rename unnamed) was "a bit weird", but his concept stands anyway imo.
Wouldn't that require Apple to sign the app with their own key to get low level API access? Has apple ever done that with anyone?
When the app is mandated installed then user permissions are also moot. It will have full access an app can have.
This seems to be the app: https://www.sancharsaathi.gov.in/
Looks like it's quire popular/established already, with over 10 million downloads. Basically a "portal" for basic digital safety/hygiene related services.
Quoting Perplexity regarding what facilities the app offers:
1. Chakshu: Report suspicious calls, SMS, or WhatsApp for scams like impersonation, fake investments, or KYC frauds.
2. Block Lost/Stolen Phones: Trace and block devices across all telecom networks using IMEI; track if reactivated.
3. Check Connections in Your Name: View and disconnect unauthorized numbers linked to your ID.
4. Verify Device Genuineness: Confirm if a phone (new or used) is authentic before purchase.
How does an app inspect other app's storage data (like whatsapp). I thought Android security model blocked that. Does it have root access?
It probably just asks you to enter the associated WhatsApp number
Every single Indian SIM holder got dozens of SMS from the regulator to push the app installations. When your marketing campaign is “Notify every Indian SIM holder”, 10M should be expected. Look at the reviews.
Oh thats why india scams the rest of the world, we just dont have their apps to report it properly
> 4. Verify Device Genuineness: Confirm if a phone (new or used) is authentic before purchase.
DisplayDialog("Yup, perfectly genuine, trust me!");
It's always the same - governments suddenly wanting to spy on people.
We need a world where this can be guaranteed to not happen. We need 3D printing everywhere, without restrictions or payload attached.
"We need a world where this can be guaranteed to not happen"
I doubt such a world exists in this current universe.
How is 3D printing supposed to help prevent this?
Do we have a breakdown of what this app actually does?
- Report fraud/scam calls and SMS directly from your phone.
- Block or track lost/stolen phones by disabling their IMEI so they can’t be misused.
- View all mobile numbers registered under your ID and report any unauthorized SIM cards.
- Verify if a phone is genuine with an IMEI/device authenticity check.
- Report telecom misuse, such as spoofed calls or suspicious international numbers.
The stated goal is protect users from digital fraud and safer telecom usage, who knows how good it’ll be. Probably a PITA.
So a pretty transparent way to tie IMEI to someone's identity and track their location under the guise of "finding lost phones" and "checking your phone's authenticity"
IMEI is already tied to your identity. You need ID to buy a phone or a SIM.
I think this is to crack down on sharing a SIM card which is registered to someone else. It ties identity + location + aggregates all SIMs registered to someone with their current location.
Not to mention they can probably payload anything into the app whenever they want.
That's already the case for most places around the world, unfortunately. Though, this does make the link rather obvious, which is a bit more surprising. Normally shady tracking just happens through a combination of data brokers and leaked databases.
I've been using it since it came out. It does its job.
I was getting 5-6 scam calls per day, now down to maybe 1 in a month.
It's just a wrapper around their website (for now).
I think this app is harmless but I don't think it should be forced onto anyone.
> I think this app is harmless..
It may be today. And you have no way to know for sure. But there is also no way to know what the app will do down the road when a politician you do not trust is in control of it.
Agreed. But they already have massive tracking capabilities. I don't they are so stupid that they'd do this in such an obvious way: too much scrutiny.
CDOT's CMS system already exists in the background.
This is great first hand feedback. I like these kinds of HN posts.
How do you think it works? Example: If enough people report, then some police agency investigates? Rinse and repeat enough times and the scam calls/SMS should fall?
Another great post. Thank you. It is great to hear that haven't suffered any monetary loss and you are getting fewer scam calls.
I have a "dumb" follow-up question: (Honestly, I don't understand the pushback here on HN against this app.) Do you feel it is invasive or acts as gov't surveillance on your mobile phone? What you describe sounds pretty good to me.
Can you uninstall it? That's the litmus test.
At the moment, yes, as I installed it myself off the App Store.
That's what the ruckus is: the govt wants to push it everywhere mandatorily.
Right now it's harmless: it's just a way to report scammers and lost handsets.
But who knows what they'll shovel into it tomorrow.
Basically IMEI stamping because sim card purchase with ID has come to be viewed as flawed/compromised by NatSec types in India. Here's some additional context from a previous thread on HN [0]
[0] - https://news.ycombinator.com/item?id=40476498
------
Edit: Can't reply
Lots of old phones still exist, so a virtual/eSIM does nothing to give visibility into those devices.
Also, India wants to own the complete end-to-end supply chain for electronics like what China did in the early 2010s, so India has been subsidizing legacy, highly commodified electronic component manufacturing [0] - of which physical SIMs are a major component because they both help subsidize semiconductor packaging as well as IoT/Smart Card manufacturing. A mix of international [1][2] and domestic players [3] have been leveraging physical SIM manufacturing in India as a way to climb up the value chain.
On a separate note, this is why I keep harping about India constantly - I'm starting to see the same trends and strategies arising in Delhi like those we'd see the PRC use in the late 2000s and early 2010s, but no one listened to me about China back then because they all had their priors set to the 1990s.
No one took the PRC seriously until it was too late, and a similar thing could arise with India - we as the US cannot win in a world where 3 continental countries (Russia, China, India) are ambivalent to antagonistic against us. Even Indian policy papers and makers increasingly reference and even copying the Chinese model when thinking about policy or industrial development, and I've started seeing Indian LEO types starting to operate abroad in major ASEAN and African countries helping their vendors build NatSec capacity (cough cough Proforce - not the American one - and their Offensive Sec teams).
Ironically, I've found Chinese analysts to be much more realistic about India's capacity [4][5] unlike Western commentators - and China has taken action as a result [6][7][8]
[0] - https://ecms.meity.gov.in/
[1] - https://www.idemia.com/press-release/idemias-production-faci...
[2] - https://www.trasna.io/blog/trasna-eyes-asian-iot-growth-as-i...
[3] - https://seshaasai.com/products/esim-and-sim
[4] - https://finance.sina.cn/china/gjcj/2022-06-08/detail-imizmsc...
[5] - https://www.gingerriver.com/p/vietnam-or-india-which-one-wil...
[6] - https://www.bloomberg.com/news/articles/2025-07-02/foxconn-p...
[7] - https://www.reuters.com/world/china/india-taking-steps-mitig...
[8] - https://www.reuters.com/world/china/china-files-wto-complain...
India has not been antagonistic or ambivalent in its recent past, until a Nobel Peace Prize aspirant in the WH decided to take a machete to relations that both countries had been building for the last 25 years, with largely bipartisan support in both countries. Even the current Indian govt is quite pro US until the aspirant tanked that relationship.
And yes, there will be times India doesn't agree with the US, and that's normal. It's seeking to be a partner, not a vassal state.
> India has not been antagonistic or ambivalent in its recent past...
Yep, but stuff can change rapidly.
From 1972-1992 it was China that used to be the pillar of the America's Asia strategy as a bulwark against the USSR, with US soldiers posted in Xinjiang monitoring the USSR [0], US government sponsored tech transfers and scientific collaboration [1], American support for Chinese military modernization [2][3], and expanded economic cooperation [4].
Yet by the late 2000s, that relation degraded into a competitive relationship that has become the cold war that it is today because by the 1990s US and Chinese ambitions became misaligned - especially following US sanctions due to the Tienanmen Massacre [5], Clinton's pivot to newly democratic Taiwan [6], and Chinese attempts at industrial espionage [7].
The US and India are not fully aligned because neither American nor Indian policymakers have significant exposure to either and remain extremely insular (eg. Stanford and Penn are the only American universities with a competitive program on Contemporary Indian politics and foreign policy, and there are only at most 20 American scholars on contemporary Indian policy - it was the same during my time in the early 2010s with regards to China, except instead of Penn it was Harvard), and that's why the US-India relationship has been in a tailspin for the past couple years. The US-India relationship are now in the equivalent position as that of the US and China in the late 1990s to early 2000s era, and are largely predicated on mutual competition against China.
Snafus like the RAW-backed Nijjar assassination as well as the US's support for Asim Munir highlights how the relationship is starting to fray. If alignment is not found within the next few years, the relationship will become competitive and potentially antagonistic in nature because India will start feeling that the US is encircling India just like China, and the US will start viewing India as "rocking the boat".
[0] - https://www.nytimes.com/1981/06/18/world/us-and-peking-join-...
[1] - https://en.wikipedia.org/wiki/U.S.%E2%80%93China_Agreement_o...
[2] - https://www.nytimes.com/1981/06/17/world/us-decides-to-sell-...
[3] - https://www.nytimes.com/1979/10/04/archives/study-urges-us-a...
[4] - https://www.nytimes.com/1983/05/26/business/us-china-investm...
[5] - https://www.nytimes.com/1989/06/05/world/the-west-condemns-t...
[6] - https://www.nytimes.com/1994/08/10/world/clinton-is-expected...
[7] - https://archive.nytimes.com/www.nytimes.com/library/world/as...
> Basically IMEI stamping because sim card purchase with ID has come to be viewed as flawed/compromised by NatSec types in India
Why not mandate virtual SIMs?
What about the low income people who cannot afford a new phone?
It's a dangerous trend that is happening. From EU chat control to this, is like everybody is so interested to know what the hell I'm doing with my life. The problem is with my kids, they likely will not enjoy freedom as we did it.
Very concerning. I will be suprised if companies like apple comply though.
Do they actually have a choice? Usually with laws and orders from the government, you can't do much than either go with the flow, try to lobby against it afterwards, or straight up refuse and leave the market. Considering Apple's ties to India, I feel like Apple is unlikely to leave, so that really only leaves Apple with the first; comply and complain.
> Do they actually have a choice?
Yes. Apple's revenues are half as much as the government of India's [1][2]. That's a resource advantage that gives Cupertino real leverage against New Delhi.
[1] https://www.apple.com/newsroom/2025/10/apple-reports-fourth-... $102.5bn / quarter
[2] https://en.wikipedia.org/wiki/List_of_countries_by_governmen... $827bn / year
Like any business Apple needs growth to satisfy the shareholders. New growth would come from India and China. Apple didn't leave China and neither it will leave India. India can and will survive without Apple. Though having it in the country would be good for optics.
The moment mobile companies locked down sideloading, ability to uninstall bundled software, etc., they made it impossible to argue techincally against bundled, uninstallable software from the government.
> Most people aren't content with merely surviving.
I think you overestimate the importance of Apple to India. It is just a company. And actually not the biggest employer or most tax paying one either.
Apple is not the only vendor in India and has also not the most sold phone.
You say "Like any business Apple needs growth to satisfy the shareholders." like it is acceptable.
Apple has built an entire alternative iMessage+iCloud setup in China to comply with government regulation. They also bowed to the UK's demands to disable E2EE backups.
They'll probably try to make the app as non-shitty as they possibly can, and will probably leverage all kinds of geographical restrictions and whatnot to isolate the impact of these changes, but when threatened with a large market share hit, Apple will comply.
Apple need India though. They’re moving a lot of their manufacturing there to derisk from a China.
Also, they gave in to the CCP and always say ‘we obey the laws of the countries in which we operate’.
Apple is, at the end of the day, just a business.
I fear (Apple) will do something that allows the government to do what it wants (with a bit more work) without explicitly installing something.
For example, with the UK encryption debacle, Apple removed Advanced Data Protections (e2e encryption) for iCloud users in the UK. So users' notes, photos, emails are possibly open.
"Leave us alone or we'll cancel our plans and move somewhere else"
As concerning as it is, this is just another addition to the pile of malware that a modern smartphone is. Everyone including SoC manufacturer, RF baseband manufacturer, OEM, OS developer, browser developer and app developers add their own opaque blobs, hidden executable rings, lockdown measures, attestation layers, telemetry, trojan apps, hidden permissions and more.
We lost the game when we allowed these players to impose limits on us in the way we can use the device that we bought with our hard earned money. Even modifying the root image of these OSes is treated like some sort of criminal activity. And there are enough people around ready to gaslight us with the stories about grandma's security, RF regulations, etc. Yet, its the extensive custom mods like Lineage OS that offer any form of security. Their extensive lockdown only leads to higher usage costs and a mountain of malware.
We really need to demand control over our own devices. We should fight to outlaw any restrictions on the ways we can use our own devices. We should strongly condemn and shame the people who try to gaslight us for their greed and duplicity.
I completely agree with you but I'm not sure I can really think of a solution for the RF baseband problem. I really don't want to live in a world where everyone's wifi signal is terrible because lots of stupid software devs decided to boost the RF power for their product to make it work better.
Yes. That thought did cross my mind. However, the RF baseband is an independent opaque blackbox already. As far as I know, it even includes an entire hidden operating system. But opening up the rest of the system, leaving the BB as it is, will go a long way to an open user-controlled system. We could adopt that as a stop gap measure until a longer term solution is found.
In the longer term however, we will need such a restriction on RF BB lifted too. Openness isn't just about modifiability. It's essential for security too. I'm someone who believes that security and granular restrictions can be implemented without being hostile towards users. This is why I don't buy Apple's argument that hardware lockdown measures like soldering on batteries, permanently gluing up ICs, etc are essential for miniaturization and security.
One solution for the problem you mentioned (devs over-boosting the RF output) is to have a one-time programmable power limiter after one of the final fixed-gain RF power amplifiers. (An example of a one-time programmable device is an anti-fuse FPGA). Such a baseband can be programmed to conform to the market country's regulations (or something even stricter) before assembly. This way, the developer can boost the signal as much as they want, but the device simply won't respond beyond the permissible limit.
Of course, all these are daydreams, because it has to be implemented by the baseband manufacturer. Unfortunately, their incentives don't align with our interests.
Is there any person or organization out there doing significant work against remote attestation being a thing? I'd love to support them.
Good to see someone well-informed. There is a lot being on that topic, you are not alone.
Thank you for your kind words and solidarity! Those who understand this should definitely take a public stance, because we're far too apathetic towards such exploitation. It's even more disturbing to see some people supporting measures like these!
You shouldn't be: https://news.ycombinator.com/item?id=26644216
Why wouldn't they? If Apple doesn't comply, the Indian government could force them to withdraw from the market or otherwise make their lives difficult. I can't see Apple or their shareholders caring about privacy enough to abandon such a large market.
They are doing this for US from the beginning so it is only matter of time or carefully applied pressure. This is only a PR.
> I will be suprised if companies like apple comply though
They will.
All tech companies already comply with India's IT Act. And India now manufactures 44% of all iPhones sold in the US [0] while dangling the stick of a $38B anti-trust fine [6] but also the carrot of implementing China-style labor laws [10] that Apple lobbied for [11], so Apple doesn't have much of a choice because both China and Vietnam (the primary competitors for this segment of manufacturing) have similar regulations while not shielding them from Chinese competitors. Samsung is in the same boat at 25% of their manufacturing globally being done in India in CY24 [1] while is also trying to further entrench itself [2][8][9] due to existential competition from Chinese vendors [3][7].
Heck, Apple complied with similar regulations in Russia [7] before the Ukraine War despite being a smaller market than India with no Apple manufacturing, engineering, or capex presence.
All large companies who face existential threats from Chinese competitors have no choice but to entrench in India as it's the only large market with barriers against direct Chinese competition - ASEAN has an expansive FTA with China which has lead both South Korea, Japan, and Taiwan to lose their staying power in countries like Vietnam, Indonesia, and Thailand where Chinese competitors are being given the red carpet, and Brazil is in the process of one as well.
And the Indian government is taking full advantage of this to get large companies to bend to Indian laws, as can be seen with the damocles sword of tax enforcement on Volkswagen [4] while negotiating an FTA with the EU and a potential $38B anti-trust fine against Apple [5] while negotiating a BTA with the US. It's the same playbook China used when it was in India's current position in the late 2000s and early 2010s.
Finally, India was in a de facto war earlier this year against Pakistan (Chinese manufactured missiles landed near my ancestral home along with plenty of Turkish and Chinese drones) along with a suicide bombing in India's Tiannamen Square (the Red Fort) a couple weeks ago [12], so anything national security has a bit more credence and leeway.
[0] - https://scw-mag.com/news/apples-supply-shift-to-india-speeds...
[1] - https://www.techinasia.com/news/samsung-to-broaden-manufactu...
[2] - https://www.chosun.com/english/industry-en/2025/11/25/SLEYWT...
[3] - https://www.digitimes.com/news/a20251118VL205/2030-samsung-s...
[4] - https://www.ft.com/content/6ec91d4a-2f37-4a01-9132-6c7ae5b06...
[5] - https://www.reuters.com/sustainability/boards-policy-regulat...
[6] - https://www.macrumors.com/2021/03/16/apple-to-offer-governme...
[7] - https://www.businesskorea.co.kr/news/articleView.html?idxno=...
[8] - https://www.digitimes.com/news/a20250903PD208/samsung-india-...
[9] - https://www.digitimes.com/news/a20241212PR200/samsung-india-...
[10] - https://www.bloomberg.com/news/articles/2025-11-21/india-imp...
[11] - https://www.bloomberg.com/news/articles/2023-03-21/apple-see...
[12] - https://abcnews.go.com/International/wireStory/india-intensi...
This is the Achilles heel of having a closed platform. Eventually the government dictates what's supposed to be in it.
Even an open platform would do nothing. If you are a suspect, your phone would be checked in person (India doesn't have the concept of the 4th Amendment, and police demanding physical access to your phone during a search is routine) and if you were using something like GrapheneOS, it would be used as evidence against you. Indian law enforcement has already used access to Signal and Telegram as circumstantial evidence in various cases, and it's a simple hop to create a similar circumstantial evidence trail with someone using GrapheneOS.
And anyhow, major Android vendors like Samsung have aligned with the policy as well.
> and it's a simple hop to create a similar circumstantial evidence trail with someone using GrapheneOS.
I think this is a bit exaggerated for effect. No one in India considers having a Linux laptop as being circumstantial evidence in case of a crime. Whereas having Tor installed would be.
That distro is seriously not good for your privacy.
DYR (deeper) and support less dodgy options like LineageOS.
FUD
Even in mainland China, where iOS does have a large amount of changes to comply with local regulations, Apple does not pre-install any apps from anyone.
China doesn't require pre-installed apps but the Chinese government require all data processing and storage to be conducted within China with complete source code access.
India chose to back off on data sovereignty [0] because it would have had a side effect of making Indian IT Offshoring less competitive plus to help make negotiating a US-India BTA easier [1].
[0] - https://verfassungsblog.de/cross-border-data-flows-and-india...
[1] - https://www.bloomberg.com/news/articles/2025-04-25/us-seeks-...
> making Indian IT Offshoring less competitive
So does a security backdoor in every mobile device used by said Indian offshoring staff.
I don't think there is any reason to assume they would allow forced code execution just because they allow data residency for mainland accounts. And unfortunately, China is likely a much larger and more profitable consumer market than India - presumably they can still export phones produced inside India without this.
This is an interesting point. Is there anyone in mainland china that does do not install WeChat plus AliPay installed? It is hard to live without it! Literally, you can buy a kilo of veg from a wet market stall and pay with AliPay.
>Even in mainland China [..] Apple does not pre-install any apps from anyone.
That's because China has no regulation obliging them to do so.
China takes the other, more comprehensive, route to privacy invasion. Sucking up every bit of data at the router.
GFW does indeed have man in the middle capabilities per the recent leaks of Geedge tech used in it. Your laptop might throw a warning for the fake signed cert, but devices in China that trust Chinese root CAs would not.
From what I just heard on the Upgrade podcast, Apple only put a splash screen up when you first purchased your phone “encouraging” users in Russia to download the app. It didn’t force you to.
That's true, it opens a splash screen. But if I remember correctly even if you dismiss it it opens a corresponding AppStore section. Which was kinda annoying but that's it.
In more recent developments of this story, looks like Russian authorities saw a success of EU's push for alternative stores and now want Apple to allow that in Russia too [1,2]. Sadly, the motivation is twofold: a. let authorities publish their spyware (Max messenger) and b. let sanctioned companies publish their apps (sberbank). I haven't heard a single word about caring for user freedom.
P.S. just for laughs: Since it's currently (almost)impossible to install alternative appstores, stores and online marketplaces selling iphones now label them as "defective" [3]: below title "Имеется недостаток товара: невозможно установить и использовать RuStore" = "Defect: impossible to install and use RuStore"
[1] (ru) https://www.ixbt.com/news/2025/07/07/apple-rustore-iphone-ip...
[2] (en) https://meduza.io/en/feature/2025/06/27/an-app-store-ultimat...
The same podcast episode - the latest one - said that Apple isn’t selling in Russia right now so the point is moot.
And these mofos complied to the request to block VPN apps on iPhones in Russia. Think about companies that cooperated with the Nazis.
have you seen what Tim Apple has been up to lately with his own government?
How is it different from preloading apps like Netflix, GMail and other shady apps for profits that collects a lot of data.
Considering India's low literacy, having a state owned cyber safety app shouldn't be much of an issue. It's not like a backdoor, but safety of citizens, which is the prime mandate of a sovereign state.
The difference is restricting removal of the app. It takes away the user's choice. As far as I know all preloaded apps, at least on Android, can be disabled if not uninstalled.
> The November 28 order, seen by Reuters, gives major smartphone companies 90 days to ensure that the government's Sanchar Saathi app is pre-installed on new mobile phones, with a provision that users cannot disable it.
> It's not like a backdoor, but safety of citizens, which is the prime mandate of a sovereign state.
This sounds great in theory. But in practice this sort of thing is rife for abuse. Say, I have complete control over what this app installed on your phone does in the background. And you were my political opponent. Would you trust me to not use this backdoor into your phone to my advantage?
Apps like Netflix, GMail are not forced on users by a govt. It is an open marketplace. Users have options. They are free to buy phones that do not have those apps pre-installed.
How do you know it isn't a backdoor? Do you have access to its source code?
This kind of app should be be open source.
I found a directive[1]:
> Pre-installed App must be Visible, Functional, and Enabled for users at first setup. Manufacturers must ensure the App is easily accessible during device setup, with no disabling or restriction of its features
While I can get behind the stated goals, the lack of any technical details is frustrating. The spartan privacy policy page[2] lists the following required permissions:
> For Android: Following permission are taken in android device along with purpose:
> - Make & Manage phone calls: To detect mobile numbers in your phone.
> - Send SMS: To complete registration by sending the SMS to DoT on 14422.
> - Call/SMS Logs: To report any Call/SMS in facilities offered by Sanchar Saathi App.
> - Photos & files: To upload the image of Call/SMS while reporting Call/SMS or report lost/stolen mobile handset.
> - Camera: While scanning the barcode of IMEI to check its genuineness.
Only the last two are mentioned as required on iOS. From a newspaper article on the topic[3]:
> Apple, for instance, resisted TRAI’s draft regulations to install a spam-reporting app, after the firm balked at the TRAI app’s permissions requirements, which included access to SMS messages and call logs.
Thinking aloud, might cryptographic schemes exist (zero knowledge proofs) which allow the OS to securely reveal limited and circumscribed attributes to the Govt without the "all or nothing", blanket permissions? To detect that an incoming call is likely from a spam number, a variant of HIBP's k-Anonymity[4] should seemingly suffice. I'm not a cryptographer but hope algorithms exist, or could be created, to cover other legitimate fraud prevent use cases.
It is a common refrain, and a concern I share, that any centralized store of PII data is inherently an attractive target; innumerable breaches should've taught everyone that. After said data loss, (a) there's no cryptographically guaranteed way for victims to know it happened, to avoid taking on the risk of searching through the dark web; (b) they can't know whether some AI has been trained to impersonate them that much better; (c) there's no way to know which database was culpable; and (d) for this reason, there's no practical recourse.
I recently explained my qualms with face id databases[5], for which similar arguments apply.
[1] https://www.pib.gov.in/PressReleasePage.aspx?PRID=2197140&re...
[2] https://sancharsaathi.gov.in/Home/app-privacy-policy.jsp
[3] https://www.thehindu.com/sci-tech/technology/pre-install-san...
[4] https://www.troyhunt.com/understanding-have-i-been-pwneds-us...
What stops someone from loading GrapheneOS on their (Indian) Android phone?
Mostly the fact that GrapheneOS only works on Google Pixel hardware currently and vendor unlock status. It's the only available phone hardware that provides full bootloader unlock capabilities AND suitable security protections baked into the secure enclave and boot process, including things like rate limiting in hardware like password cracking attempts via external brute-force input means, lockdown of usb ports until boot unlocked with a pin, etc. Their website spells out all the reasons.
Other phone makers could if they wanted to do the same, but do not as an active choice, or at least somebody's choice above them.
It will be used as evidence that the person who has GrapheneOS on their phone is attempting to break the law. Telegram and Signal chats are often used as circumstantial evidence of malfeasance in Indian national security cases, so the jump to using GrapheneOS as evidence of malfesance is tiny.
India already considers communications they can't monitor illegal. Specifically, satellite communication devices. Not just the crazy expensive satellite phones, but the satellite texting devices a lot of us backcountry types have. And some have been arrested for having them. Yeah, terrorists have used such stuff, but to us it's 911 for when we are far from the cell grid.
FUD
"Cops in this country think everyone using a Google Pixel must be a drug dealer" (because of GrapheneOS)
https://news.ycombinator.com/item?id=44473694
https://grapheneos.social/@GrapheneOS/114784469162979608
> European authoritarians and their enablers in the media are misrepresenting GrapheneOS and even Pixel phones as if they're something for criminals. GrapheneOS is opposed to the mass surveillance police state these people want to impose on everyone.
I see it more as an extra reason to use it:
- If only criminals want privacy, privacy becomes suspicious
- If more people use an open OS, it's more profitable for commercial entities to not put in extra effort to block these devices due to the FUD going around about them being insecure
So if someone suggests that using open source software is increasingly being seen as suspicious, the #1 thing to do is start using it
Custom ROMs fail device integrity, which means you cannot use banking, financial, government, payments and telcom apps, not to mention all the games that refuse to work.
... secure boot?
I don't understand "just load GrapheneOS" sentiments. It only runs on extremely specific flagship devices with explicit features that allow it that are out of financial and technical reach for >99.9% of population of Earth and it still fully relies on AOSP. It's an escape hatch for mice. Or is it really not that way?
It is a dodgy Android distro for several reasons.
LineageOS has no such shenanigans nor has a pattern of suspicious funding.
> It is a dodgy Android distro for several reasons.
What are these reasons?
> LineageOS has no such shenanigans nor has a pattern of suspicious funding.
What pattern of suspicious funding?
There are threads on YC almost every week/month promoting that dodgy distro. Inside them are the comments with proper details from plenty of other YC users.
For the sake of avoiding repetition or bias, just do your own research. There is a search box at the end of the page.
you're all over this thread saying this, can you link an article or at least explain what you mean?
Can you see how you look like a bad faith actor by making claims and they telling others to research your facts?
That's because there aren't really any. Yes, it's kinda maddening that the best hardware to de-Google your life is to give Google even more money and buy a Google phone, but, after having used that search box, all I could find are complaints that it's not very usable because they disabled so much shit in the name of security and privacy, but I saw nothing where it fails at the technical details in protecting privacy. There's some purist bit about the timing of updates and availability of source due to embargoes, but even they are being practical in that case. So no, unless I missed something, it's not common knowledge, and you're just pretending there is to make it seem like there is something there when there isn't.
In the time you've spent writing all these vague comments you could have just cleared up the confusion. I cared enough to read a comment you would write out, i really don't care enough to go research it
The year of the Linux phone in India is coming.
Horrible for a so-called democratic country …
The clipper chip was brought to us by the country that proclaims to spread democracy across the world. Democracies can be authoritarian if you scare the public enough.
Democrats in the US touting „combating hate speech” would love to do the same here
If it can be abused, it will be abused. Corruption exists anywhere humans exist. Convenience and security are the bait. Why do people want to be caged?
"With 5 million total downloads - the app has saved 3.7 million lost phones", this somehow doesn't add up for me, as this implies more than 74% of phones are stolen? Or this this govt lying to pad the numbers to make the app look like a sheep in wolves clothing.
People download it only when their phone is stolen.
They download it where? On a spare phone? How does that work?
> Apple's iOS powered an estimated 4.5% of 735 million smartphones in India by mid-2025, with the rest using Android, Counterpoint Research says.
Sounds like Google should be the one leading the charge against this. Will be interesting to see what they do.
> The app is mainly designed to help users block and track lost or stolen smartphones across all telecom networks, using a central registry.
It's an app. That's all it does now (presumably). Once installed, it can be changed in the future to do all kinds of terrible things. This is big brother.
A government minister has clarified that the app is not mandatory but "optional" and can be deleted by the user is they don't want to use it - Sanchar Saathi app optional, can be deleted, says Telecom Minister Scindia - https://www.thehindu.com/sci-tech/technology/sanchar-saathi-... .
> A government minister has clarified that the app is not mandatory but "optional" and can be deleted by the user
In India it doesn't really mean anything. As an example the biometric based id 'Aadhaar' is 'voluntary' on paper, The Modi govt had to concede this after a Supreme court judgement that made it clear that Aadhaar cannot be made mandatory. However in practice it's anything but. Govt officials will openly refuse to consider other forms of id. They have been informally told by the highest rungs of govt that they will be protected against any complaints and that they need to insist on Aadhaar.
The whole point is to make daily life practically impossible without Aadhaar so that the citizens give in and 'voluntarily' give their biometrics.
The order states:
> Ensure that the pre-installed Sanchar Saathi application is readily visible and accessible to the end users at the time of first use or device setup and that its functionalities are not disabled or restricted.
https://www.pib.gov.in/PressReleasePage.aspx?PRID=2197140&re... (Press Release)
https://x.com/arvindgunasekar/status/1995540552205697079 (Leaked Order)
Does not sound optional. (I do not have an Aadhaar and have to fight across regulated domains - finance, insurance, banking, investments, even renting).
This is just bad PR from Indian government. Communication minister clarifies the app is optional https://timesofindia.indiatimes.com/technology/tech-news/tel...
Reuters/BBC have been famous to pounce and sensationalizing.
Sounds like both articles are right: There was a private government order to preload that app to smartphone makers. And it is not mandatory for citizens to use the app.
No sensationalizing apart from you it seems
not really. you may read the official notification here https://www.pib.gov.in/PressReleasePage.aspx?PRID=2197140&re...
"Manufacturers must ensure the App is easily accessible during device setup, with no disabling or restriction of its features"
I assume that in the US, the major manufacturers of phones and their operating systems already have backdoors for national security reasons. I think back to the past leaks from Snowden regarding the PRISM program. That program specifically included Google and Apple cooperating with the government under the FISA Amendments Act of 2008.
So while this state-owned cyber safety app is authoritarian, I wonder if it reflects just the most practical way India’s government can achieve the same things that the US has.
I am not defending it's use but a secret program is a targeted program, you can't use it in sweeping arrests without parallel construction. Whereas with an openly existing program you can point out that someone has been talking to their friend about how to get abortion medication and arrest them.
The real issue with 100% enforcement of law is it requires a society with differing values to not just agree on which laws exist but what just punishment is. Without leeway for differing social judgement or bifurcation.
These are just excuses to convince yourself that what the US is doing is "not bad" but what India is doing is "terrible".
Both are doing similar things. You have no idea what the US is doing; I have some inkling, and it is terrible.
At least India is publicly disclosing what this app does, and that the phone has this app. Do you have any idea what the US does?
Hint: that big data center in Utah, what is it for?
Another hint: the US has given many billions of dollars to US telecom companies under the guise of "rural broadband" and "rural cell service". Has the state of rural service really changed much in the last 30 years?? Why has all that money been given, then?
Did you mean to reply to someone else?
No one is claiming the US government is doing less terrible things than the Indian government.
I very much am not. If I point out that bombing a wedding with no terrorists is awful that does not mean I think bombing a civilian building hosting a wedding that terrorists are actually using as a base is great, even if most people would find the later more justifiable (i.e. more justifiable doesn't mean justified).
Parallel construction is incredibly easy though with confidential informants and honeytraps/entrapment (for another crime, for example).
And this is why we need unlockable bootloaders and stuff like Graphene and LineageOs. Having only two mobile Os is very convenient until stuff like this happens.
It is happening, in spite many won't really deeply believe. Every day 33 brits are arrested for what they say online.
It's happening, and it's time we say no. It's uncomfortable, but we need to do it en masse, right now.
Do not buy backdoored hardware, help others get rid of the backdoors, use anonymous technology to organize protests.
There has to be a line.
I didn't find any context for your claim so here is some reddit comment:
So it’s true 3,300 people were arrested for posts online. What they don’t tell you are the statistics or context. The actual law for these arrests covers EVERYTHING online. These arrests include those arrested for terrorism (if the planning/act of terror includes any online communication in the UK), threats of violence, racist abuse, hate speech and unwanted communication (including sending unsolicited sexual photos to strangers). It also includes spreading false information that could cause harm or affect an ingoing investigation.
If you look at convictions, only 137 people were actually sentenced in 2024.
https://www.reddit.com/r/DebunkThis/comments/1mmux6r/comment...
The arrest is the punishment. Here is a man getting arrested and subsequently harassed by the Police for 13 weeks for just posting a picture of himself with a shotgun in America.
Or the Tennessee man held in jail for over a month for a Facebook meme post: https://www.wtae.com/article/tennessee-facebook-post-felony-...
Note: this occurred in the US and not the UK but it happens here, too.
We’re basically seeing this story through media summaries and Richelieu-Booth’s own account, which means the narrative reflects either what he says happened or brief police statements. There’s very little publicly available that allows anyone to independently confirm or contradict either side.
Stories like this are designed to provoke a reaction, but the truth could be far more mundane: he might be a completely unreasonable person who was genuinely stalking someone, and police might have had credible concerns. We simply don’t have the full picture.
For balance, West Yorkshire Police do have a reputation for being heavy handed. the same force that used drones during Covid to shame people walking alone on the moors.
My point is: this isn’t solid evidence of Orwellian decline. It’s difficult to draw sweeping conclusions about Britain from a single case built on incomplete information and media amplification.
This has a bit more info: https://www.yorkshirepost.co.uk/business/orwellian-nightmare...
Notably:
> with the situation causing him considerable stress at a point where he was also dealing with an inquest into the deaths of his parents, who had both died in a car crash in 2023
so for some reason, there was something going on about his parents' death two years later. The article also states:
> He said the complaint against him was linked to an ongoing business dispute.
My take is that someone used his pictures of him holding guns (illegal in the UK) as support for a claim that he is an armed and dangerous stalker. Whatever got flagged regarding the inquest into his parents' deaths probably added suspicion. Police acted quickly (as they should, but probably too quickly) and made mistakes, but it looks like they couldn't accept that they were being used, so they decided to continue pressing onwards with the investigation, hoping they were still right and wouldn't be on the hook for a false arrest.
Getting falsely arrested is always terrible, but the way the media spins this as some kind of witch hunt about a LinkedIn post is misleading at best.
> These arrests include those arrested for terrorism (if the planning/act of terror includes any online communication in the UK), threats of violence, racist abuse, hate speech and unwanted communication
All of these attempts to "debunk" this statistic feel like they're missing the mark. How did the UK get a point where planning terrorism and making mean comments online go into the same statistic for arrests? Does it not seem strange that the second half of that list is worthy of arrest?
> If you look at convictions, only 137 people were actually sentenced in 2024.
This, again, does not help. Being arrested isn't a casual thing. It threatens everything from your job to your reputation and your relationships, even if you aren't convicted.
In many countries you do not get charged with every possible crime if there is a larger crime involve. If someone rob a place, they don't also need to have separate charges for illegally entering the place, destroying property when they broke the window, selling stolen goods, wire fraud for using the banking system, and money laundering for concealing that it is illegal money, and tax evasion. Each step is illegal on their own, but time crime statistics won't be written like that. The prosecutor may argue that if the accused are not found guilty for the primary, then secondaries may then be used.
The strange thing is that the UK are arresting people for abusing the telecom system, and not for the more serious crime like terrorism, death threats, harassment and sexual harassment.
> How did the UK get a point where planning terrorism and making mean comments online go into the same statistic for arrests?
In most publications: because the people reporting on these statistics can get more views and clicks that way. FUD sells. If someone online can defuse the statistics, the reporters that spread them also could've, but chose not to.
As for the second half of the list, "racist abuse, hate speech, and unwanted communication" are pretty common things to incriminate. Even the extremely liberal freedom of speech laws in the USA do not permit stalking ("unwanted communication") and racist abuse is criminalized in all kinds of cases (i.e. firing someone because of their race).
Can you just imagine the amount of arrests we’d have in the US if simply saying really offensive things at officials was enough to get you arrested.
Using Carlin’s dirty words against others you dislike or quoting passages from historical books should not warrant arrests.
Thank you. I heard the number locally at a privacy conference. No hard data, but I saw them being terrified for 1984 becoming a reality. Even if there's no sentence, the real result is self-censorship, which is NOT shown up in ANY statistics.
It also includes traveling to the United States where gun ownership is legal, and posting a picture of yourself holding a gun.
... following a police complaint about stalking, against a man involved in a business dispute, seemingly among other things. He may be innocent, but there's more to the story than the picture of the gun.
This comment is getting downvoted, but another comment provide a real source for this having happened to someone: https://archive.is/bH56T
Ahh yes reddit the most accurate location of truth finding. Could you at least link the source of the comment or are we supposed to take a random redditor as fact?
oh well as long as it's only happening to some people no problem then huh? That's okay?
UK has been self destructing for a looong time now. While things aren't great globally for free speech and privacy, I don't think pointing to UK as an example for anything makes sense. They have been on their path for many decades.
The price of freedom will only go up. People can’t help but wait to buy at the last minute when it costs an arm and a leg.
Do you have a source for the Brits being arrested?
This is probably one of the best ones https://www.bbc.co.uk/news/articles/c9dj1zlvxglo
Edit: I believe they are now getting compensation for a 'wrongful arrest' which, sounds entirely deserved.
I don't know. You can bet these people were being obnoxious sh*ts to teachers and trying to rally some online mob to get their way. No much sympathy from me, even if arrest (and not a stern telling off and being told to set a good example for their kids and behave like adults) was a bit much.
Yeah I can imagine, I know the sort, however you can't really assume that as you don't know them, people have a right to be upset if their children's education is at stake and in some cases the schools management can be the 'obnoxious sh*ts'.
What is clear though is there has been some abuse of power by the police. I wondered if someone at the school 'knows' someone in the police, which made it go so far.
A Liberty GB spokesman said: "Mr Weston was standing on the steps of Winchester Guildhall, addressing the passers-by in the street with a megaphone.
"He quoted an excerpt about Islam from the book The River War by Winston Churchill.
"Reportedly, a woman came out of the Guildhall and asked Mr Weston if he had the authorisation to make this speech.
"When he answered that he didn't, she told him: 'It's disgusting', and then called the police.
"Six or seven officers arrived. They talked with the people standing nearby, asking questions about what had happened.
"The police had a long discussion with Mr Weston, lasting about 40 minutes.
"At about 3pm he was arrested. They searched him, put him in a police van and took him away."
You got a loiscence for that speech?
If even half of that is true, I can't fathom why someone would willingly live in that total shithole of a country.
willingly live in their homeland? yeah i don't know either bro
I'm not OP but a quick yandex search (google isn't great for conservative news) suggests ~12k people were arrested last year for speech. https://nypost.com/2025/08/19/world-news/uk-free-speech-stru...
This article says 10k https://www.zerohedge.com/political/britains-speech-gulag-ex...
More broadly it's been a huge issue for a while, tons of articles come out of the UK for people being arrested for criticizing politicians/policies. Even more dystopian is it's hard to report on, because the police might come after you for talking about it. Germany is having similar issues, it's easy to forget most of the world (including Europe) doesn't have free speech
Brits get arrested for even supporting peace, I don't feel I need to verify this claim.
the lowest resistance solution to e.g. cheating at school using ChatGPT will be spyware on kids' devices.
while nobody should be arrested for speech online, here on hacker news, people are downvoted for saying something unpopular (as opposed to whatever, i don't even know what the criteria is, but maybe it should be "toxic") all the time. you are preaching to the wrong audience, not the choir.
I've seen what's said online these days. Open racism and bigotry. This has always been the case but now it's done without shame by prominent people and influencers using their real account. Twitter is as bad as Stormfront these days.
We absolutely need to police hate speech.
> There has to be a line.
There is no line at all these days, with open hatred displayed. Fascism is on the rise across the world off the back of the hatred that's produced on social media.
> Every day 33 brits are arrested for what they say online.
They must be giving them tea and crumpets before releasing them to generate more hate online because it clearly isn't working.
Is it your view that no-one should ever be arrested for anything they say, in any context?
> There has to be a line.
Where do you draw the line?
I'd like to think that we all agree that you would be arrested for saying things in person (hate crimes, etc) would be the same things you'd be arrested for saying online... i'd place the line about there.
However, there are cases which do cross the line... https://www.bbc.co.uk/news/articles/c9dj1zlvxglo
> we all agree that you would be arrested for saying things in person (hate crimes, etc) would be the same things you'd be arrested for saying online..
And that’s where you’d be wrong - lots of us belief that speech should not be a cause for arrest except in the most extreme circumstances. Hurting someone’s feelings is not that
> And that’s where you’d be wrong - lots of us belief that speech should not be a cause for arrest except in the most extreme circumstances. Hurting someone’s feelings is not that
what is an extreme circumstance?
At least in the UK, hate speech is a crime and is punishable by law, whether people agree or disagree is irrelevant, I do believe that if it's illegal on the street it should be illegal online, obviously in the relevant jurisdiction.
The developers of this app have a @ gmail.com mailbox listed as the support contact.
And they claim to protect people from fraud / phishing / scams.
> https://x.com/shantanugoel/status/1995874411543671208
>> sanchaarsaathi.dot AT gmail dot com >> broadbandmission AT gmail dot com
Google, the phone manufacturer and now the state running bloatware on my phone. I will have three dialers, calendars, etc. All of them uninstallable
Get GrapheneOS. The installation is painless and the OS surperior. No mainstream phone OS is viable in the privacy and security nightmare of today.
I can actually not have a phone like I don’t need one that bad if they want to make it a nightmare. I can go back to a dial tone.
I have to say I'm really surprised that I didn't find "fighting CP & terrorism" as the main push for this.
Government of India issued a follow up gazette notification withdrawing mandatory pre-installation of Sanchar Saathi app on smartphones: https://news.ycombinator.com/item?id=46132822
The article mentions blocking phones with stolen IMEI's, but iirc that's mostly up to telecom network providers to block rather than some "app". Also doesn't Apple have their own locking technology?
In short, the arguments for this seems to stink?
Want to check number of SIMs in your name? Download Sanchar Saathi to check:Links to Play store and App Store. Department of Telecom
I was getting these messages for sometime and installed it finally. It is the same app that is mentioned in the article. My phone is already in the system then.
Just another round in the decades-long battle of who owns your device: Industry or state. It's never you, mind you, who owns your device.
The perversion is that you are legally responsible for what happens with your device, but you are unable to prevent others from using it as they wish. An app like this is automation for putting people into jail. Just upload some illegal content and then "detect it". There's literally nothing you can do to defend against this attack, and it will work until it's overused.
If the app requires an on device backdoor, Apple won’t likely cave to it. If it’s sandboxed, the amount of things it can do is limited to tracking user location, given Apple also disabled turning off location sharing
Such a stupid move, I’d bet that it’ll be withdrawn quietly.
Why would you give the government such power? Don't think about the current government that you may be happy about - think about the next one.
I don't get it. Don't many if not most of these scams originate from India? Wouldn't it be better to stop the scammers directly?
Actually it’s Cambodia now.
If their goal was to increase the security for their citizens, you would have a point
Nothing in this app stops scammers, scammers use land lines/voip to make calls.
So, basically, this is just SIM card functionality for the age of eSIMs?
A lot of people in this thread seem unaware of what SIM cards actually are and do.
Apple said this morning they will not comply.
The only correct response.
Does this mean visitors to India would also get this app installed on their phone as soon as they land in India?
I am visiting India. The app wasn’t installed automatically. I received the SMS telling me to install the app but I am using an Indian sim borrowed from a friend. So I figured I got the SMS because of Indian sim. My wife didn’t receive sms as she is using Airalo esim data service.
I didn’t know the SMS was legit or not and I just marked it as spam. The challenge I have found with mobile in India is the excess of sms spam. Also the sender is always some cryptic alphanumeric characters so authenticity is difficult to judge.
Apple's geotargetting was at least in the past tied to where device was sold. Example is FaceTime in UAE: phones sold there will never have working FaceTime anywhere but if you bring your American phone in, it seems to work.
But easy enough to tie it to iCloud region - you have to set your device and iCloud to Indian region to be able to use many of their region specific payment methods (ie UPI)
The government is afraid of its people.
This is going to tie in with digital ID. Obviously the Indian government has never been corrupt or abusive.
Does it apply to iPhones manufactured to India, which are meant for export to other countries?
Totalitarianism is a form of class warfare. Make class warfare M.A.D.
i thought 'india' here indicate china before i clicked in.
As "totalitarian" as it sounds, it actually makes sense that India's govt had to take such drastic steps. Telecom providers and smartphone manufacturers have criminally refused for decades to protect end-users, because it makes them money.
Govt can't have their population at large being scammed by criminals and do relatively nothing about it. It's a huge economic and productivity drain people seem to have "accepted as normal".
So how do you not shut down and arrest these greedy international corporations, which would disrupt a country's infrastructure, despite ongoing warnings? Force them.
To me it's akin to the US govt mandating software that allows users to report any and all spam, fully traceable to criminals and providers, whom the govt could prosecute/heavily fine 100% of the time. Dangerous 2-edged sword, but if takes down that despicable scam industry, later it can transition to a law mandating the same protection but in a privacy a preserving manner.
“greedy international corporations”. I see where you coming from.
Is this going to be a requirement for BRICS member countries?
Too bad, 90% traffic they will monitor would be porn.
ref: "the new tobacco"
this last year i'm seeing very concerning behavior in students in the 14-20 range. complete addiction to their phones. very deep interests in things i was completely unaware that they existed. similar to how when i started noticing anime girlfriends/waifus in 2016.
about 40% are deep in discord communities where i literally cannot figure out a single sentence of what they're talking about.
if society doesn't do something, and soon, say goodbye to the cognitive ability of a large chunk of future generations.
> very deep interests in things i was completely unaware that they existed ... say goodbye to the cognitive ability of a large chunk of future generations
I would think very deep interests in niche or obscure topics is correlated with increased cognitive ability, not a decrease.
anime waifus?
> very deep interests in things i was completely unaware that they existed
That's just a symptom of getting old. Young people always find stuff that baffles adults. When I was a teenager, Anime itself was like this - just being "into" anime was considered some kind of bizarre, obscure affectation by adults.
I think smartphones present real challenges (and I don't get how/why they're allowed in schools), but a lot of what you're describing is normal.
The children now love luxury; they have bad manners, contempt for authority; they show disrespect for elders and love chatter in place of exercise. Children are now tyrants, not the servants of their households. They no longer rise when elders enter the room. They contradict their parents, chatter before company, gobble up dainties at the table, cross their legs, and tyrannize their teachers.
- Sir Humphrey Applebee, 1773.
> very deep interests in things i was completely unaware that they existed
as one of said students, I would just call these hobbies!
> about 40% are deep in discord communities where i literally cannot figure out a single sentence of what they're talking about.
I feel like the same could be said of an at the time adult looking at my IRC or MSN Messenger logs from when I was a teen.
Got some example words or phrases? When I hear stuff like this I'm curious how much is just your standard "out of touch adult" stuff and how much is genuinely bizarre niche rabbitholes.
If by "society" you mean the state, I disagree.
The world is changing quickly, and many people may run into problems, but I'd rather let cultural solutions to these problems naturally arise. Relying on a government to impose top-down solutions on these complicated and poorly understood problems is a recipe for a disaster of unintended consequences.
Is this an "old man yells at cloud" impersonation?
When do we find the first Critical CVE in it?
In wrong hands, this is a very dangerous tool.
Meanwhile the US has more than 4 different state owned cyber crime apps named after random things such as Google, Apple, Microsoft and Facebook, and many more. The kicker is they run all over the world.
Anyway, that doesn't in any way negate that this is shit for the people of India.
Soon in U.S.
For the safety and security of children, of course.
Honestly shocked it took this long for governments to start doing this; it seemed inevitable that governments would want all the data private entities have been enjoying.
More and more it seems like the benefits of being connected are not worth the cost of being so visible to so many hostile (state and non-state) actors
Yeah, internet is a dead star in so many ways this days. Repetitive, addictive and a private data sucker. I'm already starting to buy programming books and offline content preparing for a radical semi-disconnection.
DO NOT PRELOAD! DO NOT PRELOAD!!!
What should have happened is that they should have forced mobile vendors to allow users to uninstall all apps. What actually happened is that they are asking for their app to be installed as well, sigh.
OK: added to debloat list.
These things are more a factor of aggregate risk handling. As an example, if you have tuberculosis it is possible even in the US for the country to mandate that a doctor watch you take the treatment. Totalitarian? Authoritarian? A tool that could be used to force someone to have to show up to where a state-controlled authority could confirm that they are? Yes, all of these things could be words you could assign to that.
But societal combined risk is commonly handled in this way. In the US, if you employ someone you have to report that you paid them to a central federal government. Way to track someone? Surveillance state? All words you could use.
And the government previously restricted gambling and so on. The question isn't "why would a bad government do these things?". The question is "would a benevolent government do these things?" and "if so, why?". And the answer is quite straightforward, I think:
Someone in the government has observed that there is a great deal of cyber crime in India. A fairly uneducated population, with very high smart-phone penetration (85%+ apparently), and a large number of fraudulent actors that their federal government is unable to enforce against. So they're attempting to attack the problem where they can.
This is ultimately India. They don't need insidious "app on your phone" / stingray / any other sophisticated solution. The local politicians can manipulate local authorities to get your cell tower association data and SMS. And if they want your comms devices they will rubber-hose the secrets out of you.
Someone I know worked at a big FAANG. He's Indian so went back to Bangalore to see his ailing mother. One day he took an auto-rickshaw while wearing his FAANG sweatshirt. The driver took him to a makeshift jail where he, police officers, and a magistrate conspired to threaten the guy with prison unless he paid $10k. $10k is nothing to a FAANG engineer, so he paid up, was brought in front of court on some lesser charges and then had to pay a small fine (much less than $10k). And then he flew back to the West Coast and never returned to India. Trying to reason about this kind of place using the perspective of the West is meaningless.
I think it unlikely they're trying to use this as cyber-surveillance. India simply does not have the infrastructure necessary to do that at scale. And they have the infrastructure for the rubber-hose, and Indians wear their identification on their sleeve, so to speak. Names point to ethnic groups and castes. Primarily endogamous marriage means if you want to perform violence against groups you can simply spread out from one member of the family unit being visibly of that group.
Using an app to get access to someone's data there is sort of like using Heartbleed to get root on a machine on which you are in /etc/sudoers with NOPASSWD.
All good goals - but this can be done by the government forcing the private companies (Apple/Goog/Samsung) to build tools, reporting, support services around helping with both Scamming applications or Stolen phones etc....
This will keep the data out of governments hands, while pushing the cost burden to these companies and they would be better equipped to build around these goals than the government themselves.
We all know the govt doesn't have a great track record with using Pegasus etc... Giving away control to apps that can decide your phone is stolen and lock it opens the door to any possibility including a totalitarian regime. It would be naive to believe that even if this is done with good intentions, such control could be easily mis used by opposition parties, one malicious individual etc...
I don't think the Indian government realistically has the ability to enforce on Apple/Google/Samsung like that. Regardless, even if they did, India has a diversity of (what we would probably consider) garbage smartphones. For anyone who lives in the West and is used to the kind of state legibility and control here, I think they'd find India quite surprising. The state has limited visibility and control there, simply because they never built a trustable bureaucratic network of data transmission.
If you read the Internet, you will hear that India has strict controls on KYC for SIM cards and so on. But on my last trip there I acquired one without much fuss. I'm not sure how that happened but I didn't provide any ID! I suspect that in such an environment you can't really do the thing you're suggesting.
The average mobile phone store there had an absolutely mind-blowing profusion of smartphone brands that all sound like those Amazon drop-shipped Chinese brands: Vivo, Poco, Realme, Oppo. And those are the good ones! There is a Cambrian-like explosion of brands there from various manufacturers. It's an unusual place.
EDIT: I'm going to have to reply to you here because I'm rate-limited on comments. See below in response.
Is it contradictory? I imagine saying "install this app on your phones from the factory when selling here" is a lot more achievable than coordinating what you suggested which is:
> ...build tools, reporting, support services around helping with both Scamming applications or Stolen phones etc....
But perhaps you anticipate these to both require equivalent ability? If so, I think that's the crux of the disagreement. I don't think the Indian state has the power to set up a mechanism to set a standard for tools, reporting, and support services that meet some requirements to detect scammers etc.
In fact, I think that's a really high bar. I think perhaps only highly developed nations would have any success designing such a program. I think even the smaller EU member nations would fail at it, and I don't think any of the developing nations (barring China).
I feel like you are making a contradicting point, on one hand you say its all disorganized but "organized enough" to allow the govt to force install their app, but not enough so it can coordinate the same thing with the same people they are going to force to install the app?
reminder - there's tech out there that enables reading your mind
>With more than 5 million downloads since its launch, the app has helped block more than 3.7 million stolen or lost mobile phones
Ah yes, so because someone has stolen MY phone, I should give up all my right to privacy and allow the government to have their claws in my phone.
Logic. What a silly point to make when 'findmyphone' services, which are OPT-IN litterally do the same thing.
the good news is that I'm personally on my last few years online. I don't think there's anything really worthwhile in this space to do as a contributor or even as a consumer
When the hell do we start to build these products here again like it was just 20 years ago? And let's stop with "it's too expensive here...". For God's sake, these are products we use every minute of our lives.
Enough is enough...
“The welfare of the people has always been the alibi of tyrants.”
"cyber safety"
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[flagged]
You are drawing a false equivalence. Using Gmail is a choice, but having an app preloaded without an option to uninstall isn't.
Hello I host my own email server. Your move...
Do you use gmail, is that why you assume everyone else does as well?
[flagged]
When Deep State is doing this through Google and Apple's backdoor, its okay. But when a democratically elected entity does this in its own region, they start getting lectures on freedom.
Find one HN thread where consensus/majority is that Apple/Google backdoors are okay
Literally nobody thinks that's ok besides the people doing it.
Sovereign tech stacks matter
Without domestic silicon or OS, you're forced to mandate bloatware that users can see
Real power operates at the silicon/firmware level, invisible, unremovable, and uncompromisable
This is a cringe move from India
https://www.centerforcybersecuritypolicy.org/insights-and-re...
> I'm shocked
India is currently run by a nationalist regime headed by the so called "butcher of Gujarat"[1], there isn't much that would shock me wrt to that lot's totalitarian tendencies.
[1] https://en.wikipedia.org/wiki/Public_image_of_Narendra_Modi
Mate, this isn't even remotely "nationalist". This stuff is being pushed across the world. Digital ID? The only people really desperate for it are our rulers.
How so? In Sweden we have digital ID and it's great! Super practical and I struggle to think of how it would be used to spy on citizens, given that it has the same legal protections as banks have regarding your account transactions etc.
Like sure you could in theory see every document I've ever signed if you have a warrant for BankID servers, but you could probably glean most of that if you had a warrant for the banks servers anyway, so it's not really a new capability.
> If your digital ID is controlled centrally by the government (the guys that are watching most things you do already), and you need your digital ID to do most commercial interactions (banking, buying things, travel, etc), it means the government can revoke your ability to do any of those commercial interactions (or even other things that aren't strictly commercial, think "travel papers" for driving out of state).
The government can already do this today in the US, they can put your ID on a fly denylist, your passport on a "always go to secondary screening list" (ask anyone who's ever been to Iran on vacation and then decided to travel to the US) and your license plate on a wanted list.
Actually Visa and MasterCard used their position to influence on business like Steam or Pornhub.
I completely agree with your main point, but the state supervised CO2 budget strikes me as a bad example; I see no real way to prevent companies and citizens from "externalizing costs" in the form of environmental damage except by regulation that restricts (historically, we did not get rid of leaded gas by gentle admonishment either).
But my digital ID is in addition of my physical one, it's not a replacement.
It provides convenience, and the only thing I'd lose of it was hypothetically revoked(the government has no such powers, and are unlikely to gain them, more on that later) is that convenience.
The reason the government is unlikely to gain those powers is that it would require a change in the grundlag, and such changed has to be approved twice, and there has to be an election between the two approvals.
> It's that it's a permission system that can be instantly updated and centrally managed by people that have legal authority to spy on you.
How is it a permission system? It's a way to prove your identity safely, online. No proposal/implementation that I'm aware of (maybe outside of China, but I'm not familiar enough) that actually conditionally does so based on preconditions and blocks you from actions. It would probably be actively illegal to do so in multiple countries.
> But these things are not tied into every aspect of your life (your bank doesn't necessarily know how many miles you've driven this year)
I mean, that's not true. LexisNexis is the company many car vendors send your driving data to, to be bought by insurance companies to do adaptive pricing. Banks don't necessarily need that data, but if they did, they could buy it too.
Which is why it's better if it's the government - there can be laws, regulations, pressure, judicial reviews to ensure that only legitimate uses are fine, and no such discrimination is legal. Take a look at credit scores in the US - they're run by private for profit companies, sold to whoever wants them, so credit scores have become a genuine barrier to employment, housing, etc. If this were managed by a state entity (like in France, Banque de France stores all loan data, and when someone wants to give you a loan, they check with them what your current debts are, and if you have defaulted on any recently; that's the only data they can get and use), there could be strong controls on who accesses the data and uses it for what.
I was with you until your 3rd paragraph. Why are you carrying water for climate change accelerationists and racists?
The examples don't even make sense historically. Haven't you noticed that most governments are failing to decarbonize, and government force against citizens is usually against the left?
I think a lot of people in the US are clinging to the hope that this type of friction, along with judicial decisions, will cause the process of removing our legal protections to stall out. I'm not optimistic that this is the case, because the party currently driving the federal incursion on private and state-held data is the one that until recently was opposed to things like national ID. Anything can be done in the name of protecting people from N, if you can get a majority to be afraid of N.
There are schemes, where e.g. KYC would require centralized storage of identifying information, which is equivalent or stronger than Digital ID. I'm not sure why Digital ID servers would store your health records.
Done more or less like that in Belgium too. Basically, if any civil servant look at your data, this is recorded in the "Banque Carrefour de la Sécurité Sociale". Your eid is used to authentify/authorize you on various state web site (which is OK)
US credit reports also show you who is looking at them. Does visibility really matter when mandatory participation is normalized as a part of functioning in society?
Digital ID makes no difference to this whatsoever. If a government wanted to cut you off from utilities they could make it happen within hours already.
Same with conscription, which needless to say was invented and effectively implemented prior to the invention of digital anything.
[flagged]
In the absence of a government solution like Singpass, the US and others will end up with an Apple/Alphabet solution.
Doesn't this mean that it's not only your hospital that sees your medical records, but... everyone who would otherwise only need your name and telephone number?
Or is there some way to restrict which party gets which data?
In CZ, we have a so-far-somewhat-nonintrusive digital identity that is mostly used to access government services.
Yet we already had an interesting situation which shows just how complicated trust is. Sberbank, the Russian bank, was slated to issue digital identity certifications in March 2022. Then Russia invaded Ukraine and Sberbank got booted out of the country before actually gaining that capability.
What if it was March 2021 instead? How would we treat signatures on documents verified by Sberbank a day before the invasion etc.? What if the content of that document was really suspicious? Etc.
I mean, I can do all my voting, tax filings, etc. etc. All the way from Mexico, with no issues. You're right that most of that must of the Swedish population resides in the south, but, as someone who grew up in Northern Sweden, it's not like we're marginalised or anything, not really.
> I struggle to think of how it would be used to spy on citizens
Hacker News has a unique user base. Professional Software Engineers, many of whom are Senior or Principal or Staff in level. Leaders and Managers and Architects.
I think, anytime we design a new system, we need to carefully think about how it can be used and what can go wrong. Not just with the current owners and users of that system, but future users and owners too.
Discrimination is one of those areas where identity management can go wrong. Discrimination and deliberate but undetectable Denial of Service "bugs" that always seem to hit the same types of users in the legs.
And getting evidence of wrongdoing like that takes years. It's nothing to an institution, but a lifetime to an individual. Sometimes there aren't even recordings or logs of individuals trying to ensure service and legal contracts are upheld. And again, the legal process is nothing for a large institution but soul crushing for an individual. And the solution always seems to be more institutional power, not individual power.
That kind of education in Engineering Ethics is common nowadays in University and College.
A lot of us who grew up self-educated in the early days or specialized in other schools may have missed out on those lessons early in our career.
And a person who goes through a Brazil-esque nightmare like that comes out at the end with a broken reputation. And always whispers and subtext floating around even after justice.
And there may be technically sophisticated intelligence services that can detect that kind of subtle tampering. But it's not the responsibility of other country's intelligence services to protect citizens of countries other than theie own.
Going through that I can say strength wouldn't be enough.
But Sweden has not so far required that you install state owned spy ware on your devices.
BankID is very convenient, I use it all the time here in Norway but, at least theoretically, it is a private initiative of the banks and not the state. It is not compulsory to have BankID.
It all amounts to the same thing, the use of tech to control the public.
It was nephihaha who started talking about digital IDs.
For now you may need a warrant. However, after just a simple law change, it will all be available without a warrant. I'm not saying there will be a law change, only saying that it brings us one step closer to data.
Banks and fintechs turned really brazen with triggering invasive AML/KYC requests without any legal basis, even more invasive than tax offices. Nonchalantly freezing and locking funds and accounts. They oftentimes require the latest version of smartphone app working only on recent smartphones. I don't want my digital identity to depend on them.
Since you're talking about scams, let's look at some statistics: https://www.statista.com/chart/33872/estimated-average-losse...
I believe you'll find that no ID, which is the American approach, is, in actual fact, worse than digital ID.
Also, authoritarian? You're not forced to use BankID, what are you even on about?
Again,I struggle to think of how it'd be used gather any data not already available.
Yes it's selling point is convenience. Convenience is good.
In this particular case I disagree that there's a price in privacy. At least currently, and the way the Swedish electronic ID is implemented, I don't see it.
With other variations there might be problems of course, though I'd worry more about someone messing up the security of it rather than privacy
If course I'm allowed to use alternative logins. And besides, there are at least 2 generally accepted digital ID solutions in Sweden. BankID is older and more popular, but there's also Freja (I had to open the tax authorities login page to remember the name of this one) that's accepted in most places.
There have been 0 incidents of any of the hysterical hypotheticals y'all are on about actually happening, maybe it's time for a reality check?
> you are not allowed to provide alternative logins
I can't speak for Sweden but that is not true in Norway where we also use BankID (I'm not sur but I think it originated in Norway).
What is so fundamentally different about DID proposed in the UK or the US then? I read through some of the documents about it and the data scoping that will be available, which isn't with something like BankID seem to be the only difference. What am I missing here?
Oh, that will come. It all comes from the same mentality.
You're comparing a developed, mature nation to a developing one? Good one! Let's try doing this in middle east too!
> I'm aware that some Swedes are already getting microchipped.
Source?
"I'm aware that some Swedes are already getting microchipped."
If you mean Swedish dogs and cats, then yes. Otherwise, no.
HOW would this hypothetical person use it against you?
It's a driver's licence infringing on my privacy too? Cause they're mostly the same, at least the way they're implemented in Sweden
Swedish police use Palantirs gotham software. Your data is in.
Probably the same amount ISI spends on anti-Modi propaganda peddlers.
In the US (approximately) everyone has a social security number and a driver's license. In practice, those are equivalent to universal ID, just more annoying to use in everyday life.
The lack of digital ID is a huge problem in many domains and enables a lot of scams and crime in the first place.
Requiring identification in situations that don't need it is where the problems start, but that's possible with analog IDs as well, and is often even worse there (since these provide neither security against digital copies, nor privacy, which digital ID can, e.g. via zero knowledge proofs).
Definitely, requiring the entire smartphone to be "trusted" is way too much.
Small external signers with a display and confirmation button are a nice compromise (and also largely solve MITM!), since I don't mind an external device being under somebody else's administrative control as long as I can run what I want on my smartphone or computer.
But people don't want to carry two things... Hopefully we can at least have both as alternatives going forward.
> Requiring identification in situations that don't need it is where the problems start
Which is exactly the argument against digital ID, because it reduces the friction to asking for ID in situations that don't need it, causing it to become epidemic.
Meanwhile nearly all the instances where ID actually should be required are also instances where showing up in person should be required, like taking out your first line of credit with a financial institution, or signing on to a new job. Because the entire point is to verify that that person is the person on the ID and not someone in Russia who managed to hack their phone.
A digital ID is not doing all of that. The way it's implemented in Sweden, just to take an example already mentioned, is simply to identify you, and only for certain parts of society (mostly governmental services, banks, insurance and the like, and a few more). It's not about authorizing you for travel. If you need an ID for picking up your valuable shipment from the post office then you simply show your driver's license or passport, you don't use a digital ID for that. At all. If someone took away your digital ID then that would mean zero for your internet access, and zero for your ability to travel. It's not used for that at all. What would be a problem is paying the bills, because the ID identifies you for using network banking. However, alternative ways for identifying you for the latter are far worse concerns.
If an authoritarian state tells a bank to block you as a customer you get exactly the same result. All these options of blocking people are already available to states in general.
> It has always received weirdly vitriolic push back.
Because, as the Home Secretary herself observed, it would fundamentally change the relationship between the individual and the state.
> What really is the Government going to do with a digital ID service that they can't do already?
This gives the impression of having done no research into a topic of which you now opine opposition to be "weirdly vitriolic". We live in an age of search engines and GPTs, free encyclopaedias and entire lecture series online, and even libraries are still open and free, but you've done nothing to get past the very first thoughts you've had on the subject.
Was that weirdly vitriolic, or someone pointing out that an argument to undermine everyone's rights should have some effort behind it?
> What really is the Government going to do with a digital ID service that they can't do already?
In 20 years, the UK suffers a terrorist attack just before an election, and then elects a ultra right wing government on a platform of "remigrating foreigners." You're a British born citizen but your mom fled from Iran in the 80s and immigrated to the UK.
If you don't have digital ID, and the government decides to "remigrate all Iranians," they have to collect information from several different government groups, e.g. maybe your mom got a passport in which case one government agency may just know she's a non-native British citizen but nothing more. Maybe your immigration agency stands up to the government and engages in legal battles to prevent turning over immigration information.
However if there's a digital ID system that lets the government instantly know everything about a person, you lose the protection of friction.
I believe this is one of the fundamental premises of representative liberal democracy, and one of its most redeeming features: balance of power is spread not just between branches of government, but through ministries/departments/agencies, which makes it much harder for a despot to do despotism.
Can anyone explain the history of "self ID" rules and laws in the UK? It seems like you do not have to prove your ID to the police. It is the reverse. As an outsider, I don't understand it.
It's funny how it's all rolling out right around the same time. Almost like they get together and plot this stuff at big meetings multiple times a year, where they get lavish meals and entertainment, get wined and dined by the rich and elite, and... well. Must be good to be kings.
It's really 4 horsemen of the infocalypse garbage being trotted out, and the general population is clueless and credulous. "They're in charge, surely they must know what they're doing! They wouldn't lie to us! They most assuredly have our collective best interests in mind, and they'll do the right thing!"
>> "They're in charge, surely they must know what they're doing! They wouldn't lie to us!
> Literally nobody thinks that.
I'd have to disagree; I'd say this is the modal perspective.
Most average people assume competence and good faith from people in charge. Most people don't question, aren't skeptical, and go through life in a fog. That's not most people here, but it's like Gell-Mann amnesia applied to politics. 99% of the time, when politicians put forth a plan to do things in a domain you're competent in, they look like morons. It's exceedingly rare for them to do things well.
People trust elected officials, they trust institutions, they trust "experts", the media, the academics. A vast majority of people don't realize the scale of ineptitude amongst the people who wield power. Most of the "elites" are not overqualified geniuses, but instead average bumbling idiots who stumbled their way into office, or sociopaths, or physically attractive. Most political systems do not reward competence and diligence.
You could swap out all 535 congress people in the US for randomly selected citizens and I guarantee you that outcomes would improve. Things are going so badly because they're intended to go badly, because unethical people wield power for self enrichment and cronyism. The purpose of a system is what it does.
Pretty much all passports in the world have been digital for years, and it seems ... fine?
There's a signed blob on the RFID chip in your passport that could be easily copied to any phone, hardly any on-device implementation work to be done.
> Mate, this isn't even remotely "nationalist".
India's government is not termed 'nationalist' because of this one policy.
I was talking about this one policy. The mentality is not particular to India. The abuse of the so called Fourth Industrial Revolution is everywhere to see.
Every time someone fearmongers "Digital ID" I always tap this sign
https://www.eid.admin.ch/en
The issue is not about "Digital ID" it's about having a good ecosystem that is both open and secure. I don't want all my tax money being spent on a private company implementing a horrible software solution
https://en.wikipedia.org/wiki/British_Post_Office_scandal
I trust my government more than mega software firms who have no accountability or recourse
[flagged]
You're getting down voted, but I think your point was to clarify that it's not simply nationalist, but particularly Hindu nationalist.
You are correct, of course: it is.
I always LOL when the midwit lefty Americans on this board trot out the whole "America's left wing is akshually center right by global standards" routine.
Meanwhile, here on planet earth, India (by far the worlds largest democracy) is run by out and out ethno-nationalists.
"Brahminical Hindus" is new concept I heard for the first time. From an academic perspective, I would more than likely challenge the word "hindu" being used as a religion name. Most religions are more defined/codified. At the end of the day its all a tool to manage power/people, boundaries or groups can be created with almost any data point. Your comment/observation just happens to define/declare one new type of boundary
And what about their traditions makes their religion not Hindu but makes the “Brahmanical Hindu” traditions Hindu?
The claim that there aren’t other religions is not true because a lot of lower caste folks have explicitly converted to Christianity and or Dalit Buddhism as promoted by Ambedkar who was the driving force behind rights for lower castes in India.
What do you mean by "Brahminical Hindus"?
From what I know, religions except Christianity and Islam are generally grouped under Hinduism for most things(marriage law for instance) and by default you're considered a Hindu(you can't be officially an atheist).
> that is because the RSS was formed to counter attacks on Hindus by Muslims in the 1920s.
> Founded on 27 September 1925,[18] the initial impetus of the organisation was to provide character training and instil "Hindu discipline" in order to unite the Hindu community and establish a Hindu Rashtra (Hindu nation).
> ....After reading Vinayak Damodar Savarkar's ideological pamphlet, Essentials of Hindutva, published in Nagpur in 1923, and meeting Savarkar in the Ratnagiri prison in 1925, Hedgewar was extremely influenced by him, and he founded the RSS with the objective of "strengthening" Hindu society.
https://en.wikipedia.org/wiki/Rashtriya_Swayamsevak_Sangh
Please stop spreading baseless opinions as fact when you yourself know no better. And for matters involving communal issues, I would much rather trust a crowd-sourced knowledge base rather than the opinions of a half-assed biography.
You will find many different interpretations of Hindutva - look at Hindu websites not political websites.
Modibhakting much?
I mean, it's one thing to parrot stuff like "inflammatory, biased, agenda driven and totally irrelevant", and another thing to state your point of contention.
After all, is it "inflammatory" to underscore discrimination and call it out?
And, yes, I am posting under an anonymous I'd - and so are you, as far as anyone is concerned. I came to the internet in the era of nicknames, not of full PII social networks, and I like it that way more.
Would it make the RSS and the BJP less far right if I posted under a real name?
[flagged]
Yep, Modi, the Indian PM, is a good friend of the WEF, and of many global power players.
[flagged]
Please don't post inflammatory rhetoric like this here, no matter the topic or the side. The guidelines ask:
Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
https://news.ycombinator.com/newsguidelines.html
Form your source:
Modi has often used a messianic tone in his speeches such as saying that his leadership qualities came from God. His latest claim to divinity was during the 2024 Lok Sabha elections when he said that while his mother was alive, he believed that he was born biologically but after her death he got convinced that God had sent him.
Circumstances behind the event:
- A group of local muslims were found to set fire to a train of Hindu pilgrims/kar sevaks returning from Ayodhya (Holy city in Hinduism)
- There was a large scale riot (1000-2000 people) that broke out
- Modi was accused of slow deployment of forces and tacit approval.
- Modi was cleared of all charges after a multi year investigation.
Ethnic tension between Hindus and Muslims goes back a millennia at least.
Don't feed the troll.
"MonkeyClub" has been downvoted and flagged in this thread.
Methinks thou doth protest too much.
All your attempts to make this discussion into a negative political one instead of Cybersecurity related have failed.
Are you shocked by the EU similarly attacking the human rights of its own people?
No it's kinda expected from the EU, Chat Control and other free speech restricting matters have been passed/trying to pass under the guise of protection.
This was proven not true many years ago by the Supreme Court well before he was in power. Just rage bait.
The investigation couldn’t anything against the autogratic guy who said the following about the incident.
- When asked if there is anything he regrets not doing during the riots to save lives? He answered: He could have managed the media better. The interviewer gave him a moment to say the right thing. He didn’t change his statement.
- When asked if he
yes because he felt they did everything they could to prevent islamists fanning the flames, next?
It's not rage bait, lol, this was a very famous incident, led to him being banned from the US, and he went on an extremely inflammatory "yatra" around mostly Northern India (where Hindutva has sway) further inflaming tensions right after the incident, which is shown very well in the documentary "Final Solution" (which was also banned in India)
What are you talking about? It wasn't "faked" that Modi, one of the icons of Hindutva, was likely complacent or negligent or connected to the Hindutva MLAs and MPs who were on handing out swords to a Hindutva-influenced mob...
Even if he truly was never involved, it's not a hit job or a con or a conspiracy to frame him, his political party members were involved personally and he promoted rhetoric very close to theirs. Any normal person would connect the two
This allegation was dismissed by the Supreme Court completely after years of investigation.
Is the Supreme Court completely impartial in India? Is so, then this is credible.
At least in the US, the Supreme Court is anything but impartial. Judges typically vote along party lines.
Difficult to say. For one, they aren't appointed by the government in power, but have created their own "collegium" system where one batch of judges selects their own replacements.
They've also restricted the government's ability to change this system.
See the NJAC debacle for example.
Probably not. Though, for a decade after that the Federal government was controlled by a key opposition party. Essentially they(people who accused him) had all the time to investigate him.
He has been the PM For last 11 years. Your so called labelling doesn't stand scrutiny. India is prospering, with problems, but prospering for every religion sect and culture
How does being in power erase the past?
[flagged]
You might not be surprised, but you should still be shocked. Being struck by a heavy weight will shock you even if you expected it. We are allowed to be shocked by things that we abhor even when we understand their causes and probability distribution. Not being shocked suggests you no longer despise it.
The EU is not run by butchers of anything, but they push Chat Control nonetheless.
Politicians crave power and control, it is that simple, and the current tech can give it to them quite easily. Not even Stalin could put a secret cop into every living room, but secret coppery can now be efficiently automated.
[flagged]
How many countries is India again? 4 or 5?
[flagged]
I was talking about the power structure rather than normal people
[flagged]
A state intervention in the form of mandatory app installation that no user can deny is a danger, especially given that the current government has allegedly used cyber surveillance to plant "evidence" in the computers of dissidents like Stan Swamy who subsequently died in custody.
GoI has not clarified anything. The Telecom Minister has only provided verbal clarification, that too, after the issue gained traction on the internet.
[flagged]
[flagged]
Please don't engage in nationalistic battle on HN. The guidelines ask us to be kind and to avoid flamebait and using HN for political battle. Please take a moment to read the guidelines and avoid this kind of thing when participating here https://news.ycombinator.com/newsguidelines.html
[flagged]
Thank you. Will keep it in mind.
FYI two years ago, the Indian government shut down mobile service in the state of Punjab to catch one person:
https://news.ycombinator.com/item?id=35303486
I was there during this, literally text my wife when got notice and said “I do not know when I will be able to text next so keep an eye on your email”.
I don't buy their reasoning.
With all the mobile tracking tech, I would have thought that it would have been easier to catch the person if they had a working phone on them.
I assume that they weren't attempting to track him. They were trying to prevent the communication between the conspirators so that they can't coordinate his escape or organize an uprising to aid his escape. Suffice to say, the telecom networks and the internet service are fair game to them and they don't think twice about interfering with it for any reason.
[flagged]
> improved education and targeted campaigns against common security pitfalls
Good one. Do you see how dumb the average consumer is? They don't know or care even if you try to educate them.
Maybe but there’s a fair amount of corruption going on in India. For example, they got caught spraying water near air quality monitors (at them?) to make the data seem better than it is instead of actually tackling the problem.
That's sadly how the culture is in India. I wish it improved to be more like Japan or China but I'm not sure how one can solve this sort of issue.
That would be a great way to make the brain drain even worse.
That would discourage higher education, you are basically punishing people for it.
Try giving free education to all government employees instead.
Same approach China is taking -- harsh penalties + heavy press broadcasting in the most egregious instances uncovered, with an emphasis on consequences for the high ranking folks involved.
You don't want to try to catch everyone, as then people do worse things trying to cover their tracks, but you do want to establish a credible fear of consequences that will shift the default societal balance point between {do corruption} and {don't}.
And it may take a generation, but it is possible.
Same dumbness applies to people who are supposed to enforce these laws. Enforcement authorities will often tell you to settle privately - “just return the money and ask your victim to rescind the case”. They don’t care for average consumer.
Are they incentivized to care? Are they paid well?
Usually for police it is much better to not register the case and push victim to settle privately.
If they register they got more work and worse statistics.
Considering that AI companies are strategically/financially in the same position as other market cornering companies like uber, imagine how much dumber things can get.
It's articles like these that make me comfortable saying you are part of the problem. Your materialist fear of losing a wholly replaceable phone is manufacturing consent for disaster.
I shouldn't have to accept government surveillance just because 15% of the population is functionally illiterate. We should have support structures for those people as a society, but "dumb people exist" is a fucking horrible argument for why I should have my freedom restricted
You don't have to.
This is the most secure option:
https://grapheneos.org/
This is more flexible and will give you root, at the cost of an unlocked bootloader:
https://lineageos.org/
You shouldn't, I agree with you, but what's the solution that works for everyone, not just the tech literate?
You do in fact need a system that works for the vast majority. If your system flat out doesnt work for 15% of the population, you'd have mass riots and unrest.
You mean the capable 15%, not 85% as again users are dumb. That's why governments will always cater to the majority.
Well, we are talking about a government that declared 95% currency in circulation as invalid to nullify “black money” and rationed out currency for months. Currently they are doing an electoral list validation by asking everyone to submit a form so they can keep their voting rights. The policies are made with a strong “ruler” attitude.
The SIR has been carried out historically many times in India. In the recent years a lot of Bangladeshi illegal immigrants (who ironically hate India) have registered as voters. A lot of political parties have changed policies to cater to these illegals. So this was due for a long time.
This is propaganda from the fascist ruling party BJP/RSS. After the Bihar SIR exercise, not even a single illegal immigrant was found. All this talk of illegal immigrants is classic anti muslim dog whistle.
What does any of this have to do with voter registrations?
> improved education and targeted campaigns against common security pitfalls
Which doesn't work. At all. A familiarity with the last 40 years of computing makes that clear.
The only things that have worked: ios/android walled gardens so users can't install spyware. yubikeys which can't be phished. etc.
> solved by improved education
https://en.wikipedia.org/wiki/2025_Delhi_car_explosion
Planned and executed by highly educated, qualified, doctors.
I think the commenter meant educating people on how to not fall for scams.
the fact that this is being done privately shows they know it's dirty and immoral.
The problem iscontrolling people at intimate thought level. Sure education is part of it. But state controlled device tracking everything they say, where they go and who they are exchanging with is also a tool to leverage on in that perspective.
IMO the goal is a bit different. It'd be just way too much data to track people successfully, even with on-device filtering, especially because everyone with ill intentions would just use non-backdoored devices for their malicious activities.
A much more achievable goal is digging up dirt on specific people and opponents. In the end governments can struggle to justify how they got their hands on info about an affair you had or that you shocked dogs ~~on stream~~.
Such device backdoors are just a get-out-court-free card and a way for the media to justify not asking any serious questions.
It's the old totalitarian playbook. Make everyone a criminal then selectively apply the law.
I see that Hasan ref
I completely agree with the sentiment. I think from their perspective, it's just a case of what CAN be done vs what is morally acceptable.
If knives were technologically sophisticated enough that they could be programmed to refuse to pierce particular materials, you know that the government would be forcing manufacturers to include human flesh in that list, and making liable anyone who sells one without that restriction.
This is the first time we've had a device that we rely on for almost all our daily activities, produced by a small handful of businesses that are easy for states to pressure.
> If knives were technologically sophisticated enough that they could be programmed to refuse to pierce particular materials, you know that the government would be forcing manufacturers to include human flesh in that list
I have serious doubts that their intentions are nearly as harmless or sincere as you project it. The government through DoT has repeatedly shown their willingness to control, invade, impose arbitrary measures and harm the digital lives of the citizens with impunity. Remember how Aadhar was touted as a welfare support programme. They even promised in the supreme court that it wouldn't be made mandatory. But they just haughtily refused to honor that promise and linked it to every imaginable service. You can't live without it these days. On top of that, they were so careless with it that the entire biometric database of more than a billion individuals was leaked and published on the darkweb for sale. And despite several news media showing the evidence for it, the government just brazenly denied the leak.
With such a dubious track record, let me say that I'm skeptical about their claims on 'cybersecurity' on the phones. It may start like that. But with their attitude it won't take much time for it to progress from a cybersecurity app to a cybersecurity nightmare. We already know what they did with the Pegasus malware that they bought with the taxpayers' money - another accusation they just denied blatantly, ignoring the evidence provided by the others. No avenue for abuse will be left unused. The real issue is that an omnipresent app that cannot be uninstalled is the most valuable target and the perfect vector for malware delivery. And this government has destroyed any reputation they may have had in the digital space, with their overtly hostile attitude towards the citizens who voted them in. This app is going to be a nightmare for the citizens in the not-too-distant future.
I see how you could've got that from my comment, but I wasn't trying to imply pure intentions.
Governments have to juggle a lot of different factors in order to maintain order and stay in office. It's natural that they would resort to less than scrupulous methods to attain this.
To go back to the knife example, once they have established preventing the piercing of human flesh as a mandate, it would be easy to extend this to preventing any kind of action using a knife that is inconvenient to them.
I'm struggling to come up with a reasonable sounding example though given the analogy. Perhaps... it gets extended to animals under the guise of protecting animal rights, but also prevents people from butchering their own hunt and animals killed must be submitted to a central processor who takes a large cut and have financial ties to particular politicians. I guess it's a stretch.
My point is just that the natural economics of the situation will cause governments to use all means at their disposal to achieve their end goals, whatever they may be. And so having these devices with their capabilities and our reliance on them is a huge hole in the defenses of freedom advocates just begging to be exploited.
> I'm struggling to come up with a reasonable sounding example though given the analogy.
I see your point. They'll bring it in the guise of a noble intent and stealthily slip in the nefarious functions later. I agree. That's exactly what they did with Aadhar too. And that project was introduced by the current government's rival alliance too. Really shows that the entire political class is against the citizens.
> It's natural that they would resort to less than scrupulous methods to attain this.
It's a bit more serious than this. This measure has the potential to sabotage India's democracy and constitution. And there is still the whole SIM-Binding issue to deal with. These are scandals serious enough to consider the government as a hostile usurper.
> And so having these devices with their capabilities and our reliance on them is a huge hole in the defenses of freedom advocates just begging to be exploited.
Abandoning the smart phone isn't an option anymore since that would mean a serious disadvantage in this information economy. That brings me to the same point as another comment of mine: We need fully user-controlled devices. We should be able to install and uninstall what we want, or even wipe it clean and start from scratch. And no hidden rings or blobs either.
We need to start demanding that this be established in the law of the land. Nothing less will be a step forward against such power greedy crowd.
If hypothetically they did have pure intentions, would that make it okay?
I know very little about the politics of India, so I have no idea whether what you said is an objective assessment or if it's just the political talking points of one particular side, but at least in the US I find it very disappointing how the mainstream political opposition to creeping authoritarianism is often "Wow this is terrible, those guys totally shouldn't have that much power." with the unstated implication being "Give it to me instead. I'm a good guy; you can trust me."
I much prefer to emphasize principles which hold regardless of which tribe happens to be in power at the moment. In this case the overriding principle being that device owners should have ultimate control over the software running on their phone - not companies, and certainly not governments. Forcing people to run a particular piece of software on their phones is simply not a power the government should have, regardless of how good their intentions.
> If hypothetically they did have pure intentions, would that make it okay?
No. What if they decide to double cross later? Or, what about the next guy in power? Don't leave any loose ends. Technically, it's the zero-trust principle. Don't rely on any security measure that depends on the other party keeping their word. Always assume that they're hostile. (Though I've been in trouble for using this when designing procedures. People come with the 'don't you trust us?' question.)
> Forcing people to run a particular piece of software on their phones is simply not a power the government should have, regardless of how good their intentions.
Agreed completely. My answer would be the same even if a different party/alliance was in power (Mine is based on infosec principles. Partisan politics won't change that). I explained the politics only to show that this isn't a hypothetical scenario. The supporters will otherwise use excuses similar to what was thrown around in the US (eg: You need to worry only if you're an illegal alien). Indians have been making this mistake repeatedly. Those in power know how to play with their nationalistic sentiments to override such concerns.
I'm not shocked at all. It's the nature of things for people - on average - to not want to learn. How many of your peers have shouted 'no more school' or something similar during their graduation?
How many people do you know who seem to be completely immune to learning? Go to any non-tech office an you will find shared passwords on post-it-notes, after 40 years of mantra-style 'Do not share your passwords' messaging.
If something goes wrong, it's not their fault, it's the machine's fault. "Why was this possible in the first place?" they ask. "Build it so this becomes impossible." That mindset let to OSHA regulations, to ever-safer aircraft, and to encryption on the web. It's not necessary a bad thing, it just throws out our - tech folks' - baby with the bathwater. How often has the increasingly regulated tech environment made you stop an easy implementation of a completely legitimate use case?
And yes, authoritarians thrive in this climate. Fear and promises of safety are the easiest paths to political power - and once in power, the demand for safety never ends. Politicians who genuinely prioritize individual freedom rarely get rewarded for it at the ballot box; the ones who win are simply better at wearing the right colours while expanding control.
> I abhor any decision that robs even a grain of my individual freedom.
Living in a society already means giving up more than a grain of personal freedom.
Try entering a store naked.
The real deal is the balance between loss and gain
Ye, and this move is not balanced.
They take more than a grain and the gain is debatable
Is HN really so libertarian that this basic fact of being a part of the social contract is downvotable?
I'm strongly against surveillance like this, but saying you won't give up a grain of freedom is not realistic.
You're assuming the problem the govt is referencing is their actual goal.
I share your abhorrence but are you really shocked? "Think of the children", "Stop the terrorists," these have been the foundations for the erosion of personal liberty for the past thirty years.
I am unconvinced from a practical standpoint that this vision of the world that you wish to live in is even possible today due to the increase in sectarian communal tensions, dense cities, widely available cars/guns/etc and stresses from cost of living and income inequality, as well as the spread of ideas that mass casualty attacks might be a thing to do (the US did not have school attacks until it became an unfortunate "thing" in the culture that sick people glommed onto).
An absence of surveillance causes increased frequency of terrorist attacks which causes people to demand solutions (necessarily involving surveillance and other authoritarian measures) which leads to increased surveillance. It's an unfortunate negative feedback loop.
If you lack solutions for too long, the negative feedback loop becomes severe and instead of just surveillance within a liberal democratic context, you get public safety authoritarians like Bukele or Duterte.
"Surveillance doesn't materially reduce terrorist attacks" - I am not sure about that based on the number of arrests of plotters and the lack of visibility I have into the tools and methods they used to find those plotters.
"Terrorist attacks still happen even with surveillance" - Yes, but if they happen less frequently, this reduces the demand from the public to ratchet up authoritarianism. See the problem?
"Terrorist attacks are a price worth paying for our freedom." - I mostly agree, but feeling like this doesn't make any difference to the negative feedback loop, does it? Regular people want public safety from physical danger almost as much as food and water.
In most countries, death by terrorist is at least an order of magnitude less likely than death by bee. Strangely, we do not seem to be on a campaign to lock all humans in-doors to protect them from bees, nor have we declared a global war on beeism. These stats hold from before the modern surveillance regime, and so can hardly be credited to it. It's not actually a problem in particular need of urgent solving. Regular people are safe from terrorism, much safer than they are against most kinds of tragic accidents. What regular people are actually in danger of is losing all of their human rights to fearmongerers, who constantly invoke terrorism to erode them further and further.
Bukele and Duterte did not rise out of an environment of terrorism, so I don't know why you thought it relevant to bring them up. I think it is really sad to see comments on HN of all places advocating that if we don't implement chat control we'll spiral into a lawless hellscape.
India saw 779 million dollars lost to cyber fraud in the first 5 months of 2025.
The degree of cyber fraud in India is beyond insane.
Also - funnily enough - Indian telecom companies are meant to be fined for every SIM card given out under false data. There is already meant to be a check that stops this.
Sincerely, you misunderstand what I am saying, or you didn't read until the end where I said that some level of terrorism is a price worth paying in my subjective judgment.
My point is that my subjective judgment counts for nothing, because the negative feedback loop that I described is a society-wide phenomenon beyond my control as an individual. Asking the majority of people to think the way you do about terrorism is somewhere between wishcasting and virtue signalling. It doesn't interrupt the causality behind the negative feedback loop, so it therefore fails to outline a path that can be trodden in the real world to achieve your desired vision of no surveillance.
I urge everyone to banish this mode of thinking which fixates on what "should" happen without first checking whether that desired end state is a possible world we can exist in once you factor in the second and third order effects beyond the control of any individual.
> Bukele and Duterte did not rise out of an environment of terrorism
Move your abstraction one level higher. They arose out of public safety concerns around murder and drugs and gangs. Those are not terrorism, but they fit under the same umbrella of public safety concerns that motivate regular people to demand authoritarian solutions.
And long before that too, it's just taken different soundbites that play on people's fears at the time.
In the UK, they've used variously terrorism, illegal migration and pornography to push this.
It's actually much more older argument. Hurr durr muh children is so common in history yet so effective that this is beyond absurd.
It's especially annoying that democracies do that.
Give it a few years and suddenly China is no longer worse than democracies.
Modi and his clique are authoritarian though. It's interesting that so many indian vote for that clique. They seem to not understand the problem domain; similar to Hungary, too. (Don't even get me going on Trump's clique of superrich running the show. I recently watched CNN in the last days and I fail to see how CNN is any better than Foxnews - they manipulate people via what they broadcast. For instance, yesterday some random US general basically convincing people that nobody in the military would do double-tap, not even Hegseth, when the exact opposite has actually happened. Or some female today in a show trying to explain that the first attack on a fisher boat was "legal" anyway. People don't even realise how much they are manipulated by these private media entities. These are basically owned by superrich influencing people one way or the other.)
> It's interesting that so many indian vote for that clique.
This is what happens when the only lens through which people see politics is religion or race. It shows you how important scientific temper, fact checking skills, scientific knowledge, awareness of unrevised history, knowledge of civic duties, current affairs, critical thinking, etc are very important. And don't think that I'm talking about just India.
Putin was originally elected by a genuine supermajority as well.
> I abhor any decision that robs even a grain of my individual freedom.
This is extreme and just as bad as any other extreme.
We have to find a way to maximise freedom across society. Being fixated on personal freedom won't turn out well. Whose personal freedom are we talking about? Should your neighbour be free to move the fence into your land? Didn't think so.
I will, however, give the benefit of the doubt and assume you mean giving up freedom without gaining anything. I don't see how this isn't a net loss for society.
>I'm shocked by people and state using the crutch of cyber crime or scams to push a totalitarian solution to a problem
You shouldn't be.
You don't have to dig deep or search widely to see Americans complaining, loudly and often, about the US government using the 9/11 to create massive new state security initiatives, most of which were inimical to both privacy and liberty. And that was nearly a quarter century ago.
This has been a tendency for a long time. Nothing to be shocked about.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
> is better solved by improved education
From the article, this has nothing to do with education. It's:
> The app is mainly designed to help users block and track lost or stolen smartphones across all telecom networks, using a central registry. It also lets them identify, and disconnect, fraudulent mobile connections.
If your phone gets stolen, you can disable it.
I'm not saying that a government app is necessarily the right or best way to go about this, but to suggest that this can be solved with education misses the point entirely. No amount of education is going to prevent someone on a bike swiping my phone from my hand and cycling off with it.
And as long as the app isn't otherwise spying on you (and there's no mention of that), I don't see much of what this has to do with freedom either. The freedom to steal someone's phone and use it without being blocked? There are already a bunch of apps on my phone I can't uninstall, so that's not new.
> And as long as the app isn't otherwise spying on you (and there's no mention of that)
I think the correlation between "spying" and "saying that you're spying" is 0 or negative
Apps operate in sandboxes. We would need actual information to show that the app was being given special secret permissions, and Apple and Google would likely refuse or at least make public what was being asked of them, in order to maintain their own reputations in being honest about what they track and what they don't.
There's no value in assuming everything is conspiratorial. You'll go crazy.
> problem that is better solved by improved education and targeted campaigns against common security pitfalls
Will take decades if not more than a century to implement in India. Let alone old people, even the boomer generation is immensely tech illiterate.
Assuming it would do the stated job in addition to being a state way to your phone - it is a better solution, you ain't gonna educate you grandma easily, but if she can buy phone that protects her without having to look for it...
...of course, it won't work and even if they honestly tried it will be outpaced by scam industry. Or at worst case be state exploit that then will be exploited by other state (or just malicious actors) coz of lack of security in "security" software
wow even a grain? you must really love your freedom
> solved by improved education
Now you have at least two problems
What about freedom from scams?
We should ban or digitally identify every single knife so UK citizens will be free of knife crime.
I'm just saying the "freedom" bit can be twisted any such way you like. It's a dumb ideal. There are more convincing reasons to fear a government.
First they came for the etc, etc...
[dead]
[dead]
As a non-Indian, the amount of scams and other external negative impacts coming from the country are extremely disproportionate, so if this evens things out a bit, I'm for it.
> I abhor any decision that robs even a grain of my individual freedom.
Silly goose.
"Freedom" is always balanced against "Responsibility" (both Individual and Group); it can never be absolute. The latter needs State support.
That is the reason my "freedom" to rob you is curtailed by the "State's (i.e. Group's) responsibility" enacting laws to prevent it.
You also exercise "your (i.e. Individual) responsibility" when you put a lock on your valuables to prevent my robbing you.
This comment would've been good without the pointless insult at the top.
From Google;
"Silly goose" is a lighthearted, informal expression used to describe someone who is acting foolish, silly, or has made a silly mistake. It is a playful term that is not meant to be offensive and is often used affectionately. The phrase can also refer to a "silly person" or "simpleton" in an informal context.
Yeah, it's condescending.
The state is not the group. It loves to pretend that it is, but the group it actually represents is far smaller than the group it rules.