Thanks Google. Think I’ll be buying this.

I want as little to do with Google’s services as possible in my life, but they really deserve credits for making a modern usable smartphone that is reasonably open. There is just one single feature I will be buying this for - the 5 years of software updates. While good image processing is definitely a pro, all of these software you’re presenting features I really don’t give a damn about. Just give me a phone that is meant to last a little while - and allow me to run what I damn please. This looks to be like a continuation of the Pixel 5, which allows you run your own software like /e/OS and CalyxOS aside to just being a lot less of a walled garden on the stock ROM.

The Android market is completely dire, and no vendor can be trusted to provide openness, reasonable taste or security updates. They sell you a phone, and once you’ve clicked buy they’ve already stopped caring. So last year I switched to an iPhone 12. I needed to vote with my wallet to get a phone that lasts. But although I get what’s appealing about iPhones and the walled garden, I started feeling claustrophobic. Feeling claustrophobic about what I can tailor about my browser, how easily I can run Game Boy games, what ads I can block, and Apple’s stated intents to actively incriminate you by scanning your photos on a personal device. I will continue to recommend those phones for most people (pending what they’re going to do with trying to incriminate you), but it’s not for me.

Finally here’s a seemingly good Android phone with 5 years of support - from the only phone vendor outside of Apple who appears to give a damn about that aspect. Don’t get me wrong: 5 years is still too short in my view, and not as long as Apple provides support for on their stuff [1]. But the market needs change, and I’ll put money towards that.

[1]: The iPhone 5S has just hit 8 years of _kernel_ security updates last month with iOS 12.5.5. One can dream on the Android side, but I’ll take 5 years in the current market.

> Finally here’s a seemingly good Android phone with 5 years of support - from the only phone vendor outside of Apple who appears to give a damn about that aspect.

FairPhone 4 not only promises 5 years of android software updates but also has 5 years of warranty, There are more reasons to trust their words than any of the other phone manufacturers.

• They are not profit focused but rather towards sustainability, They have been delivering their promises consistently for 8 years and so it's not an idealistic vaporware.

• They produce the most repairable smartphone using components sourced from conflict free areas. Parts for repair are available directly on their site, Parts for FairPhone 1 are still available.

• Their factory workers get living wage bonus, Of course do not employ child labor while preaching humanity.

• They have first class support for alternate operating systems i.e. We are the owners of what we buy; So support from alternate OS like Linux, Sailfish or even android ROMs like LineageOS could exceed even the official 5 years support.

FairPhone4 hardware is competent enough for average daily use, Only drawback I see is that the phone is available only in Europe. Then again Google Pixel phones have been notorious for being available in only couple of countries.

[1] https://shop.fairphone.com/en/

Tangential, but the first thing I noticed is that this site itself greets me in my preferred language, and allows setting my region separately, at the top of the page.

The Pixel site sets the language based on geography and does not allow changing it without changing the region, which comes with a warning about delivery and currency conversion.

One of these makes me feel understood and accounted for as a potential customer, the other makes me want to CTRL+W and move on.

I am aware that this doesn't affect the majority of people. That doesn't make it less frustrating that Google keeps doubling down on this with many of the things they do.

I pay for a bunch of google services (Google One, YouTube premium) and for the life of me, have not been able to get my country changed. After some time with tech support (was shocked I was able to get someone), the conclusion was to use the play store ON AN ANDROID DEVICE to try to change my country. Quite strange if you use google services without an android device. It doesn't matter if I'm an edge case. They need to support their customer.

I could do it in Google Pay (you create a new payments profile for your new country).

> The Pixel site sets the language based on geography

To be fair, Google likely knows what you had for lunch and so it decides which is the best region for you; Trying to change it is an edge case /S.

I love Fairphone’s promise, but execution is another thing. Fair warning here is that I’ve seen the experience with a Fairphone 3 up close, and it wasn’t up to my standards in terms of camera and software bugs (caller ID has not worked for months), let alone the barebones hardware they ship. I hope they get there, but the Fairphone 3 certainly wasn’t it for me.

What I don’t understand about Fairphone is how they will deliver these updates. Fairphone, like others, uses Qualcomm chips. Qualcomm supports their chips only for three years (four years for recent ones, but not the ones FP is using). This is what held Google back to ship reasonable security updates on Pixel devices so far. How can a small company like Fairphone convince Qualcomm to make more updates if Google couldn’t? Or will they just end up shipping incomplete security updates, like a community project?

Google had announced that all phones shipping with Android 11 with snapdragon chipset will be eligible for up to 4 Android OS versions (launch release + 3 OS updates) and 4 years of security updates as the result of project treble and getting Qualcomm on line.

Which is more or less is inline with 5 years software support guarantee of FP.

That’s a lot of handwaving you need to do to get a tiny company to support phones beyond their suppliers intents - especially the SD660 equipped Fairphone 3. This is stuff given as the reason that Google moved away from Qualcomm for.

Given the rest of their software, I don’t really trust them to deliver. I’ll happily be convinced otherwise though.

Fairphone has nothing to do with the latest announcement, It's Google's project treble and it smacking Qualcomm.

I bought a Fairphone 3+ 10 weeks ago, and just got a refund because they cannot build any units. I really wanted this, I guess I will continue to wait for the librem5

I wonder if that is because they are about to release the Fairphone 4 and sold out of the last. You'd think they'd shut off the orders though if that were the case.

Edit: Checked their shop and now says Out of Stock: https://shop.fairphone.com/en/fairphone-3-plus

You might have gotten unlucky on timing right at the end of orders.

The website simply says "Temporarily out of stock"

I ordered before v4 was released, and I also contacted them about a month ago to ask for a refund but was told I could not do so until the mandatory 8 week estimated delivery window had passed.

I'm not mad, but it is obvious to me that they had no capability or intention to fulfil my order and were just hanging onto the €. They also sent me an email (before I cancelled) saying I could turn my current order into credit for a v4 preorder.

I was curious and just checked into the librem5.

I am NOT spending $900 on a phone.

It's not just a phone. It's a full desktop Linux computer with lifetime updates, which you can connect to a screen and keyboard and which runs a desktop OS.

Yup, I love the concept of FairPhone but it lacks US availability and compatibility.

The camera is also a big draw of the Pixel phones. I think it might be a long while for open source and commodity hardware to match top smartphone cameras.

Looks nice, but it has a notch → dealbreaker.

Maybe I'm missing something but it looks like 4x more expensive than some equally specced Chinese phone?

His whole post was about the ethical nature of the company. Of course it's more expensive than an equally specced Chinese phone.

5 years of security updates, 3 years of feature updates.

On the page it says on the 12th footnote, "Feature drops for at least 3 years from when the device first became available on the Google Store in the US. Your Pixel will receive feature drops during the applicable Android update and support periods for the phone. See g.co/pixel/updates for details."

On https://support.google.com/pixelphone/answer/4457705 it says, "Guaranteed Android version updates until at least: October 2024" and "Guaranteed security updates until at least: October 2026" for Pixel 6 and Pixel 6 Pro

So they hypothetically could extend it to more than 3 years of feature updates and 5 years of security updates with the nebulous "at least" wording.

Historically, they have. Older pixels all had 2 year feature 3 year security, but ended up getting 3 year feature+security.

Although, after 1-2 year, the features get a bit thinner because a lot of the newer features rely on new hardware that the older phones don't fully have. Sometimes they try to make it work, like how Astrophotography was available on older pixels but didn't work quite as well as on Pixel 4. But in general, they probably put the "at least" because it's hard to guarantee that a feature in 5 years will be backportable to Pixel 6.

If you use a third-party ROM such as the excellent GrapheneOS, in practice you get fully featured updates for really really long.

With that said, open source ROMs don't take advantage of some features such as the Tensor SoC, and therefore the camera stops performing so good.

GrapheneOS is pretty clear about not supporting devices longer than the OEM.

From their FAQ:

Why are older devices no longer supported?

GrapheneOS aims to provide reasonably private and secure devices. It cannot do that once device support code like firmware, kernel and vendor code is no longer actively maintained. Even if the community was prepared to take over maintenance of the open source code and to replace the rest, firmware would present a major issue

There was extended support planned for Pixel 2, which was dropped recently from mainline, but it has not happened yet.

One can always switch to a different ROM I guess.

Graphene has a specific sandbox for google play services, so you can continue to run the google pixel camera app (which can presumably run the same way as under the official OS)

But also, it has a good hardware ISP that will also improve image quality by itself.

GrapheneOS is working on its new Camera app, which will soon replace the bundled AOSP camera app.

For more info: https://twitter.com/GrapheneOS/status/1450746282176303107

It's funny that when discussing the topic of "updates" and obsolescence, users focus on the vendor as if they have exclusive control over the situation. Authors of applications may also play a role. For example, when they "update" their applications to only work with newer versions of Android. Depending on the user's application needs, that can shorten the life of a an Android device. Some applications will continue to work with both older and newer Android versions, some will not. For example, F-Droid has numerous programs that will work on older, "obsolete" Android versions. This allows older hardware to be re-purposed and to continue to be useful for some uses. Not sure that Apple has anything like this; consider how many programs in the Apple App Store work with older iOS versions.

Both Android vendor and Apple hardware continue to work long after the software has become "outdated". That hardware does not die when the software becomes "obsolete". The vendor may choose to ignore this fact in the interest of sales but it does not mean that authors of applications must ignore it as well.

The third factor besides the vendor and the authors of applications are the operating system authors. With older PC-like hardware, I can run the latest versions of NetBSD. Forever. I update when and if I decide it is time. x86 has its benefits. It is sad that these pocket-sized computers called "smartphones" are so inflexible.

A non-HN reader recently told me that the "tech" industry has turned us all into "beta testers". The entire "updates" concept needs a serious examination. Updates are not a substitute for quality control.

I'm not sure how app authors shorten the life. If the app author only targets a new version of the os, then if the phone gets the new OS then all I good. So it is up too the vendor providing the new os, but the app provider. Now, the app provider can do supporting old OSes but that won't shorten the time past what the vendor sets

Whither the iOS equivalent of https://www.oldversion.com/android/

With open source software for PC, in many cases we (users of open source OS) have the choice to install any version we want. Sometimes I need to I run older Linux programs with older versions of system libraries. We can download these older versions of libraries and programs from an FTP sites or websites that provide a simple directory listing, an "Index of" page.

With pocket-sized computers called "smartphones", instead we (users of open source OS) have to contend with "app stores". The author publishes a new version and all older versisons "disappear". This lack of choice may be suitable for some users, but may not be suitable for every user, i.e., "one size fits all".

Old versions of Android apps are frequently archived on sites like APKMirror and Aptoide.

- APKMirror: https://www.apkmirror.com

- Aptoide (requires app store download, stick with "trusted apps" for security): https://aptoide.com

Also, Aurora Store lets you download older versions from the Play Store through the "Manual download" menu option. You'll need the "version code" (different from version number) of the app version you want to download.

This is whats wrong with my iPad. I don't care that it doesn't get updates from Apple, but the web has moved on and it will fail to open a lot of web pages.

Failed to load the deno.land standard library docs just last night while I was watching TV.

Still not going to buy a new iPad though.

Unlike iOS where basic features like the web browser require system updates, Android is modular and updates get pushed through other channels independently of the OS itself.

I'm not sure what you mean by not worrying about iOS needing OS updates for browser upgrades as the Safari engine is the only web browser engine allowed on iOS and third party browsers like Chrome are just skins on top of Safari and not real counterparts to their desktop cousins. Upgrading the OS is the only way to get new web functionality and bug fixes.

Does the browsee limitation come from loading non reviewed code and interpreting it? Are other browsers allowed if they don't implement JavaScript?

I think that would be allowed, yes. It would be a rather useless web browser though so that's probably why nobody has tried before.

Web browsers have to use the Safari engine but that doesn't mean they don't also separately update the browsers and add functionality. I.e. you mostly get modularity by not using Safari even if you have to rely on the underlying Safari engine being updated. Most of the features users notice are updated by the app provider anyway.

I'm not sure if you're being sarcastic here--all iOS browsers are custom skins on top of Safari.

Yes I'm aware of WKWebView and how it's not the same as Safari. I'm using the classic meaning of browser skins, dating back to browsers like Maxthon which were wrappers over Trident in exactly the same way.

No I'm not being sarcastic - I think calling the apps a skin on top of Safari is a bit of an over-simplification. Most features that users notice happen at this skin layer, not the rendering layer. It's peak HN to really be caring about this especially as Apple offers (as far as I know) no performance difference across browsers using Webkit or w/e. You could actually just say that Safari itself is a skin too, just the default one that comes with iOS.

It's similar to complaining about other basic features of iOS IMO (like complaining there's a default settings app or that iOS just works a certain way).

What about security updates or new HTML features? Chrome or Firefox on Android get security updates for many years after official system updates end. The same is not true for Apple.

Don't think most users know or care about security or HTML features so while certainly it's a difference it's unlikely to be important for most users.

Think of Safari as a skin that's unbundled from the engine. While Chrome or Firefox are reliant on Apple to update the engine, so is Safari, but neither are reliant on Apple for other functionality that they want to implement that users can take advantage of.

IMO it's modular enough.

User might not care about web engine updates, but it's definitely important, especially because of security.

Still waiting on that PWA support...

> 5 years of security updates, 3 years of feature updates.

It would be nice to have 8 years of security updates and 0 years of feature updates, instead. I always dreamed of having the option to only have security updates on my OSes...

They could easily do it if they wanted to, now that they have more control over the SoC. With Chrome OS they already do it. Most devices that are released now will get 8 years of security updates, which are supplied by Google.

As a former Pixel user that switched because I broke the phone and had an extra iPhone in the family, there are a number of reasons I'm heavily considering switching back (had been an Android user since 2009).

1. Spam call screening is nonexistent on the iPhone, and T-Mobile's blocker still lets a ton of them through. In my prior experience Google did a much better job in this department. It would be nice to pick up the phone without a 90% chance of an annoying spam call.

2. Speech to text on iPhone makes a lot of mistakes and Google's latest update looks like they've widened the gap even more. I don't want to handle my phone to text while driving, and when the interpretation is wrong it requires extra keystrokes to try again, correct it, or type the message if urgent. This is unsafe.

3. I find FaceID annoying, and after replacing the iPhone screen because I cracked it, FaceID got noticeably worse. With a fingerprint I can have the phone unlocked before I even pull it out of my pocket, especially these days when we have masks on.

Plenty of other sexy features like camera and the customer service line feature are very nice to have, but in my opinion these are major benefits in terms of everyday usability. The overall integration across services is just smoother too, in terms of flows like email -> calendar -> google maps live traffic, or email -> boarding pass QR code. I am and will always be a PC user so I don't benefit from those integrations with Apple products.

Making the switch will require ditching Airpods and the Apple Watch, but I think it might be worth it for me.

I think it's not appreciated enough how much they got right by putting the fingerprint sensor on the back in a natural position to touch and hold the phone. You are correct, it is unlocked usually before the screen is visible.

This is a key feature for me, and I'm disappointed that the Pixel 6 has gone for the in-display fingerprint sensor instead of the rear-mounted.

There's one thing that's handy about having it on the front, which is that the phone doesn't have to be picked up to unlock it. It's quite nice being able to read a message on my phone without picking it up from my desk.

But on the other hand, it is definitely more comfortable unlocking it from the back while holding it.

Maybe phones should have both!

Would be neat if there was a way to set the phone to stay unlocked for as long as it is stationary.

Pixel devices (at least previous ones) supported the inverse of this, where you could set the phone to remain unlocked until it was left stationary on a table. The theory is that (for some people) the most common reason to lose a phone is leaving it behind laying on a table, and it can safely stay unlocked as long as it's in your pocket.

Pixel has the feature where it can stay unlocked based on gps location (in your house for example), or wifi connection, or bluetooth connection, or if it thinks it is in your pocket. All these reduce the security overall, but it is convenient.

Hmm...I thought that was an option...but nope...longest screen timeout I can set on my Pixel 3 is 30 minutes.

For 1, and 2 my individual (single data point!) experience through all versions of the Pixel have been great.

I've been saddened that Google keeps the Spam filtration feature locked to the Pixel devices. It is a KILLER FEATURE.

And for STT - that "just works" 95% of my time that I use it with common vocabulary.

The hardware has failed me a couple of times - sudden battery failure, and battery cable tearing with a reasonable, slight fall - though so consider one of the warranty options.

> I've been saddened that Google keeps the Spam filtration feature locked to the Pixel devices. It is a KILLER FEATURE.

Why would anybody share killer features with competition ?

> I find FaceID annoying

I have the pixel 4 which has face id. I loved it for the 6 months that I had the phone before we all started wearing masks everywhere. Now it's a completely useless feature.

I recently switched from a Pixel 3a to a Samsung phone - I didn't realize at the time that the spam filtering was a uniquely Pixel feature but holy hell do I miss it. I didn't change my number or carrier, but I went from maybe 1 spam call a month to about 3 per day. This feature is slept on in a big way.

FYI Airpods work with Android devices. No idea about your watch.

For years, I used an iPad and a Pixel, and now - a Surface running Linux and an iPhone.

I always thought iOS had better, higher quality apps, and in some areas, that's true - Procreate for art, first-party games, etc. But I miss powerful, functional apps. I love the way Moon+ Reader tracks every single reading session, time spent and WPM. And nothing on iOS comes close to Smart Audiobook Player, although Bound is decent.

My iPhone is a great phone and a poor computer, whereas Android's MiXplorer and Termux empower me to, in a pinch, do whatever I need to do. iOS's best equivalent apps consistently fail to copy files over SMB or SCP (they get killed in the background or just fail), while Apple's Files app can't even write to my writable SMB share that works everywhere else.

In short, while my iPhone wins on battery life, speed, and support, the Pixel (and by extension Android) beat it in power and freedom. Perhaps this all proves that Android suits the needs of this power-user and tinkerer better.

> Apple’s stated intents to actively incriminate you by scanning your photos on a personal device

More accurately put, their intent is to scan cloud photos for exact matches with known child pornography material (like every other cloud provider, including Google), and then have the case reviewed by a human only after multiple positives, and only then forwarding the case to law enforcement (based on photos you chose to upload to the cloud)

> their intent is to scan cloud photos

corrected: their intent is to scan all photos in your photo library, on your device, including images automatically pulled in from from various sources such as messages, if you have iCloud Photo enabled.

> images automatically pulled in from from various sources such as messages

As far as I am aware, this is false and there is no mechanism on iOS by which images are "automatically pulled into" the photo library from anywhere, Messages or otherwise. Do you have a source or an example of how that could happen?

(edit: people are mentioning Whatsapp, which I guess has an option to auto-save received photos. Fair enough, but that's a third-party app and requires you to enable photos access anyway, so it's pretty clearly not what the parent meant).

> their intent is to scan all photos in your photo library, on your device ... if you have iCloud photos enabled

Yes, that's what I said. Enabling iCloud photos uploads your photo library to the cloud, so it's scanning your cloud photos.

> As far as I am aware, there is no mechanism on iOS by which images are "automatically pulled into" iCloud photos from anywhere, Messages or otherwise. Do you have a source or an example of how that could happen? When I receive images from my friends, they don't go into my photo library until I explicitly tap "save".

Per Apple [0]

>Shared with You works across the system to find the (...) photos, and more that are shared in Messages conversations, and conveniently surfaces them in apps like Photos (...) making it easy to quickly access the information in context.

---

>Yes, that's what I said. Enabling iCloud photos uploads your photo library to the cloud, so it's scanning your cloud photos.

Being disingenuous about it is still a thing though. You stated

> More accurately put, their intent is to scan cloud photos (...) (like every other cloud provider, including Google)

which makes it appear that the photos are only scanned server side "like every other cloud provider". Client side scanning is something that no other provider does, in contrast to what you stated.

[0]: https://www.apple.com/newsroom/2021/06/ios-15-brings-powerfu....

Shared with You does not actually save the images to your photo library. It just surfaces them inside the Photos app. I will admit it's not very clear from the press release, but those are the facts.

I was not being disingenuous, frankly. I said that Apple is scanning your cloud photos, i.e. they are scanning photos that are uploaded to the cloud. Photos not being uploaded to the cloud are not scanned. I made no claims about where the scanning is happening, and I'm not particularly sure why it matters in any material sense.

You are thoroughly misrepresenting what Apple does. I initially thought you don't know what they do, but apparently you do very well.

Still: they scan photos locally - those are not cloud photos, those are local photos. And they have deployed the technical capability. You can bet that once capability exists, they will bend to government demands - there's ample precedent for that.

SO, yes, Apple, unlike all others, scans your photos locally. If they are going to be uploaded to cloud, or if they are forced to.

> Still: they scan photos locally - those are not cloud photos, those are local photos.

They are cloud photos. I say that because:

1. The photos are in the process of being uploaded to the cloud when they are scanned

2. The result of the scan is attached to the photo only when it is uploaded to the cloud. If the photo is deleted from the cloud, or the upload is canceled, the scan result is discarded

Practically, the system works precisely the same whether or not the scanning happens on device before the image reaches the cloud, or on the server after the image reaches the cloud.

The only well-intentioned argument about why on-device vs. on-server scanning matters is that "slippery slope" argument, which presupposes that:

1. Apple putting this scanning code in iOS not only somehow makes it easier/more tempting to use it for non-CSAM, but all but guarantees it will be used for non-CSAM.

2. Apple does not already have the ability to run whatever code they want, on any of your devices, without you ever knowing

3. Apple folds very easily to government demands, especially when it comes to privacy, their core differentiator

I don't think any of these are true. You might think they are, but then I'm not sure what point there is in discussing any more.

> or if they are forced to.

I'm not sure what this implies. If someone forces you to upload a photo to the cloud, surely that will get scanned regardless of whether the scanning is performed on-device or on-server?

This conversation is rather bizarre. The input to the scanning system is a sequence of bits, read from the flash memory in the phone.

Therefore, the scanning is local. There's really nothing more to it: The distinction is based on where the input is read from, in addition to where the input is processed. Both are happening inside the phone while you hold it in your hand.

It is scanning images locally.

This is totally unacceptable, and should never become acceptable.

I'm not claiming the distinction doesn't actually exist. Obviously the scanning is taking place on the phone. What I'm asking (which you have not actually answered) is: why does that make any sort of practical difference? Your argument is "it's happening on the phone, and that's self-evidentially bad".

And they've opened a door that others will walk through.

>2. Apple does not already have the ability to run whatever code they want, on any of your devices, without you ever knowing

This is what I don't understand about the whole argument about this CSAM debacle. I've read quite a bit of the discussion about this, as I'm someone who takes privacy fairly seriously, and it never really gets discussed. Could someone maybe point me in the direction of some literature about this? Is someone doing extensive load and packet analysis? Don't they(Apple) upload at least some E2E data?...

My iPhone already does an insane amount of "indexing", including image classification. This is all under the hood and I have no idea what else its doing, for all I know its mining Monero. Additionally all my iOS devices seem to send an inordinate amount of data to the cloud; I'm particularly sensitive to this because I don't have a strong internet connection, and frequently have to turn off WiFi on my phone or iPad when playing online games to stabilize my ping.

I'm also skeptical that you can really insure privacy from a 5 eyes country. Maybe I just read too many spy novels as a kid, but it doesn't take a lot of imagination for me to guess how any given decently large western company could be completely infiltrated by a multinational espionage coalition.

Idk, I tend to like that Apple is fighting against Ad-tech, as that power dynamic is at least believable. I do think that playing around with deGoogled Android is fun and in my experience is much more suited to dropping off the cellphone grid. I have an Android running Lineage and microG and with OSM and Kiwix(wikipedia is indispensable, IMO) as well as a handful of other apps, it serves the majority of the purposes of a cellphone without the need for data. I still daily drive my iPhone, mostly because the UX is a lot better than deGoogled Android.

There are tons of academic researchers, jailbreakers, privacy watchdogs, journalists, government organizations, exploit developers, tinkerers, and hackers of all kinds who would go wild if they found Apple doing malicious stuff on iPhones.

Now if Apple developed a special update that they sent to only a few choice targets, that might be able to go under the radar.

That can be said about any manufacturer of any electronics, and yet here we are in 2021 when practically all manufacturers have been caught doing highly immoral things in their devices, Apple notwithstanding.

You can wrap intrusions in form of 'think about the kids' (what is used here), think about security/terrorism and so on. This playbook has been used ad nausea, isn't it about time to learn?

> have been caught

That was my point: they get caught if/when they try.

> I'm not sure what this implies.

If _Apple_ are forced to (e.g. by a judge), and they can't claim the ask is technically impossible.

I know Whatsapp photos that I never even opened (from groups I probably muted long ago) end up in the phone library whenever I do the (manual) monthly photo dump to my PC.

But yes, I agree with the comment, there's no reason to hide between details: Apple plans to introduce the capability of scanning photos on your local device and comparing hashes against an opaque (non-reviewable) list of hashes that they (along with governments) control (details about how they plan to initially employ this capability are irrelevant).

Sure, but then don't pretend that this is not something every other cloud provider is doing (and has been doing) for years. This is only such a hot-button issue because 1) people love bashing Apple, and 2) Apple actually solicited feedback instead of implementing it silently behind the scenes.

Oh, I totally know all cloud providers are scanning photos in their cloud and I totally accepted that (hence why I mentioned I do manual photo drops from the phone and upload them to private cloud storage).

What no one has done before and what I totally don't accept is someone scanning photos on my device, which is what Apple is doing.

The in the cloud vs. on your device aspect of this debate is the most important part and cannot be glossed over.

> The in the cloud vs. on your device aspect of this debate is the most important part and cannot be glossed over.

I really do think it's a weird aspect to fixate on, though.

So long as Apple is only scanning the photos that're being uploaded to its servers, it genuinely doesn't matter to me where that scanning happens. It's a scan that could have happened in either location, and the version where it's happening locally is arguably more private/secure-from-fishing-expeditions. If I don't like that the scanning occurs, I can disable the uploading.

The distinction would matter if the local-scan involved things that weren't being uploaded. But it doesn't, so from my perspective the only difference is an implementation detail.

> If I don't like that the scanning occurs, I can disable the uploading.

You can already do that today (I do).

> But it doesn't

Maybe, maybe not. Even if I were to trust Apple 100% it's again a matter of principle (no local scanning).

Imagine the uproar if Microsoft Defender (which comes in-box enabled-by-default on all Windows 10/11 PCs) were to suddenly start scanning photos (it already scans executables and Office documents), hashing them against some opaque "database" and attaching tokens to suspicious ones that would be analyzed when uploaded to OneDrive (again, enabled by default for your Documents\Photos on Windows 10/11 if you use a MS Account).

Then on top of that, imagine Windows was a walled garden a-la iOS and you couldn't uninstall / disable / replace Defender with a different tool (which you totally can today).

I think there would be massive outrage in the press with MS being dragged through the mud for months, and droves of users switching to alternatives (like Linux) overnight. Yet (except for a few privacy / freedom organizations and a little press bleep) Apple gets to shake it off scot-free; I don't understand the dissonance.

It's interesting how our minds just give up when we realize all cloud providers are doing it. We accept our fate as weak consumers, unable to do anything.

WhatsApp has a "Save to Camera Roll" option which automatically saves all images and videos to your photo library.

"The CSAM scanning system is a part of the iCloud Photos upload process and it will be triggered once the upload is initiated. Keep in mind that it does not scan private photo libraries stored on iPhone devices" - https://medium.com/codequest/technologies-behind-the-apples-...

If you want to "correct" the claim to say their intent is to scan every photo, citation needed.

Apple does not scan on device photos at all. It's something they announced they might do to images you upload to iCloud Photos some day in the future.

Google, on the other hand, has been scanning the entire contents of your account for the past decade.

>a man [was] arrested on child pornography charges, after Google tipped off authorities about illegal images found in the Houston suspect’s Gmail account.

https://techcrunch.com/2014/08/06/why-the-gmail-scan-that-le...

You do not have to use Google Photos if you do not want to on any Android phone. You can upload photos to your own server in the background exactly like the Google Photos app does. On iOS, only iCloud Photos can do that. It is strictly worse for privacy.

> You do not have to use iCloud Photos either.

If you want your photos to upload in the background, iCloud Photos is your only choice on iOS. Not so on Android. This makes backing up photos to a server privately on iOS essentially unusable.

This kind of crippling anti-privacy pro-Apple-profits design permeates iOS. You cannot even install an app on your device without giving Apple your billing details and letting them know you installed it, which is used for ads. You cannot get your location without also telling it to Apple. You cannot tell Apple not to track your WiFi SSID's location. You cannot uninstall Apple News, which is filled with user tracking for ads. On and on.

> We recently had a thread from a historian whose entire account was suspended after Google scanned all the files in his Google Drive,

You're comparing iOS to the wrong entity when you compare it to Google instead of Android, but even your comparison to Google is faulty. Your link is about Google suspending an account for files shared publicly, not about Google scanning all the files in that account. Section V.B. of https://www.apple.com/legal/internet-services/icloud/ says that sharing those types of images publicly is also a violation of the iCloud TOS, and Apple has the right to do the same thing. The difference is that Apple will probably handle the customer complaint better, but that is an issue of customer service, not privacy.

> If you want your photos to upload in the background, iCloud Photos is your only choice on iOS.

Nope. Background App Refresh has allowed any iOS app to update data between the server and client in the background for more than half a decade.

Apple has discussed scanning photos uploaded to the iCloud Photos portion of their cloud service in the future, but nothing is scanned now.

Google has been scanning everything in in their user's cloud accounts for the past decade.

Also, given Google's reluctance to pay human beings to supervise decisions made by their algorithms, I have zero doubt that Google is turning in users when they have a single false positive.

Background App Refresh was added in 2019. How did that more than half a decade pass in two years? You're right though, iOS is not as terrible as it used to be. For many years, Apple crippled other background sync services relative to its own, and it continues to cripple other services relative to its own on iOS.

All the other privacy-invading criticisms remain, making iOS an awful choice for privacy.

I still don't know why you're comparing iOS to Google. As I've already explained, that is the wrong comparison. I can use my own services on Android. Apple is planning to scan photos in iCloud (and already does in mail) and only hasn't because their services are still so basic, so it is just as bad as Google in that respect but only temporarily better due to incompetence. My own server does not scan and review photos and never will.

Background App Refresh was added in iOS 7 which launched 8 years ago.

I guess I could have said almost a decade ago.

So, again, Apple only discussed scanning the iCloud Photos portion of their cloud service some time in the future, but NOTHING is being scanned now.

Google, on the other hand, has been scanning everything in your account for the past decade.

Also, documents from the discovery phase of Google's various antitrust trials show that Google has literally pressured device makers to hide the privacy settings from users.

Google also buys a copy of everybody's credit/debit card transaction data so they can spy on your real world purchases as much as they spy on your online life.

A company with surveillance capitalism as it's business model, like Google, will always be motivated to violate user privacy as much as possible.

I don't know why you're still trying to pretend that Google's cloud service is separate from Android while Apple's cloud service is not separate from iOS?

> So, again, Apple only discussed scanning the iCloud Photos portion of their cloud service some time in the future, but NOTHING is being scanned now.

I acknowledged that. The point is that they admitted this is an oversight because they are already scanning iCloud Mail. Their intentions are exactly the same as Google's. They are merely less competent. Apple is also a surveillance capitalist, as I explained in my previous post, giving several examples. iOS even splits the privacy settings of Apple's apps from the privacy settings of all other apps to make it harder for users to control what little Apple lets them control.

> Google also buys a copy of everybody's credit/debit card transaction data so they can spy on your real world purchases as much as they spy on your online life.

Apple gets the exact same information for transactions completed with Apple Pay. Users have to opt in for Google to see this information. Once again, exactly the same.

> I don't know why you're still trying to pretend that Google's cloud service is separate from Android while Apple's cloud service is not separate from iOS?

I already explained why. I don't have to use Google services on Android. iOS ties me to Apple's privacy nightmare. I listed several other examples of Apple data collection on iOS that are unavoidable. Android, even in builds provided by Google, has none of those problems.

> Apple gets the exact same information for transactions completed with Apple Pay. Users have to opt in for Google to see this information. Once again, exactly the same.

Nope.

>Google has been able to track your location using Google Maps for a long time. Since 2014, it has used that information to provide advertisers with information on how often people visit their stores. But store visits aren’t purchases, so, as Google said in a blog post on its new service for marketers, it has partnered with “third parties” that give them access to 70 percent of all credit and debit card purchases.

https://www.technologyreview.com/2017/05/25/242717/google-no...

Buying a copy of everyone's credit card transaction data, no matter who they bank through, is not even close to the same.

>I don't have to use Google services on Android. iOS ties me to Apple's privacy nightmare.

Nope. Apple's cloud service is every bit as optional as Google's.

The difference is that Google has been scanning everything in Google accounts for the past decade.

Google and Facebook, as the pioneers of surveillance capitalism, are both privacy nightmares.

> Nope.

Yep.

> Buying a copy of everyone's credit card transaction data, no matter who they bank through, is not even close to the same.

As I already explained, the user has to opt in to share that data with Google. The purchase is a deal with the credit card companies to send data that users have opted in to share. https://support.google.com/googlepay/answer/10845853?hl=en

> Nope. Apple's cloud service is every bit as optional as Google's.

You completely ignored my post explaining why they are not. To repeat myself from https://news.ycombinator.com/item?id=28933939:

"You cannot even install an app on your device without giving Apple your billing details and letting them know you installed it, which is used for ads. You cannot get your location without also telling it to Apple. You cannot tell Apple not to track your WiFi SSID's location. You cannot uninstall Apple News, which is filled with user tracking for ads. On and on."

Apple, Google, and Facebook are all privacy nightmares. The difference is that iOS forces that privacy nightmare on its users, while Android does not. Your comparison of Apple to Google is as irrelevant as it is incorrect.

>As I already explained, the user has to opt in to share that data with Google.

As I have already explained, this has nothing to do with Google Pay whatsoever.

It doesn't matter who issues your card. Google made deals directly with Visa and Mastercard to buy your transaction data.

>as Google said in a blog post on its new service for marketers, it has partnered with “third parties” that give them access to 70 percent of all credit and debit card purchases.

Google has gone from spying on everything you do online, to spying on your offline behavior as well.

As for the rest of your errors. I'm afraid that I'm not willing to take the time to correct them individually.

> Google has gone from spying on everything you do online, to spying on your offline behavior as well.

That is about aggregate purchases, which have no privacy implications at all, not about individual purchases, which need to be matched either by email or by users opting in to share their credit card transactions, which is exactly the same as Apple Pay.

> Also, how exactly do you use the Google Play Store without having a Google account?

You don't have to use Google Play to install apps on Android. Even if you use Google Pay, you don't have to completely de-anonymize yourself with billing details.

> I'm afraid that I'm not willing to take the time to correct them individually.

More like you're afraid that you cannot correct them because they are already correct. I have made those claims hundreds of times on this forum, and they have never been corrected.

You have simply fallen for Apple's marketing without critically thinking about what data Apple actually collects, and the embarrassment of overpaying for an ecosystem that is clearly worse has understandably caused you to become defensive. The takeaway is to not trust marketing and verify if what the marketing actually claims is true. None of these companies are looking out for you. If Apple can make more money by exploiting your privacy on top of getting you to pay more, they will do it, and they are doing it (why actually make a privacy-respecting product that ties Apple's hands when they can just have the marketing department claim that it's a privacy respecting product and have their cake and eat it too). The only reason Android has gotten away with less user exploitation is that Google is still not yet as top-down driven as Apple, so the hackers who work on Android can influence how the base system is made while just enabling the company's services teams to build what they want on top of that instead of directly into the base system, and the only reason Google still lets them get away with that is that Android initially had to be released as AOSP + vendor bits in order to bring other companies into the ecosystem, and it is now too expensive to change course.

>That is about aggregate purchases, which have no privacy implications at all

Spying on everywhere you shop no matter which bank issues your card has no privacy implications at all?

Sorry, but at this point I can't take you seriously.

Of course it doesn't have any privacy implications if they don't know it was you who made the purchase. That's what "aggregate" implies.

>Google Now Tracks Your Credit Card Purchases and Connects Them to Its Online Profile of You

It's literally the headline of the article I've posted three times now.

Connecting purchases to your user profile has nothing to do with aggregate data and everything to do with spying on individual users for a profit.

I see it now. This works whether you're using iOS or Android, so iOS remains strictly worse for privacy.

It's Apple's fault Google spies on everyone's bank account?

I suppose it's also Apple's fault that Google pressured device makers to hide the Android privacy settings, and ignored users when they turned off the setting Google told them would stop Android from tracking their location?

> It's Apple's fault Google spies on everyone's bank account?

It might be Apple's fault that you believe I said that. Try reading my comments on an Android phone, which gives you a choice of multiple working web browsers instead of just different skins of the same buggy browser engine.

> Google pressured device makers to hide the Android privacy settings.

That's funny. The privacy settings on Android are more easily accessible than the privacy settings on iOS, and they apply to all apps, not special-casing Apple apps like iOS does.

> ignored users when they turned off the setting Google told them would stop Android from tracking their location?

You're talking about two different settings in two different Google apps, not in Android. The really faulty thing is that there is no way to prevent iOS from sending your location to Apple at all unless you don't get your location on your iOS device at all.

You keep trying to compare iOS to Google and failing. The correct comparison is iOS to Android, where iOS fails badly.

I dont think you can verify that.

Apple claims to not scan your pictures, but that's unrelated to whether they scan your pictures

In the same way that you cannot verify that Google does not sell your data to third party data brokers.

You either believe their corporate communications on the subject or you do not.

They do not have the ability to scan photos stored on your phone that are not uploaded to iCloud. The scan is only implemented in the iCloud photos upload system.

If that was the case they'd just implement it on their own servers, just like everybody else (it's not like iCloud is E2EE).

In reality they probably have a "photoscanner.so / .dylib" that currently is only linked in by the iCloud uploader thing, but at any time could be called in by any other part of the system (or offer exploits new avenues for data exfiltration), which was actually spelled out in their initial announcement (there will be a system API for accessing it).

So they absolutely have the ability to scan photos on your phone; the fact that they don't intend to currently use it outside of the iCloud uploader is totally immaterial to this debate (the thing I don't want on my phone is photoscanner.so or any such capability).

> which was actually spelled out in their initial announcement (there will be a system API for accessing it).

That is completely false. They announced, a week after the initial announcement, that the on-device nudity-detection they planned on implementing in iMessage would also be open to Snapchat and other messaging apps. That doesn't report anything to the police, isn't hash-based, and is done on-device; it just pops up a bypassable warning to allow child users who are part of "iCloud Family Sharing" to avoid seeing things they don't want to see. It has nothing to do with CSAM detection.

I continue to be frustrated by the amount of misinformation on the anti-CSAM scanning side of the debate, including on HN (and it's orders of magnitude worse everywhere else).

At any time they could implement a new feature in iPhone to do anything, yes that's true, and yes they could be flat out lying that this is how it's implemented. They could be lying about the whole thing. If they'd implemented it on their servers, they could still have taken that code and later put it on their phones and run it on whatever photos they liked.

Come on, now you're really going off the rails. What we're discussing here is the system Apple has said they have implemented and described. Anything beyond that is hearsay and accusation, for which some evidence would be appreciated. If you're just going to believe whatever you want to, and damn the evidence or what anyone says, go ahead. There's nothing much more to say.

I think that they can do that is the problem, though? If you don’t like the way Google is running things, you can swap out the OS on your Pixel for one of several open source privacy-focused Android forks. But if Apple does something to iOS you don’t like, you’re stuck with it.

That's got nothing to do with CSAM, or this change and isn't anything new. If we're going full tinfoil, Android manufacturers could force update, lock down or brick your Android phone any time they like anyway. If you allow remote updates, which I think we generally all want for security updates, it's all about trust.

> exact matches

Not exact matches. Hashes. Hashes that were quickly show to have collisions that the company brushed off.

That's why they require that you reach a certain threshold number of matches before its sent for human review. The threshold allows them to take the probability of a false collision, which they can estimate from data, and set the probability of an overall false-flag by requiring a certain number of these collisions. They've released that the threshold, to start, would have been 30 (Page 10 of https://www.apple.com/child-safety/pdf/Security_Threat_Model...). They claim that, given the probability of a false collision, and the threshold that they've set, the probability of your photos being sent for human review falsely is 1/trillion.

They mention a “very conservative false positive rate” - doesn’t 1/trillion imply that they used 1 / (1e12 ^ (1/30)) = ~40% as the false positive rate? If so, that does seem extremely conservative to me!

A 40% false collision probability would give an overall false flag probability of 1/trillion only if you had exactly 30 photos in your library, and thus all 30 had to be false collisions. The calculation gets a little more complicated if you have more, because you have to account for all the possibilities of combinations of 30+ false collisions among N photos, for N > 30. I wrote out the calculation in a comment from when this was being discussed a few months back: https://news.ycombinator.com/item?id=28174822.

On page 10 of the paper I linked though, they state that they assume a false collision probability of 1/million, which is more conservative than the 3 in 100 million false collisions they saw in their tests. The way they chose 30 as the threshold is based on the safeguarding assumption that everyone's photo library is larger than the actual largest library. This is safeguarding because the more photos you have, the more likely you are to have collisions. Copying from my previous comment, we can compute their photo library size assumption by solving for N in this equation: 1/trillion = 1 - sum_{k=0}^{29} of (N choose k) (1 - p)^k p^(N - k), where p is 1/million (the probability of a false collision).

The problem with this argument is that the "adversarial environment" argument applies to a worse degree to all cloud storage services who do the scanning in the cloud, since they have no threshold mechanism, and lack transparency on whether there is any human review whatsoever. You would still be reported to the police if someone hacks your Google Photos account and uploads CSAM to it.

Accurate, but note that intent as OP referred to is not the same as implementation. Fucking up doesn't mean you intended to fuck up.

With Google you can be absolutely sure that their intent is to eat all your personal information and data for short-term profit. With Apple it was "just" a stupid attempt at legal (over?) compliance.

That's the narrative that Apple's marketing department is selling, but I'm not buying it. The fact is that Apple devices slurp up more data to Apple that you cannot turn off without making your phone essentially useless than Google devices slurp up to Google.

Googles toggles are largely useless - you can "choose" to disable web and app tracking, but it intentionally disables or breaks most app features.

Want to update Google maps home/work addresses? Too bad, requires web/app tracking enabled.

Unlike iOS, Android lets you use whatever maps app you like and set it to be the default handler for opening addresses. This includes maps apps that store the map data fully locally. Even better, when you get your location on Android, you do not have to send that location to Google. On iOS, no application can get your location without your location also being sent to Apple.

That "web and app tracking" applies to apps both on iOS and Android. The difference is that Android gives you more choice about what services you use.

They probably brushed them off because a malicious/accidental hash collision would lead to a human reviewing them and then not going to law enforcement.

Or they will, depending on reviewer, photo clarity, current political climate, potentially location and so on. You have no say in this process, nor anybody else on this forum, or elsewhere.

Its not the law enforcement that's the main issue, but various greedy 3-letter agencies who are already well known to have ambition to have profile on every person in this world (not unlike Facebook but for different purposes).

This is not privacy anymore no matter how you bend it, it has been cancelled and Apple realizes this very well. And it still doesn't care. Literally the only serious selling point for many new buyers not invested in ecosystems, blowing it off with a nice double barreled shotgun shot.

Thus the manual review. No one's going to be going to prison over a hash collision here.

But a manual reviewer in Cupertino or elsewhere still gets access to your personal (possibly very intimate or otherwise private) photos. Privacy from law enforcement is hardly the only privacy that people value.

If you desire privacy, never upload your images to any cloud service that doesn't offer true end-to-end encryption of the data (that is, one where they do not have the key). Use a service where data is only decryptable on your own devices or devices that you personally authorize. Which is, presently, none of the popular services that I'm aware of.

It's even probably the right choice for a popular service to have made.

Full E2E encryption is going to trigger nightmare "I lost all my photos" customer-service stories when people forget their passwords... which is acceptable when you deliberately signed up for a service where security was the selling point, but not great for someone who bought a mass-market phone.

Yep. See the perennial complaint about Signal as a demonstration of that. They don't persist your messages across devices on privacy/security grounds. That's fine, it's why I use it (or one motivation for me to use it). But it's contrary to what many people expect from that kind of service.

Thats the issue with local scanning, even if you used an e2e cloud for your photos the encryption would be bypassed with local scanning.

They would only have access to the photos that are being reviewed.

And you can either choose between (a) someone having to see your photos or (b) relying on an automated but imperfect process. You have to pick one.

It is, but it's perhaps incompatible with uploading your private images to a cloud service.

Of course. But the second you enable iCloud Photo Library and want to upload your private photos to Apple's servers than you need to comply with their Terms & Conditions.

Which includes them scanning your photos for CSAM.

Not when using a commercial cloud service, no.

I used to work in the same building, as a department with legal authorities (purposefully vague here), and the burn out rate was astronomical.

Good, descent people, waking up screaming, cold shakes, permanently damaged from what they could not unsee.

You couldn't pay me enough to go through images of such sickness.

Outside of all the yes/no, on/off phone stuff, how are they going to hire, and keep staffed, a department of people having to look at this stuff.

How are they going to insure it?!

Right. Requiring exact matches for this kind of material is absurd as a single pixel change would foil any detection. So everyone, practically speaking, trying to detect it is going to use some form of hash algorithms. And every hash algorithm, by definition, permits potential collisions and false positives. Which is why any sensible program will use a manual review process before pushing anything forward to law enforcement. Apple's system, requiring ~30 matches, means that you'd have to have 30 or so false positives that also happen to look like CSAM to manual reviewers to end up getting a false case sent off to law enforcement.

Additionally, the while the publicity of that announcement was terrible PR for apple, it was really a request for comment. They got comments from security professionals, and then they acknowledged the problems, retracted the announcement, and are working with those professionals on a system that will be better from a privacy perspective.

Try getting that behavior from Google, a company who's existence is dependent on surveillance advertising.

Source for that? The most response I saw was a "sorry-not-sorry" and they were just going ahead.

Or more more accurately, their stated intent is to scan for anything any government deems illegal in any country where they operate.

Also who is reviewing this known child pornography list? Hopefully nobody because it is Child pornography but also hopefully somebody because what if somebody slips something in there… Say a offensive political cartoon or a ethnic group symbol or a picture of Tiananmen Square. This list of “offensive images” needs to be auditable.

Also it is crossing a line in the sand because it is on your personal device not in their servers. All you can hope for is that they don’t alter the deal further.

> Also it is crossing a line in the sand because it is on your personal device not in their server

Seconds after they scan it the files will be on their server, right?

They are scanning files on your device. The rest is just implementation details

Having my photos warantlessly rifled through by a machine and then a human really puts me at ease!

> known child pornography material

For some definition. Russia's FSB might have a very different idea of what this is. Anti-Putin memes, for instance. Navalny support materials or brochures. You'll have to watch what you download, because your phone might upload it and incriminate you.

Or China's MSS. Winnie the Pooh, Tiananmen Square, Free HK, etc.

Or even the FBI. Financial or political leaks, Wikileaks, etc.

Once they know who you are and why they don't like you, they can incriminate you in other ways. This helps them find and flag you. They don't even need to monitor and decrypt traffic - they can just upload hashes of things they don't like and let Apple's dragnet do all the work.

Don't buy into "CSAM" scare. It's never the intent. The powers that be don't give a damn about children. It's about power.

The definition is from NCMEC[0] and ONLY from NCMEC. No FSB, no MSS, no FBI.

This is the EXACT SAME database EVERY cloud provider has been using for about a decade. Look up Microsoft PhotoDNA.

The only difference is that the company doing it was Apple, who wanted to do the checks on-device BEFORE upload. And with multiple redundancies and human review.

Not like Microsoft, who have - for example - shut down the MS account of a German man for having photos of his own children on a beach. No human review, no way to complain. Everything gone from Outlook mail to Xbox account.

[0] https://en.wikipedia.org/wiki/National_Center_for_Missing_%2...

Longbets 10 years $10,000 we see this used by Apple (or a government agency) in a way that deviates from your attestation?

I'll eat my hat if this system doesn't hurt someone innocent.

I will happily take that bet.

Because if a government agency is involved they will be doing so server-side instead of client-side.

Haha, okay! Let's look back at this thread in ten years.

I hope you're right, but I don't think you will be.

> I'll eat my hat

One of these yummy nacho hats? https://www.google.com/search?q=nacho+hats&tbm=isch

NCMEC is their US database because of federal law. This does not apply to the rest of the world.

Hyperbole is a logical fallacy for a reason

You mean, setting a precedent for expansion of personal device scanning

This is the stated initial iteration.

The difference is that if you don't want your photos scanned by anybody but you still want your photos uploaded in the background, you can do that on Android, but you can't do that on Android. People who value privacy do not use iOS devices.

Or rather: People who value privacy do not upload their photos to someone else' servers

Correct, but there have been known False positives that have hash collisions in this system. That is something to care about considering the trust in law enforcement is eroding day by day

The false positives are matches with absolute gibberish generated photos.

People have had tons of fun finding collisions and seeing how far they can take an image until the apple neuralhash algo thinks it different. It very much is not an exact match like what you would get with MD5 for example. But a "perceptual hash" that means that it gets the same has even if you crop it by a couple of pixels or change some pixels.

The person arguing with you has misinterpreted how Photos works, the information you have provided is correct - they are merely surfaced in the Photos app and the software provides the user the option to save them to their library. Sometimes users on this site play dumb or falsely represent the facts for the sake of their argument.

You know that Google Photos scans everything, server-side, since like 2012 right?

Maybe the point is that's on the server, not on the device.

On the device means it's going to the server in Apple's case. The option is only enabled when you have the iCloud Photos feature enabled, which means the photos it's scanning are photos that are on their way to the cloud.

If you turn the iCloud Photos feature off, no more scanning is happening.

This seems pretty simple to me.

> If you turn the iCloud Photos feature off, no more scanning is happening.

Yet.

A few years later, [Insert gov agency here] will force Apple to scan all photos and compare hashes to material banned by the government.

This ability to scan photos on the device simply should not exist. If they only want to scan photos being uploaded, just scan them on the server itself. It really isn't that hard.

Apple has turned a steel barrier that's capability focused, into a policy barrier that can be changed by influencing people. That's simply much more insecure and much less privacy focused.

> I want as little to do with Google’s services as possible in my life

As a Fi and Fiber user, those services have actually been really solid and reasonably priced.

Android wise, Calyx maintains a nice de-googled one (https://calyxos.org/install/ ) and they will sell you an unlocked phone at a reasonable price if you are a member. We use one on Google Fi with no issues in any of about 10 countries so far.

I like frictionless Fi is. Phone breaks? No prob. Grab a cheap Moto phone from the Fi store listing, get it in the mail the next day, and setup in 5 mins. Go over on data? No prob. Pay a prorated price at the exact same rate.

It's been by far the best phone service I've ever dealt with, although to be fair that is a really low bar. The international pricing was what made me switch over, but everything else has been great since.

> Go over on data?

Or you could be a T-Mobile subscriber and never "go over" on data, even when abroad. It just gets slower, but that's fine most of the time, at least for me. It's amazing to be able to use even slow internet in the butt crack of the world somewhere without paying an extra dime - that's the way it ought to be on all carriers.

Fi has infinite free slow data too. "Going over" in a way that involves money is only relevant to the first few gigabytes on the $0-60 data plan. (Unlimited Plus is flat $50 of data)

That's literally any mvno. Try mint mobile for one far cheaper than fi.

Germany tries to push for a 7 year minimum update policy in the EU.

If the EU agrees this will be very interesting for the smartphone market.

5 years of security updates is already great.

I agree. Three years is clearly too short. After five the battery would usually need replacing, but the devices being what they are, one probably opts for a new phone.

> I will continue to recommend those phones for most people (pending what they’re going to do with trying to incriminate you), but it’s not for me.

Why? Despite what Apple would have you believe, Pixel phones aren't "more complicated" than iPhones. They're just a little different. For example, I recently had to use an iPhone and the interface was difficult to use, coming from Android. Not because it was inherently confusing, but because I simply wasn't used to it. But I'm sure it would have only taken a few days to adjust.

Software support is 5 years in security upgrades and 3 in OS upgrades [1] (at minimum, so it depends on their mood).

In my case it's -1 year because I prefer to wait up to a year until I get a good deal, and then there's always the option to put LineageOS on the Pixel devices [2].

[1] https://support.google.com/pixelphone/answer/4457705?hl=en

[2] https://wiki.lineageos.org/devices/#google

Definitely agreed, longer software support would be nice. On the other hand the repairability is important too, if you can replace battery and fix a broken screen easily the phone is unlikely to be useful after that many years anyway.

I think the previous pixels were reasonably good in that regard (not compared to framework of course).

Improving that would be higher priority in my eyes. Software support can always come later: even once the official support is dropped the community can backport AOSP fixes etc.

AOSP does not help with the mountain of closed vendor blobs at the bottom of the stack.

Pixel phones have absolutely not been reliable for me. From the Pixel 1 microphone defect to it needing a reboot every few days, and my Pixel 4A boot looping, Google phones are absolutely not reliable IME. (Almost as bad a Razer laptops).

I have a pixel phone myself and know four other people with them and they've all been perfectly reliable. Not a single issue.

3 Pixel phones and no issues here either. My old Nexus 5 finally bit the dust only last year.

I've had the HTC G1 (first android), G2, every generation of nexus and every generation of pixel. Never had a problem.

> 5 years of support

I'll wait for the iFixit report on how difficult it is to replace the battery, before believing in a phone lasting that long. Also as usual for the pixels, there is no analog headphone jack. Still I can't believe I'm at least somewhat interested in a $600 phone since I'm not that much of a mobile user. I wonder if they will do a 6A version any time soon.

The main difference between the 6 and the 6 pro is the pro adds a telephoto camera, right?

Anandtech article is up: https://www.anandtech.com/show/16939/google-announces-pixel-...

I'm still somewhat leaning towards a 5a as my next phone, as it's already more than I want to spend.

My parents used several handed down iPhones for 6+ years each. I see no reason Google didn’t buy similarly good batteries.

Batteries have to be replaced once in a while, thus the famous story about iphones slowing down as the batteries get weaker. Maybe your parents were lucky or maybe their phones slowed down without their noticing it, or maybe the phones already had replacement batteries when your parents got them? Apple took a significant financial hit the year they offered $29.95 battery replacement since people got their batteries replaced instead of buying new phones that year.

I have a family member with an iphone se (2016 model) and it has needed a battery replacement. No big deal with the ifixit kit. But it seems to me, phones with wireless charging seem to have harder to replace batteries a lot of the time. The Pixel 2 is notoriously difficult. So I'll wait to see what happens with the 6. Of course I'm even more interested in a 6a, if they make one of those. I'm enough of a throwback to still want to use wired headphones.

Samsung announced 5 years of Android updates months ago. Before that, it was 4 years of updates.

Unless you have more recent info (please correct me in that case), that's not quite correct. Last I heard was that Samsung's promise has been 4 years of updates [1].

I recognize Samsung as being well clear of the rest of the pack of Android vendors. Other Android vendors are outright negligent, whereas Samsung seems to generally try to fight their bad incentives and come up with some decency.

Where I think Samsung falls short is execution. Samsung is fundamentally a hardware company and their software has always been mediocre in my view, even to this day. In terms of security updates they promise less than Google, they promise fewer and slower updates than Google (quarterly software updates for some devices / late in the lifecycle still makes older devices an afterthought!), and I trust their promise to execute on their promise less than Google.

Finally, Samsung devices don't have nearly the same support for third party privacy friendly OSes than Pixel devices do - you're stuck with Samsung's (warning: personal opinion) rather tasteless take on what Android should be, and have no real other options.

[1]: https://news.samsung.com/global/samsung-takes-galaxy-securit...

I really love what Samsung is doing with their note-line software wise. There're just so many integrations and little nooks integrated deeply within their Note-specific Android version that are all just actually useful in their own right.

I'm a huge fan of operating my phone with styluses in general, but I think Samsung is the only Android vendor (other than Apple with their pencil) that actually cares about the benefits of adding a stylus to a phone/tablet.

For instance, last week I discovered that you can annotate your calendar with the S-pen. Your annotations stick to your calendar like post-its would to a computer. At first I thought I was drawing on a _picture_ of the calendar application view, but I was writing inside of the app itself.

Samsung's Note os is full of these niche-but-useful-when-you-actually–need-or-want-them kind of features.

Taking macro photos of that little insect on a hard to reach life in the forest? You can point it right where you need it with your right hand while you snap pictures with your pen in the other. It's a neat little remote.

Use your phone for presentations? The pen is your clicker to go through your slides.

Like keeping a digital journal with handwriting? Samsung's (and Google's too) keyboard has great handwriting recognition built-in. Nobody except me seems to use it, but it's actually great!

Need to quickly quickly take a note to make sure you won't forget to do that one important thing? Take out your pen while phone is locked and you can write on your screen directly, this is saved instantly to your device.

Samsung has clearly put a lot of thought into this over the years. The integration is excellent and is available in places where you would never expect it.

TL;DR: I like my note, not only is the hardware great, the software is great too

> Where I think Samsung falls short is execution. Samsung is fundamentally a hardware company and their software has always been mediocre in my view, even to this day.

I disagree. I really like Samsung's take on Android and appreciate features like Dex. With some first-party software from the company, they also make Android extremely customizable. The long tail of Android features that exist only on Samsung devices would probably surprise you. OneUI is a pretty clean take on Android styling.

> In terms of security updates they promise less than Google, they promise fewer and slower updates than Google

I'm getting monthly updates on my somewhat older devices. Not just security updates but full on Samsung software updates. I just got a bunch of new features on tablet this week including quicker multi-tasking, better window docking, etc.

> The long tail of Android features that exist only on Samsung devices would probably surprise you.

We have different tastes in phones, which is okay. I wouldn't really normally respond to this, but I think this quote highlights _why_ our tastes differ.

"Having more features" is not a selling point to me, it's probably the opposite. I want a simple OS with a strong set of core features, with a small selection of apps relevant to me. Smartphones have been reasonably mature products for a lot of years at this point, I know what I want from them.

That's why Samsung is quite unappealing to me despite their best efforts - I have owned and used multiple Samsung devices in the past. They're trying to give you everything and the kitchen sink, wow you with a bunch of features. Don't bother me with that stuff, I just want something more basic - software wise, at least.

We might not have different tastes just different ways of achieving them. My phone is setup to be very minimalist and Samsung has a lot of features to make that possible.

One small example, I've removed all the Android indicator icons on top of the screen that are always on/same for me (alarm, network, volume state, battery, NFC, Bluetooth, etc).

Admittedly I love features but I don't feel like having more features necessarily interferes with minimalism of day to day use. I've used certain features only once or twice but I was glad they were there at time.

I used to believe Samsung's additions were all bloat. After using one, I know prefer the customizations, the additional side gestures, and edge panels. Dex is nice and I have Linux installed so I can use the phone like a computer when I connect it to my usbc huh. It's extended the functionality massively and blown me away. However Google's software is better IMHO regarding updates.

Is it 5 years of Android updates or 5 years of security updates?

For both Google and Samsung, security updates.

Google says "Feature drops for at least three years from when the device first became available on the Google Store in the US." on the shop page footnotes.

Samsung says you get 3 major Android updates on your devices. Therefore, Samsung is a better deal for updates assuming Google doesn't release a new major Android version every year.

Does Samsung still take an eternity to do the actual updates once they're available from Goog?

A couple of months for sure.

Security updates, I am afraid. At least that's what the launch video said.

Security updates (only) is fine. Except a few geeks, nobody I know cares what Android version she has.

Especially since lots of components are updated outside Android updates. The browser and many other things will keep on being updated independently.

Unless it's 5 years of full on-time Android version updates it doesn't count.

"We patched a few zero days" should be the norm, not something you mightily announce as something grand and Brave.

Your text could basically be mine.

I'm utterly tired of Google's attitude and how little they really care about their customers. They have really cool tech and solutions, but their total neglectance of the individual but somewhat high attention of activists have made my view of a #1 company down the slope, I guess I would at one point have to try applying for some position to hopefully change my mind on that point.

I have a love/hate relationship regarding their Android ecosystem and lack of possibilites to keep an updated phone up to date more than 1-2 years.. so after many years listening to the Apple ambassadors among (okay, mostly non-tech) friends and finally went all-in on the Apple way of doing stuff, bought their "Pro"-version of wireless headset, their smart watch series 7 and their "Pro"-version smartphone series 12 (supplied from my work).

I feel totally claustrophobic about the lack of options and what Apple enforces. Chrome, Firefox, Opera, Safari, switching doesn't matter.. everything is Safari/Webkit engine, no firefox extensions.

Control volume of an app/media - no way, everything should have the same volume.. so my phone remains muted 24/7 and I hope important stuff vibrates on the watch (which is of course also muted as I cannot clearly select what notifications should sound or not).

If it weren't for my old android phone no longer receiveing updates I would switch back to my now three year old phone, at least that one let me unlock my screen with my fingers.. The Apple way is more.. if I, in the middle of the night, want to change track on my Bose Sleepbuds - I cannot do it unless I widely open my eyes and stare on the Apple camera so I am wide awake.

But an Android with 5 year lifespan.. then it starts getting interesting again.

... no Google Pixels for Sweden so no, apparently not for me.

> from the only phone vendor outside of Apple who appears to give a damn about that aspect

I hope the hardware is solid too. After having 2 Google phones die just outside of warranty to bootlooping, I'm skeptical they'll be able to make them last.

Which phones did you have trouble with? I am still using my pixel 3. I was going to upgrade just for more storage (the camera updates are nice too).

OG Pixel and Nexus 5X IIRC. I'm on a Pixel 3 currently and it's still pretty stable. Wanted to play more with a PinePhone as my next phone though

Do you think Google doesn't scan photos uploaded to its cloud services for CSAM?

I'm aware of Google's scanning. I'm even inclined to support them doing that.

What I like about the standard Google Photos/Dropbox/OneDrive approach is that it's no secret you upload your photos to their computers, where they process them. They process them for useful features, and they process them to catch child abuse. But I understand clearly I upload it from my device to another device, and that other device can process these photos. I'm not a Google Photos customer mind you (as stated, I prefer other services than Google's), but I understand the premise, value add and what they do with my stuff on their computers. It’s not my device incriminating me, it’s someone else’s device that does that, someone else’s device I chose to send my things to. I understand that relationship.

I will not accept a relationship with a device I own, situated on my desk or in my pocket, where it try to start a process to incriminate me. That's not processing a personal device should be engaging in, even if this starts out gated behind the heavily pushed iCloud Photos (it’s technically opt in), even if the solution is technically sophisticated (it is), and even if there exist definitions of "privacy friendly" where this approach is more privacy friendly (you can argue that all day long). I just don't want a personal device to do this. If Apple wants to draw the line somewhere else than I want to draw it, that means I probably should not support that.

Precisely this.

I don't care what happens in the cloud. What bothers me is the precedent that Apple sets by shipping iOS with `scanPhotoForIllegalContent()` and `reportUserToPolice()` functions. This code is working against the user's interests. As of now, these functions only run on photos that have already been iCloud synced, and they only look for CSAM, but they could easily expand this later on by changing a few lines of code or adding to the hash database.

To be clear, I think CSAM is absolutely disgusting and I want those in possession of it to be prosecuted. But scanning local photos is crossing a line. (I'm sure they catch most pedos through server-side scanning already anyway.) Besides, the only reason Apple gets away with this is because iOS is closed source. If Google tried to pull this shit on a Pixel phone, you could just install a different ROM.

Fairphone 4 has 5 years of updates; and it's much more ethical and better for earth to buy phone made with Fairtrade, than another Pixel. You are guaranteed there were no forced or child labour put into your phone too.

I don't understand replies like this one I keep seeing on HN. I thought the controversy around what apple wanted to do was that it was happening on device and not in the cloud. The user you're replying to made that distinction so what gives?

A big thing too is that Apple sells itself as privacy preserving. Google doesn't. It's one thing if someone says something they aren't and another thing if someone never makes that promise.

Apple's solution was to scan stuff that was going to be uploaded anyway on-device before upload.

Using that they could add multiple redundancies and they wouldn't need to look at your stuff on the cloud at all before getting multiple positive matches. And even then the first level is a human checking if it's an actual match or a false positive.

This was somehow a huge invasion of privacy, when people were competing on who could misunderstand the very simple premise the most.

> Apple's solution was to scan stuff that was going to be uploaded anyway on-device before upload.

Fairly sure that most of the worry around that was because such a system could very easily be changed to do the same to any photo.

And people felt like their phone wasn't theirs and that it could snitch on you. We know that you truly do not own your phone, but most people do not view it that way.

Sure, it is technically better than doing that check on on a server, but the general public do not currently view it that way.

Personally do not like the system as you would be unable to escape it if it started scanning local photos (which I feel is only a matter of time), something you can with google drive and such, by not using them.

It is generally a good practice to steelman the opposing argument.

In this case, the steelman is that Apple has turned a capability barrier (if your scanning is on the cloud, you simply cannot scan local photos) into a policy barrier (now you can scan all photos, there's just a flag in the software which means you don't do so.)

> a policy barrier (now you can scan all photos, there's just a flag in the software which means you don't do so.)

This is not the case. People are guessing about how it works and getting it wrong. The device doesn’t know if there’s a match or not. The logic is not “if there’s a match, tell Apple”, the logic is “attach a safety voucher to every iCloud upload and let Apple figure it out on the server”. You can’t flip a switch and just run it against all photos on the device – the iCloud upload is a part of the design. If Apple wanted to scan all the photos on your device, they would have picked a different design for this. If Apple change their minds and want to do this in the future, they need to redesign how this works, it’s not just a policy decision.

There is still a local CSAM database and still a method somewhere that returns a probability that an image is in the database, isn't there? The safety voucher logic is layered on top.

> There is still a local CSAM database and still a method somewhere that returns a probability that an image is in the database, isn't there?

Yes, but that method is on the server. The client doesn't know which images match, so it can’t scan all photos and decide to upload the ones that match. From Apple:

> On-Device PSI Protocol. Given a user image, the general idea in PSI is to apply the same set of transformations on the image NeuralHash as in the database setup above and do a simple lookup against the blinded known CSAM database. However, the blinding step using the server-side secret is not possible on device because it is unknown to the device. The goal is to run the final step on the server and finish the process on server. This ensures the device doesn’t know the result of the match, but it can encode the result of the on-device match process before uploading to the server.

– CSAM Detection Technical Summary: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...

Don't move the goal posts. On-device scanning has a qualitatively different privacy impact from scanning photos inside cloud storage.

What about on-device scanning just before syncing it up to the server?

Which would justify Apple using on-device scanning more if iCloud is end-to-end encrypted, except that it isn't. Apple has the technical capability to decrypt photos stored on iCloud, so why risk the slippery slope and governments applying pressure to expand local scanning to more than just what is going to be uploaded.

Do you understand how it's different when it's on their servers vs having the functionality to scan for anything they want on your phone?

We don't need to have this discussion again. Please go research the hundreds of thousands of discussions and blog posts about how what apple is proposing to do is entirely different.

> "Do you understand how it's different when it's on their servers vs having the functionality to scan for anything they want on your phone?"

It's this kind of casual fearmongering which stops people from accurately understanding.

What makes you think Apple doesn't already have the functionality to scan for anything they want on your phone, given that they built a phone content scanner a decade ago for the iTunes Match service and a photo tagger and analyser which does run on the phone, and they control everything about the software?

What makes you think Google doesn't have the functionality to scan for anything they want on your phone, or couldn't add it if they wanted to? Have you the source code for the Google Play services? The internal chip firmwares? Have you studied Google's terms and conditions in enough detail to be certain they can't move any such checks client side without telling you? And they also do analyse photos on-device and tag their content for normal use.

Why do you trust that Google isn't doing anything snitchy or on behalf of the authorities, but when Apple announces that they won't and designs a system which makes it hard for them to do that, then you assume they will? Not even quietly cynically suspect that they might, but spreading as a fact that they definitely will.

> We don't need to have this discussion again.

There's no need for this tone. People will disagree, and that's what makes this place great.

This isn't disagreeing. This is not doing basic reading before commenting.

This is not a case of "not doing basic reading". It's not a settled debate. The anti-CSAM scanning side has advanced a lot of spurious arguments and quite a lot of misinformation, some of which was spread by NGOs and orgs like the EFF (!!!) and more.

https://news.ycombinator.com/item?id=28176418

Yes, I understand.

When they scan it on my phone, they don't need to scan it in the cloud. They have one less reason to touch my stuff when it's on their servers. One step closer to full E2EE.

Every major cloud provider is already scanning every photo you put up and in most cases without any human review. Your photo gets flagged and it's good bye account. Next step: HN front page to maybe get a human to look at your case.

The commenter implied that they plan to use a non stock ROM, presumably to get their data and device away from Google cloud services.

"Thanks Google. Think I’ll be buying this."

Well I wont. I will look for an accumulator replacement for my Pixel one.

700 USD every few years? Quite a bit of money.

Screensize? We had a joke in our (European) high school to tease someone: You shoe size develops like 10, 11, 12, coffin for children, coffin for adults, motorboat... Looks like the same thing is happening to cell phone screens.

I've been tempted by iPhone in the past for precisely this reason. But there's so many things it can't do on the software side. For example, with regard to music, FLAC support is poor and there's missing Bluetooth codecs like LDAC. Call screening, anti-spam and file sync are also not good enough for my needs.

>Finally here’s a seemingly good Android phone with 5 years of support - from the only phone vendor outside of Apple who appears to give a damn about that aspect.

I've got updates from both Huawei and Xiaomi many years after the phones stopped being sold. I've heard that OnePlus does the same.

>> Apple’s stated intents to actively incriminate you by scanning your photos on a personal device

You do realize that Google also scans your images for CP, and furthermore that Google's current business model is literally surveillance advertisement, right?

Just FYI, Google has gone on the record to say they don't use Google Photos commercially for any promotional purposes, unless they ask for the user's explicit permission first. The hoopla with Apple doing on-device scanning is that Apple has invested heavily into marketing it's privacy focus claims.

Sounds like they want to run a degoogled ROM on their device, which is paradoxically much easier with the Google Pixel line than other devices out there.

Interesting comment regarding voting with your wallet and choosing Apple for the software. The hardware guys seems really unhappy with Apple's "walled garden".

> that is reasonably open.

I am curious if the courts will agree given the evidence of Google secretly paying carriers not to open their own app stores.

>I want as little to do with Google’s services as possible in my life

If I buy one I will install LineageOS on it as soon as possible.

So positive about something you haven't tried yet. That's like a guerilla marketing piece you wrote there.

One doesn't have to dream. Flashing a rom on google-branded phones is so simple, a non-tech person can follow a 5min youtube video to do it. The Nexus 6 from 2014 can have the latest android running on it - not just security updates. And unlike an iphone, it has a build that disables some eyecandy that keeps it actually usable and fast. As I understand it if you run the last supported ios on an iphone 5s, with all the patches, you can take a nap while waiting for the answer slider to draw when you get a call. IS that the dreaming you're talking about? During the nap?

I'm a tech guy though. had a nexus 6, now got a pixel2. all custom roms, completely degoogled. In addition to phone tasks, I use the phone for solitaire, basic web reading, and email. I charge once per week. Both phones are extremely easy to flash. No hacking or exploits required.

That’s all great - but don’t lure people too much into a false sense of security. While your Nexus 6 may run a shiny new version of Android, underneath it runs a crusty old 2017 kernel full of holes of different sizes. The community is great, but vendor support remains important. LineageOS and other projects can’t fix things in kernels they can’t compile - they can only provide security updates for open source components.

That makes Google’s promise here so key. 5 years of updates is 5 years of kernel level fixes. After that, it’s probably left up to the community.

I really don’t recommend people to go out and buy abandoned Android phones to flash software. LineageOS and other community projects are a blessing in many many ways, but they don’t make your phone completely up to date. And that’s something one should make an informed decision about (buying an iPhone, I decided against that).

> underneath it runs a crusty old 2017 kernel full of holes of different sizes

> LineageOS and other projects can’t fix things in kernels they can’t compile

I think that you're wrong on this, that is unless you decided to use term "kernel" above too liberally, referring to all software running on a device. AFAIK, alternative Android images, such as LineageOS, include relevant - and quite up-to-date! - AOSP common kernels (aka Android common kernels or ACKs; https://source.android.com/devices/architecture/kernel/andro...), which are open source, plus some manufacturer-specific proprietary binary drivers and firmware (though there exist a related, but slowly-moving, project Replicant focused on creating and maintaining a fully open, i.e., kernel + drivers + firmware, Android distribution: https://replicant.us).

No, I’m talking about the Linux kernel. You can check this for yourself. Take a look at the roms distributed on LineageOS as the example project and see if they include kernels that are up to date in any way. For older phones outside of vendor support, those kernels will always be out of date.

Some diligent LineageOS projects are known to incorporate some open source kernel fixes sometimes, or grab newer blobs from other phones from other devices. But there’s only so much to they can do. In general, it’s true to say that older devices with community Android support are not completely up to date - the kernels are old, and vendor drivers are not getting updated. Outside of making big usability concessions in projects like Replicant, the community can’t do much here.

Good points. Though I'm a bit confused by your reply. Are you saying that LineageOS folks do not always or, at least, mostly use the latest AOSP common kernels for their relevant ROMs (as opposed to "some open source kernel fixes")?

I don’t know. I’m saying that custom rom use kernels that make your phone work. In the best case that involves shipping 1) the driver and firmware blobs the vendor provided while supporting the phone and 2) a kernel that is binary compatible with those blobs. Because of how Linux works, in the best case (2) is an old kernel of the same major version as the vendor shipped with the phone, with maybe some security fixes that made it into the mainline kernel or in the Android kernel. But if your stock rom has security bugs in e.g. the wifi driver, graphics driver of baseband firmware, your custom rom has those exact same bugs. Even if the custom rom is years newer than the latest vendor update.

Understood, thank you for clarifying.

Just ran across this relevant nice little article, which I found quite interesting: https://arstechnica.com/gadgets/2021/09/android-to-take-an-u.... I hope that people who interacted with me in this sub-thread (and other folks here) will enjoy reading it as well.

Obviously, not all devices have up-to-date kernels. It depends on whether they are supported by relevant Android distributions. That's why I used the phrase "quite up-to-date" instead of just "up-to-date". Unfortunately for you, LineageOS has stopped supporting i9300 Samsung Galaxy S3 with the latest official release being 14.1, which is based on Nougat (Android 7.1.2).

Having said that, I ran across the following post that describes successful installation of LineageOS 18.1 (Android 11) ROM on Samsung Galaxy S3 i9300: https://devsjournal.com/install-lineage-os-in-galaxy-s3-i930.... This is just FYI. So, if you understand relevant risks and feel adventurous, you can try to install it on your device. Disclaimer: I'm neither affiliated with the author of the post, nor responsible for any damage that might be associated with following the advice contained in the above-linked post.

Thank you for looking up that ROM, as I might want to try it out. However, you are also proving my point, even that ROM with Android 11 is still running the old 3.0.101 Linux kernel. You can see it in the video at the last row:

https://youtu.be/K_i29pczfRA?t=10

So congratulations to the guy who made it possible to run Android 11 with that ancient Linux kernel, even when Android officially doesn't support it. And to illustrate what I mean by ancient: Linux 3.0 was released in 2011 and got support updates until 2013 [1]. So even when CyanogenMod/LineageOS supported the Samsung Galaxy S3 the included Linux kernels were old as crap. You can't blame them for it, as they had little choice given that a few crucial drivers are not open source and included in the upstream Linux kernel.

I just wonder if anything has changed for modern devices?

[1]: https://en.wikipedia.org/wiki/Linux_kernel_version_history

You're welcome and good luck!