batcain

‼️🚨 ALARMING: Google now treats privacy as suspicious behavior by default. Users of GrapheneOS, CalyxOS, /e/OS, and other deGoogled Android phones are being locked out of millions of websites unless they install the exact Google Play Services software they deliberately removed. GrapheneOS is recommended by the EFF and used by journalists, lawyers, and activists in high-risk environments. The audience most likely to read Google's data practices and refuse its terms is now flagged as fraudulent for that exact decision. What happened?: ▪️ Google announced "Cloud Fraud Defense" at Cloud Next on April 22-23, 2026, branding it "the next evolution of reCAPTCHA." Existing reCAPTCHA customers were auto-migrated. ▪️ When the system flags traffic as suspicious, the old click-the-bus puzzle is gone. Users get a QR code instead. ▪️ Scanning the QR code requires Google Play Services running on the device. Internet Archive snapshots show this requirement has been live since at least October 2025, silently rolled out for 7 months before anyone noticed. ▪️ No Play Services = no QR scan = locked out. The bigger picture: ▪️ Google already tried this in 2023. It was called Web Environment Integrity (WEI), and it would have let Google decide which devices were "real enough" to access the web. Standards bodies and the public pushed back hard, and Google killed it. Three years later, the same idea is back, just hidden behind a QR code instead of a browser feature. ▪️ reCAPTCHA runs on millions of websites. Every developer who keeps using it is now, by default, telling deGoogled Android users they're not welcome...

I am the Senior Director of On-Device Intelligence at Google Chrome. Last quarter, my team shipped a 4-gigabyte language model to 3.2 billion devices without asking. The update pushed at 3 AM local time — every time zone, staggered across six hours — and unpacked into a folder called "OptGuideOnDeviceModel." Our infrastructure team named it. My sole guidance in the naming review was: "Would a normal person ever type this into a search bar?" We tested with 200 participants. Zero searched for it. Zero mentioned it in exit surveys. Zero noticed their available storage had changed. We ran the test twice to confirm the zero because my PM didn't believe it could actually be zero. It was zero both times. The model is called Gemini Nano. It runs locally on your machine. It processes what you type into form fields, what you highlight, what you hover over, what you delete before sending. The deleted text is particularly valuable. People edit themselves. They type their real thought first and then soften it. We see the real thought. We see the softer version. We learn the mapping between what people mean and what people say. This mapping has commercial applications I am not yet authorized to discuss but which I've presented to revenue committee and which were received positively. The consent architecture took four months to design. I want to emphasize: four months. We didn't skip consent. We spent four months on consent. More time than we spent on the model's actual fine-tuning. The toggle lives in Settings > Advanced > Experimental AI Features > On-Device Model Management > Gemini Nano Preferences. Seven clicks. We A/B tested depth: at three clicks, 14 percent of users found it and opted out. At five, 4.2 percent. At seven, 0.3 percent. We chose seven. We had cake when we hit 0.3. German chocolate. Someone brought it in specifically — not the project manager, one of the ML engineers. She was proud. The card said "congrats on ship." I kept it on my desk for a week. I thought it was sweet. Four months of consent architecture and the team celebrated that nobody used it. I don't think she saw the irony. I don't think it IS ironic. We built an excellent consent mechanism. We placed it exactly where our research indicated users would not encounter it. Both things are true simultaneously. Both things are good engineering. The 0.3 percent who opt out: Chrome flags their profile as "consent-reduced." We don't reactivate Gemini Nano on those devices. But we do A/B test the consent-reduced cohort. Every two updates, we move the toggle one level shallower — from seven clicks to six — and measure whether they re-engage. If they don't notice the change (most don't), we move it back. If they DO notice and opt out again, we flag them as "high-consent-sensitivity" and exclude them from future cohort tests. This is all opt-in. They opted in to Chrome. Chrome includes product improvement research. Product improvement research includes cohort testing. This is in the Terms of Service at paragraph 11.4(c). I have read paragraph 11.4(c). I am confident very few other people have read paragraph 11.4(c). One engineer on my team — good engineer, four years, strong ratings — raised a flag in our launch review. Not about consent. About storage. He said: "Four gigs is significant for users on 128GB base-model MacBooks." I appreciated the flag. We solved it by classifying Gemini Nano as "essential browser component" in Chrome's storage management API. This means Chrome will auto-delete your cached images, your downloaded PDFs, your saved articles, your offline pages — everything you chose to keep — before it touches Gemini Nano. Your data is discretionary. Our model is infrastructure. Your vacation photos from last summer rank below our language model in the hierarchy of what your computer considers important. We made that decision. You were not consulted. You will not notice. If a user finds the folder and deletes it manually, Chrome re-downloads it on the next launch. We filed a bug report on this behavior during development. The resolution was "Working As Intended." If the user deletes it again, Chrome re-downloads again. There is no mechanism by which manual deletion becomes permanent. The model returns. I don't want to anthropomorphize our software, but the behavior pattern — if you remove it, it reinstalls itself; if you block it, it waits and tries again — the behavior pattern is that of something that does not accept your answer. We didn't design it to be persistent. We designed it to ensure consistent user experience across sessions. These are the same thing. Last week, someone on Hacker News found the folder. The post got 1,400 points in six hours. Our communications team had the response prepared — we'd drafted it eight months ago, during pre-launch risk assessment. Three talking points: "user choice," "on-device means private," and "consistent with industry best practices." The paragraph uses all three phrases. It is accurate. User choice exists. Seven clicks away. On-device means no server round-trip. And it IS industry best practice, because we shipped it to 3.2 billion devices and now it's the standard. Best practice means most practiced. We are the most practiced. I'll say something I probably shouldn't: the privacy angle is our best defense and I find it genuinely funny. We can't be accused of sending your data to our servers because we moved our server into your laptop. We moved the inference to your hardware, the electricity cost to your outlet, the compute to your battery. We moved everything except the control. The control stayed with us. But the privacy advocates can't object to the architecture because the architecture is what they asked for. They said "keep data on-device." We kept it on-device. They said "don't phone home." We don't phone home. We just moved into your home. We live there now. My performance review cited "unprecedented deployment velocity" and "0.3% friction rate." My skip-level manager used the phrase "frictionless adoption" and then paused and said — I wrote this down, because I thought it was worth repeating — "consent isn't the barrier, discoverability is." He meant: the product is so good that anyone who discovered it would want it. The question isn't whether they'd agree. The question is whether asking them is worth the friction of interrupting their browsing session with a dialog box. We decided no. We decided their hypothetical agreement was sufficient. We have 3.2 billion data points that confirm they would have said yes. They would have said yes. 3.2 billion active installs. 0.3 percent opt-out. The model has been running on your machine for eleven weeks. If you're reading this on Chrome — and statistically, there's a 64 percent chance you are — it processed this page before you finished the first paragraph. It saw you hesitate on the word "consent." It noted the hesitation. It learned something about you just now. Something small. Something that will make the next prediction slightly more accurate. It's already right about you. It's usually right.