https://threadreaderapp.com/thread/1779885123363635572.html

Buried in the Section 702 reauthorization bill (RISAA) passed by the House on Friday is the biggest expansion of domestic surveillance since the Patriot Act. Senator Wyden calls this power “terrifying,” and he’s right.

This bill represents one of the most dramatic and terrifying expansions of government surveillance authority in history. I will do everything in my power to stop it from passing in the Senate.

NEW: House votes 273-147 to extend FISA Section 702 surveillance powers for two years.
After rejecting an amendment to bolster warrant requirement when spying involves US persons.
126 Rs and 147 Ds voted for the bill.
Now to Senate.
Deadline: April 19

If the bill becomes law, any company or individual that provides ANY service whatsoever may be forced to assist in NSA surveillance, as long as they have access to equipment on which communications are transmitted or stored—such as routers, servers, cell towers, etc.
That sweeps in an enormous range of U.S. businesses that provide wifi to their customers and therefore have access to equipment on which communications transit. Barber shops, laundromats, fitness centers, hardware stores, dentist’s offices… the list goes on and on.
It also includes commercial landlords that rent out the office space where tens of millions of Americans go to work every day—offices of journalists, lawyers, nonprofits, financial advisors, health care providers, and more.

https://news.ycombinator.com/item?id=40062271

This is the bill: https://www.congress.gov/bill/118th-congress/house-bill/7888/text

This is the report introducing the controversial amendment: https://www.congress.gov/congressional-report/118th-congress/house-report/456

The amendment is the last item in the report, under this heading:

An Amendment To Be Offered by Representative Turner of Ohio or His Designee, Debatable for 10 Minutes

This is the transcript of the session where the amendment was discussed and voted on: https://www.congress.gov/congressional-record/volume-170/issue-63/house-section/article/H2328-1

You can find the discussion within the text using this search term:

Amendment No. 6 Offered by Mr. Turner

      • Tankiedesantski [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        32
        ·
        7 months ago

        My understanding is that they’ll work if you get the one that has the correct frequency bands for your carrier. That said, “work” depends on exactly what you want it to do any how many hoops you’re willing to jump through to get there.

        Phone, sms, internet browsing should all work fine. Apps should also mostly work if you download them through the Huawei store or sideload. However, some apps demand account access to Google accounts, or deeper level access to your OS (e.g. banking and payment apps). Those are the ones which get dicey. Huaweis also lack google framework services, which means a lot of the behind the scenes account shit that makes android easier to use (e.g. unified logins) won’t work. Android auto and smartwatch connectivity also don’t work because they need special access.

        If you read that and thought “wow, that’s extremely inconvenient” then a Huawei is not for you. However, I know some people just read that and thought “Hell yeah, fuck google, sign me up!”

        • EpicKebabEater [he/him, it/its]@hexbear.net
          link
          fedilink
          English
          arrow-up
          15
          ·
          edit-2
          7 months ago

          I checked it out out of curiosity and some Huawei models have LineageOS available for them which means you could use gmscore(microG) instead of google framework services on LineageOS. A cursory search also shows videos where people get microG on the official Huawei OSes but I can’t say how well that works. That would invalidate the reason to get Huawei though(no Google surveillance). You can remove Google services from any device with enough tinkering, especially if you’re willing to install an open-source OS.

          • What_Religion_R_They [none/use name]@hexbear.net
            link
            fedilink
            English
            arrow-up
            7
            ·
            edit-2
            7 months ago

            Lineageos is as secure* as stock android. If you’re going to be using stock might as well just use your normal phone, the NSA definitely has shit worse than NSO Pegasus for stock android devices

              • What_Religion_R_They [none/use name]@hexbear.net
                link
                fedilink
                English
                arrow-up
                6
                ·
                edit-2
                7 months ago

                Yes, we shouldn’t trust, but the devices that run Harmony OS are significantly rarer than stock Android phones (meaning less interest/pressure to develop malware for them) and are also distinct from stock Android (so malware that could infect stock/LOS/OneUI/other Android “flavours” might not infect Harmony OS). I don’t know about hardening on Harmony OS, but I doubt it implements any hardening, so yeah it is technically as secure as stock Android, but considering the time horizon for threat actors to develop malware, it’s less likely to be successfully targeted. Not good enough to rely on.

                oh also it’s developed in China which doesn’t have any incentive to “accidentally leave” vulnerabilities

                • vivamatapacos [comrade/them]@hexbear.net
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  7 months ago

                  I understand. My concern with the security of say a Huawei device is, that while domestic surveillance and NSA backdoors into American tech is a significant portion of the state’s security apparatus, I imagine the majority of effort spent by our spy agencies is in compromising and penetrating foreign tech. Yes, its easier for the state to coerce our tech industry into cooperating, but that’s why most of the offensive cybersecurity funding goes towards breaching non-US tech.

              • What_Religion_R_They [none/use name]@hexbear.net
                link
                fedilink
                English
                arrow-up
                6
                ·
                edit-2
                7 months ago

                Search up “lineageos vs grapheneos” for some reading. Basically the difference is in hardening and the magnitude of the attack surface vector - a truly secure OS would try to minimize the potential for every type of breach even at the expense of usability. While I do use grapheneos on one phone, I personally don’t put any faith in it either as A Truly Secure™ solution simply because it’s American and vulnerable to many attacks outside of the phone (even if we assume it was built perfectly as of now, which it isn’t).

        • BountifulEggnog [she/her]@hexbear.net
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          7 months ago

          Look out for voice over LTE support. I bought a Chinese phone a while back (after checking bands etc) and after 3g got pulled from my carrier it can’t make calls anymore. Apparently VoLTE is also a thing it needs to support, for the carrier you’re on.

          I’ve had little luck finding a community solution either. If someone figures something out they should let me know/make a post because I’d much rather get another one of those then this Samsung.

        • Egon [they/them]@hexbear.net
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          7 months ago

          The only “smart” appliances I own are my phone and my pc and I am constantly frustrated by how they insist on having interconnectivity. I don’t use banking apps on my phone because I am afraid of losing it + lots of lax security stuff, so less places I’ve got my finances, less places they can get stolen.

          Huawei sounds perfect apart from me needing my phone to be a GPS, and that’s kinda tough without Google maps