If we gatekeep service access to specific implementation attestations, it becomes much harder for new implementations to emerge. It doesn't really matter who controls the process.
In that sense, it's always bad. In this specific scenario for example it directly blocks emergence of alternative Android ROMs and Android-mostly-compatible devices like the various Linux phones.
There may be times where that downside is worthwhile, but it's always a downside, and we should very strongly discourage attestation wherever possible on that basis for the health of both the tech ecosystem and the business market around it.
I think the challenges here exist but the reality is overblown to be honest, the vast majority of banking apps (everything that isn't struck through in that list) work just fine.
Fully agree the concern is discouraging adoption though. I would love to see more of a solution here, it seems like purely anti-competitive behaviour by Android that will block competitors emerging.
I mean sure, I'm not intending this to be quoted in a court, honestly I would say all my online comments are irrelevant phrases!
That said - it is their business, they're broadly well reviewed, and they're clearly incentivised to give scrubbing your data out a good go.
More generally, if you're in a jurisdiction with GDPR-like rules (which is a lot of the world nowadays) the brokers themselves have formal policies & tools for removing your data and chasing people manually myself occasionally I've found it quite effective.
You're certainly not going to get anything removed from any three-letter agencies or purely malicious people. Most of the discussion here though is around data brokers, who are generally large serious businesses who will at least follow the letter of the law. You've got pretty good odds of getting your data removed from any non-trivial businesses, if you follow their carefully hidden data collection policy links and then quote your local legislation and their privacy team in a polite but firm (and repetitive) way.
It's a paid service, they track data brokers datasets (I assume they just act as a buyer for as many as they can) and then manually request your removal from all of them, and then aggressively follow up and chase it for you. Interesting business model, even if it's annoying that the world means you need it.
Some scepticism here I see, but personally I think this is spot-on. I've been keen on a dumber phone for a while, but losing whatsapp & maps makes it a non-starter for any real use. This is an excellent middle ground. The aesthetic is cool, and building this on Sailfish but with Android compatibility is awesome. Big fan of the concept.
> Today, in 2026, as a Spanish resident, I still can't access https://www.womenonweb.org/. Why? Who knows anymore. Fucking money + religion owns our digital spaces now, been for a long time, no one seemingly noticed.
I didn't know about this, so I looked it up: it's because they sell prescription-only abortion medication and ship directly to consumers, where it's legally only available via prescription and medical oversight. Fundamentally they're blocked for ignoring medical regulations. There were some appeals, but the argument is that access to abortion medication is already a well-protected right, so that this is dangerous and unnecessary, and it's not possible to block that while unblocking the rest of their educational resources.
> Let's not pretend that Spain of all places is caring about horribly destructive psuedo-gambling.
Is this intended to imply that Spain has particularly high levels of sports betting, or issues with gambling? All the stats I can see suggest the opposite, and there's already plenty of tight restrictions on local gambling businesses (sports sponsorship ban, welcome bonus ban, almost no public advertising, etc). At a quick google, it looks like the 'Spanish gambling racket' for sports is tiny, gambling problem stats far lower than UK/France/Italy, and most gambling that does happen is the lotteries etc instead, which has its sins, but is a very different beast.
It's lower than it sounds: this time includes even relatively gentle exercise (a brisk walk) and although it's not explicit here most other uses of similar metrics I've seen generally count hard cardio minutes as 2x, e.g. the NHS guidelines (https://www.nhs.uk/live-well/exercise/physical-activity-guid...) this references are 150 mins moderate exercise or 75 mins vigorous.
> Given EuroPA has done a token amount of transactions to date, I’m not sure anyone should hold their breaths.
The Spanish equivalent (Bizum) is merging into Wero is not a token use case, it's absolutely massive here. The absolute standard for peer-to-peer payments, more than 30 million users (>65% of the population), and they already launched contactless terminals for in-person commercial payments this month (https://euroweeklynews.com/2026/04/03/bizum-goes-contactless...).
Wero does have recurring payments planned too (apparently for end of 2026), seems like they're well aware of PIX and racing hard to get into exactly the same space.
This is begging for anti-competitive investigations, surely? It's explicit collusion between the largest mobile makers and key app-based services (e.g. gov services, communication tools, banking) to directly block any competing OS.
They're publicly agreeing that only users using their approved mobile devices are allowed to do banking, and competitors cannot. I'm not sure how much more clearly anti-competitive this could be.
Because (like every IoT product) Bambu want to sell a product with an easy app-powered workflow, and LAN device discovery and remote-access for home devices from mobile apps is flaky and terrible.
I wouldn't be surprised if they're slurping telemetry en route, and it's convenient for them that using their app helps nudge you towards Makerworld (their ecosystem for 3d prints, which is presumably good marketing) but I very strongly suspect "make it effortless for non-technical users to use the device with just a phone" was the original & primary driver.
As far as I can tell, they're just objecting to use of their cloud service. You can fork their software and use it with your own printer just fine, they just don't want you to use it with their cloud service, which its own terms of service for access.
I think it's an odd hill for them to die on, but it's not a totally unreasonable position - the cloud is other people's computers, other people can have rules about what you can do with their computers. Just because a client is open-source, doesn't mean you're allowed to use the server.
If you're using developer mode running everything locally (or remotely over your own VPN, like the author here) then I think this makes zero difference.
In theory, every EU state will have to support this soon so users can use it to verify age privately online. Still work to do to roll this out for real, but the technological part is very much already happening and I think the rollout plan is committed.
Clearly! I see how this is a bit unusual for GDPR etc in a services digital world, but for physical products it's extremely standard everywhere that local laws apply to foreign companies.
If you sell medical devices (apparently even down to toothbrushes) in the USA, you have to follow FDA rules. If you sell children's toys in the EU, you've had to follow EU consumer regulations (e.g. CE mark) at least since the 90s. Going back to the 70s, if you sold a physical product in the US as a foreign company you had to follow local rules about maximum delivery times and minimum warranties. If you don't follow the rules, your shipments get blocked at customs, and any marketplaces (Amazon) selling your products get fines as well for not verifying you appropriately, so marketplaces will verify and ban your business too if you blatantly violate local rules (e.g. selling devices containing radios without FCC approval). If you're selling laptops at any scale, you need to follow the local rules for every country you ship to.
There'll certainly be cases everywhere where enforcement isn't perfect (if you contact a tiny vendor in China and they ship to you directly and you sign for & pay the customs yourself, in practice you'll get away with it, or you can always travel to a country to buy a product and carry it back personally) but in the general case local regs on physical product sales are not unusual or optional at all.
Most of the facts exposed are likely inferable anyway, or certainly were in a non-GDPR tracking world. I think it'd be clear from my browsing patterns that I'm over 18, and broad tracking + IP checks could quite easily infer where I actually live at least to a national level, I'd be confident that e.g. Meta already know this without being told. Given that, I'm not too worried about exposing residency + over-18 status, the fingerprinting bits are redundant.
Whether it's actually anonymous in practice, and/or whether it starts to go further than that (websites asking for verified gender? First name? City? Full DOB?) will be a real concern but I think there'd be plenty of push back and tech will end up setting norms here through the browser APIs & permissions prompts. In theory in this is all covered under GDPR anyway so requesting or storing information that's not necessary is illegal anyway, and at least explicit requests are less secret than invisible tracking of the same thing - much easier to reject individually, and to litigate abuse collectively.
The upcoming EU digital wallets in theory could do this kind of thing. They're focused on anonymity preserving age verification right now, but exposing any other government-verified attribute anonymously should be equally possible, including residency and/or citizenship if that's your bag.
More about me: tim.fyi