We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it.
-
@Pingitux Their products aren't at all what they claim but rather have poor privacy and atrocious security. They feel very threatened by GrapheneOS. Murena and iodé have engaged in many years of attacks on GrapheneOS including personal attacks on our team. They've engaged in absolutely vile fabrications and bullying aimed at directing harassment towards our team. Their communities have relentlessly targeted our team with harassment. You're pushing a false narrative about what's happening.
@Pingitux Here's the founder and CEO of /e/ and Murena linking to harassment content from a neo-nazi conspiracy site targeting our founder with fabrications:
https://archive.is/SWXPJ
https://archive.is/n4yTOTheir founder and CEO has regularly engaged in vile personal attacks on our including spreading harassment content directly from Kiwi Farms.
Debunking lies about GrapheneOS and our team along with providing accurate information countering their false marketing isn't what you claim it is.
-
@GrapheneOS The same stuff that you need attestation in a phone for usually can be done using just a computer with a web browser. No attestation needed.
The only thing that I can think of that requires this attention and integrity stuff is anything shady that you want nobody to look at.
And device ecosystem extortion, of course.
@Bebef You can do those things on a phone using a web browser too. On the other hand, a lot of functionality is exclusive to mobile apps from banks and governments which are increasingly locking out users from using anything but operating systems approved based on the business models of companies involved in mobile phones. Whether someone can use a device to run a banking app shouldn't be determined based on a decision from either Google or Volla/Murena/iodé. These companies have no place in it.
-
@Pingitux Their products aren't at all what they claim but rather have poor privacy and atrocious security. They feel very threatened by GrapheneOS. Murena and iodé have engaged in many years of attacks on GrapheneOS including personal attacks on our team. They've engaged in absolutely vile fabrications and bullying aimed at directing harassment towards our team. Their communities have relentlessly targeted our team with harassment. You're pushing a false narrative about what's happening.
@GrapheneOS Yes, it may be that their products lag behind in terms of security, data protection, and patch levels.... A few independent bloggers/journalists should critically test their software and deliver an honest article.... Okay, and because they are personally attacking the founder of GrapheneOS, we have to stoop to their level, right?
-
We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
@GrapheneOS @adfichter
I know what you think of Murena and /e/OS. I know that you prefer hardware attestation for good reasons and reject Google's policy regarding the Play Integrity API. And I know that most banking apps work on GrapheneOS - I myself have been using GrapheneOS with a banking app for many years. But I wonder what to do if more and more app manufacturers get serious and make their apps installable exclusively via Play Integrity API. 1/3 -
@GrapheneOS @adfichter
I know what you think of Murena and /e/OS. I know that you prefer hardware attestation for good reasons and reject Google's policy regarding the Play Integrity API. And I know that most banking apps work on GrapheneOS - I myself have been using GrapheneOS with a banking app for many years. But I wonder what to do if more and more app manufacturers get serious and make their apps installable exclusively via Play Integrity API. 1/3@GrapheneOS @adfichter
Wouldn't it then make sense or be helpful to have something like Unified Attestation as an alternative, even if there are many things to criticize about it? If the only option for me at some point were to have to use stock Android, then I (and many others too) would have a real problem. And it could be that Unified Attestation is then the only usable alternative, even if it's not perfect. 2/3 -
@GrapheneOS @adfichter
Wouldn't it then make sense or be helpful to have something like Unified Attestation as an alternative, even if there are many things to criticize about it? If the only option for me at some point were to have to use stock Android, then I (and many others too) would have a real problem. And it could be that Unified Attestation is then the only usable alternative, even if it's not perfect. 2/3@GrapheneOS @adfichter
Thats why i was asking and I'm specifically interested in what, from your point of view, speaks against the Unified Attestation approach from a technical (not political) perspective. And whether Unified Attestation could also be used with GrapheneOS.
I also think it would be desirable for the EU to intervene with regulations. But it won't do that; the EU won't do anything against Google's will, and it won't mess with the MAGA regime. We shouldn't wait for that to happen. 3 -
@Pingitux Here's the founder and CEO of /e/ and Murena linking to harassment content from a neo-nazi conspiracy site targeting our founder with fabrications:
https://archive.is/SWXPJ
https://archive.is/n4yTOTheir founder and CEO has regularly engaged in vile personal attacks on our including spreading harassment content directly from Kiwi Farms.
Debunking lies about GrapheneOS and our team along with providing accurate information countering their false marketing isn't what you claim it is.
@GrapheneOS Okay, they attacked you, told lies, whatever... Honestly, show some class and don't give a damn about their opinion. After all, you have a community behind you that stands by you... You know, let me put it this way: I tell the world that if it annoys me, I don't give a fuck.. You should try that too when someone gets on your nerves. It works wonders
-
@GrapheneOS Okay, they attacked you, told lies, whatever... Honestly, show some class and don't give a damn about their opinion. After all, you have a community behind you that stands by you... You know, let me put it this way: I tell the world that if it annoys me, I don't give a fuck.. You should try that too when someone gets on your nerves. It works wonders
@Pingitux Our community should help us much more than they do with the attacks being perpetrated against GrapheneOS and our team. If that was happening then it wouldn't be causing nearly as much harm and we wouldn't talk about it as much as we wouldn't feel nearly as much pressing need to provide an alternative to their inaccurate and misleading claims.
-
@Pingitux Our community should help us much more than they do with the attacks being perpetrated against GrapheneOS and our team. If that was happening then it wouldn't be causing nearly as much harm and we wouldn't talk about it as much as we wouldn't feel nearly as much pressing need to provide an alternative to their inaccurate and misleading claims.
@GrapheneOS Have you brought it up in the community? That it's getting on your nerves and that you would like more support from the users?
-
@zaire@fedi.absturztau.be @eskuero@mstdn.io
@GrapheneOS@grapheneos.social it's literally that "OpenTorment" meme
-
@GrapheneOS what the fuck. that is absolutely horrifying
remote attestation is a technology that has no good uses. it's just drm
everyone should have the freedom to run whatever they want on their own devices. this freedom should never be taken away and it should be enshrined in law that it can never be taken away
someone else should not be able to decide whether my device is "secure" enough for their purposes. this is reverse security. the os needs to boot securely and the attestation chain should go upwards, with each stage verifying the ones on top of it. not this opposite world bullshit@lumi @GrapheneOS IMO remote attestation really only has a place in organizations that provide managed devices to members, for verifying the integrity of the device as whatever threat model the organization has requires.
For personal devices it enables a lot of anti consumer uses. -
@lumi @GrapheneOS IMO remote attestation really only has a place in organizations that provide managed devices to members, for verifying the integrity of the device as whatever threat model the organization has requires.
For personal devices it enables a lot of anti consumer uses.@lunareclipse @GrapheneOS in my views it's a pandora's box that should never be opened, the gigantic downsides outweigh the marginal upsides by quite a lot
-
@GrapheneOS and what exactly is your conflict with volla. I get the iodé and Murena part, but what's wrong with Volla?
Sorry a bit unrelated, @ftm but I *don't* get the iodé part?
Locked bootloaders, v7.3 just released is A16 QPR2. Yes it is LineageOS based, but with tracking etc. blocked. Personally I would rather run open-source microG than *full fat proprietary Google Play Services* even if they are unprivileged or sandboxed, etc.
iodé and /e/ are both LineageOS based and use microG but otherwise aren't related. Too bad they always get lumped together.
-
@GrapheneOS @adfichter
> "No, your understanding is not correct."
Did you even read my post?
> "Apps shouldn't be enforcing using only specific operating systems. They're welcome to warn people about having an insecure OS but shouldn't be ban users from using what they want to use."
Yes, they shouldn't. But what if they do nevertheless? That was my question. What is your suggestion if this scenario occurs? -
@GrapheneOS @adfichter
Once again: I am aware that you have good reasons for not liking /e/OS etc.
And I am NOT defending /e/OS etc. here.
My question was what technical (not political) arguments there are against Unified Attestation, so that it could be used if necessary, if at some point there are perhaps no better alternatives. And whether I could then also use it on GrapheneOS, so that I don't have to switch to stock Android. -
We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
@GrapheneOS@grapheneos.social
The reasoning of this project sounds like "We built a FOSS Torment Nexus alternative because the current Torment Nexus is controlled by one company". -
@GrapheneOS
Okay, you obviously don't want to answer my question objectively. That's unfortunate, because it makes you seem untrustworthy.
Or are you just a chatbot anyway? -
@GrapheneOS @MrGR oh damn, sorry i didn't know that, sounds like louis is kinda gaslighting people. Thanks for your clarification, i'll have a look on those kiwifarms posts and investigate more. Hearing that it harmed your project is very sad and i hope for you and your team that it'll get better soon. All that stuff from others also sounds like someone doesn't like that you are enabling phones to be nearly unhackable and as safe and privacy friendly as possible.
Keep up the great work! -
@GrapheneOS
No, you haven't. You obviously haven't even read my question.
Once again: yes, they should. But what is to be done if the don't? That was my question.
As someone who has been using GrapheneOS for many years and supports the project with a monthly donation, I would have expected a factual question to be answered factually. Instead, you repeat political demands that I share, but which do not answer my question. This is unfortunate and makes you appear untrustworthy. -
Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.
@GrapheneOS are you talking with policymakers about this?
torment nexus
european torment nexus
