We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it.
-
@zaire@fedi.absturztau.be @eskuero@mstdn.io
@GrapheneOS@grapheneos.social it's literally that "OpenTorment" meme
-
@GrapheneOS what the fuck. that is absolutely horrifying
remote attestation is a technology that has no good uses. it's just drm
everyone should have the freedom to run whatever they want on their own devices. this freedom should never be taken away and it should be enshrined in law that it can never be taken away
someone else should not be able to decide whether my device is "secure" enough for their purposes. this is reverse security. the os needs to boot securely and the attestation chain should go upwards, with each stage verifying the ones on top of it. not this opposite world bullshit@lumi @GrapheneOS IMO remote attestation really only has a place in organizations that provide managed devices to members, for verifying the integrity of the device as whatever threat model the organization has requires.
For personal devices it enables a lot of anti consumer uses. -
@lumi @GrapheneOS IMO remote attestation really only has a place in organizations that provide managed devices to members, for verifying the integrity of the device as whatever threat model the organization has requires.
For personal devices it enables a lot of anti consumer uses.@lunareclipse @GrapheneOS in my views it's a pandora's box that should never be opened, the gigantic downsides outweigh the marginal upsides by quite a lot
-
@GrapheneOS and what exactly is your conflict with volla. I get the iodé and Murena part, but what's wrong with Volla?
Sorry a bit unrelated, @ftm but I *don't* get the iodé part?
Locked bootloaders, v7.3 just released is A16 QPR2. Yes it is LineageOS based, but with tracking etc. blocked. Personally I would rather run open-source microG than *full fat proprietary Google Play Services* even if they are unprivileged or sandboxed, etc.
iodé and /e/ are both LineageOS based and use microG but otherwise aren't related. Too bad they always get lumped together.
-
@GrapheneOS @adfichter
> "No, your understanding is not correct."
Did you even read my post?
> "Apps shouldn't be enforcing using only specific operating systems. They're welcome to warn people about having an insecure OS but shouldn't be ban users from using what they want to use."
Yes, they shouldn't. But what if they do nevertheless? That was my question. What is your suggestion if this scenario occurs? -
@GrapheneOS @adfichter
Once again: I am aware that you have good reasons for not liking /e/OS etc.
And I am NOT defending /e/OS etc. here.
My question was what technical (not political) arguments there are against Unified Attestation, so that it could be used if necessary, if at some point there are perhaps no better alternatives. And whether I could then also use it on GrapheneOS, so that I don't have to switch to stock Android. -
We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
@GrapheneOS@grapheneos.social
The reasoning of this project sounds like "We built a FOSS Torment Nexus alternative because the current Torment Nexus is controlled by one company". -
@GrapheneOS
Okay, you obviously don't want to answer my question objectively. That's unfortunate, because it makes you seem untrustworthy.
Or are you just a chatbot anyway? -
@GrapheneOS @MrGR oh damn, sorry i didn't know that, sounds like louis is kinda gaslighting people. Thanks for your clarification, i'll have a look on those kiwifarms posts and investigate more. Hearing that it harmed your project is very sad and i hope for you and your team that it'll get better soon. All that stuff from others also sounds like someone doesn't like that you are enabling phones to be nearly unhackable and as safe and privacy friendly as possible.
Keep up the great work! -
@GrapheneOS
No, you haven't. You obviously haven't even read my question.
Once again: yes, they should. But what is to be done if the don't? That was my question.
As someone who has been using GrapheneOS for many years and supports the project with a monthly donation, I would have expected a factual question to be answered factually. Instead, you repeat political demands that I share, but which do not answer my question. This is unfortunate and makes you appear untrustworthy. -
Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.
@GrapheneOS are you talking with policymakers about this?
-
@GrapheneOS
It's very unfortunate that I'm obviously only reaching an arrogant chat bot here. I had hoped to get in touch with the creators of GrapheneOS. -
@GrapheneOS @MrGR As the open source community we should stand together and make this world a better place with that what we can do and not spread hate on such forums like they do. But some people need to dump their frustrations on people which did some small thing wrong like being angry on the people who tried to steal their project and tried to sue them.
What counts for me is what you gave the world and that is the only truly safe mobile operating system, not what some dev said in anger. -
We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
@GrapheneOS
Is this (unified attestation) an analog of whatever it is that google does in apps that ends up with things like banking apps needing google services? Or am I thinking of something completely different? -
Is it me or grapheneos is only supporters on google pixel models ?
If yes why should we give money to google ?@Paul_stilgar @GrapheneOS @dristor If you want any phone, go buy any phone. You can't put any mobile OS on any smart phone.
Why does the semiconductor industry rely on ASML? Because they have the best most suitable lithography.
Mobile security relies on the latest hardware security, firmware security, update support. Many manufacturers have mediocre standards in keeping up. Pixels unfortunately have been the only phones that meet GOS requirements. Motorola is working to on some future devices.
-
@GrapheneOS
It's very unfortunate that I'm obviously only reaching an arrogant chat bot here. I had hoped to get in touch with the creators of GrapheneOS.@isf @GrapheneOS You are talking to the creators of GrapheneOS. They do not put a chatbot behind the official account.
-
@GrapheneOS sounds like they are just trying to ride the wave of Europe trying to break free of their reliance on american digital companies, which I completely agree, to grab power for themselves, which is still shitty and nothing to celebrate.
Thankfully my bank's app still works fine with gos and they also allow full web access anyway
@eskuero @GrapheneOS would I be wrong to say that this alternative attestation would still preferable to Play Store Integrity? Perhaps there is some background to the people behind it that I am missing.
-
@GrapheneOS @eskuero oh, well of course! Has UAT indicated that they would, or is the concern more an expectation that they would follow in Google's footsteps and reject "unofficial" Android versions?
-
@GrapheneOS aber dann würde es ja ausreichen, wenn ihr diese Falschinformationen über euer eigenes Betriebssystem berichtigt. Statt dessen kritisiert ihr hier pausenlos andere Betriebssysteme. Ich halte eure Öffentlichkeitsarbeit für fatal, so sehr ich GraphenOS schätze und bereits seit Jahren nutze.
-
@GrapheneOS aber dann würde es ja ausreichen, wenn ihr diese Falschinformationen über euer eigenes Betriebssystem berichtigt. Statt dessen kritisiert ihr hier pausenlos andere Betriebssysteme. Ich halte eure Öffentlichkeitsarbeit für fatal, so sehr ich GraphenOS schätze und bereits seit Jahren nutze.
@GrapheneOS Ich verstehe euren Krieg gegen andere Custom-ROMs nicht. Eure eigentlichen Gegner sind doch die proprietären Betriebssysteme von Apple und Google, nicht andere Betriebssysteme, die von einer ganz kleinen Minderheit genutzt werden.
torment nexus
european torment nexus
