We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it.
-
@Pingitux mir geht es genauso. @GrapheneOS @bastian
@MrGR @GrapheneOS @bastian Ich weiß nicht was bei den Machern von GrapheneOS los ist, es ist nur zumKopf schütteln..... Die haben ein gutes Produkt, aber wie die sich gerade im Netz präsentieren sit kontraproduktiv .....
-
@GrapheneOS für euch ist doch vor allem entscheidend, dass euer eigenes Betriebssystem für europäische Banking Apps und Wallet Apps genutzt werden kann.
@MrGR Every operating system should be allowed to be used with European banking and wallet apps as long as they implement the technical requirements. It certainly shouldn't be up to for-profit companies selling products and services whether it's Google or Volla to determine which devices and operating systems are allowed to be used. If banks and governments insist on it being implemented then it should be done by a neutral organization not controlled by companies allowing only their products.
-
@GrapheneOS Ich wundere mich, dass du so viel Zeit dafür verwendest, eure Angriffe gegenüber andere zu rechtfertigen. Ich denke mal, dass die Nutzer selbst entscheiden können, für welches System sie sich entscheiden. Eure Öffentlichkeitsarbeit gegen andere Mitbewerber bewirkt eher das Gegenteil von dem, was ihr beabsichtigt! Wenn mich GrapheneOS nicht überzeugen würde, würden eure aggressiven Posts mich von euch eher abstoßen. Du überschätzt die Bedeutung von Gael (eos) und IODE. @bastian
@MrGR @bastian You're continuing to lie about us and misrepresent what's actually happening. Our efforts at countering the false marketing from these groups and their recent efforts to put themselves in control of which operating systems people are allowed to use for European banking and governments apps are working out fine. Your efforts to attack us by misrepresenting what we're saying and doing along with the context for it are fruitless and not achieving anything. All you've gained is a ban.
-
@MrGR @GrapheneOS @bastian Ich weiß nicht was bei den Machern von GrapheneOS los ist, es ist nur zumKopf schütteln..... Die haben ein gutes Produkt, aber wie die sich gerade im Netz präsentieren sit kontraproduktiv .....
@Pingitux ja, auch für mich ist das ein Kommunikations GAU. So schadet man sich nur selber und am Ende ist Google der lachende Dritte. Nachdem der GOS Typ auch mir vorwarf, zu lügen, überlege ich mir, ob mein nächstes Gerät wieder ein GOS Handy wird. Mich erinnert das an Elon Musik.
-
@GrapheneOS dann zeigt doch mal einen aktuellen Link zu so einem Beitrag. Bislang habe ich dazu nichts gesehen. Und bitte keinen Post von X. Ich bin nicht bei X. @bastian
-
@GrapheneOS I don't want attestation to begin with. Software should not care what hardware it's running on and hardware should not care what software it's running. Bootloader locking should be at the whim of the device's owner not the companies that made it, and it should be optional with the option to enroll your own keys if you wish to use it. Moving ownership from Google to another company doesn't solve the inherent problem here. I own my device, not the manufacturer.
@CalcProgrammer1 It's possible to provide features based on hardware attestation for end users without providing a form of it usable by apps to ban using alternative hardware and software. Unfortunately, the primary way that it's being used is controlling which hardware and software people are allowed to use including banning alternatives to iOS and Google Mobile Services Android. European companies making their own system banning anything other than OSes participating it is awful too.
-
@GrapheneOS @bastian Es handelt sich um Links, die offensichtlich gar nicht mehr online sind. Du teilst Links aus dem Webarchiv. Gael (Begründer von /e/os/) mag auch mitschuldig sein, aber ich glaube, ihr habt wirklich wichtigeres zu tun, als euch mit Gael zu streiten. Euer Streit interessiert niemand, der sich für Custom ROM interessiert! Kümmert euch um euer eigenes Projekt und treibt es voran. Ich wünsche euch viel Erfolg bei eurer Zusammenarbeit mit Motorola. DAS interessiert uns!
@MrGR @GrapheneOS @bastian Das ist deine persönliche Meinung. Ich empfinde die Aufklärungsarbeit, die GrapheneOS Leute betreiben, als hilfreich und wichtig. Gerade erst durch diesen Thread z.B. habe ich erfahren, dass /e/ von einem crypto-Faschisten geleitet wird. KiwiFarms ist eine Community die dafür bekannt ist, koordinierte harassment und doxxing campaigns gegen individuelle trans Frauen zu betreiben, mit dem Ziel sie bis in den Suizid zu drängen. Dass der Leiter von einem EU gefördertem Projekt sich in diesen Kreisen aufhält, ist enttäuschend und gut zu wissen.
-
@privacyfriendly Android Open Source Project and GrapheneOS are Linux. AOSP is open source and has a massive ecosystem built on the open source code. There are many stakeholders interested in continuing it. It would be a very messy situation if the original upstream stopped existing but it's entirely possible for development on it as an open source project to continue. It hopefully won't come to that. Ideally Android will be forcibly split from Google into a company friendlier to open source.
@GrapheneOS @privacyfriendly I have a question in a hypothetical framework. If that was like this in the end and Android closed completely... What would you do in that case??? Is it possible for you to participate in the development of an alternative Linux operating system like those already underway???
-
We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
@GrapheneOS the system is open source, what stop you to implement it and even better contributing to it to improve security?
Because this system is a very good idea to reinsure the banking company and European Union and it create a viable alternative to the Play Integrity.
Your approach to just say the security rely on the user didn't convince any big firm as they are legally still responsible in case of issue and the law on that is still protecting consumers.
The responsibility will remains on the apps for consumer protection so we need an alternative to make it that way and Graphene OS is not providing anything for that. -
@GrapheneOS Totally,
I don't wanna be locked-in
@TycoonTom @GrapheneOS you will not be, the standard is open for everyone
-
@GrapheneOS the system is open source, what stop you to implement it and even better contributing to it to improve security?
Because this system is a very good idea to reinsure the banking company and European Union and it create a viable alternative to the Play Integrity.
Your approach to just say the security rely on the user didn't convince any big firm as they are legally still responsible in case of issue and the law on that is still protecting consumers.
The responsibility will remains on the apps for consumer protection so we need an alternative to make it that way and Graphene OS is not providing anything for that.@DanielDNK This system isn't open. It's a proprietary centralized service built on top of standard Android hardware attestation. The entire purpose of Unified Attestation is centralizing control of which operating systems are allowed with the companies running it. It's absolutely unacceptable to have these companies control over whether apps adopting it can run on GrapheneOS. Participating would help to legitimize this anti-competitive power grab and would give them veto power over app compat.
-
@DanielDNK This system isn't open. It's a proprietary centralized service built on top of standard Android hardware attestation. The entire purpose of Unified Attestation is centralizing control of which operating systems are allowed with the companies running it. It's absolutely unacceptable to have these companies control over whether apps adopting it can run on GrapheneOS. Participating would help to legitimize this anti-competitive power grab and would give them veto power over app compat.
@DanielDNK It would give these companies the power to sabotage GrapheneOS through breaking app compatibility at any point they choose. It would give them leverage to make arbitrary harmful demands of GrapheneOS. The system is fundamentally anti-competitive and breaks competition laws.
As soon as this system is adopted by app which begins permitting these operating systems but not GrapheneOS, we intend to file a lawsuit against these companies and will also raise their existing attacks too.
-
@DanielDNK It would give these companies the power to sabotage GrapheneOS through breaking app compatibility at any point they choose. It would give them leverage to make arbitrary harmful demands of GrapheneOS. The system is fundamentally anti-competitive and breaks competition laws.
As soon as this system is adopted by app which begins permitting these operating systems but not GrapheneOS, we intend to file a lawsuit against these companies and will also raise their existing attacks too.
> Your approach to just say the security rely on the user didn't convince any big firm as they are legally still responsible in case of issue and the law on that is still protecting consumers.
Absolutely not true. We convinced at least a dozen apps to stop using the Play Integrity API. We convinced several apps to begin permitting specific alternate operating systems which were unwilling to stop using it. You should read what we wrote in the thread about a proper approach to this.
-
@TycoonTom @GrapheneOS you will not be, the standard is open for everyone
@DanielDNK @TycoonTom The standard is not open to everyone. It's run by a group of companies hostile to GrapheneOS which will be permitting their own products but not GrapheneOS.
Unified Attestation is a centralized system built on top of the Android hardware attestation API for the sole purpose of a power grab where these companies can control which devices and operating systems are allowed. They haven't made their own attestation system. They've made a system to control use of a standard API.
-
@DanielDNK It would give these companies the power to sabotage GrapheneOS through breaking app compatibility at any point they choose. It would give them leverage to make arbitrary harmful demands of GrapheneOS. The system is fundamentally anti-competitive and breaks competition laws.
As soon as this system is adopted by app which begins permitting these operating systems but not GrapheneOS, we intend to file a lawsuit against these companies and will also raise their existing attacks too.
@GrapheneOS you should not, Canada is not Europe, you will just lose a lot of money on it and probably lose as the justice doesn't like GrapheneOS anyway as they know the name as its appear in some drug trial and antitrust is not in the same window in Canada and in Europe. Why should Europe protect a Canadian company for antitrust?
-
@DanielDNK It would give these companies the power to sabotage GrapheneOS through breaking app compatibility at any point they choose. It would give them leverage to make arbitrary harmful demands of GrapheneOS. The system is fundamentally anti-competitive and breaks competition laws.
As soon as this system is adopted by app which begins permitting these operating systems but not GrapheneOS, we intend to file a lawsuit against these companies and will also raise their existing attacks too.
@GrapheneOS and why do you say it's not open source, the code seems available, which part do you see hidden and proprietary?
-
@GrapheneOS and why do you say it's not open source, the code seems available, which part do you see hidden and proprietary?
@DanielDNK Unified Attestation is a thin wrapper around Android hardware attestation which solely exists to make themselves into a centralized authority for controlling which devices and operating systems will be allowed through it. They haven't turned the overall Android hardware attestation feature into an open source one by layering this on top of it. The only part of Android hardware attestation that's open source is the OS. The overall system doesn't have an open source implementation yet.
-
@DanielDNK Unified Attestation is a thin wrapper around Android hardware attestation which solely exists to make themselves into a centralized authority for controlling which devices and operating systems will be allowed through it. They haven't turned the overall Android hardware attestation feature into an open source one by layering this on top of it. The only part of Android hardware attestation that's open source is the OS. The overall system doesn't have an open source implementation yet.
@DanielDNK A centralized service which permits only specific devices and operating systems without it being possible to host it elsewhere is not open.
-
@GrapheneOS the system is open source, what stop you to implement it and even better contributing to it to improve security?
Because this system is a very good idea to reinsure the banking company and European Union and it create a viable alternative to the Play Integrity.
Your approach to just say the security rely on the user didn't convince any big firm as they are legally still responsible in case of issue and the law on that is still protecting consumers.
The responsibility will remains on the apps for consumer protection so we need an alternative to make it that way and Graphene OS is not providing anything for that.The source model doesnt make the approach of the system sensible. Its approach is already a nonstarter and forking it just means convincing app devs to employ a *second* play integrity clone. The proper approach is for there to be no middleman between services and users, by using the generic attestation API. Play integrity is anti competitive and anything mimicking its approach is similarly anti competitive.
GOSs approach to whitelist OSs with the generic attestation API (that GOS fully supports) has worked and will likely keep working as more pressure is applied. A middleman is just harmful to the user and to the service.
-
@TycoonTom @GrapheneOS you will not be, the standard is open for everyone
@DanielDNK @TycoonTom @GrapheneOS Attestation as a process is open. The approved OSs would be controlled by the owners of unified attestation. The approach of just making more play integrity clones makes no sense when the service can just pick the OSs themselves.
