I started reading the full argument, and correct me if I am wrong, but don’t they always start with a defendable idea and end up simply sounding crazy as hell when they start talking unrelated shit about other projects?
What the attestation system would do is give some government agency de facto control over which OSs could be installed on phones.
Right now, using GrapheneOS and being outside of corporate attestation chains just means that you can’t use the NFC payment system. It could very well be that every major commercial service would deny you access if you couldn’t pass an attestation verification via some browser API.
An example would be if age verification were a thing, they could ‘think of the children’ argue their way into only allowing OSs with age verification systems which are approved by the government to access social media or any website that would be considered 18+.
EU countries have already tried attacking GrapheneOS as a tool of criminals. It doesn’t seem like much of a stretch to see how they would refuse to allow ‘the criminal OS’ to be part of their attestation chain. Or if chat control passes, only devices that implement the mass surveillance spyware would be allowed to be attested. The government wouldn’t allow non-compliant operating systems to pass their tests.
The point of an attestation chain is to provide control over which devices are allowed to be verified and to use that verification status to gate access to services.
If attestation becomes “a thing” and apps cant be run on non-attesting OSs it could very well in practicality be banned since people wont want to use a platform they cant use their apps with. If you have a bank app that doesnt have a website version that could be a dealbreaker for GOS if its not a dealbreaker for you bankibg with that bank
But attestation is already “a thing”!! These companies are just asking for a more democratic system. Might not be the best idea ever, but it’s at least better than Google’s monopoly.
i refused facial recognition so they simply fixed an irl appointment.
Councillor i met was an old user of Cyanogen.
Their app works without boogle services and that too was one of the reasons for my choice.
I’m guessing (and hoping too) that some banks won’t be closing their virtual doors to nonBoogled people
I think they see the slippery slope emerge, and they take that slope to the logical extreme.
The centralized gatekeeper for attestation, play integrity, etc, the EU sees it as mitigating security risks with Google, the corporations see it as opportunity to change the centralized gatekeeper; to maximize capital. It isn’t just a (terrible) strategic move for security, it’s also a move to align capital. (also imagine the meta data network you could create with the attestation, another data point for surveillance. think Chat Control) I see GrapheneOS prioritize security; not capital. The people/groups/companies they are often at odds with prioritize the mechanisms of capital (or surveillance capitalism) over security.
I started reading the full argument, and correct me if I am wrong, but don’t they always start with a defendable idea and end up simply sounding crazy as hell when they start talking unrelated shit about other projects?
Like, look at this: https://grapheneos.social/@GrapheneOS/116200362765756182
They are literally saying that their plan is to ban GrapheneOS. That’s CRAZY, and obviously not true. It’s basically paranoid. Which I guess fits 😅
Isn’t that the whole point to Graphene OS?
I like my super secure OS being developed by super paranoid developers thank you very much.
Exactly.
What the attestation system would do is give some government agency de facto control over which OSs could be installed on phones.
Right now, using GrapheneOS and being outside of corporate attestation chains just means that you can’t use the NFC payment system. It could very well be that every major commercial service would deny you access if you couldn’t pass an attestation verification via some browser API.
An example would be if age verification were a thing, they could ‘think of the children’ argue their way into only allowing OSs with age verification systems which are approved by the government to access social media or any website that would be considered 18+.
EU countries have already tried attacking GrapheneOS as a tool of criminals. It doesn’t seem like much of a stretch to see how they would refuse to allow ‘the criminal OS’ to be part of their attestation chain. Or if chat control passes, only devices that implement the mass surveillance spyware would be allowed to be attested. The government wouldn’t allow non-compliant operating systems to pass their tests.
The point of an attestation chain is to provide control over which devices are allowed to be verified and to use that verification status to gate access to services.
FYI, I’m able to use NFC payments on Graphene OS using Curve Pay.
If attestation becomes “a thing” and apps cant be run on non-attesting OSs it could very well in practicality be banned since people wont want to use a platform they cant use their apps with. If you have a bank app that doesnt have a website version that could be a dealbreaker for GOS if its not a dealbreaker for you bankibg with that bank
But attestation is already “a thing”!! These companies are just asking for a more democratic system. Might not be the best idea ever, but it’s at least better than Google’s monopoly.
recently changed my bank.
i refused facial recognition so they simply fixed an irl appointment.
Councillor i met was an old user of Cyanogen.
Their app works without boogle services and that too was one of the reasons for my choice.
I’m guessing (and hoping too) that some banks won’t be closing their virtual doors to nonBoogled people
I think they see the slippery slope emerge, and they take that slope to the logical extreme. The centralized gatekeeper for attestation, play integrity, etc, the EU sees it as mitigating security risks with Google, the corporations see it as opportunity to change the centralized gatekeeper; to maximize capital. It isn’t just a (terrible) strategic move for security, it’s also a move to align capital. (also imagine the meta data network you could create with the attestation, another data point for surveillance. think Chat Control) I see GrapheneOS prioritize security; not capital. The people/groups/companies they are often at odds with prioritize the mechanisms of capital (or surveillance capitalism) over security.