GrapheneOS calls on privacy focused app developers to boycott European Unified Attestation
cross-posted from : lemmy.zip/post/60567571
grapheneos.social/@GrapheneOS/…
GrapheneOS boycotts EU Unified Attestation, asks developers to help
In an official statement on X, GrapheneOS has completely rejected the new Unified Attestation initiative from the EU.Dwayne Cubbins (PiunikaWeb)
We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.Unified Attestation
Unified Attestation is a free, open-source alternative to Google Play Integrity with offline verification and simple app + server integration.uattest.net
unknowing8343
in reply to schizoidman • • •I started reading the full argument, and correct me if I am wrong, but don't they always start with a defendable idea and end up simply sounding crazy as hell when they start talking unrelated shit about other projects?
Like, look at this:
grapheneos.social/@GrapheneOS/…
They are literally saying that their plan is to ban GrapheneOS. That's CRAZY, and obviously not true. It's basically paranoid. Which I guess fits 😅
GrapheneOS (@GrapheneOS@grapheneos.social)
GrapheneOS (GrapheneOS Mastodon)cheese_greater
in reply to unknowing8343 • • •rnercle
in reply to cheese_greater • • •recently changed my bank.
i refused facial recognition so they simply fixed an irl appointment.
Councillor i met was an old user of Cyanogen.
Their app works without boogle services and that too was one of the reasons for my choice.
I'm guessing (and hoping too) that some banks won't be closing their virtual doors to nonBoogled people
unknowing8343
in reply to cheese_greater • • •l3db3tt3r
in reply to unknowing8343 • • •The centralized gatekeeper for attestation, play integrity, etc, the EU sees it as mitigating security risks with Google, the corporations see it as opportunity to change the centralized gatekeeper; to maximize capital. It isn't just a (terrible) strategic move for security, it's also a move to align capital. (also imagine the meta data network you could create with the attestation, another data point for surveillance. think Chat Control) I see GrapheneOS prioritize security; not capital. The people/groups/companies they are often at odds with prioritize the mechanisms of capital (or surveillance capitalism) over security.
Coleslaw4145
in reply to unknowing8343 • • •Isn't that the whole point to Graphene OS?
I like my super secure OS being developed by super paranoid developers thank you very much.
FauxLiving
in reply to Coleslaw4145 • • •Exactly.
What the attestation system would do is give some government agency de facto control over which OSs could be installed on phones.
Right now, using GrapheneOS and being outside of corporate attestation chains just means that you can't use the NFC payment system. It could very well be that every major commercial service would deny you access if you couldn't pass an attestation verification via some browser API.
An example would be if age verification were a thing, they could 'think of the children' argue their way into only allowing OSs with age verification systems which are approved by the government to access social media or any website that would be considered 18+.
EU countries have already tried attacking GrapheneOS as a tool of criminals. It doesn't seem like much of a stretch to see how they would refuse to allow 'the criminal OS' to be part of their attestation chain. Or if chat control passes, only devices that implement the mass surveillance spyware would be allowed to be attested. The government wouldn't allow non-compliant operating syste
... Show more...Exactly.
What the attestation system would do is give some government agency de facto control over which OSs could be installed on phones.
Right now, using GrapheneOS and being outside of corporate attestation chains just means that you can't use the NFC payment system. It could very well be that every major commercial service would deny you access if you couldn't pass an attestation verification via some browser API.
An example would be if age verification were a thing, they could 'think of the children' argue their way into only allowing OSs with age verification systems which are approved by the government to access social media or any website that would be considered 18+.
EU countries have already tried attacking GrapheneOS as a tool of criminals. It doesn't seem like much of a stretch to see how they would refuse to allow 'the criminal OS' to be part of their attestation chain. Or if chat control passes, only devices that implement the mass surveillance spyware would be allowed to be attested. The government wouldn't allow non-compliant operating systems to pass their tests.
The point of an attestation chain is to provide control over which devices are allowed to be verified and to use that verification status to gate access to services.
Coleslaw4145
in reply to FauxLiving • • •FYI, I'm able to use NFC payments on Graphene OS using Curve Pay.
ScoffingLizard
in reply to schizoidman • • •