volla, /e/, etc is a fucking shithole (or why simply renaming Google to volla will change nothing)
Once again, I have to remind everyone the difference between a replacement and an alternative.
- Yes, google is shit
- That dosent mean /e/, iode, and the rest is automatically better than google.
That being said, the volla attestation API is once again a google replacement. Not an alternative, but a „google” with another name. They are still just as vulnerable to corruption, court orders, etc as google is. Its like throwing out your Alexa for spying, but instead buying another Alexa, but instead of Amazon it's nozama. Look people, instead of unsecured s3 bucket 3, I use unsecured S3 bucket 4 that I'm sending my data through via http. Me so smarty pants
Once again, volla and their attestation will become just as big and corrupt as google. It is the job of the software to be designed in a way that it can't be abused like google is abusing their G services. This is not given with volla attestation. There is already an implemented software. Its called android attestation.
GrapheneOS (@GrapheneOS@grapheneos.social)
Here's a post where the @vollaficationist@mastodon.social clearly refers to themselves as being part of Volla and shares internal information which would only be known to someone working at Volla This account doesn't belong to someone who uses and s…GrapheneOS (GrapheneOS Mastodon)
like this
solrize
in reply to Luffy • • •Luffy
in reply to solrize • • •Banks cant trust every client device to be secure and not compromise their infra, therefore they are using a certificate from a software authority to make sure their apps only run on secure devices. Currently, this authority is Google.
But since everything is using google as their authority, google can at any time decide if they want to exclude any devices/manufacturers/whatever from running most banking apps.
For example, they are excluding everything that is not shipping their G services Spyware. (And to ship the G services, you need a license, so you can't have most banking apps without paying google)
Now, volla, a maker of a Linux Phone is trying to make a new attestation API. This in no way mitigates any problem I mentioned in the paragraphs above. In that case, Volla is the Authority, and they can at any time exclude anyone for any reason.
There is already an adequate Attestation system that mitigates every issue I mentioned built into android. Since the system is present at any time, this will not only reduce the attack vector on a system, but allow
... Show more...Banks cant trust every client device to be secure and not compromise their infra, therefore they are using a certificate from a software authority to make sure their apps only run on secure devices. Currently, this authority is Google.
But since everything is using google as their authority, google can at any time decide if they want to exclude any devices/manufacturers/whatever from running most banking apps.
For example, they are excluding everything that is not shipping their G services Spyware. (And to ship the G services, you need a license, so you can't have most banking apps without paying google)
Now, volla, a maker of a Linux Phone is trying to make a new attestation API. This in no way mitigates any problem I mentioned in the paragraphs above. In that case, Volla is the Authority, and they can at any time exclude anyone for any reason.
There is already an adequate Attestation system that mitigates every issue I mentioned built into android. Since the system is present at any time, this will not only reduce the attack vector on a system, but allow any app to add any authority they want.
Every company will at some time become corrupt. This happened with google, this will happen with volla, every company will at some time become corrupt. Therefore, every software must be designed in a way that the company behind it dosent have total control over it.
If the original Lemmy.ml defederates, it will not kill every other instance. If volla/google decides to exclude a specific phone model/OS from running it, be it for purely ideological reasons, no one will have any access to it. There are no alternatives in a system with volla attestation.
If the app uses the android attestation api on the other hand, you simply add the OSs authority key. No rewrite required.
ScoffingLizard
in reply to Luffy • • •Luffy
in reply to ScoffingLizard • • •/e/ has Murena Services, which is a completely different can of worms
Its basically the replacement to Google Photos, drive, etc, and it advertises itself as private, yet it has no privacy benefits over google. The data is still stored unencrypted on a server with your email/number and name on it, and it can just be sold or given out or hacked at any time. Its google with a different name
Also, MicroG theoretically works, but its more like wine or a windows 11 TPM back than a replacement. It spoofs everything, which just means that besides the phone being insecure since there's no way you can verify if someone tampered with it, because it just spoofs the values anyway, it can also be disabled by google at any time by an update which makes the values unspoofable.
If you ever wondered why enterprises don't just use win 11 with no TPM, its because Microsoft (like google) can at any time decide to say fuck you and brick all your systems, since they don't officially support it anyway
RobotToaster
in reply to Luffy • • •waddle_dee
in reply to RobotToaster • • •machiavellian
in reply to RobotToaster • • •Because Google doesn't spread false claims about their security and privacy and about GOS as do volla, /e/ and others. Yeah, GOS could learn a few marketing tricks such as not engaging every bad faith argument, but that doesn't make them pathetic. Defending yourself is not pathetic, having others shit on you without any recourse is.
EDIT: Here is a link to a new thread displaying the underhanded tactics volla and others use.
GrapheneOS (@GrapheneOS@grapheneos.social)
GrapheneOS (GrapheneOS Mastodon)mathemachristian [he/him]
in reply to Luffy • • •