@volla has initiated the industry consortium #UnifiedAttestation for an open-source alternative to Google Play Integrity.
-
@vollaficationist Unified Attestation is illegal throughout Europe too. We'll be filing a lawsuit against each of the companies. It's an illegal anti-competitive cartel and none of these companies has any right to determine whether apps are compatible with GrapheneOS. That's fundamentally illegal and it needs to stop before going any further. Multiple companies which have engaged in years of underhanded attacks on the GrapheneOS project are not going to be in charge of whether apps can be used.
@vollaficationist Murena and iodé are have spent years attacking the GrapheneOS project. They've relentlessly mislead people about what it provides to promote their products. They've misled people about what their own products with atrocious security provide. We began debunking their claims so they began making personal attacks on our team including spreading vile harassment content. We'll never give these companies veto power over app compatibility on GrapheneOS and we won't work with them.
-
RE: https://mastodon.social/@fsfe/116131145887510612
@volla has initiated the industry consortium #UnifiedAttestation for an open-source alternative to Google Play Integrity. That will be a game-changer. All major European OS producers are joining. We have a golden opportunity now to boot out Google.
@vollaficationist @volla curious what the advantage of this is over android's native hardware attestation api /gen
-
@GrapheneOS This is currently being discussed. Nothing is written in stone. One way is to have an independent third-party highly renowned institution do test and certification. Please consider that UA is still very much "under construction." Please also note that we respect GOS' work, which is why we reached out to you half a year ago.
@vollaficationist GrapheneOS won't participate in any system which requires us to delay our releases while waiting for certification. That's inherently anti-security and is completely unacceptable. We also won't give any companies or organizations veto power over app compatibility on GrapheneOS. It's a horrible idea and we're not going to let it happen. We won't participate and we'll file a lawsuit over the fact GrapheneOS is being banned by companies selling products threatened by GrapheneOS.
-
@vollaficationist GrapheneOS won't participate in any system which requires us to delay our releases while waiting for certification. That's inherently anti-security and is completely unacceptable. We also won't give any companies or organizations veto power over app compatibility on GrapheneOS. It's a horrible idea and we're not going to let it happen. We won't participate and we'll file a lawsuit over the fact GrapheneOS is being banned by companies selling products threatened by GrapheneOS.
@vollaficationist The EU has been passing laws working towards banning end-to-end encryption and secure devices. It's completely unacceptable to have an EU-based system controlling which hardware and software is allowed to be used. GrapheneOS is not going to participate in bringing about our own downfall through helping to build or legitimize a system which could be used by EU governments to ban GrapheneOS. Play Integrity API should be banned rather than giving it legitimacy making another one.
-
@vollaficationist The EU has been passing laws working towards banning end-to-end encryption and secure devices. It's completely unacceptable to have an EU-based system controlling which hardware and software is allowed to be used. GrapheneOS is not going to participate in bringing about our own downfall through helping to build or legitimize a system which could be used by EU governments to ban GrapheneOS. Play Integrity API should be banned rather than giving it legitimacy making another one.
@vollaficationist Android hardware attestation can already be used to permit arbitrary roots of trust and arbitrary operating systems. There's no need for a centralized system based in Europe built on top of it.
It would be better if root-based attestation didn't exist because it's fundamentally insecure for anything serious and primarily useful for anti-competitive and authoritarian purposes. Pinning-based attestation is what's useful for protecting users rather than controlling people.
-
@vollaficationist @volla curious what the advantage of this is over android's native hardware attestation api /gen
@RadioAddition You can contact the project. Whatever already existed clearly did not work.
-
@GrapheneOS Which companies are "disallowed" to partake in #UnifiedAttestation? You have formally and informally been cordially invited. As are any and all other OS manufacturers. Please, let's ease the tone. What about a constructive talk? I believe we should support one another wherever possible and meaningful. Considering the vast market potential, we have all much to gain. Some will choose GOS, some VOS, etc. It's a big cake. Let's ditch Google - unified. Good day!
@vollaficationist @GrapheneOS as the brand that focuses the most towards user privacy and security, it makes sense for GrapheneOS to not support something like this which is basically Google but European with its own user surveillance stuff (even if they say, they don't we will just have to trust them blindly like we do with Apple products and consistently there have been proofs that /e/ does communicate with Google and OpenAI servers for stuff that Graphene and Calyx could already without connecting to them, so it's false marketing in a way).
While I do think having an alternative to Play Integrity API is good and it's better than nothing but hardware attestation is the best way to do it. And Volla & Murena doing something that gives them total control instead of pushing something focused towards privacy like hardware attestation shows that there have some ulterior motives. And with EU also pushing for surveillance like Chat Control and backdoors, I'm not sure this is a good idea.
-
@vollaficationist Android hardware attestation can already be used to permit arbitrary roots of trust and arbitrary operating systems. There's no need for a centralized system based in Europe built on top of it.
It would be better if root-based attestation didn't exist because it's fundamentally insecure for anything serious and primarily useful for anti-competitive and authoritarian purposes. Pinning-based attestation is what's useful for protecting users rather than controlling people.
@vollaficationist We've been actively fighting against the Play Integrity API for years and now. Unified Attestation is another anti-competitive system very similar to it. We're absolutely going to fight against it as much as we have been against the Play Integrity API. Android hardware attestation is an issue itself due to being primarily designed around root-based attestation. We convinced them to add proper pinning-based verification support to make it a real security feature for our usage.
-
@vollaficationist GrapheneOS won't participate in any system which requires us to delay our releases while waiting for certification. That's inherently anti-security and is completely unacceptable. We also won't give any companies or organizations veto power over app compatibility on GrapheneOS. It's a horrible idea and we're not going to let it happen. We won't participate and we'll file a lawsuit over the fact GrapheneOS is being banned by companies selling products threatened by GrapheneOS.
@GrapheneOS Will you really? And you didn't Google? Now I'm actually really getting worried about the status of GOS. Well, I wish you the best.
-
@vollaficationist We've been actively fighting against the Play Integrity API for years and now. Unified Attestation is another anti-competitive system very similar to it. We're absolutely going to fight against it as much as we have been against the Play Integrity API. Android hardware attestation is an issue itself due to being primarily designed around root-based attestation. We convinced them to add proper pinning-based verification support to make it a real security feature for our usage.
@vollaficationist In Operation Trojan Shield, a bunch of European states worked with the FBI to sell backdoored devices to organized crime. They marketed these devices as being based on GrapheneOS or as running GrapheneOS. They harmed the reputation of GrapheneOS by marketing it to criminals and put us at high risk of physical harm by violent criminals. More recently, multiple European states are attacking actual GrapheneOS falsely claiming it's mainly used by criminals.
ANOM – Darknet Diaries
In this episode, Joseph Cox tells us the story of ANOM. A secure phone made by criminals, for criminals.
(darknetdiaries.com)
-
@vollaficationist In Operation Trojan Shield, a bunch of European states worked with the FBI to sell backdoored devices to organized crime. They marketed these devices as being based on GrapheneOS or as running GrapheneOS. They harmed the reputation of GrapheneOS by marketing it to criminals and put us at high risk of physical harm by violent criminals. More recently, multiple European states are attacking actual GrapheneOS falsely claiming it's mainly used by criminals.
ANOM – Darknet Diaries
In this episode, Joseph Cox tells us the story of ANOM. A secure phone made by criminals, for criminals.
(darknetdiaries.com)
@vollaficationist Europe passed Chat Control and it's clear many of the countries involved are going to be pushing additional laws to further crack down on end-to-end encryption and secure devices. France has come out as by far the strongest opponent of privacy technology among European countries and is where both iodé and Murena are based. Why would we want to participate in a system where the EU can ban GrapheneOS if we don't comply with authoritarian laws cracking down on secure devices?
-
@vollaficationist @GrapheneOS as the brand that focuses the most towards user privacy and security, it makes sense for GrapheneOS to not support something like this which is basically Google but European with its own user surveillance stuff (even if they say, they don't we will just have to trust them blindly like we do with Apple products and consistently there have been proofs that /e/ does communicate with Google and OpenAI servers for stuff that Graphene and Calyx could already without connecting to them, so it's false marketing in a way).
While I do think having an alternative to Play Integrity API is good and it's better than nothing but hardware attestation is the best way to do it. And Volla & Murena doing something that gives them total control instead of pushing something focused towards privacy like hardware attestation shows that there have some ulterior motives. And with EU also pushing for surveillance like Chat Control and backdoors, I'm not sure this is a good idea.
@skywalker2k17 @GrapheneOS Look, it's not "Volla and Murena." It's an open approach. If you have a better idea, pursue it. UA invites any and all. Please understand that the crux of the matter is to achieve app compatibility outside of googlag.
-
@skywalker2k17 @GrapheneOS Look, it's not "Volla and Murena." It's an open approach. If you have a better idea, pursue it. UA invites any and all. Please understand that the crux of the matter is to achieve app compatibility outside of googlag.
@vollaficationist @GrapheneOS the better idea is Android's built in hardware attestation lol.
Edit : the crux of the matter is both taking control out of Google and them taking that control into their hands. Even if it's open source, they are the ones deciding what apps will be approved for everyone else like how Google is trying to lock Android now, the same might happen in the future.
-
@skywalker2k17 @GrapheneOS Look, it's not "Volla and Murena." It's an open approach. If you have a better idea, pursue it. UA invites any and all. Please understand that the crux of the matter is to achieve app compatibility outside of googlag.
@vollaficationist @skywalker2k17 It's not an open approach but rather an anti-competitive cartel formed between multiple companies to permit their products while locking out others. GrapheneOS won't participate and we'll file a lawsuit against each company involved for banning GrapheneOS. Unified Attestation is nothing short of a declaration of war on not only GrapheneOS but anyone who wants to be able to choose their hardware and software without needing approval from the EU and EU companies.
-
@vollaficationist In Operation Trojan Shield, a bunch of European states worked with the FBI to sell backdoored devices to organized crime. They marketed these devices as being based on GrapheneOS or as running GrapheneOS. They harmed the reputation of GrapheneOS by marketing it to criminals and put us at high risk of physical harm by violent criminals. More recently, multiple European states are attacking actual GrapheneOS falsely claiming it's mainly used by criminals.
ANOM – Darknet Diaries
In this episode, Joseph Cox tells us the story of ANOM. A secure phone made by criminals, for criminals.
(darknetdiaries.com)
@GrapheneOS I can not relate to this, unfortunately. I focus on an opensource alternative to googlag. Looking forward. Positively, constructively. Let's say UA becomes a success. Well, GOS is free to do their own thing. As are everyone else.
-
@vollaficationist @GrapheneOS the better idea is Android's built in hardware attestation lol.
Edit : the crux of the matter is both taking control out of Google and them taking that control into their hands. Even if it's open source, they are the ones deciding what apps will be approved for everyone else like how Google is trying to lock Android now, the same might happen in the future.
@skywalker2k17 How would you do it? You are free to pursue that path. We are simply inviting to a new path - a path that is still and always in the making.
-
@GrapheneOS I can not relate to this, unfortunately. I focus on an opensource alternative to googlag. Looking forward. Positively, constructively. Let's say UA becomes a success. Well, GOS is free to do their own thing. As are everyone else.
@vollaficationist Unified Attestation is working towards eroding people's rights within the European Union and beyond. Play Integrity API is bad enough but at least it can be fought against in Europe by taking advantage of people not wanting a US company in control of which hardware and software they're allowed to use. Unified Attestation is directly undermining our efforts to fight against the Play Integrity API in Europe which were starting to get traction. We now have to focus on UA instead.
-
@skywalker2k17 How would you do it? You are free to pursue that path. We are simply inviting to a new path - a path that is still and always in the making.
@vollaficationist if you bothered reading what GrapheneOS replied to you, you would know it already cuz they said it on one of their replies and yeah, good luck on your new path.
-
@vollaficationist @skywalker2k17 It's not an open approach but rather an anti-competitive cartel formed between multiple companies to permit their products while locking out others. GrapheneOS won't participate and we'll file a lawsuit against each company involved for banning GrapheneOS. Unified Attestation is nothing short of a declaration of war on not only GrapheneOS but anyone who wants to be able to choose their hardware and software without needing approval from the EU and EU companies.
@GrapheneOS @skywalker2k17 you keep repeating your magical words, my friend. It won't change a thing. Time was much better spent with a constructive dialogue set to solve problems pragmatically. Perhaps Canadian laws could be the problem?
Just one example of thinking. -
@GrapheneOS Will you really? And you didn't Google? Now I'm actually really getting worried about the status of GOS. Well, I wish you the best.
@vollaficationist Yes, we'll file a lawsuit against each company involved in Unified Attestation for the damages done by their anti-competitive cartel to GrapheneOS. It's likely not only going to be us filing this lawsuit. We can work with many other stakeholders interested in stopping creeping authoritarianism in Europe eroding people's right to use whatever hardware and software they want to use. You're working alongside politicians pushing expanded Chat Control. This is perfect for them.
