@volla has initiated the industry consortium #UnifiedAttestation for an open-source alternative to Google Play Integrity.
-
@Phobos1641 @vollaficationist @GrapheneOS nah man, it wasn't directed at you. I just sent it like cuz it felt ironic cuz Graphene was trying to explain what is wrong with Unified Attestation and the other person just didn't understand anything.
At the start, even I was similar to them and was thinking why does Graphene not join something that's open source and tied to some companies that promote privacy and stuff. Then heard of the squabbles between them both and then looked into, I wasted an entire day over it and I know not everyone can afford that kind of time for this. I was lucky to have an off day close to when I last had a similar argument with someone from the cult. After I read some of independent articles regarding /e/, I kinda understood what they are like but they are just anti big tech in a way but they are moving towards the same thing as big tech and Unified Attestation is lobbying in EU for it and there is always a price for it and when it comes due, the people lose.
@Phobos1641 @vollaficationist @GrapheneOS just to make it clear, it wasn't meant to be offensive to the other person too. As someone who wants more GDPR compliant stuff, the idea seemed golden to me (at the start).
I only said it cuz I felt the irony funny in a weird way. And your win some, lose some doesn't particularly offend either party here (or offends both lol), cuz they both were backing their own point up and ultimately, it was an impasse. Graphene despite their best efforts couldn't convince the other party, the other party despite them trying didn't get what Graphene is trying to say and if they just want something not Google and something that belongs to EU to be in control, they are getting their wish too.
Graphene is saying, ultimately anyone having control is bad. It won't change cuz it's not Google and it's some other for-profit company. When EU's laws move towards surveillance, Unified Attestation will have to comply and their lobbyists will make sure they do.
-
@vollaficationist @celeduc @guilg @EUCommission Volla sells white labelled devices from an ODM. Your devices don't come close to the security of an iPhone or Pixel. You're making extraordinarily inaccurate attacks on the GrapheneOS project. We're absolutely working on building alternatives to the functionality provided by Google Play and much more. We're actively collaborating with other projects sharing the same goals and approach we have. Volla does not share our goals or approach.
@GrapheneOS @celeduc @guilg @EUCommission I hoped you'd come to this. GOOGLAG is better, right?!? And iPhone... Well, I rest my case. Perhaps you are not who you claim to be? Sure, you're registered in Canada. Registered.
-
@vollaficationist @celeduc @guilg @EUCommission Volla sells white labelled devices from an ODM. Your devices don't come close to the security of an iPhone or Pixel. You're making extraordinarily inaccurate attacks on the GrapheneOS project. We're absolutely working on building alternatives to the functionality provided by Google Play and much more. We're actively collaborating with other projects sharing the same goals and approach we have. Volla does not share our goals or approach.
@GrapheneOS @celeduc @guilg @EUCommission my dear friend, you did googlag-ware, and now Moto. It's quite amusing just how vigorously you defend American BigTech. Now disclose who is funding this social media frenzy.
-
@skywalker2k17 @Phobos1641 @GrapheneOS but who is this dude, or many dudes, being kind of omnipresent (look it up) all over social media, 24/7¿ For me, today was my first day. A little shocked.
Whatever, UA is open to anyone. And this fact is why the GOS dude is alleging, empty handed, that is illegal in Canada and EU. According to him/her it's probably globally illegal to contest googlag, right. You're welcome.
@vollaficationist @Phobos1641 @GrapheneOS oh yeah, I get what you are talking about. And idk how they are managing to do it, and I do suspect if they ultimately want Google to be the only player in the field cuz they push for the usage of Play Store over Aurora for the sake of security.
I understand why they are doing what they are doing and it does right by their mission too but I feel like it misses the point of why people degoogle. Either way, like I said it's better for there to be a European alternative than just Google but ideally, there shouldn't be any and using Android's built in hardware attestation is better. But there's no ideal world anyways.
-
@GrapheneOS @celeduc @guilg @EUCommission I hoped you'd come to this. GOOGLAG is better, right?!? And iPhone... Well, I rest my case. Perhaps you are not who you claim to be? Sure, you're registered in Canada. Registered.
@vollaficationist @celeduc @guilg @EUCommission You've made it clear you work for Volla. Your posts have been repeatedly written as speaking on their behalf and you've posted non-public information which would only be known to people working at Volla. You're repeatedly making disingenuous attacks on GrapheneOS portraying it as a honey pot and a conspiracy. A company which engages in these tactics to harm GrapheneOS is absolutely not a company which should control what's allowed to be used.
-
@Phobos1641 @vollaficationist @GrapheneOS yeah man, hard to stay positive in all of this at all. And most of it are forces beyond our control, which makes it all the more worse.
-
@Phobos1641 @skywalker2k17 @GrapheneOS eff America and EU and all such entities. Read up on who Volla is, what it does. I mean it.
-
@Phobos1641 @skywalker2k17 @GrapheneOS eff America and EU and all such entities. Read up on who Volla is, what it does. I mean it.
@vollaficationist @Phobos1641 @GrapheneOS I will, can you point me towards something as a starting point? I'm thinking they are the ones behind SailfishOS which is actually a pretty good Linux alternative. It's the others I'm not so sure about.
-
@celeduc @GrapheneOS @guilg @EUCommission Volla develops not only devices or OS, or AI and more. It's also developing a new ecosystem as well as an infrastructure. Full decoupling. A fully, autonomous communications system. GOS is a hundred thousand miles from this, right. They do googlag-ware and now even Moto, lol.
@vollaficationist @celeduc @GrapheneOS @guilg @EUCommission And the Volla Phone Quintus is the Daria Bond 5G from an Emirates company (marked up by 560 Euro). Given that Eurowashing, maybe attacking GrapheneOS for using Pixel hardware is a bit rich? At least Pixel has proper device security.
Back to to the original topic. I only have a stake in this as an EU citizen, but having a small set of companies decide who can run what is bad, it's another attack on the freedom of EU citizens.
-
@GrapheneOS @celeduc @guilg @EUCommission I hoped you'd come to this. GOOGLAG is better, right?!? And iPhone... Well, I rest my case. Perhaps you are not who you claim to be? Sure, you're registered in Canada. Registered.
@vollaficationist @GrapheneOS @celeduc @guilg @EUCommission Yes, an recent iPhone and an recent Pixel, even with the standard OS is much more secure than Volla and its Volla OS, which also supports the disastrous Ubuntu Touch.
Then, Volla is partner with the VPN provider hide.me and include their VPN applications in the operating system. I've never seen anything special about hide.me for security and privacty and I wouldn't trust an operating system that encourage me to use a random VPN provider, always with the misinformation that it would protect me Internet connection, or by making it more "private", including also AI, MicroG privileged and connections to a cloud service, etc, this is a huge red flag.
-
@guilg @vollaficationist We've been actively fighting against the Play Integrity API for years. We were making substantial progress in both Europe and India. We've also been coordinating with multiple other companies towards filing a lawsuit against Google. Unified Attestation is an enormous gift to Google helping to legitimize what they're doing with the Play Integrity API. Volla is playing into the hands of authoritarians who want systems disallowing people using arbitrary hardware/software.
@GrapheneOS @guilg @vollaficationist Если бы помогли выиграть России суд над гуглом, где долг исчесляеться 37 нулями .
То денег на таки суды бы им не хватило.
-
@vollaficationist In Operation Trojan Shield, a bunch of European states worked with the FBI to sell backdoored devices to organized crime. They marketed these devices as being based on GrapheneOS or as running GrapheneOS. They harmed the reputation of GrapheneOS by marketing it to criminals and put us at high risk of physical harm by violent criminals. More recently, multiple European states are attacking actual GrapheneOS falsely claiming it's mainly used by criminals.
ANOM – Darknet Diaries
In this episode, Joseph Cox tells us the story of ANOM. A secure phone made by criminals, for criminals.
(darknetdiaries.com)
True.
I’ve read articles in Italian & Dutch outlets talking about the ‘danger’ of GrapheneOS, falsely claiming it's a phone for criminals. Some articles mentioned the new European Digital Wallet for storing IDs and payment cards; countries like Italy announced it wouldn't work on non-standard operating systems, only stock Android, iOS and GarminOS (all American companies). Some banks have lobbied against GrapheneOS and rushed to publish articles taking a similarly accusatory tone.In fact, these are campaigns led by the far right. They are the same people pushing for age checks on all OSs in the U.S., the same Nazis who pushed in the EU for ‘Chat Control’—who, in the name of combating pedophilia, were prepared to launch a ‘Stasi 2.0’ rather than look at those Epstein files...
This just goes to show that I made the right choice in opting for GrapheneOS... the day I’m forced to use something else will be the last day I’ll ever own a phone.
-
@vollaficationist @celeduc @GrapheneOS @guilg @EUCommission And the Volla Phone Quintus is the Daria Bond 5G from an Emirates company (marked up by 560 Euro). Given that Eurowashing, maybe attacking GrapheneOS for using Pixel hardware is a bit rich? At least Pixel has proper device security.
Back to to the original topic. I only have a stake in this as an EU citizen, but having a small set of companies decide who can run what is bad, it's another attack on the freedom of EU citizens.
@danieldk
I would agree to the lower paragraph and add the following thought:
Maybe it would be wise to not let the only companies with privacy in the mind get divided. Arguments ad hominem are not very convincing.
@vollaficationist @celeduc @GrapheneOS @guilg @EUCommission @GrapheneOS -
@GrapheneOS please, how many people are hired by GOS for being all over social media 24/7? This day is my first and only day doing this. Would you guess why?
@vollaficationist @GrapheneOS shut your worthless larping. You don't answer GrapheneOS' queries regarding #VollaShit security in a mature manner. Its so obvious.
-
@guilg @GrapheneOS I suspect GOS is more, or different, from what they state they are. And from where do we always see v projection?
@vollaficationist @guilg @GrapheneOS May I have an explanation why a new centralised verification through a new API built on the Android hardware attestation API is a better solution? I'm genuinely curious because to me it sounds exactly like Google's solution with a different entity in control.
-
@vollaficationist @GrapheneOS An anti-competitive cartel violates the principle of fair competition not only in Canada but in most countries, including the EU.
Antitrust and Cartels
Antitrust and Cartels Overview
Competition Policy (competition-policy.ec.europa.eu)
Unified Attestation is an initiative with Murena, Iodé, and Volla, three untrustworthy for-profit companies that want to copy Google’s Play Integrity API, which is already abusive and illegal, to manipulate the market and impose their misleading standards.
There is nothing neutral about it, and the fact that it’s “open-source” doesn’t change a thing.
@Xtreix @vollaficationist @GrapheneOS So what are the alternatives? Sandboxed google? Not having banking apps? Not having alternative payment apps?
The issue is that banks are required to have this attestation by credit card companies. -
@Xtreix @vollaficationist @GrapheneOS So what are the alternatives? Sandboxed google? Not having banking apps? Not having alternative payment apps?
The issue is that banks are required to have this attestation by credit card companies.@meowki @vollaficationist @GrapheneOS Most banking apps work well on GrapheneOS; check out this list : https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
The attestation compatibility guide is a good, neutral approach that is not controlled by a centralized authority : https://grapheneos.org/articles/attestation-compatibility-guide
Unified Attestation threatens the compatibility of apps for developers who refuse to participate in their illegal cartels. This seriously undermines the efforts of a project like GrapheneOS, which strives to make as many Android apps as possible compatible with a truly secure and privacy-respecting operating system, one without user accounts, AI, age verification, client-side analysis, or any default Google services nor any other tech companies, etc
We need to support it because there’s no one else doing what GrapheneOS does.
-
@GrapheneOS This is currently being discussed. Nothing is written in stone. One way is to have an independent third-party highly renowned institution do test and certification. Please consider that UA is still very much "under construction." Please also note that we respect GOS' work, which is why we reached out to you half a year ago.
@vollaficationist I think that what @GrapheneOS means is:
Let's say UA exists, and what it does is certify OSs and provide a signature for secure boot or something like that. What happens if GOS or LineageOS or PostmarketOS fail their certification? What happens if that's because they decided the change they made to lose the certication was in the user's interest?
-
@danieldk
I would agree to the lower paragraph and add the following thought:
Maybe it would be wise to not let the only companies with privacy in the mind get divided. Arguments ad hominem are not very convincing.
@vollaficationist @celeduc @GrapheneOS @guilg @EUCommission @GrapheneOS@khw @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission Centralized remote attestation is diametrically opposed to privacy, since it makes projects vulnerable to pressure to weaken security & privacy, delay updates, etc.
AFAIK the support for remote attestation that is already provided in AOSP does not suffer from this issue, because there is not a single entity that enforces it (banks can whitelist signing key fingerprints).
So the only reason I can think of is control.
-
@khw @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission Centralized remote attestation is diametrically opposed to privacy, since it makes projects vulnerable to pressure to weaken security & privacy, delay updates, etc.
AFAIK the support for remote attestation that is already provided in AOSP does not suffer from this issue, because there is not a single entity that enforces it (banks can whitelist signing key fingerprints).
So the only reason I can think of is control.
@khw @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission This is not just a theoretical concern.
Some European countries border on autocracy. Imagine that this initiative is successful. An autocrat could pressure Volla et al. to only attest phones that have a chat backdoor under the thread of banning them from the market.
It is anti-privacy, anti-security, and anti-freedom.
