A new European initiative dubbed UnifiedAttestation aims to build a free and open-source alternative to Google’s Play Integrity checks. The initiative is backed by smartphone maker Volla, while other partners include /e/OS maker Murena and the team behind iodé OS. The feature will be distributed under an Apache 2.0 license.
Open source DRM is still DRM
this old initiative could help: browsers
This older initiative can help: Pay cash for everything
this older initiative can help: dont pay
Right? Why put all these apps with extra trackers on your shit anyway?
This is what I used to do until my bank stopped supporting Zelle on the mobile website.
GrapheneOS is not a fan of this.
Jeez. They really don’t. And, I guess they shouldn’t. Their stance is that device certification shouldn’t be necessary in the first place which I agree with considering this is not done for computers (don’t do this tech bro shitheads).
Grapheneos are also against allowing users root access, which is fine on PCs.
Are they, or are they against GrapheneOS itself supporting it?
Those are different. GrapheneOS exists to be security-hardened and usually should choose security over utility where there’s a conflict.
They arebgwnweally against root, as it “breaks security” in their mind.
Nevermind that all systems, everywhere, have root for some account/some account is root.
It breaks their sandboxing model, which limits the impact of malicious/compromised apps.
To be clear, I’m not arguing against root here. I daily a rooted phone, and I believe if it’s impossible to get root on something, it isn’t really yours. You can get root on GrapheneOS; they just discourage it because they’re strongly focused on security.
They’re right. If a bug in AdAway, which needs root to write /etc/hosts caused it to fetch and execute malicious code, the malware could do anything I can do to my device. The scenario is plausible; it routinely fetches blocklists, and I imagine a sophisticated enough attacker could compromise the delivery mechanism.
I don’t worry about that scenario because it’s unlikely that kind of attacker will target me. GrapheneOS is meant for people who do have to worry about that kind of thing.
Actually i have been thinking about it and i do believe that it should be done for computers, actually. Like, an attacker could super easily steal your login credentials when they get 10-15 minutes with your computer once. They could do that by booting a custom OS, modifying some of your operating system’s system files to install a keyboard tracker or sth, and then just wait for you to enter your password.
I believe it’s actually why some banks i know don’t allow login anymore if you’re not using their Android apps to verify the login.
Secure boot for PCs has been a thing for a long time now. Many Linux distributions support it.
Yea, i know no bank that allows login in browser with only basic auth. All use some proprietary 2FA app with fancy QR codes (colour pixel or similar). Funnily, many banks then offer SMS based 2FA in order to restore…
Like make hard and secure login but reset option is old SMS thingy spoofable since… ever?
Bank apps are the worst. So much SMS 2FA. Faux security. Fuck banks.
Ally, capital one, chase support browser login with basic auth, and sometimes SMS 2fa. I’ve never used a mobile bank app
doesn’t work for me. i have to request paper letter sent to my home address with the new password, which i have to change after the first login.
At this point it’s like an unwritten rule of the internet that every GrapheneOS account comment chain will eventually regress into cooker conspiracy theories about other privacy ROM projects. And I still have no idea why Micay has started lumping iodé in with them, because I have been following that project closely for many years and no one there gives a shit about GrapheneOS. As in, they literally do not talk about Graphene (or any other projects, for that matter). They never compare themselves to GrapheneOS, on security or anything else. It’s the most bizarre, one-sided internet war.
Because that dude is nuts. He does a disservice to graphene PR anytime he speaks.
The Graphene devs and user base behave like a cult
And I still have no idea why Micay has started lumping iodé in with them, because I have been following that project closely for many years and no one there gives a shit about GrapheneOS.
I don’t know, but it seems to me that you might have a rather good guess as to why right there.
As in, they literally do not talk about Graphene (or any other projects, for that matter).
???
It’s quite common for people to feel hurt when they feel ignored.
As much as I enjoy GrapheneOS, when I hit that part of the chain, I close out. I’m tired of hearing how <insert OS flavor> has attacked GrapheneOS. They used to @ everyone in matrix for it asking for backup, which is why I’m not in their rooms now.
Namely,
Having a European version of the Play Integrity which permits people to use insecure products from specific European companies participating in it while disallowing using arbitrary hardware or software is the opposite of a solution. It’s more of the same anti-competitive garbage.
Hate to say it but he’s probably right.
Yeah whatever. They are their own bubble.
They’re not wrong though
They are if banks don’t allow their apps to be functional on grapheneos.
I have never had an issue with banking apps so long as exploit compatibility mode is enabled for them.
deleted by creator
I appreciate the effort but my banking apps still rely on 2FA through SMS. They aren’t interested in implementing a technology that is more secure or even one that is different than what they have already, especially for a fraction of a fraction of a fraction of their user base.
I appreciate the effort but my banking apps still rely on 2FA through SMS.
And you trust them with your money!?!
Fair point but I am not going to do all my shopping exclusively out of catalogs and mail in my payment with cash.
Its a shitty situation but short of government regulation (ha) nothing is going to change.
Are there no other banks in your area?..
Yes and as far as I can tell, they all have that as their system. Also the changing of the password every quarter which has proven to actually decrease password security and increase password reuse.
I should say, if anyone knows a bank with proper modern online security protocols I am willing to listen.
I should say, if anyone knows a bank with proper modern online security protocols I am willing to listen.
I’m personally quite fond of Wise.
Seriously, this shit should be illegal already
