Hardware Attestation as Monopoly Enabler

ChuckMcM

This is a really good thread on why this technology is becoming a problem for "open" anything. The argument "we can create our own separate web" is fine until all of your services are behind the web that locks you into owning a Google approved or Apple approved mobile device.

ls612

Asymmetric cryptography and its consequences have been a disaster for the human race. I’m not even joking all of the centralization of power and the rise of totalitarianism tech is driving is downstream from asymmetric cryptography.

rvz

Well there you have it. > Governments are increasingly mandating using Apple's App Attest and Google's Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them. Even the "beloved" EU government is also in on it as well as banking apps are pushing for this too. They do not care about you and the so-called "Open Web" is already dead on arrival. [0] https://grapheneos.social/@GrapheneOS/116551068177121365

grishka

Our civilization desperately needs a method to modify modern microelectronics after manufacturing that can be used at least in a well-equipped repair shop, and it needs it yesterday. Alternatively, just make it illegal to ship any kind of initial bootloader as part of a CPU's/SoC's mask ROM in any computing device that is marketed as a general-purpose one. I.e. the first instruction that the CPU executes after reset must come from a storage device that is physically external to the CPU package.

mattmaroon

So basically, ReCaptcha should be spun off into a not-for-profit.

acgourley

It's so obvious to me states need to create a soul bound identity system, replace social security numbers with it, and then let everyone else use cryptography on top of that (which is now cheap when you don't care about sybil attacks) to do private stuff.

rasengan

I agree hw attestation is net negative when forced upon end users. OTOH, when service providers use it, it results in transparency to end users [1] so it's really about how it is used. [1] https://bmail.ag/verify

CharlesW

The thread is a bit vague. Am I understanding correctly that GrapheneOS Foundation's objection isn't to attestation per se, but that they can't participate in Google-controlled attestation APIs? In other words, although GrapheneOS can be cryptographically attested, apps using Google Play Integrity won’t accept it because it isn't Google-certified/GMS-licensed?

SilverElfin

It is definitely a monopoly enabler. But also a threat to speech. You can only participate online if you have attested hardware. And that hardware will be tied back to you. It’s another threat to privacy like age verification laws.

iamkrazy

It's still not too late. With the help of Claude et. al, we can make a truly open mobile OS from ground up. We can make an app translater that can translate Android and iOS apps to our OS. We can make deals with manufacturers to start shipping phones with this OS. We have the will, there's enough of us on this site to make an impact. All ee need is good leadership. Please somebody with enough clout step up.

comandillos

These kind of things just make me want to use Graphene even more, or literally any platform that isnt the monopoly ones. Somehow I think AI and vibecoding, even if it may sound as an unpopular opinion, will allow people to build free ecosystems and actually usable devices that dont rely on the usual providers.

gibbsrich

This was a wild ride, what an adventure. So many moving pieces, this really is just one big house of cards.

miohtama

The EU Digital (identity) Wallet EUDI requires hardware attestation by Google or Apple, effectively tying all the digital EU identities to American duopoly. Talk about digital sovereignity. Apparently protecting the children > sovereignity. https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...

revolvingthrow

Is it possible to dual-boot on android? It sounds defeatist but I no longer believe it’s possible to change course - the increasingly authoritarian governments, google and most moneyed interests are all on the same side, so it’s just a matter of when. Being on the palantir-approved google ranch for the few Apps You Need + graphene (or some other alt OS) for everything else would be quite inconvenient, but still better than carrying two phones, which nobody wants to do.

GeekyBear

I am reminded of the period when secure boot was being developed for PCs. Microsoft certainly wanted to be the only company whose OS was allowed to boot with secure boot turned on. Google should not be allowed to close the supposedly "open" ecosystem they created any more than Microsoft was allowed to.

yowo

I literaly switched away from banks whose apps dont work on GrapheneOS

coppsilgold

Requiring authorized silicon (and software) isn't even the biggest problem here. They do not use zero knowledge proof systems or blind signatures. So every time you use your device to attest you leave behind something (the attestation packet) that can be used to link the action to your device. They put on a show about how much they care about your privacy by introducing indirection into the process (static device 'ID' is used to acquire an ephemeral 'ID' from an intermediate server) but it's just a show because you don't know what those intermediary severs are doing: You should assume they log everything. And this just the remote attestation vector, the DRM 'ID' vector is even worse (no meaningful indirection, every license server has access to your burned-in-silicon static identity). And the Google account vector is what it is. Using blind signatures for remote attestation has actually been proposed, but no one notable is currently using it: < https://en.wikipedia.org/wiki/Direct_Anonymous_Attestation > There are several possible reasons for this, the obvious one is that they want to be able to violate your privacy at will or are mandated to have the capability. The other is that because it's not possible to link an attestation to a particular device the only mitigation to abuse that is feasible is rate limiting which may not be good enough for them - an adversary could set up a farm where every device generates $/hour from providing remote attestations to 'malicious' actors.

TZubiri

Ironically, the other top article on HN right now is CVE-2024-YIKES. You can't have the cake and eat it too. Maybe we need to close some doors, especially if the barrier for publication is literally just a couple of prompts and uploading the result to distributor like npm or play store.

thecatapps

With all of the discourse around hardware attestation, digital ID, and age verification in recent weeks/months, is there actually any good solution to the problems these existing tools (Privacy Pass, WEI, Fraud Defense, uploading IDs) claim to solve? Are there open and privacy-preserving standards that can solve the problem of bots and minors? If not, what would be required to establish one, and is it realistic? Businesses will do what businesses will do, but it seems to me having something to point to and saying "do this instead" is more effective than "this sucks and isn't even about security, don't do this at all" even though it's true.

minraws

I mean sure Google & Apple are evil, but don't we all need some evil in our lives, EU citizens doesn't matter we love the evil and honestly we enjoy it. What can't we do for these two companies we will beg, we will bend, we might even consider grovelling as long as the evil is around, to help us find the greater evils in the world. That is, the people we don't like, might be the bad guys today, but just don't worry you will be the bad guy too, just wait until the bad guys get into power... I haven't read the hobbit or lord of the rings but man if this isn't greed corrupting all men then I don't know what is. I feel sick of all this, I might really just move out and live the rest of my life out on the farm somewhere.