Requiring authorized silicon (and software) isn't even the biggest problem here.

They do not use zero knowledge proof systems or blind signatures. So every time you use your device to attest you leave behind something (the attestation packet) that can be used to link the action to your device. They put on a show about how much they care about your privacy by introducing indirection into the process (static device 'ID' is used to acquire an ephemeral 'ID' from an intermediate server) but it's just a show because you don't know what those intermediary severs are doing: You should assume they log everything.

And this just the remote attestation vector, the DRM 'ID' vector is even worse (no meaningful indirection, every license server has access to your burned-in-silicon static identity). And the Google account vector is what it is.

Using blind signatures for remote attestation has actually been proposed, but no one notable is currently using it: <https://en.wikipedia.org/wiki/Direct_Anonymous_Attestation>

There are several possible reasons for this, the obvious one is that they want to be able to violate your privacy at will or are mandated to have the capability. The other is that because it's not possible to link an attestation to a particular device the only mitigation to abuse that is feasible is rate limiting which may not be good enough for them - an adversary could set up a farm where every device generates $/hour from providing remote attestations to 'malicious' actors.

In 1999, Intel received an absolutely massive amount of opposition when they decided to include a software-readable serial number in their CPUs, so much that they reversed the decision.

Then the "security" and Trusted Computing authoritarians continued pushing for TPMs and related tech, and contributed to the rise of mobile walled gardens. Windows 11's TPM requirements were another step towards their goal. The amount of propaganda about how that was supposed to be a good thing, both here and elsewhere, was shocking.

It turns out a significant (but hopefully decreasing) number of the population is easily coerced into anything when "security" is given as a justification.

The war on general-purpose computing continues, and we need to keep fighting.

Stallman was right, as always. Time to give his "Right to Read" another read. (If it hasn't been done already, an AI-generated short film of it would be a great idea...)

"Those who give up freedom for security deserve neither."

This is a really good thread on why this technology is becoming a problem for "open" anything. The argument "we can create our own separate web" is fine until all of your services are behind the web that locks you into owning a Google approved or Apple approved mobile device.

This is tyranny: making people powerless, afraid of each other, and submissive, per Aristotle's understanding.[1] The technological means are new, to be sure, but the social strategy is as old as civilization.

Mark my words. General purpose computing and private, direct communication are things too powerful for a tyrant to permit the people to have. The freedom we've enjoyed for the last several decades, to build what we want, to run what we want, to network with who we want, is not the default and will always be under attack. We had it for a little while by the generosity of the previous generation. It was not then, and is not now, and never will be free.

[1] https://www.perseus.tufts.edu/hopper/text?doc=Perseus:text:1...

It is possible to bypass Play Integrity on most devices (even at the "strong" level) using a sewing needle.

Specifically, you poke the data lines of the memory bus to induce bitflips, much like I described in https://www.da.vidbuchanan.co.uk/blog/dram-emfi.html

This is trickier if your device has the DRAM mounted directly on top of the CPU, but still possible - you'll need to do some BGA rework to get a wire soldered to one of the DQ lines.

Once you get a physical memory read/write primitive, you can start patching the kernel. Play Integrity does not detect this, since it only attests the state of the kernel at boot. I chose to patch out the permission checks related to ptrace, allowing me to inject frida-gadget into running apps, and to inject shellcode into pid 1.

The initial exploit is pretty unreliable, and usually takes a few reboots to hit. But once it lands, the device is pwned until the next reboot - like a "tethered jailbreak".

I tested this on a Samsung A06 because it was the cheapest device supporting Play Integrity I could get my hands on, but there's no fundamental reason it shouldn't work on any other device, including flagships. Some mitigations would require a different exploit strategy (e.g. memory encryption), but the fundamental flaw is still there.

Demo: https://bsky.app/profile/retr0.id/post/3mljtyauw322d

The EU Digital (identity) Wallet EUDI requires hardware attestation by Google or Apple, effectively tying all the digital EU identities to American duopoly. Talk about digital sovereignity. Apparently protecting the children > sovereignity.

https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...

I always say this when this topic comes up: remote attestation will be how our computing freedom dies. They've made it so that it doesn't even matter if they allow you to install whatever you want. Anything that isn't corporate owned is banned. Own your device? You "tampered" with it. You're banned. From everything. You're ostracized from digital society. You're not even a citizen, much less a second class citizen. Enroll your own keys? It doesn't matter. You're not trusted. You're a fraudster terrorist money launderer drug dealer pedophile.

While I am glad that people continue to struggle, that GrapheneOS continues to fight and speak out, these developments still fill me with a terrible sadness. The future is bleak. We inch ever closer to the complete destruction of everything the word "hacker" ever stood for. It's a deep loss.

Our civilization desperately needs a method to modify modern microelectronics after manufacturing that can be used at least in a well-equipped repair shop, and it needs it yesterday.

Alternatively, just make it illegal to ship any kind of initial bootloader as part of a CPU's/SoC's mask ROM in any computing device that is marketed as a general-purpose one. I.e. the first instruction that the CPU executes after reset must come from a storage device that is physically external to the CPU package.

It's amazing that we're letting the Google Apple duopoly completely decide who can and cannot use completely unrelated services.

Imagine getting banned from Google services for anti-google views and being unable to log into your bank account. We really should breakup the Alphabet.

Banking apps are the deal-breaker for me. I only do business with banks that offer alternative ways of securing transactions e.g. eTan / ChipTAN / PhotoTAN with a separate reader / generator (see https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbr...). This is probably a pretty European thing to do, but at least it avoids being locked in and being tracked.

I am reminded of the period when secure boot was being developed for PCs.

Microsoft certainly wanted to be the only company whose OS was allowed to boot with secure boot turned on.

Google should not be allowed to close the supposedly "open" ecosystem they created any more than Microsoft was allowed to.

What I've failed to understand in this whole Google reCAPTCHA discussion so far: How is this is even going to prevent bot usage and increase security? What's going to stop a bot farm in SE Asia from running a fleet of Android devices?

Partially apropos... There's a Heinlien quote that goes "When a place gets crowded enough to require ID's, social collapse is not far away. It is time to go elsewhere."

Which I think in this case may mean that I'm hoping an Apple or Google exclusive id system couldn't be ubiquitous enough to be required. But forethought doesn't seem to be modern man's strong suit.

The thread is a bit vague. Am I understanding correctly that GrapheneOS Foundation's objection isn't to attestation per se, but that they can't participate in Google-controlled attestation APIs? In other words, although GrapheneOS can be cryptographically attested, apps using Google Play Integrity won’t accept it because it isn't Google-certified/GMS-licensed?

Is it possible to dual-boot on android? It sounds defeatist but I no longer believe it’s possible to change course - the increasingly authoritarian governments, google and most moneyed interests are all on the same side, so it’s just a matter of when.

Being on the palantir-approved google ranch for the few Apps You Need + graphene (or some other alt OS) for everything else would be quite inconvenient, but still better than carrying two phones, which nobody wants to do.

It's so obvious to me states need to create a soul bound identity system, replace social security numbers with it, and then let everyone else use cryptography on top of that (which is now cheap when you don't care about sybil attacks) to do private stuff.

With all of the discourse around hardware attestation, digital ID, and age verification in recent weeks/months, is there actually any good solution to the problems these existing tools (Privacy Pass, WEI, Fraud Defense, uploading IDs) claim to solve? Are there open and privacy-preserving standards that can solve the problem of bots and minors? If not, what would be required to establish one, and is it realistic?

Businesses will do what businesses will do, but it seems to me having something to point to and saying "do this instead" is more effective than "this sucks and isn't even about security, don't do this at all" even though it's true.

The linked article only seems to cover Google and Android devices. Microsoft also have their take on this.

> "Microsoft Pluton security processor is a chip-to-cloud security technology built with Zero Trust principles at the core. Microsoft Pluton provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services."

https://learn.microsoft.com/en-us/windows/security/hardware-...

Check if there are local digital rights groups to your country/area. I just joined two I didn't even know about. Meeting up and talking with likeminded people is a great way to get motivation for bigger change.

I agree with Graphene's take here.

I've defended app attestation against baseless criticism, but this is a valid take.

The only nuance I would make is that hardware attestation as a technology isn't inherently anti-competitive but rather the way these companies implement it.

I would love to see a non-profit attestation service that publishes a list of allowed OS's, and roots that are deemed secure based on reality.

> Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc.

Isn't this a textbook case of an antitrust lawsuit? Y'know, with the whole ordeal with Windows/IE, I assume the court would find this as blatantly anticompetitive behavior.

I found this an approachable way to understand the problem: https://byteiota.com/hardware-attestation-monopoly-tool-2/

Heh, makes me laugh. just recently I was trying to get play protect 'certification' in a virtual machine took a bit of haggling and legitimately obtained samsung software to bypass it (and a 3 day gpt-5.5 /loop).

Google has proven time and time again that they don't want to make this technology fool proof and I severely doubt this will be any different.

Although I do agree that hardware attestation as a captcha is pure bullshit no matter the context.

What freedoms do we value ? freedom of speech, freedom of compute, freedom to own assets, to sell our work or give it away, bodily autonomy, freedom to travel, to read to learn ?

Amid the massive hype of the Web3 Crypto era, there was a kernel of useful innovation : that you can choose to have unique digital copies of things, and thus you can have a way of sending value that bypasses the middlemen, be they local thugs, bent politicians, violent regimes, benevolent dictators, or the dominant hegemony.

Having central big-Corp approve your content or sign your executable or take a vig on your sales, or license your hardware - these may be common, but are not a universal law of nature.

The internet itself is our best example of the value of technology open for all to use. Frankly, that is in danger.

Whether it is bogus age-checks in your OS, a hidden bios OS, or the move away from owning your own compute [ because the GPU / CPU and RAM are priced so high you have to rent them ], consumers need to pool resources and ensure open access.

Kudos to France for mandating a Linux OS for their public service workforce. Good on the Europeans for doubling down on renewables to insulate themselves from petrodollar volatility, and making sure portable devices have replaceable batteries.

Cory Doctorow has some great rants on enshizzification. Garys Economics YT channel has some great rants on why high inequality steals resources, see also Piketty.

The technocrats on this forum have an understanding of these measures the common person may not, and thus a moral obligation to weigh in on the issues and warn 'genpop'.

Resist, dont let the buzzkills wear you down.

Seems to me like Microsoft might be opposed to this duopoly and have pockets deep enough to fight it, right? For one, this would make their possible re-entry into the mobile space harder and more costly but I guess it'll inevitably become a standard that other providers could fulfill.

So basically, ReCaptcha should be spun off into a not-for-profit.

it's so great to see people boosting "security" in a way that also just happens to require locking in to big-tech approved apps that send all your data to big-tech so that they can deliver ads to you via your big-tech approved device using your big-tech approved os running your big tech approved browser showing your big-tech approved video platform with your big-tech approved content (oh, and also sends your data to your big-tech approved government)

I literaly switched away from banks whose apps dont work on GrapheneOS

How sad that I spent thousand dollars to buy the phone but can't own it at all. Hardware attestation is like having a CCTV in my device, reporting everything to the company. If I want to use safer OS, then I will be excluded by the digital society cuz most app don't support it...

I'm surprised there aren't more HNWs supporting GrapheneOS. Seems like the Venn diagram of rich people and techies who care about this would have quite some overlap, and Graphene, despite its many faults, is doing a lot of groundwork in this space

Man I hate threads like this, they grt interrupted by comments and the cadence is all weird because of the character limit

This is exactly why is legislation like the Digital Markets Act needed.

> Google's reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems

I wonder if we'll get something similar happening with cloudflare

It is definitely a monopoly enabler. But also a threat to speech. You can only participate online if you have attested hardware. And that hardware will be tied back to you. It’s another threat to privacy like age verification laws.

How does this work ? I am not sure I understand it.

Patents and copyright were the original form of monopoly. As long as software is not open source, it is by definition a monopoly

Taken a step further, we could be heading for a world where if you don't run the Dictators approved device including all of its spyware, you're locked out of everything.

I'm sure this will happen in non-free countries quickly if Hardware Attestation becomes commonplace to access basic services.

> It doesn't provide a useful security feature, but it does lock out competition very well.

This seems to presuppose that service providers using reCAPTCHA are either clueless idiots or actively expending resources and lowering their conversion rates to support the supposed Google/Apple duopoly. That does not strike me as a plausible claim.

To think I'm gonna live in a cross-state totalitarian world

I mean sure Google & Apple are evil, but don't we all need some evil in our lives, EU citizens doesn't matter we love the evil and honestly we enjoy it.

What can't we do for these two companies we will beg, we will bend, we might even consider grovelling as long as the evil is around, to help us find the greater evils in the world. That is, the people we don't like, might be the bad guys today, but just don't worry you will be the bad guy too, just wait until the bad guys get into power...

I haven't read the hobbit or lord of the rings but man if this isn't greed corrupting all men then I don't know what is.

I feel sick of all this, I might really just move out and live the rest of my life out on the farm somewhere.

Observations:

1) Only law can fix this. Anybody (looking at you ancaps) telling you "if you don't like it, start a competitor" doesn't understand how the economy and network effects work.

2) The general population is a combination of not caring and not even being smart enough to be able to understand. If everyone votes on everything (like most "democracies" where you vote for parties), bigger issues like healthcare, abortions, LGBT will dominate and everything else is noise.

3) People who don't know what public-private crypto or zero-knowledge proofs are shouldn't be allowed to vote on issues where these are relevant factors.

4) We need to fix voting so people can vote on only the stuff they care about and only the stuff they are actually informed about. This works in small teams of highly competent people - at work or in FOSS - and only when they have the same goals. Politics is by nature adversarial and I don't know how to fix this.

Miss that monopoly busting of yesteryear. The elephant in the room is that private forces who do not have public good in mind have gotten way too powerful to the detriment of everybody's well-being. Everybody's except the state's surveillance wings.

Break them up. Break them up. Break them up.

I can barely read this, somethong supposedly this serious, would be much better as a single page, a cogent, actual article.

These kind of things just make me want to use Graphene even more, or literally any platform that isnt the monopoly ones. Somehow I think AI and vibecoding, even if it may sound as an unpopular opinion, will allow people to build free ecosystems and actually usable devices that dont rely on the usual providers.

Being able to cut out abuse from things like cheaters is too useful of a tool for developers to give up. The big problem here as mentioned in the thread is that the light of approved hardware is not based off of security of maintaining security of the attested application but upon Play services licensing.

The best workaround for now is -as the solution is always to change these regulations not the technical workarounds- is to have a secondary smaller phone that has the sim card, google botnet services, etc., and use that for any verification needed or login to banks or whatever, and keep this device turned off in your house so they don’t track you too and use it where needed. That while also pressuring web services not to use recaptchas and similar invasive services.

Not to rain on the parade, but doesn't GrapheneOS only works on Google Pixel devices? I mean, that's still in the Google jail on a physical level, even if they swap out the software.

There are a number of technological / legal hybrid policies developing that come at the very jugular vein of computing freedom - the notion of a “general purpose” computer itself. OS level identity / age verification, hardware attestation, walled garden app signature requirements. All evincing the same aim.

Ironically, the other top article on HN right now is CVE-2024-YIKES.

You can't have the cake and eat it too. Maybe we need to close some doors, especially if the barrier for publication is literally just a couple of prompts and uploading the result to distributor like npm or play store.

I agree hw attestation is net negative when forced upon end users. OTOH, when service providers use it, it results in transparency to end users [1] so it's really about how it is used.

[1] https://bmail.ag/verify

Well there you have it.

> Governments are increasingly mandating using Apple's App Attest and Google's Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them.

Even the "beloved" EU government is also in on it as well as banking apps are pushing for this too. They do not care about you and the so-called "Open Web" is already dead on arrival.

[0] https://grapheneos.social/@GrapheneOS/116551068177121365

Asymmetric cryptography and its consequences have been a disaster for the human race. I’m not even joking all of the centralization of power and the rise of totalitarianism tech is driving is downstream from asymmetric cryptography.

[dead]

[dead]

[dead]

[dead]

[flagged]

Mark my words: in ten years from now on, the Chinese web will be more free and open than any Western country.

This was a wild ride, what an adventure. So many moving pieces, this really is just one big house of cards.

It's still not too late. With the help of Claude et. al, we can make a truly open mobile OS from ground up. We can make an app translater that can translate Android and iOS apps to our OS. We can make deals with manufacturers to start shipping phones with this OS. We have the will, there's enough of us on this site to make an impact. All ee need is good leadership. Please somebody with enough clout step up.

It seems to me that comments here are reading this as saying attestation is bad, when the real argument is that attestation should explicitly provide a path of inclusion for non-Apple and Google providers.

The headline seems to make the statement that Apple and Google are evil and doing this for monopoly lock-in, and GrapheneOS, a competitor, will stand for the people against that. But given their final counterpoint is that they should have been included too and they rant about being rejected from Google's Play Integrity API for unclear reasons they claim are malicious, it seems they do acknowledge there's security value here: we do critically need for full-chain-of-signature attestations for critical identity data, the only way to avoid someone using AI to create fraud identities trivially.