The pinning you are proposing, does it imply that there is again some certification of the "official" GrapheneOS, versus e.g. the user's own fork of GrapheneOS?

How would any of the existing proponents of remote attestation agree to anything like this, given what we consider abuse is exactly their reason of implementing it in the first place? Here, VW wants to stop use of the API by anything else than their App, in order to stop hobbyists and sell API access to commercial middle men. If the user could pin their own software's attestation or even register an arbitrary public key to cover updates, then the user would as well be able to code his own API client that just emulates the attestation. Is there any write up or discussion of the pinning you propose?

I am really not yet convinced how you want to counter the inevitable abuse that app developers and service providers will subject the user to if the OS security model gives them that kind of power over the user's end device.

I still am hoping that at one point they understand the full consequences of remote attestation. There are some signs they start to notice, but it's slow...

Comments URL: https://news.ycombinator.com/item?id=48563000

Points: 15

# Comments: 3

Of course, if that privacy risk came from them storing and selling your data, they happily accept that, you are right in that regard.

This is mostly a corporate problem of risk aversion in my opinion. Some department writes down a risk assessment with a list of miniscule risks, for example of some 3rd party app backend being hacked. Or just a headline "Tinkerer hacked his car to use with his home assistant" in the local press. This list circulates, and since nobody in the middle management wants to be responsible for anything, and there is no officially approved positive use case, draconian countermeasures are drafted and constructed one by one.

There is not even a USB-Bluetooth adapter that would enable LE Audio on Linux. (Besides the hacky ones that contain a full Bluetooth stack and present as USB-Audio, but those come with their own problems.)

See also https://grapheneos.social/@GrapheneOS/116200110686604617

https://www.heise.de/en/news/5-years-of-updates-Which-smartp...

"Operating system updates: From the date of end of placement on the market to at least 5 years after that date, manufacturers, importers, or authorised representatives shall, if they provide security updates, corrective updates, or functionality updates to an operating system, make such updates available at no cost for all units of a product model with the same operating system."

Note that I - as opposed to the posts parent - used an official trusted CA as an example.

TLS: I see your ID with some governments signature in your hand, I trust you to be you. EUDI: I see a note you wrote and I see some signed documents that you have just been to the government brain scanner, which attests you are not faking that note, and as a nice side effect the scanner scans other things in your brain, e.g. that you watch every advert diligently, send your current location regularly to your local police office and other things.

The problem is you are not creating a government issued single purpose device but you are confiscating something many user experience as a brain extension to be under the government's control as a whole.