Privacy

4315 readers

163 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

Ategon@programming.dev

danielintempesta@programming.dev

GrapheneOS calls on privacy focused app developers to boycott European Unified Attestation (piunikaweb.com)

submitted 3 weeks ago by cm0002@libretechni.ca to c/privacy@programming.dev

24 comments fedilink hide all child comments

https://grapheneos.social/@GrapheneOS/116200110686604617

you are viewing a single comment's thread
view the rest of the comments

[–] freeman@sh.itjust.works 2 points 3 weeks ago (1 children)

Even GrapheneOS is not as insane to suggest ebanking should be restricted to locked down platforms.

EU should ban banks from requiring hardware attestation and other "security" excuses to refuse serving people.

[–] FG_3479@lemmy.world 1 points 3 weeks ago (1 children)

Hardware attestation verifies that the phone and the OS its running on are real and not an emulator or a fake malware laced version.

It ensures that you don't get your bank account stolen by a fake ROM with an infostealer inside.

[–] freeman@sh.itjust.works 2 points 3 weeks ago (1 children)

Hardware attestation verifies that the phone and the OS its running on are real and not an emulator or a fake malware laced version.

No, it verifies that the phone is running an approved OS. If the app developer does not add your OS' keys it will fail. This included GrapheneOS.

We have been web banking for decades on platforms without hardware attestation. The potential for anti-competitiveness abuse is not worth it.

It also does not protect the user. If your system is actually compromised they can simply replace the app, not allow it to run etc. I don't see how it protects the user if they chose to run an emulator, what exactly is the threat to the user there?

[–] FG_3479@lemmy.world 2 points 3 weeks ago

If someone injects malware into your GrapheneOS image then the attestation won't pass. That is how it works.