HackerLangs
TopNewTrendsCommentsPastAskShowJobs

summm

1,259 karmajoined 9 tahun yang lalu

Submissions

Curb impacts of AI on programming to maintain EU sovereignty

draketo.de
1 points·by summm·kemarin dulu·0 comments

Mozilla Added Google Play Integrity to Firefox for Android

bugzilla.mozilla.org
18 points·by summm·24 hari yang lalu·3 comments

comments

summm
·7 hari yang lalu·discuss
Can you recommend some?
summm
·9 hari yang lalu·discuss
I think Meneth was basically correct but a bit imprecise: Boot integrity itself is only user respectful as long as the user can freely decide and change the integrity reference values, without consequences to the latter usefulness of their system. But attestation (based on boot integrity) as a principle directly contradicts "respect user ownership". This is not a question of technical feasibility, but of principle. Attestation is directed against users. The main purpose of attestation is to make sure that the local user can be forced to use a specific software (and not run other software at the same time that could influence this specific software) to access a certain remote service. Remote attestation means by definition "vendor lock", in that the vendor and their contractual partners lock and control the device's software. Therefore an attestation model that fully respects the user simply cannot exist.
summm
·10 hari yang lalu·discuss
So now you have the choice between two approved ROMs. Not a lot of improvement? And as soon as GrapheneOS implements something beneficial to the users that the government does not like, the approval will be taken back. That's also why GrapheneOS will probably not even think about doing that. So you want some OS functionality neither Google nor Graphene offer, you're, again, out of luck. CA is something completely different, and much more limited in what can be centrally controlled. Everybody can go to a CA, get a certificate for their domain, and use it with any server software, even with software they compiled themselves.
summm
·11 hari yang lalu·discuss
No, this would just require a publicly verifyable signature of the software, and the user would just choose to have their operating system verify it. No remote attestation or other hand-over-your-controls necessary.
summm
·11 hari yang lalu·discuss
Nope. It is still not possible to give someone else (the government, or the bank) control over your phone while at the same time run software that you alone control with higher privileges. Please don't mix that up with "is practically hard to implement because of sloppy code. Also your attacker model is still "occasional evil government agency or evil private corporation wants to crack and read your messages", while what is discussed here is more fundamental "evil government or abusive corporation controls your phone in the first place, and can just remote control it you can't use really secure apps"
summm
·23 hari yang lalu·discuss
My opinion: Any kind of attestation that is delivered to a non-user-controlled server about the state of a user's end device that the user (possibly using means outside of the end device) cannot change will be abused, e.g for anti-competitve purposes. I am hearing lots of arguments that grapheneOS is more secure (it is) and should therefore be included in remote attestation.

The pinning you are proposing, does it imply that there is again some certification of the "official" GrapheneOS, versus e.g. the user's own fork of GrapheneOS?

How would any of the existing proponents of remote attestation agree to anything like this, given what we consider abuse is exactly their reason of implementing it in the first place? Here, VW wants to stop use of the API by anything else than their App, in order to stop hobbyists and sell API access to commercial middle men. If the user could pin their own software's attestation or even register an arbitrary public key to cover updates, then the user would as well be able to code his own API client that just emulates the attestation. Is there any write up or discussion of the pinning you propose?

I am really not yet convinced how you want to counter the inevitable abuse that app developers and service providers will subject the user to if the OS security model gives them that kind of power over the user's end device.
summm
·23 hari yang lalu·discuss
The GrapheneOS supporters are not on our sides, apparently. The seem to actually like remote attestation. They just don't like that they are not in on Play Integrity. But what is won if attestation includes official GrapheneOS releases but would still otherwise be exactly the same evil stuff that takes control of the user's device?

I still am hoping that at one point they understand the full consequences of remote attestation. There are some signs they start to notice, but it's slow...
summm
·bulan lalu·discuss
Depends. In some sense EU companies are quite afraid of the GDPR. Privacy is used in a twisted way in that argument: if any privacy relevant data is exposed to another party, and there is any incident down the line, they fear they could be made responsible. So they to block you as a user to access your own data.

Of course, if that privacy risk came from them storing and selling your data, they happily accept that, you are right in that regard.
summm
·bulan lalu·discuss
They already add cryptographic authentication to some CAN messages, so you can't change them. It is only a matter of time until they add encryption.

This is mostly a corporate problem of risk aversion in my opinion. Some department writes down a risk assessment with a list of miniscule risks, for example of some 3rd party app backend being hacked. Or just a headline "Tinkerer hacked his car to use with his home assistant" in the local press. This list circulates, and since nobody in the middle management wants to be responsible for anything, and there is no officially approved positive use case, draconian countermeasures are drafted and constructed one by one.
summm
·2 bulan yang lalu·discuss
Only "open" in a twisted sense, and definitely not user-controlled: Remote attestation per definition means to accept only pre-approved operating systems. If anybody builds an implementation, regardless whether it is aosp-compliant or not, this will be excluded, until the App developer or someone in the chain explicitly approves that implementation. That is the whole purpose of that technology. Including GrapheneOS in that pre-approved list just shifts power from Google and the App Developer to GrapheneOS Developers and the App Developer. Nice for GraphenOS, still bad for users and devs of any other OS variant or platform.
summm
·3 bulan yang lalu·discuss
Their security model requires remote attestation. So, open, user-controlled platforms cannot be used. Of course some other future locked-down linux-based OS might be usable.
summm
·3 bulan yang lalu·discuss
Another "blog" that doesn't even offer an RSS or Atom feed...
summm
·4 bulan yang lalu·discuss
Yeah but many devices still do not support it, and if they support it, then badly, or they hide it.

There is not even a USB-Bluetooth adapter that would enable LE Audio on Linux. (Besides the hacky ones that contain a full Bluetooth stack and present as USB-Audio, but those come with their own problems.)
summm
·4 bulan yang lalu·discuss
In other news: "Unified Torment Nexus: open-source alternative to Google Torment Nexus"

See also https://grapheneos.social/@GrapheneOS/116200110686604617
summm
·4 bulan yang lalu·discuss
Microwaves are a bad example. The cheaper ones are white labels basically all made in the same factory in China. The customer has no way to know if the slightly more expensive one is actually more durable or, much more likely, just the same, but generates more profit for the intermediaries. In this situation it is wiser to get the cheaper one.
summm
·4 bulan yang lalu·discuss
Motorola omitted a magnetometer in some of their models. This was especially heinous as the "compass needle" can be emulated to some degree by fusion if gps and rotation/acceleration sensors, so the user wouldn't immediately notice the total lack of a compass. Since then I am always wary of what seemingly essential part of a phone they will omit this time...
summm
·4 bulan yang lalu·discuss
In fact Motorola did the opposite: they recently announced that in their opinion they found a loophole in the EU ecodesign regulation that they will exploit in order to not provide updates for some of their cheaper phone models. After that, why would anyone trust any of their promises for other models?
summm
·4 bulan yang lalu·discuss
Motorola, the one company that still tries to evade the EU ecodesign regulations? Other vendors just provide the required 5+ years of updates, but Motorola loudly and publicity announced that they saw a loophole in the wording and would use it as an excuse to not provide updates for some models. This is despicable and worthy of a boycott.

https://www.heise.de/en/news/5-years-of-updates-Which-smartp...

"Operating system updates: From the date of end of placement on the market to at least 5 years after that date, manufacturers, importers, or authorised representatives shall, if they provide security updates, corrective updates, or functionality updates to an operating system, make such updates available at no cost for all units of a product model with the same operating system."
summm
·5 bulan yang lalu·discuss
They actually already do in the EUDI wallet reference implementation. There, as this is part of a more general ID system, they probably want to avoid that people duplicate or export IDs. In case of a privacy preserving age check, the fear could be that a copied private key could be enough to generate unlimited age proofs, indistinguishable from the original app instance. In another thread someone gave an even lazier argument: the eudi wallet requires hw backed keys by law regardless, and the laziest implementation would be device attestation...
summm
·5 bulan yang lalu·discuss
At least that establishes that you don't care about civil rights :|