Estec
WeAreFairphone
GrapheneOS@WeAreFairphone If there has to be a system for controlling which devices and operating systems people are allowed to use for running banking and government apps, it shouldn't be run by for-profit companies with massive conflicts of interest. They're going to permit their own products regardless of how insecure those are which will lock out competition. It's not a positive thing because European companies are doing it. If it has to be exist it needs to be neutral and fair, not this.
alsi@GrapheneOS @WeAreFairphone Just a quick question: Will GrapheneOS be installable on the Fairphone?
@alsi @WeAreFairphone No, GrapheneOS will not be available for Fairphones due to their devices not meeting our requirements for updates and hardware-based security. Fairphones don't keep up with Linux kernel, firmware, driver and Android updates. They're missing important hardware security features we use to protect users. They've shown no interest in addressing the major security weaknesses. See https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private for more details including links to relevant third party expert coverage.
ASHHave you two met? Or do you require an id to talk to eachother?
The child safety stuff is frustrating beyond belief
@fartwithfury @WeAreFairphone @EUCommission We've talked to the EU Commission about the Play Integrity API multiple times but nothing was achieved so far. Now there's another awful system for it being pushed by companies in the EU which we're going to need to fight against too. They have a lot more connections than we do in European governments. /e/ has received millions of euros of funding from the EU which they use to make products for their for-profit company to sell.
@GrapheneOS @WeAreFairphone Why should there be any restriction on the app and the OS people use when accessing any service whether bank or something else? This seems like a perfect excuse to lock down users, it is bad regardless who controls it. Security should not rely on restricting the user freedom.
@avron @WeAreFairphone Security doesn't rely on it but these banks and governments think it does. If there has to be a system to satisfy them, it should be neutral and fair with specific security requirements which are enforced equally. It should not have special cases for companies running the system which is exactly what Unified Attestation is implementing to permit their own products while excluding others for a competitive advantage. Unified Attestation is no better than Play Integrity.
Ron RevogWhy aren't you part of this initiative? You could contribute your expertise. Is confrontation and attack really the best way to deal with this? Your priority is security and data privacy. Acceptable. Others, however, place more value on fairness, better repairability, long live support, European standards or similar things. Work together. Why so sensitive?🫤
@RonRevog @WeAreFairphone There's nothing fair about the underhanded business tactics of Murena and iodé including years of still ongoing campaigns to mislead people about what GrapheneOS provides to sell more of their products. They definitely don't provide better long term support than 7 years of decent updates. They don't provide decent updates from the beginning and it substantially worse over time.
What do you mean by European standards? Does that include Jolla's partnership with Putin?
@RonRevog @WeAreFairphone These companies have no place dictating which operating systems can be used on devices.
It's not valid for companies to come together to make a system which bans other operating systems from using apps.
They do not get to impose terms on us where we have to comply with those or apps disallow GrapheneOS. It's textbook anti-competitive collusion.
Unified Attestation is illegal anti-competitive collusion and they don't have the resources to get away with it like Google.
Sorry that sounds for me like.
Only Google do that thing. Now others don't like that and say: We don't like, that only Google can do that thing. Come on, lets work together, that we can do such things.
And now comes you, jumps angry around and cries: You ugly, bad, unfair, unsecure people. Don't do that thing that only Google can do. It's bad enough when Google do it. We don't allow it. We will fight against you (not against google).
And the apps of companies that use that google thing say. Ok there's only google who has such a thing. Sorry we can only use google.
And the user says. I can only buy smartphones with this google thing, because the apps of companies use the google thing and we has no alternatives.
Is that correct?
@RonRevog @WeAreFairphone No, those are outrageously false claims. Unified Attestation is nothing more than a wrapper around Android hardware attestation where a centralized service permits using insecure products from these companies while not allowing anything else including GrapheneOS.
Android hardware attestation works fine without a centralized service run by for-profit companies permitting their own products and disallowing others. What place do these companies have choosing what is okay?
@GrapheneOS @WeAreFairphone
I don't think that's the goal. Because it would be easy for you to get part of this or insn't it?
I know, you don't want. But you could. That would be a poor try to kick you out of the market.
I don't think that's the goal. Because it would be easy for you to get part of this or insn't it?
I know, you don't want. But you could. That would be a poor try to kick you out of the market.
@RonRevog @WeAreFairphone Multiple companies involved in it have been incredibly hostile towards GrapheneOS and they've defined the system as being these companies approving each other. We weren't given any notice about it or invitation to participate. We won't participate in giving control of app compatibility for GrapheneOS to companies hostile towards us regardless. We're going to put a large amount of effort into deterring adoption and if it comes to it we'll file a lawsuit against them.
@RonRevog @WeAreFairphone If any important app adopts this system and GrapheneOS isn't permitted by the app, we'll file a lawsuit against Volla, Murera and iodé. We're confident they'll lose because this anti-competitive cartel is blatantly illegal. They cannot impose any requirements on us to participate in order to avoid having GrapheneOS banned by their system being pushed for adoption by banks and government apps. That's a clear violation of anti-competition laws around the world.
HybridStaticAnimate@RonRevog @GrapheneOS @WeAreFairphone
No, that is not correct.
Its more like;
"Google does very bad illegal unethical thing, others dont like that and say 'cmon, lets work together and make our own very bad illegal unethical thing'.
Now comes GrapheneOS, stands up and says 'These companies lie, they are unfair, they are insecure, and they only want profit. They are making something illegal. Dont do the same thing google does, we already have enough trouble fighting that and we dont want our progress reset, or worse, to be worse off than when we started. We wont allow it, we will fight to stop this unethical practice.'
And the apps that companies use, that also use the play integrity thing say nothing, because they wont have another anti competitive feature. And GrapheneOS can continue working to get these apps to support generic attestation as they have done for many apps before."
@RonRevog @GrapheneOS @WeAreFairphone
Confrontation and attack would be a very mean thing to do. They havent chosen that path. They have chosen to defend themselves and call out an anticompetitive practice that violates the law. These companies do not care about fairness in the slightest. The idea of unified attestation, at its fundamental level, is to eliminate fairness. GOS stands nothing to gain by working with scammers and grifters who have harassed and attacked them for years.
They also do not care about long device lifetimes and that is reflected in their updates. An iphone or pixel with 7 years of support is far better for the environment than these devices with barely any support time and needing to be replaced much sooner if not *the second you receive it*.
If you call defending themselves from an attack "sensitive", Id hate to see what is warranted in your eyes.
Xtreix@RonRevog @GrapheneOS @WeAreFairphone The Unified Attestation initiative is an attempt to create a cartel, no way ! The Play Integrity API only is already a problem, we don't want an alternative that does the same thing !
https://infosec.exchange/@metr0pl3x@grapheneos.social/116211955965368069