VollaficationistFeb 25

RE: https://mastodon.social/@fsfe/116131145887510612

@volla has initiated the industry consortium #UnifiedAttestation for an open-source alternative to Google Play Integrity. That will be a game-changer. All major European OS producers are joining. We have a golden opportunity now to boot out Google.

Show threadGrapheneOSMar 18

@vollaficationist @volla Unified Attestation is the direct opposite of keeping Android open. It's an anti-competitive centralized system putting Volla and other companies selling devices working with them in control of which devices and operating systems people are allowed to use. It's the direct opposite of open. There's nothing neutral or fair about companies approving using their products while disallowing others. Unified Attestation needs to be stopped.

https://grapheneos.social/@GrapheneOS/116239523775374959

Show threadVollaficationistMar 18
@GrapheneOS Which companies are "disallowed" to partake in #UnifiedAttestation? You have formally and informally been cordially invited. As are any and all other OS manufacturers. Please, let's ease the tone. What about a constructive talk? I believe we should support one another wherever possible and meaningful. Considering the vast market potential, we have all much to gain. Some will choose GOS, some VOS, etc. It's a big cake. Let's ditch Google - unified. Good day!
Show threadGrapheneOSMar 18
@vollaficationist Unified Attestation includes multiple companies hostile towards GrapheneOS. They've spent years misleading people about GrapheneOS and making attacks on our team. Unified Attestation gives them veto power over app compatibility on GrapheneOS. It puts them in a position where they can harm GrapheneOS with unreasonable requirements and disingenuous concerns to reduce app compatibility. It's also clearly an illegal anti-competitive cartel and participating wouldn't be legal.
Show threadGrapheneOSMar 18
@vollaficationist Unified Attestation is nothing more than an anti-competitive power grab via a centralized service sitting on top of Android hardware attestation. There has yet to be any valid explanation for why this has been created. It would be entirely possible to have neutral organizations certifying devices and publishing those certificates as signed data usable with Android hardware attestation. There's no valid reason to have a centralized service under the control of these companies.
Show threadVollaficationistMar 18
@GrapheneOS This is currently being discussed. Nothing is written in stone. One way is to have an independent third-party highly renowned institution do test and certification. Please consider that UA is still very much "under construction." Please also note that we respect GOS' work, which is why we reached out to you half a year ago.
Show threadGrapheneOSMar 18
@vollaficationist GrapheneOS won't participate in any system which requires us to delay our releases while waiting for certification. That's inherently anti-security and is completely unacceptable. We also won't give any companies or organizations veto power over app compatibility on GrapheneOS. It's a horrible idea and we're not going to let it happen. We won't participate and we'll file a lawsuit over the fact GrapheneOS is being banned by companies selling products threatened by GrapheneOS.
Show threadGrapheneOSMar 18
@vollaficationist The EU has been passing laws working towards banning end-to-end encryption and secure devices. It's completely unacceptable to have an EU-based system controlling which hardware and software is allowed to be used. GrapheneOS is not going to participate in bringing about our own downfall through helping to build or legitimize a system which could be used by EU governments to ban GrapheneOS. Play Integrity API should be banned rather than giving it legitimacy making another one.
Show threadGrapheneOSMar 18

@vollaficationist Android hardware attestation can already be used to permit arbitrary roots of trust and arbitrary operating systems. There's no need for a centralized system based in Europe built on top of it.

It would be better if root-based attestation didn't exist because it's fundamentally insecure for anything serious and primarily useful for anti-competitive and authoritarian purposes. Pinning-based attestation is what's useful for protecting users rather than controlling people.

Show threadGrapheneOSMar 18
@vollaficationist We've been actively fighting against the Play Integrity API for years and now. Unified Attestation is another anti-competitive system very similar to it. We're absolutely going to fight against it as much as we have been against the Play Integrity API. Android hardware attestation is an issue itself due to being primarily designed around root-based attestation. We convinced them to add proper pinning-based verification support to make it a real security feature for our usage.
Show threadGrapheneOSMar 18

@vollaficationist In Operation Trojan Shield, a bunch of European states worked with the FBI to sell backdoored devices to organized crime. They marketed these devices as being based on GrapheneOS or as running GrapheneOS. They harmed the reputation of GrapheneOS by marketing it to criminals and put us at high risk of physical harm by violent criminals. More recently, multiple European states are attacking actual GrapheneOS falsely claiming it's mainly used by criminals.

https://darknetdiaries.com/episode/146/

ANOM – Darknet Diaries

In this episode, Joseph Cox tells us the story of ANOM. A secure phone made by criminals, for criminals.

Show threadVollaficationistMar 18
@GrapheneOS I can not relate to this, unfortunately. I focus on an opensource alternative to googlag. Looking forward. Positively, constructively. Let's say UA becomes a success. Well, GOS is free to do their own thing. As are everyone else.
Show threadGrapheneOS
@vollaficationist Unified Attestation is working towards eroding people's rights within the European Union and beyond. Play Integrity API is bad enough but at least it can be fought against in Europe by taking advantage of people not wanting a US company in control of which hardware and software they're allowed to use. Unified Attestation is directly undermining our efforts to fight against the Play Integrity API in Europe which were starting to get traction. We now have to focus on UA instead.
Mar 18 at 4:02pmWeb
Show threadVollaficationist6d ago
@GrapheneOS holy, don't be such a crybaby
Show threadLJ 🏴5d ago
@vollaficationist @[email protected] now you understand why there no improvements lastly on GOS, the GOS project is not here to stop Google monopoly, not even here to improve security. It's just here to make one of the original founder who stole the project to the other dev to make GrapheneOS rich and able to attack others projects in justice. The donation money is used for personal interests by Daniel Micay