Mastodawn

https://grapheneos.social/@GrapheneOS/116239523775374959

GrapheneOS

@vollaficationist @volla Unified Attestation is the direct opposite of keeping Android open. It's an anti-competitive centralized system putting Volla and other companies selling devices working with them in control of which devices and operating systems people are allowed to use. It's the direct opposite of open. There's nothing neutral or fair about companies approving using their products while disallowing others. Unified Attestation needs to be stopped.

@GrapheneOS Which companies are "disallowed" to partake in #UnifiedAttestation? You have formally and informally been cordially invited. As are any and all other OS manufacturers. Please, let's ease the tone. What about a constructive talk? I believe we should support one another wherever possible and meaningful. Considering the vast market potential, we have all much to gain. Some will choose GOS, some VOS, etc. It's a big cake. Let's ditch Google - unified. Good day!

@vollaficationist Unified Attestation includes multiple companies hostile towards GrapheneOS. They've spent years misleading people about GrapheneOS and making attacks on our team. Unified Attestation gives them veto power over app compatibility on GrapheneOS. It puts them in a position where they can harm GrapheneOS with unreasonable requirements and disingenuous concerns to reduce app compatibility. It's also clearly an illegal anti-competitive cartel and participating wouldn't be legal.

@vollaficationist Unified Attestation is nothing more than an anti-competitive power grab via a centralized service sitting on top of Android hardware attestation. There has yet to be any valid explanation for why this has been created. It would be entirely possible to have neutral organizations certifying devices and publishing those certificates as signed data usable with Android hardware attestation. There's no valid reason to have a centralized service under the control of these companies.

HowToPhil (Phillip R)Mar 18

@GrapheneOS @vollaficationist There's no reason to stop people from running Android on "non-certified" devices at all

@vollaficationist Volla and the other companies involved in Unified Attestation are anything but neutral. They're selling products and are in no position to fairly evaluate devices for security or to come up with those requirements. These companies should not be the ones choosing requirements and determining which devices and operating systems meet those requirements. Forming a cartel with other companies to lock out everyone else isn't legal. We won't be participating and it WILL be stopped.

@GrapheneOS This is currently being discussed. Nothing is written in stone. One way is to have an independent third-party highly renowned institution do test and certification. Please consider that UA is still very much "under construction." Please also note that we respect GOS' work, which is why we reached out to you half a year ago.

@vollaficationist GrapheneOS won't participate in any system which requires us to delay our releases while waiting for certification. That's inherently anti-security and is completely unacceptable. We also won't give any companies or organizations veto power over app compatibility on GrapheneOS. It's a horrible idea and we're not going to let it happen. We won't participate and we'll file a lawsuit over the fact GrapheneOS is being banned by companies selling products threatened by GrapheneOS.

@vollaficationist The EU has been passing laws working towards banning end-to-end encryption and secure devices. It's completely unacceptable to have an EU-based system controlling which hardware and software is allowed to be used. GrapheneOS is not going to participate in bringing about our own downfall through helping to build or legitimize a system which could be used by EU governments to ban GrapheneOS. Play Integrity API should be banned rather than giving it legitimacy making another one.

@vollaficationist Android hardware attestation can already be used to permit arbitrary roots of trust and arbitrary operating systems. There's no need for a centralized system based in Europe built on top of it.

It would be better if root-based attestation didn't exist because it's fundamentally insecure for anything serious and primarily useful for anti-competitive and authoritarian purposes. Pinning-based attestation is what's useful for protecting users rather than controlling people.

@vollaficationist We've been actively fighting against the Play Integrity API for years and now. Unified Attestation is another anti-competitive system very similar to it. We're absolutely going to fight against it as much as we have been against the Play Integrity API. Android hardware attestation is an issue itself due to being primarily designed around root-based attestation. We convinced them to add proper pinning-based verification support to make it a real security feature for our usage.

https://darknetdiaries.com/episode/146/

@vollaficationist In Operation Trojan Shield, a bunch of European states worked with the FBI to sell backdoored devices to organized crime. They marketed these devices as being based on GrapheneOS or as running GrapheneOS. They harmed the reputation of GrapheneOS by marketing it to criminals and put us at high risk of physical harm by violent criminals. More recently, multiple European states are attacking actual GrapheneOS falsely claiming it's mainly used by criminals.

ANOM – Darknet Diaries

In this episode, Joseph Cox tells us the story of ANOM. A secure phone made by criminals, for criminals.

@vollaficationist Europe passed Chat Control and it's clear many of the countries involved are going to be pushing additional laws to further crack down on end-to-end encryption and secure devices. France has come out as by far the strongest opponent of privacy technology among European countries and is where both iodé and Murena are based. Why would we want to participate in a system where the EU can ban GrapheneOS if we don't comply with authoritarian laws cracking down on secure devices?

TuxOnBike Mar 18

@GrapheneOS

On a positive note, the EU ends “Voluntary Chat Control” in April (at least for now) and many Europeans are working on “Chat Control” to never get passed. And for “Voluntary Chat Control” to not come back.
The EU stands for freedom, democracy, and peace and, while it’s not perfect, we EU-citizens fight for it to get better.

@vollaficationist

@TuxOnBike @vollaficationist Volla is working on building a future where people can only use devices and software approved by governments. Building a European system for controlling which hardware and operating systems are allowed to be used which they're going to heavily push apps to adopt isn't a good thing. Play Integrity API being controlled by a single US company makes it much easier to fight against in Europe right now. Building a European system for doing the same thing isn't positive.

@GrapheneOS I can not relate to this, unfortunately. I focus on an opensource alternative to googlag. Looking forward. Positively, constructively. Let's say UA becomes a success. Well, GOS is free to do their own thing. As are everyone else.

@vollaficationist Unified Attestation is working towards eroding people's rights within the European Union and beyond. Play Integrity API is bad enough but at least it can be fought against in Europe by taking advantage of people not wanting a US company in control of which hardware and software they're allowed to use. Unified Attestation is directly undermining our efforts to fight against the Play Integrity API in Europe which were starting to get traction. We now have to focus on UA instead.

@GrapheneOS holy, don't be such a crybaby

LJ 🏴5d ago

@vollaficationist @[email protected] now you understand why there no improvements lastly on GOS, the GOS project is not here to stop Google monopoly, not even here to improve security. It's just here to make one of the original founder who stole the project to the other dev to make GrapheneOS rich and able to attack others projects in justice. The donation money is used for personal interests by Daniel Micay

Dźwiedziu 6d ago

@vollaficationist
Just be careful that it doesn't become OpenTorment or LibreNexus.

@GrapheneOS

@dzwiedziu @GrapheneOS thank you brother

nelson abel - hombre vivo Mar 18

@GrapheneOS @vollaficationist las practicas de los gobiernos como la coersion y violencia también son usados por los delincuentes... Así que deberían eliminarse también los gobiernos... Los cuchillos y armas de fuego también... Los bates de béisbol también lo usan...y no los han eliminado... La amenaza de daño si no les das un porcentaje muy alto de tu valor es usado por gobiernos y estos no han sido eliminados aun...etc...

@GrapheneOS @vollaficationist

anon_4601 Mar 18

True.
I’ve read articles in Italian & Dutch outlets talking about the ‘danger’ of GrapheneOS, falsely claiming it's a phone for criminals. Some articles mentioned the new European Digital Wallet for storing IDs and payment cards; countries like Italy announced it wouldn't work on non-standard operating systems, only stock Android, iOS and GarminOS (all American companies). Some banks have lobbied against GrapheneOS and rushed to publish articles taking a similarly accusatory tone.

In fact, these are campaigns led by the far right. They are the same people pushing for age checks on all OSs in the U.S., the same Nazis who pushed in the EU for ‘Chat Control’—who, in the name of combating pedophilia, were prepared to launch a ‘Stasi 2.0’ rather than look at those Epstein files...

This just goes to show that I made the right choice in opting for GrapheneOS... the day I’m forced to use something else will be the last day I’ll ever own a phone.

GarretSidzaka 6d ago

@GrapheneOS @vollaficationist
If they did this, the entire Trojan Shield OP was just pre-work to ban GrapheneOS....not arrest criminals.

@GrapheneOS Will you really? And you didn't Google? Now I'm actually really getting worried about the status of GOS. Well, I wish you the best.

@vollaficationist Yes, we'll file a lawsuit against each company involved in Unified Attestation for the damages done by their anti-competitive cartel to GrapheneOS. It's likely not only going to be us filing this lawsuit. We can work with many other stakeholders interested in stopping creeping authoritarianism in Europe eroding people's right to use whatever hardware and software they want to use. You're working alongside politicians pushing expanded Chat Control. This is perfect for them.

Guillaume Mar 18

@GrapheneOS @vollaficationist Funny how you don't answer on the Google-part. Why don't you attack them since they control the whole Android ecosystem, making it a mess to anyone to do things different and are pushing to close it even more. Last time you replied you just said Google has more money for lawyers...

@guilg @vollaficationist We've been actively fighting against the Play Integrity API for years. We were making substantial progress in both Europe and India. We've also been coordinating with multiple other companies towards filing a lawsuit against Google. Unified Attestation is an enormous gift to Google helping to legitimize what they're doing with the Play Integrity API. Volla is playing into the hands of authoritarians who want systems disallowing people using arbitrary hardware/software.

@GrapheneOS @guilg So, years with no fruit.

@vollaficationist @guilg Substantial progress has been made with regulators. Separately from that, we convinced over a dozen apps to stop using the Play Integrity API. You're actively sabotaging all of these efforts.

@GrapheneOS @guilg That's not substantial. That's a dozen. We aim higher, muuuch higher. UA will v also need to work with app-devs. That's the way it is.

@vollaficationist @guilg Very few apps have adopted the Play Integrity API. Convincing a dozen banking apps not to adopt it is very substantial. You're actively sabotaging both our efforts to convince apps not to ban using arbitrary operating systems and also our efforts to convince regulators to stop the Play Integrity API. You're actively working against what we are and yet you think we're going to want to participate. We do not want a group of EU companies in control of this either.

Chuckles Mar 18

@GrapheneOS @guilg @vollaficationist it's an ugly deal that the @EUCommission has made with the tech giants in exchange for #ChatControl and #DigitalOmnibus

@celeduc @GrapheneOS @guilg @EUCommission Volla develops not only devices or OS, or AI and more. It's also developing a new ecosystem as well as an infrastructure. Full decoupling. A fully, autonomous communications system. GOS is a hundred thousand miles from this, right. They do googlag-ware and now even Moto, lol.

@vollaficationist @celeduc @guilg @EUCommission Volla sells white labelled devices from an ODM. Your devices don't come close to the security of an iPhone or Pixel. You're making extraordinarily inaccurate attacks on the GrapheneOS project. We're absolutely working on building alternatives to the functionality provided by Google Play and much more. We're actively collaborating with other projects sharing the same goals and approach we have. Volla does not share our goals or approach.

@GrapheneOS @celeduc @guilg @EUCommission I hoped you'd come to this. GOOGLAG is better, right?!? And iPhone... Well, I rest my case. Perhaps you are not who you claim to be? Sure, you're registered in Canada. Registered.

@vollaficationist @celeduc @guilg @EUCommission You've made it clear you work for Volla. Your posts have been repeatedly written as speaking on their behalf and you've posted non-public information which would only be known to people working at Volla. You're repeatedly making disingenuous attacks on GrapheneOS portraying it as a honey pot and a conspiracy. A company which engages in these tactics to harm GrapheneOS is absolutely not a company which should control what's allowed to be used.

@GrapheneOS @celeduc @guilg @EUCommission Take a seat.

https://wiki.volla.online/index.php?title=VollaOS_basic_knowledge#What_Does_Using_hide.me_VPN_on_VollaOS_Offer?

Xtreix Mar 18

@vollaficationist @GrapheneOS @celeduc @guilg @EUCommission Yes, an recent iPhone and an recent Pixel, even with the standard OS is much more secure than Volla and its Volla OS, which also supports the disastrous Ubuntu Touch.

Then, Volla is partner with the VPN provider hide.me and include their VPN applications in the operating system. I've never seen anything special about hide.me for security and privacy and I wouldn't trust an operating system that encourage me to use a random VPN provider, always with the misinformation that it would protect me Internet connection, or by making it more "private", including also AI, MicroG privileged and connections to a cloud service, etc, this is a huge red flag.

VollaOS basic knowledge – Volla Wiki

@Xtreix @GrapheneOS @celeduc @guilg @EUCommission don't be too smart now

@GrapheneOS @celeduc @guilg @EUCommission my dear friend, you did googlag-ware, and now Moto. It's quite amusing just how vigorously you defend American BigTech. Now disclose who is funding this social media frenzy.

Daniël de Kok Mar 18

@vollaficationist @celeduc @GrapheneOS @guilg @EUCommission And the Volla Phone Quintus is the Daria Bond 5G from an Emirates company (marked up by 560 Euro). Given that Eurowashing, maybe attacking GrapheneOS for using Pixel hardware is a bit rich? At least Pixel has proper device security.

Back to to the original topic. I only have a stake in this as an EU citizen, but having a small set of companies decide who can run what is bad, it's another attack on the freedom of EU citizens.

@danieldk
I would agree to the lower paragraph and add the following thought:
Maybe it would be wise to not let the only companies with privacy in the mind get divided. Arguments ad hominem are not very convincing.
@vollaficationist @celeduc @GrapheneOS @guilg @EUCommission @GrapheneOS

Daniël de Kok Mar 18

@khw @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission Centralized remote attestation is diametrically opposed to privacy, since it makes projects vulnerable to pressure to weaken security & privacy, delay updates, etc.

AFAIK the support for remote attestation that is already provided in AOSP does not suffer from this issue, because there is not a single entity that enforces it (banks can whitelist signing key fingerprints).

So the only reason I can think of is control.

Daniël de Kok Mar 18

@khw @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission This is not just a theoretical concern.

Some European countries border on autocracy. Imagine that this initiative is successful. An autocrat could pressure Volla et al. to only attest phones that have a chat backdoor under the thread of banning them from the market.

It is anti-privacy, anti-security, and anti-freedom.

@danieldk
But that has nothing to do, whatsoever, with the attestation. That said state could pressure volla et al that only phones with backdoor are allowed in the EU.
@vollaficationist @celeduc @GrapheneOS @guilg @EUCommission

@khw @danieldk @vollaficationist @celeduc @guilg @EUCommission It has everything to do with a centralized attestation system. Once this system starts being adopted, the EU can require it for banking/government apps as they began the process of doing with the Play Integrity API. They can then hijack it and begin enforcing their own requirements such including disallowing encryption without backdoors. There should be no organization in charge of which devices and operating systems are allowed.

@khw @danieldk @vollaficationist @celeduc @guilg @EUCommission If companies insist on permitting only certain devices and operating to be used then the system should be one that's distributed around the world with multiple neutral organizations not tied to the companies making devices or governments. However, delaying updates for certification is inherently anti-security. It would be impossible to quickly ship security patches without breaking compatibility with many important apps.

@GrapheneOS
But they, the EU, can do this all along. No matter if there is something like attestation or not.
@danieldk @vollaficationist @celeduc @guilg @EUCommission

@khw @danieldk @vollaficationist @celeduc @guilg @EUCommission Attestation enables them to enforce it. Otherwise, people can import devices not complying with the rules they place on devices sold within Europe. Banning people from using devices from elsewhere is far more extreme and oppressive so that's a lot less likely. It's also far harder to enforce and if things have gotten that bad then many people are going to be unintentionally breaking oppressive laws regardless.

@khw @danieldk @vollaficationist @celeduc @guilg @EUCommission Being able to take away compatibility with banking and government apps based on a system imposing arbitrary rules with certification required for each release is authoritarian. Regardless of the motivation for building this kind of system, the end result is a powerful tool for a police state. Root-based attestation is inherently anti-competitive and primarily useful for controlling people rather than protecting people.

Karsten 6d ago

@GrapheneOS
That's true but essentially they could forbid it, even with higher impact and less success
@danieldk @vollaficationist @celeduc @guilg @EUCommission

wod0bow 6d ago

@khw @danieldk @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission
There was a time for Europe when every decision for half of current EU countries was dictated from centralized Gov in Moscow.

What is the difference where is placed centralized power? Centralization is a problem here.

@danieldk @khw @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission

Sneezy 6d ago

germany is particularly nasty regarding anyone speaking out against genocide and 80 years of war crimes by Israel

staatsrason they call it

Karsten 6d ago

@rapsneezy
Not the topic
@danieldk @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission

@khw @danieldk @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission

Sneezy 6d ago

1. yes it is, it was a reply to "Some European countries border on autocracy. "

2. fuck off with your policing

3. you sound like that 12 year old school prefect, fuck off

Karsten 6d ago

@rapsneezy
Germany is indeed very nasty regarding denying the Holocaust or Antisemitism.
And that's Staatsräson.

@rapsneezy @danieldk @khw @celeduc @GrapheneOS @guilg @EUCommission yes

Maya Mar 18

@khw @danieldk @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission I mean, Volla and co want to forbid you from running software of your choice. GOS wants you to be able to run any software you want. It's that's simple. That's not companies arguing, that's one company deciding to take away your personal freedoms for no reason.

@engideer
I don't know about volla trying to forbid me running certain Software, but you are right. I haven't seen real arguments in this case for a long time. That's all I said. No arguments ad hominem, but arguments on this case, please.
@danieldk @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission