[array_key_first]

The danger is that you now can no longer use netflix without they're approved hardware? Of course, that's essentially already the case with netflix, but this becomes dicey when services that actually matter take this approach.

And then suddenly you're debanked.

[stavros]

No, we're talking about logins, not usage. Can someone explain to me a case where logging in only with an approved authenticator would be problematic?

[geonineties]

How exactly are you going to use a service that requires login if the login requires an authorized device you don't have?

[stavros]

OK, so what's the scenario? Netflix wants to make me not use their service? Surely there are easier ways to do that than to make a new auth standard?

[throwawayffffas]

It's not really Netflix. Its Microsoft, Apple and Google.

So say goodbye to using teams on Linux. Using Microsoft365 on any hardware that is not Microsoft approved.

Or logging in to your bank without an iPhone or an android. We will surely complain but the bank will say that we only support secure devices and that means iPhones and Android, and how come you are making a big deal about it just buy one of these two everyone else has one.

[joshuamorton]

> Or logging in to your bank without an iPhone or an android.

This is already possible (and common!) many banking apps, for better or worse, use device attestation features that require varyingly official copies of android. Were you already complaining about this?

[ajnin]

> Were you already complaining about this?

Yes, "we" were, definitely. I already can't freely choose the OS that I have installed on my phone because I'm limited in the apps that I can install. For example many government ID and banking apps will refuse to work on GrapheneOS even though that OS is security-focused and will probably keep you safer than your regular Chinese Android flavor. But it's not sanctioned by a big international corporation so it's a no. Is your argument that we shouldn't complain since it is already happening somewhere ?

What's an "official" copy of Android ? AOSP is supposed to be open-source. "Official" means controlled by a multinational corporation. I'm very puzzled that the reaction to these entities gaining even more power, outside of democratic control, is met with a "oh it may me worse, it may be not" type of reaction.

Would you be ok if for example your government's website to pay your taxes mandated a device with attestation knowing you can only get one from Google, Apple or Microsoft ?

[throwawayffffas]

It's definitely worse. Banking credentials are stolen the old fashion way, phishing.