Hacker News new | ask | show | jobs
by matheusmoreira 123 days ago
There's no point. Remote attestation means your device needs to be corporate owned to be trusted. Even if you had your own linux phone, it wouldn't be able to interface with institutions such as banks and governments. They trust Google's keys, not yours. This doesn't quite end free computing, it just kills it for normal people and ostracizes us hackers who insist on owning our systems.
2 comments
microtonal 123 days ago
GrapheneOS supports remote attestation:

https://grapheneos.org/articles/attestation-compatibility-gu...

Some banks have added their verified boot keys. I think it helps that GrapheneOS is well-known by now for great security practices (most likely more secure than all vendor phones out there).

link
matheusmoreira 123 days ago
> Some banks have added their verified boot keys.

Seriously?? That was very unexpected... Here's to hoping this becomes standard practice!!

link
jadbox 123 days ago
Not sure what gov require, but most credit unions do not use such lockdowns
link
matheusmoreira 123 days ago
They will.
link
JoshTriplett 123 days ago
Credit unions, at least in theory, are known for caring more about their customers. It'd be worth explicitly giving them the feedback that you use them via their website or via an app that works on an Open Source phone, and telling them that that's one reason you're a customer.
link
matheusmoreira 123 days ago
Fraud prevention. If they lock things down, they lose less money to fraud. I think they should just have to suck it up and eat the cost but obviously they don't think that way. Only a small minority even understands and cares about these issues. The money they save by trampling over our freedom is no doubt much higher than the value brought in by us. They will no doubt sacrifice us for increased profits if we force the issue. We have no leverage.

There is no reason whatsoever for a major corporation to not use remote attestation technology. Banks will use it because fraud. Streaming services will use it because piracy. Messaging services will use it because spam, bots. If you're the corporation, the user is your enemy and you want to protect yourself from him.

Governments want this too. Encryption. Anonymity. They need to control it all. Free computers are too subversive for them. They cannot tolerate it.

link
Zak 123 days ago
> If they lock things down, they lose less money to fraud.

[Citation Needed]

I see this kind of claim made often, but never backed up with evidence that remote attestation of consumer devices has any real-world impact on fraud. It sounds like it could be true because it would detect compromised devices, but it could just as easily be false because people with devices that don't pass are usually technically sophisticated.

link