A new European initiative dubbed UnifiedAttestation aims to build a free and open-source alternative to Google’s Play Integrity checks. The initiative is backed by smartphone maker Volla, while other partners include /e/OS maker Murena and the team behind iodé OS. The feature will be distributed under an Apache 2.0 license.
Jeez. They really don’t. And, I guess they shouldn’t. Their stance is that device certification shouldn’t be necessary in the first place which I agree with considering this is not done for computers (don’t do this tech bro shitheads).
Grapheneos are also against allowing users root access, which is fine on PCs.
Are they, or are they against GrapheneOS itself supporting it?
Those are different. GrapheneOS exists to be security-hardened and usually should choose security over utility where there’s a conflict.
They arebgwnweally against root, as it “breaks security” in their mind.
Nevermind that all systems, everywhere, have root for some account/some account is root.
Actually i have been thinking about it and i do believe that it should be done for computers, actually. Like, an attacker could super easily steal your login credentials when they get 10-15 minutes with your computer once. They could do that by booting a custom OS, modifying some of your operating system’s system files to install a keyboard tracker or sth, and then just wait for you to enter your password.
I believe it’s actually why some banks i know don’t allow login anymore if you’re not using their Android apps to verify the login.
Secure boot for PCs has been a thing for a long time now. Many Linux distributions support it.
Yea, i know no bank that allows login in browser with only basic auth. All use some proprietary 2FA app with fancy QR codes (colour pixel or similar). Funnily, many banks then offer SMS based 2FA in order to restore…
Like make hard and secure login but reset option is old SMS thingy spoofable since… ever?