Well you should understand that trusting media is not part of how modern encryption works. Having access to USB isn't any different from having access to a network switch or the airwaves. Things like yubikeys and smartcards are designed to work when using untrusted devices.
The question is how do you convince other people to trust your phone to store their secrets--not how do you yourself come to trust your own device to store your own secrets. And if you can't convince others your device is secure (i.e. "why the hell would I trust you and your phone to store my password?"), then just use something they can trust instead. I'm not saying EU is going to allow whatever, I'm just saying it's not a huge technical or usability problem to rely on something the EU should be able to trust (like a yubikey) if the EU can't trust your phone.
All valid points — however: the EU has two requirements not listed above it needs to be difficult to steal unnoticed, and it needs to minimize attempts to steal it at all.
They’re not concerned about a person handing their phone to someone else for a moment. They’re concerned about kids stealing age verification devices from people. Someone isn’t going to notice a missing yubikey until they check age next. Someone is going to miss their phone much more rapidly, be able to track it using stolen device features, and be able to report it stolen which incidentally remote kills HSM access. They can also enforce biometric checks and require a recertification after those change, which would make it nearly impossible — relative to shoulder surfing a PIN — for kids to make use of the parental device unit.
Even a fingerprint key isn’t going to meet these terms, and it’s going to have a weaker sensor that the kid will have hours or days or weeks to try and defeat using a fingerprinted glass and some glue. Locking it to biometrics stored in the phone prior to (re)certification makes it pointless for kids to try. A few still will, but word will spread.
I still personally think this is all kind of a hot mess of deferring parental authority to technology, but I’m not an EU citizen, nor a parent, so my opinion on the policy is irrelevant. I’m just here to raise awareness of why attestation is winning: technological superiority and unmatchable market fit, and an opposition that isn’t presenting coherent and most especially government-persuasive arguments to stop its use. Yubikeys are not a viable market fit in a world where tiny amoral thieves live among us — and whatever else children are to their parents, most of them have the moral integrity of a wet paper towel. Most wouldn’t think twice about lifting a yubikey, but they’ll hesitate strongly before stealing a parent’s phone, and it won’t even pay off doing so thanks to biometrics.
Well you should understand that trusting media is not part of how modern encryption works. Having access to USB isn't any different from having access to a network switch or the airwaves. Things like yubikeys and smartcards are designed to work when using untrusted devices.
The question is how do you convince other people to trust your phone to store their secrets--not how do you yourself come to trust your own device to store your own secrets. And if you can't convince others your device is secure (i.e. "why the hell would I trust you and your phone to store my password?"), then just use something they can trust instead. I'm not saying EU is going to allow whatever, I'm just saying it's not a huge technical or usability problem to rely on something the EU should be able to trust (like a yubikey) if the EU can't trust your phone.
All valid points — however: the EU has two requirements not listed above it needs to be difficult to steal unnoticed, and it needs to minimize attempts to steal it at all.
They’re not concerned about a person handing their phone to someone else for a moment. They’re concerned about kids stealing age verification devices from people. Someone isn’t going to notice a missing yubikey until they check age next. Someone is going to miss their phone much more rapidly, be able to track it using stolen device features, and be able to report it stolen which incidentally remote kills HSM access. They can also enforce biometric checks and require a recertification after those change, which would make it nearly impossible — relative to shoulder surfing a PIN — for kids to make use of the parental device unit.
Even a fingerprint key isn’t going to meet these terms, and it’s going to have a weaker sensor that the kid will have hours or days or weeks to try and defeat using a fingerprinted glass and some glue. Locking it to biometrics stored in the phone prior to (re)certification makes it pointless for kids to try. A few still will, but word will spread.
I still personally think this is all kind of a hot mess of deferring parental authority to technology, but I’m not an EU citizen, nor a parent, so my opinion on the policy is irrelevant. I’m just here to raise awareness of why attestation is winning: technological superiority and unmatchable market fit, and an opposition that isn’t presenting coherent and most especially government-persuasive arguments to stop its use. Yubikeys are not a viable market fit in a world where tiny amoral thieves live among us — and whatever else children are to their parents, most of them have the moral integrity of a wet paper towel. Most wouldn’t think twice about lifting a yubikey, but they’ll hesitate strongly before stealing a parent’s phone, and it won’t even pay off doing so thanks to biometrics.