Comment by ChuckMcM
3 days ago
This is a really good thread on why this technology is becoming a problem for "open" anything. The argument "we can create our own separate web" is fine until all of your services are behind the web that locks you into owning a Google approved or Apple approved mobile device.
I like to ride my bicycle with my friends in rides organized by the (Pacific Northwest) Cascade Bicycle Club. They require that I solve a Google reCAPTCHA in order to register for a ride. Google is already completely locking me out from being able to do that. When I try to click on the squares to select whatever items it's asking, it indefinitely loops. When I try using the audio version, it completely blocks me from using it saying that there has been suspicious activity.
That means that I ride alone these days. I did not renew my membership this year.
The last time I experienced something like this was when Facebook starting being the only way to participate in certain events. Back when that happened, I simply counted myself as excluded and did other things with my time and money.
I also had a similar issue with Cascade Bicycle Club - they chose to organize things via WhatsApp, and since I am (inexplicably) banned from opening a Meta account I was completely left out of the group and missed out on many rides/details that were only shared via WhatsApp.
When I tell people that this is even possible I get wide-eyed stares — as if they never contemplated that Meta could exercise their right to ban someone from the platform.
It's a huge problem and I have no idea how to fix it except talk about it and spread awareness. And I am not remotely interested in trying to work around the ban.
You bring up a good point. There is a general lack of awareness of how much power we're giving these monopolists. As a kid, in school I was thought to be weary of drugs, STDs, pimps and other threats. This should be added to the list. Yhis is a clear cut case where governments should start educating the people about this.
I hope you contacted them to explain why. People usually think I’m a nut when I do it, or are too stupid to understand and think it’s a tech support issue, but it’s worth at least trying to make it clear that you are choosing not to use/do/pay something because of their choice to use recaptcha
+1 to this. I had a long conversation with a local shop that went to only ordering online or through an enslaved ipad on a pedestal at the entrance. I explained to them that I wasn't going to use their app or web page online and the iPad at the door has people trying to figure it out so orders take longer, and the combination means I just won't eat there any more.
1 reply →
Why not just 2captcha it and go on with your life?
The old, open web is too easy to attack and that is part of what has led sites to adopt technologies like this. I hope there are better solutions than everyone-is-their-GoogleID, but how realistic is it that people just trying to run a bakery, a bicycle ride, &c, will find them? They have other things to do.
And it didn't even take attestation to cause this absurd situation where many businesses or social groups were only reachable behind Facebook or Whatsapp or whatever.
To me this is such a bizarre cyberpunk dystopia. Like if we could only send letters and packages to people subscribed to the same private postal service, or drive on roads that had cross-licensing with our brand of car.
> could only send letters and packages to people subscribed to the same private postal service ...
that's a corporate monopoly's wet dream.
IMO, it would be better if they removed the claim “It doesn't provide a useful security feature” because, even if it does, the collateral damage of making non-Google, non-Apple OSes second class citizens remains, and that is the main problem.
> it would be better if they removed the claim “It doesn't provide a useful security feature” because, even if it does,
What evidence is there that it does?
Attestation purports to prove the code is running on an "approved" device. There are multiple reasons that has no real security value.
The first is that "approved" not only has no relationship to "secure", they're actually anti-correlated. As the article points out, GrapheneOS has better security than normal Android. Moreover, as a general rule the stock firmware that can pass attestation is more likely to be outdated and have security vulnerabilities than a custom ROM, and also as a general rule devices (like PCs) with more open hardware have the ability to be updated. A four year old attestation-passing Android phone may already be out of support and unable to be updated while still passing attestation; a 20+ year old PC can run the latest supported release of e.g. Debian.
The second is that "secure" and "runs code the service doesn't want" are likewise unrelated. Suppose there is an Android device which is still receiving updates. A local privilege escalation vulnerability comes out and that device will get the patch, but hasn't yet. So now any attacker with any of those devices can get root on it until they apply the patch. Which means they can get root after the main filesystem is unlocked, modify the filesystem so they continue to have root by changing something that isn't part of the attestation hash but still causes code or scripts to run as root later, and then update to the latest kernel and continue to have root on a device that passes attestation. The device is secure -- fully patched -- but it's the attacker's own device and they can run arbitrary privileged code on it. Requiring every device to be "secure" against the person who has ownership and permanent physical possession of it is a ridiculous thing to take as a security assumption.
And the third is that attestation doesn't actually do what you want it to anyway. Banks want to make sure the user isn't entering their credentials into a compromised phone, but having the official bank app refuse to run on that phone doesn't actually prevent that, because the fake bank app which is stealing the user's credentials on a compromised device won't require attestation to pass regardless of whether the real one does.
> Attestation purports to prove the code is running on an "approved" device. There are multiple reasons that has no real security value.
BART (San Francisco Bay Area Rapid Transit), as a real world example, recently installed "evasion-proof" fare gates, and observed a 90% drop in vandalism-related maintenance expense. An overwhelming majority of fare evaders are not vandals, but apparently nearly all vandals were fare evaders. Bayes' theorem in action.
I don't have any data to back this up, but my sense is that attestation is an analogous situation.
In other words, banks and governments and other such institutions have noticed (and they probably do have data to back this up) that very few of their customers use "unapproved" devices and a very large majority of fraud comes from "unapproved" devices. They view banning unapproved devices as a high-ROI means to reduce fraud.
So, any argument predicated on "attestation is not security" is doomed to fail, just like saying "most fare-evaders aren't vandals". Yes, most people running GrapheneOS aren't trying to commit bank fraud, but the banks don't care about that if nearly 100% of fraudsters are using unapproved devices.
3 replies →
I feel like the complaint about this not adding to security could be read in a really wrong way. Instead of "this is some hypocritical BS", could be interpreted as "lol let's lock EOL devices from even lower integrity tiers". Doubt this is possible because so, so many people use EOL phones, but still.
Doubt this is possible because so, so many people use EOL phones, but still.
Because many people have fortunately realised that "EOL" is just an excuse to create lots of e-waste and push even more hostile unwanted changes.
2 replies →
That's one of the two main claims made by in favor of hardware attestation; so it makes sense to argue against it. Of course, the other claim (that categories of people must be kept "safe" from categories of content) is more insidious, so it does deserve more attention.
Wouldn't the argument be that you'd build separate copies of those services as well?
Granted, for banking or government-interactions that isn't feasible, but wouldn't it for many other things? It would likely be more expensive given that the work to build something still needs to be done and the cost is distributed among fewer shoulders and the lower complexity since you don't need to build ad-tech doesn't make up for that, but I suppose that's a bit like quality food.
Hardware will be more difficult.
> Wouldn't the argument be that you'd build separate copies of those services as well?
you can't if the service requires the network effect to function well, if at all. Look at blusky and all that alternatives, look at the pitiful attempts at making a youtube alternative, etc.
Are there enough of us to run our own country? It makes me feel dumb, but this is a serious question.
Ideally, we just run our own lives, collaboratively. That's the anarchist default position that we all start in.
What we really need is to meaningfully participate outside of the hierarchical monopolistic systems that demand our participation. That doesn't just mean that we create and hang out in distributed networks: it also means that we make and do interesting shit there, too.
The biggest hurdle I see is that we only really use uncensored spaces to do the shit that would otherwise be censored. We don't use distributed networks to plan a party with grandma, or bitch about the next series of layoffs. We don't use distributed networks to share scientific discovery or art.
I think part of the solution is to make software that is better at facilitating those kind of interactions, and the other part of the solution is actually fucking using it. How many of us are only waiting for the first part?
but what if the alternatives are fundamentally worse? Turns out centralization has a lot of advantages.
I think it's an error to demand the alternatives be as good-- that might not even always be possible. But even if they're less good they're usually still better than anything we could have imagined decades ago-- they're good enough to use.
And that should be enough because we shouldn't consider handing control of ourselves to third parties to be an acceptable choice at all.
4 replies →
If you live in a democracy, you already do run your own country. Vote accordingly. Get involved in politics.
The problem is democracy and capitalism are incompatible, so that "if" is doing some really heavy lifting.
2 replies →
When one group says “we don’t want surveillance” and the other group says “we will use surveillance to destroy you” the equilibrium is clear. This is why liberalism will not survive in the 21st century.
There are mountains of academic research showing that even in “democracies”, public opinion rarely translates into policy (by design).
13 replies →
I'm convinced that in the billions of people living on Earth, there are a couple million that could agree on things that currently divide countries, like this. Sadly they're unlikely to ever be able to gather together in a single state.
The status quo is nation-states in roughly their post-WW2 borders, and it's fiercely protected. The upside is stability and fewer wars, the downside is that the only way to try anything new is to co-opt an existing country. Adding to that, most countries are ethnostates that would prefer to have only a small percentage of their population be migrants. It's an easy way toward social cohesion, you just stay roughly where you're born, with people who were also born there and share the same cultural background. As we can see, it's not ideal - two lifelong neighbours can easily hold completely opposite moral values.
The problem with "us" is that it's not enough to agree on one small question ("is hardware attestation good or bad") to happily live together in our own country. "We" have a wide variety of opinions about pretty much everything.
In other words, "we" exist only to fight against this one thing we disagree with. And even there, we probably don't all agree on how to fight it or what to do instead.
Where would you do that? Realistically, the question is one that cannot even be asked safely: are there enough of us to overthrow the existing systems and replace them with something better?
The answer to either question, really, is no. The powers that be have systematically implemented policies that keep us divided to prevent that eventual outcome.
In terms of headcount, and especially those who are working on this hostile stuff, Big Tech is not even that big compared to the rest of the population.
The “enough of us” is at least a majority of voters agreeing. I’m not sure what the alternative to that is.
Who is the "us" in your question? Theoretically in democracies we should be able to decide this, if we aren't being distracted from real political questions with the culture war stuff that divides the public's attention and divides neighbors from each other.
Any new country will have these same issues, eventually, and probably a lot more that don't seem obvious on the surface.
Fighting against these sorts of monopolies seems far more likely if we can figure out what forces inside the EU and the US are driving these changes and find a way to educated the public, interest groups, and politicians about what's going on.
We already have a republic. If we can keep it.
https://en.wikipedia.org/wiki/Micronation
I’m not sure why you’re asking this question, but you can run a country as a population of 1 (ie just yourself) if you wanted.
The problem being raised isn’t due to the size of the country though. It’s the size of the company (ie Apple and Google)
The question is rather: can political parties develop a vision beyond libertarian views or full state control on the other side.
I feel that we need a better political consensus on a free society that puts the monopoly of force in the hand of democratic legitimate forces. I currently feel that all digital violence lies in the hands of a few corporations. And at the same time there is politician that like this because they can through this proxy can indirectly execute control without any political legitimacy. Sorry, I do not believe in markets as guarantees for freedom. I have read too much dystopian sci-fi for that.
Yes, it requires you to have an approved device for certain tasks.
But you can own multiple devices. You can use an approved device specifically for banking or Netflix and whatever device you like for all your other tasks. Maybe you could use an approved device (a Yubikey?) to authenticate your other devices?
Also, governments should be leaning on them to approve more devices.