upvote

points

by RandomGerm4n11 hours ago |
comments
upvoteby viktorcode5 hours ago|
next
[-]
To become dystopia people must be forced to use locked down smartphones. In reality you buy the one that suits your needs and do not enforce your design decisions on the smartphones other people use.
reply
upvoteby tavavex3 hours ago|
parent|
[-]
Where is that free choice that you see "in reality"? This post is about the opposite of that getting put in place. The actual reality is that almost every service provider is converging on supporting a few extremely restrictive options. From every private service you can think of, to key government services. They all are saying "to interact with us, you must use one of these two types of devices, with all the attestation and security measures intact". It's impossible for people to make their own design decisions or choose for themselves, because other options do not have the corporate/government blessing.

It's ridiculous that you look at all of us being forced into a government-protected duopoly, and then say "Don't you dare force your decisions on us!" to anyone suggesting that this should not be the default. Rules for us, but not them.

reply
upvoteby viktorcode1 hours ago|
parent|
[-]
> They all are saying "to interact with us, you must use one of these two types of devices, with all the attestation and security measures intact"

Are you claiming that this is the only way of interacting with particular government services, with the other ways that existed before the app no longer being available? To make situation „dystopian“ this must be the case.

reply
upvoteby Avamander9 hours ago|
prev|
[-]
Once SafetyNet was brought to Android a decade ago the tendency has been clear - these freedoms are going to be restricted heavily.

Because how do you make sure it's the user who does those modifications, willingly and well-informed? That it's not a malicious actor, not an user getting socially engineered or phished? Incredibly difficult compared to the current alternative.

If it's not a software root of trust that provides an attestable environment like Android or iOS. It's going to be a hardware root of trust that provides an attestable hardware environment, like SGX. I can predict no other practical avenue taken. Unless the orangutan really forces a demonstration on how untrustworthy these environments can be and a lot of money and effort is spent.

reply
upvoteby lvass7 hours ago|
parent|
next
[-]
You can maybe, trust the user to handle it's own certificate in their own devices? Though I admit requiring attestation is probably a good default.
reply
upvoteby Avamander7 hours ago|
parent|
[-]
One important feature of a legal ID is that it's hard to copy, so attestation from the hardware storage would have to be basically mandatory.

But yeah, the user could have a choice to this extent.

reply
upvoteby 6490287638 hours ago|
parent|
prev|
[-]
[dead]
reply