It's also the fact that it forces each citizen to pay a few hundred Euros to companies which then campaign against their very rights.
Citizens get no support of any kind in case of issues, and has to enter a contractual agreement which is ridiculously asymmetrical, where the company has little to no responsibility of any kind, but has very ample rights to track the other party in extremely creepy ways.
In addition to the money, actually using them would be hundreds of times more complex, and they don't have the provisions Google has, for example accessibility and security services (like actually stopping people stealing accounts on a large scale). All of this can be done, easily even, but it isn't. Politicians don't want to.
https://www.itsme-id.com/business/platform/identification
https://france-identite.gouv.fr/
https://english.rekenkamer.nl/latest/news/2023/03/29/digital...
1. Completely outlawing remote attestation.
2. In a world where remote attestation is given, let it be controlled in a fair way and not just by Google and Apple.
The risk is that only fighting for (1) leaves you in a world with remote attestation, where only Google and Apple can decide who gets to pass and who not. In fact, that is pretty much the world we are in already.
I agree that they are both worth fighting for, but I think (2) is much easier to accomplish, simply because Play Integrity is probably a DMA violation. (IANAL blah blah)
It would be a win for GrapeheneOS users though, so I hope they do get support.
You should never base your trust on the other party having a piece of hardware that has restrictions that you approve of. That is fragile, especially in a world where some people are better at making or modifying hardware than others. It is also a fundamental violation of basic freedoms to prevent people from modifying hardware that they own, and not something you can reliably police, and thus is a terrible way to establish trust from a technical perspective.
It's much better to base trust on established cryptographic methods on a protocol level. You treat them as a black box, and the trust is established by the inputs and outputs, not what's inside the box. An example of this would be handing them an image of a digital ID paired with a cryptographic signature that only the government holds the private keys to. They have no computationally viable way to edit the image and still have it match the paired signature. It's easily verified based on the government's public key, and they cannot re-sign it without the government's private key. It doesn't depend on hardware restrictions.
The fact that there is so much focus on hardware means there are likely deeper motives here, e.g. surveillence being dressed up as convenience.
It never „let`s check if the mobile user has purchased in-game content server side to prevent pirating it“, its „suspend any account that has signed in with a device that fails safetynet, permanently ban any account that has failed a jailbreak or root checks“
It never „let`s check and calculate statistically cheating probability and move damage calculation server-side so that player cannot godmode or modify their APK“, its „all non-stock phones are cheaters and fraudsters, ban all of them, use invasive anti-cheat, while continuing to have client sided damage and health and energy because it is easier“
Something else has to change first otherwise the only option for businsinses do will be, after 2 is implemented : „while yes it is now possible to allow a neutral third party to control attestation, someone higher-up such as legal has said ONLY google can and we will ban everyone else“
As long as it is easier to don't give a fuck, that is the option that will be taken. z.B. the only reason our publisher allow the removal of play services was finding out that chinese players on definitely not google certified phone spends the most by orders of magnitude and even then it is only relaxing the check for specific region, forcing all EU players to continue to have this checking.
I would be wholly unsurprised if the result was to continue to require attestation but allow GrapheneOS f.e. only in Motorola factory shiped phones and disallow it if the user was involved in any way in the installation of it.
Nice
If we gatekeep service access to specific implementation attestations, it becomes much harder for new implementations to emerge. It doesn't really matter who controls the process.
In that sense, it's always bad. In this specific scenario for example it directly blocks emergence of alternative Android ROMs and Android-mostly-compatible devices like the various Linux phones.
There may be times where that downside is worthwhile, but it's always a downside, and we should very strongly discourage attestation wherever possible on that basis for the health of both the tech ecosystem and the business market around it.
So, there are certainly useful applications.
I suppose if you've bought a device with GrapheneOS already installed, you can use it to verify the installation. But that could also be achieved by reflashing a known-good image yourself.
Admittedly, most of these are probably nation state-level attacks, but I think some GrapheneOS users are the target of such attacks. Also, it doesn't hurt to run Auditor after a fresh install to protect against the second scenario. It only takes a minute, better safe than sorry.
I struggle to think of a useful use for it on the end-user client side, though.
If you've installed RealActualBankApp (with the ID of real.actual.bank.app) once (from whatever source!) then there cannot be another app installed with that same id but signed with a different public key (oversimplified version of the story, there is a key rollover scheme).
You can however install an imposter app that's also called RealActualBankApp, with the same icon. It'll need to go by a different ID.
So then we're down to the same problem, or pseudo-problem, of identity confusion, as we have for banking website URLs. Where is the ID/URL shown, and does the user know that it should be mybank.com and not mybank-incorporated.com ?
"Adding support for GrapheneOS" means allowlisting their AVB keys specifically, it does not open a door for 3rd party implementations in general.
If you run GrapheneOS on a different device of your choosing, attestation would fail.
If you run a non-GrapheneOS custom ROM of your choosing, attestation would fail.
1. Smart Cards (for example The Current National ID)
2. Standalone Hardware Tokens & USB Keys
Yes, I'm sure they'll still allow for mail-in of obscure forms to access public services, which will then take 3 weeks to be processed.
If the EU actually wanted to "anticipate" this danger they'd have made it mandatory to include a physical form factor in EUDI wallets. In reality, they don't mind this danger, so it's optional, and you can bet most countries won't include one and make Google and Apple the only options.
It's about ownership, not tinkering. It's about preventing megacorporations from having the last word about how government services can function and how people can interact with them.
1/3 of the population functionally illiterate in Europe seems beyond wild to me.
Are you talking about technical illiteracy? security illiteracy?
Or do you mean they can't read english, which is a very different thing.
How good this can become?
Rates seem to vary state by state, from as low as 8% (denmark) to 43% (romania).
It's also not a clearly defined target, since it would be better to have rates based on the reading comprehension of the average school at year X or something similar.
Is it "functionally illiterate" if you can read the language aloud and not understand it, if you also wouldn't have understood the same thing spoken to you? That seems like it's about comprehension ability, not literacy.
Although one thing that just occurred to me is that if your reading level is low, you might be using all your cognition on reading so that you don't have spare capacity to understand as well - that's frequently the case for me with e.g. Chinese where I can read an entire passage out and then the teacher asks what the passage was about and I'm just thinking "I dunno, I wasn't thinking about that but I think I understood everything".
And that's definitely a different problem to being able to sound out the words, but just having no idea what those words mean, whether you read them or heard them.
And does it have to be your native language, or in any language? Not trying to nitpick, it just feels like the phrase can be usefully applied to a foreign language too.
"functionally illiterate" is the brush that one paints with when describing people of opposing political viewpoint or lower socioeconomic status, for example.
Being kinda dumb and graduating school without reading a book is not a socioeconomic status
https://www.southtyneside.gov.uk/article/16247/Public-Health...
> Guidance tells us the average reading age in the North East is lower than the national average at between 9 to 11 years. To put that into context The Guardian Newspaper has a reading age of 14 and the Sun Newspaper has a reading age of 8.
Health literacy specifically is a major problem in healthcare
https://literacytrust.org.uk/parents-and-families/adult-lite...
> 1 in 4 (26.7% / 931,000 people) adults in Scotland experience challenges due to their lack of literacy skills.
I find that page somewhat ironic as they claim 18% is one in six, but 17.4% is one in five. Seems numeracy is as big a challenge.
The US is no better according to wikipedia
> In 2023, 28% of adults scored at or below Level 1, 29% at Level 2, and 44% at Level 3 or above
> Adults scoring below Level 1 can comprehend simple sentences and short paragraphs with minimal structure but will struggle with multi-step instructions or complex sentences
> Adults scoring at Level 3 or above are considered "proficient at working with information and ideas in texts
Fairly sure that in most countries the average person reads less than 1 book per year, so half of the population reads less than that. I know people who haven't read a book since highschool, when they were forced to.
The Average Briton allegedly reads 15 books per year. I assume its self reported and poorly sampled. Otherwise its very hard to believe (and variance between countries seems way too high) but stats like this (especially more subjective ones like functional literacy) are usually not very useful on their own.
Whoever believes those statistics I have a strait to sell to
Play Integrity actually does both and passing remote attestation is necessary to pass Play Integrity at the strong level. Remote attestation is used for this level, since a modified OS could fool DroidGuard.
I'm sorry if my comment was not clear in what I was referring to.
What makes Android and Apple devices special?
It's an ill-defined "security" measure that should be viciously opposed anywhere it shows up.
Obviously some companies do despite the risks, I wouldn't expect this of any individual company, but as a whole some company will once in a while anyway. So stay vigilant.
Other interested parties can still be trying to steer the ship.
https://digital-markets-act.ec.europa.eu/contact-us-eu-citiz...
The more examples they get of actual citizens that get hit by this, the better. I have recently sent messages when Google introduced their new device-based recaptcha and when Volkswagen started blocking GrapheneOS. Of course, do not yell, explain patiently and with good argumentation why you are affected by Play Integrity and how you believe Play Integrity is used to enforce the duopoly + goes counter EU sovereignty.
Also, for apps that use Play Integrity, e-mail the company. React to their boilerplate replies with follow-ups (this slowly seems to get some headway with VW). Also leave a one-star review on their app, explaining in the review that they broke support for your system.
I know that this can all seem hopeless. But especially GrapheneOS is getting a lot of momentum now, rapidly gaining more users. It feels like it is a moment in time where we can seriously influence things for the better. There are ~500,000s users now. If everyone actively participates, we can move the needle.
These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Germany was going in the right direction imho, they NFC enabled their ID cards (Sweden has info on them but no enablement procedures) that is then paired with the app, so the card acts as a 2nd factor that makes the app itself less of a security issue since a user will be required to physically enable it (sadly the NFC pairings are kinda fiddly.. but I'd take that as a security option for all non-trivial transfers).
Many countries in the EU already have all of that just done though some national equilevant system (for example here in Finland mainly with bank credentials).
And in fact additonal checks are done when enough money is moving. For example when I signed my bank loan for an apartment I had to sign it again after 24 hours just to be really really sure that I wanted to sign it.
For smaller (but still big enough) stuff a second "second factor" usually kicks in usually in the form of a sms verification after the actual proper login with bank credentials (which has a proper 2 factor auth in itself too)
BankID is _in theory_ a nice technology. However, it is only handed out to people registered with the Swedish tax authorities holding a Swedish bank account.
All daily activities are nowadays bound to BankID: need a doctor's appointment? -> needs BankID; Want to buy something on Blocket? -> needs BankID.
As an European frequently spending some time in Sweden not in possession of a Swedish tax #, I feel very much excluded from online and partially offline activities in this country.
But on the plus-side the Swedish state-eID solutions is planned to be delivered by end of year and hopefully most organizations will start migrating or at least dual-supporting them and in doing so also fix their services to support foreign eID's in the process.
Sure a 24h delay or SMS code are 2 way but they fully fall into the bandaid category.
In the past we used to have disconnected dongles for banking, the bank issued a one-time challange and you entered the response along with your username. Now there are disadvantages with those also but at least it was fully airgapped.