Privacy

38741 readers

1004 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

What is the future of Google Play Intergrity APIs (and similar concepts)? Do you think we can find a way to bypass these, or is the future of the digital world just authoritarian and dystopian? (sh.itjust.works)

submitted 4 days ago by [email protected] to c/[email protected]

63 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 18 points 4 days ago (6 children)

Well the idea of having attestation isn't the problem. The problem is that apps requiring attestation (banks, insurance providers, ID-systems) use the most convenient solution. Slapping on Googles prebuild attestation. Graphene for example, provides alternative attestation for their OS and offers docs for anyone to implement a more fitting set of checks.

There are two approaches here: If you're upset that your hacked-to-bits, rooted, unlocked and/or unencrypted device is failing checks: I'd say, tough luck. Until we can create provably untampered app-containers, that level of access genuinely breaks TOS on apps and regulations on handling personal data. Breaking those checks is then breaking those compliances in an unsafe way.

If you believe your setup is actually secure and compliant, just not in a way the allmighty Google intended: Try and get an attestation module for your setup. Fight for these apps to accept non-Google attestation and fight for devices that don't artificially limit what can pass as secure.

[–] Auli 2 points 2 days ago

What kind of bullshit is this. Breaks what regulations? You know everyone allows things to happen on a computer which guess what you have root access to and is "unsecure" This bullshit gets said so many times but it is not true.

load more comments (5 replies)