zlacker

>>dagurp+(OP)
This is especially rich coming from google's, who's 'safetynet' for android results in a significant reduction in security (contrary to its stated purpose): it locks out 3rd-party up-to-date and secure ROMs while allowing horrificly insecure manufacturer-provided ROMs to still pass, because to disable those would cause a massive user outcry. So it functions as a vendor lock-in but no meaningful increase in security for the average user, while preventing more advanced users from improving their security without needing to buy more hardware. This needs to be called out more to push back against the claim that this kind of attestation somehow has a legitimate benefit for the users.

>>rcxdud+5F1
And speaking of user-hostile, locked-down phones...

a galactic irony that Ben Wiser, the Googler who posted this proposal, has a blog where his most recent post is a rant about how he's being unfairly restricted and can't freely run the software he wants on his own device.

https://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-my-...

https://github.com/RupertBenWiser/Web-Environment-Integrity

>>dcposc+Ju2
It's not clear when his most recent post is; the server says "Last-Modified: Wed, 26 Jul 2023 06:00:31 GMT" but I believe I saw references to this post before that in the current discussion.

(What's with the trend of completely omitting any dates on a blog?)

>>userbi+3S2
> (What's with the trend of completely omitting any dates on a blog?)

I hate it so, so much. But it's been a thing for at least 5 or so years.