I attestation should be abolished altogether. An app should have absolutely no way of knowing what kind of device it’s running on or what changes the user has made to the system. It is up to each individual to ensure the security of their own device. App developers should do no more than offer recommendations. If someone wants to use GrapheneOS, root their device (not recommended), or run the whole thing in an emulator, a homemade compatibility layer under Linux, or a custom port for MS-DOS, that should be possible.
Exactly. It's my own device, I can do whatever I please with it. There shouldn't be an automated way for apps to check if my device has been blessed by the US tech giants or not.
I agree, you should be able to run anything you want, root your device, etc., but you also have to accept the consequences of that. If an app can no longer verify its own integrity, certain features are simply impossible to implement securely.
Think of it this way: A physical ID (which is what we're trying to replace here) also has limitations, it looks a certain way, has a certain size, etc. Just because somebody wants a smaller ID or one with a larger font or a passport in a different colour or whatever, doesn't mean that this should be allowed or possible. Some limitations exist for a good reason
Users have the right to modify any app running on their own device. Software security should never depend on the user having no control over their own device. Smartphones are essentially just regular computers, and on them you can use a debugger and do whatever you want. Viewing smartphones as closed systems like game consoles where you need the manufacturer’s permission for everything only leads us into the dystopia that Richard Stallman described as early as 1997 in his short story "The Right to Read"
To become dystopia people must be forced to use locked down smartphones. In reality you buy the one that suits your needs and do not enforce your design decisions on the smartphones other people use.
Where is that free choice that you see "in reality"? This post is about the opposite of that getting put in place. The actual reality is that almost every service provider is converging on supporting a few extremely restrictive options. From every private service you can think of, to key government services. They all are saying "to interact with us, you must use one of these two types of devices, with all the attestation and security measures intact". It's impossible for people to make their own design decisions or choose for themselves, because other options do not have the corporate/government blessing.
It's ridiculous that you look at all of us being forced into a government-protected duopoly, and then say "Don't you dare force your decisions on us!" to anyone suggesting that this should not be the default. Rules for us, but not them.
> They all are saying "to interact with us, you must use one of these two types of devices, with all the attestation and security measures intact"
Are you claiming that this is the only way of interacting with particular government services, with the other ways that existed before the app no longer being available? To make situation „dystopian“ this must be the case.
Once SafetyNet was brought to Android a decade ago the tendency has been clear - these freedoms are going to be restricted heavily.
Because how do you make sure it's the user who does those modifications, willingly and well-informed? That it's not a malicious actor, not an user getting socially engineered or phished? Incredibly difficult compared to the current alternative.
If it's not a software root of trust that provides an attestable environment like Android or iOS. It's going to be a hardware root of trust that provides an attestable hardware environment, like SGX. I can predict no other practical avenue taken. Unless the orangutan really forces a demonstration on how untrustworthy these environments can be and a lot of money and effort is spent.
Comparing being able to run the hardware and software of your choice to "wanting a passport in a different color or whatever" is so completely fucked, and it's beyond insane as a justification for giving two American tech companies with a well established track record for doing evil control over your citizens' ID.
The world has gone absolutely mad, what the fuck am I even witnessing? It is quite literally becoming 1984 in front of my eyes, with people
complying completely voluntarily and openly advocating for it, not even a threat of force to make it happen.
Demanding full control over something like an ID will fundamentally not happen. The same way you won't have full control over the way passports or paper bills are made.
Take for example the expectation that some poor fool's ID can't be cloned and reused by malicious actors - full control directly contradicts that. It will not and must not be possible.
We don't need 'full control' over an ID. We need the status quo, where we have mostly have control over our devices, and where paper IDs are still the foundation of society. Things are fine the way they are. There are problems, sure, but no problems that are made better by an all-encompassing surveillance state.
If I am lashing out, it is because this is perhaps the most dangerous thing I've ever seen proposed, and it is deeply distressing how people are sleepwalking into it. To be honest, if I were German, I would probably just kill myself the day I was legally mandated by my government to register my identity with Google. That might sound hyperbolic, but I'm really not kidding. I have lived with privacy, anonymity, and freedom for all of my life. If the future of this world is one where the government and Google have complete control over every single thing you do, I'd rather die having lived a satisfying life than witness the horrors that are to come.
How do you use your paper ID to to prove identity or age or citizenship to someone hundreds of kilometers away whom you are conducting an online transaction with?
> It's not that important to be able to do that. You have been educated to trade your freedom for that kind of convenience, but it is not necessary.
It's important enough that people do so without any eID, using methods both more invasive and less reliable. Gas bills, document photos, having to take videos and pictures of yourself.
Humans have lived in caves and died of preventable diseases, it doesn't mean it's a better way of living.
>To be honest, if I were German, I would probably just kill myself the day I was legally mandated by my government to register my identity with Google. That might sound hyperbolic, but I'm really not kidding.
This is honestly not a good argument - it makes you sound desperate and puts in doubt your mental stability. I don't think you actually have mental problems, I just mean this this kind of argument comes off bad.
Also nobody is forcing anyone to do anything. You don't have to own a digital ID. It just makes things easier, because you can sign things over the internet, or present your phone instead of your plastic ID. Both things already have alternatives (qualified signatures and regular physical ID), so no immediate harm is being done.
Don't get me wrong, I am personally anti bigtech, I try to degoogle as much as possible, and I find the thought of my government coercing me to use google/apple duopoly repulsive. I dislike that, but using phones (instead of for example dedicated hardware) IS pragmatic, and you are not forced to do anything.
For now. In 5 years you will, there is not one doubt in my mind about that. We've been on a slippery slope for (at least) 40 years straight, every year is a loss of privacy rights compared to the last, there is not a single year that reversed the trend, not a single year where we paused and stayed where we were. Once digital ID is implemented everywhere, alternatives will be quickly phased out. It's straight downhill as governments and corporations take more and more advantage of technology to build a degree of surveillance that even dystopian science fiction writers couldn't imagine.
The government, the corporations, the data brokers each individual corp sells your data to to compile a unified profile, and anyone the data brokers are willing to sell to have an unbelievable amount of information on the average citizen. They know where you live, where you are at all times, where you work, every website you visit, every Google search you've ever made, everything you purchase, all of your acquaintances, when and for how long you call those acquaintances, the full contents of any conversations you have with those acquaintances, your interests, your hobbies, your political beliefs.
I have thus far managed, I believe, to avoid the worst of the surveillance, with a tremendous amount of effort and the sacrifice of an unbelievable amount of personal convenience. But every year I find myself losing access to more and more things that I am unable to do without compromising my privacy. If it gets as far as government-mandated Google ID in my country, I think it's completely rational to kill oneself rather than live like cattle. If there were a resistance movement, I would participate in that instead, but this is happening completely voluntarily. You people want this. There is no resistance. Fine, you can have your dystopia. But there is no reason I need to be part of it, and I don't think it's a sign of mental illness to opt out. I don't much believe in living for the sake of living, you should live if it brings you happiness/satisfaction/whatever and don't if it doesn't.
The clauses are [with a well established track record for doing evil] [control over your citizens' ID], if that's not clear. I wonder from where your quote cut off if my sentence was misunderstood.
As to the well-established track record of doing evil... gestures broadly everything? Google in particular has built an empire on stripping away people's privacy, and they regularly ruin people's livelihood by eg. shutting down Youtube accounts incorrectly with automated systems and no way of ever reaching a human for support unless you're famous enough to make it a PR issue. Apple is the same, just recently with a thread on HN lamenting that Apple was destroying their business because they revoked their dev license, or in other words, a private company unilaterally revoked the ability of a business to create mobile software for billions of devices. And now we want to give them control over our IDs? ????????????????????????
Well, in that case, if they want full control and attestation yadda yadda, I'm fine with them shipping me a device they fully control exclusively for use of this stuff. But if we're talking about my smartphone that I paid for with my money that I worked for, I will do whatever I damn please with it. So I guess that means eIDAS will be inaccessible to me.
Why not just have the Secure Enclave in the ID card and use NFC to communicate with it? Think about it, you literally have dozens of computers between you and the provider. Routers, middleboxes, load balancers, servers etc, all insecure or untrusted, but somehow my device needs to have their special rootkit and hardware DRM. A separate device that can be provisioned with ID is the least to ask. If the government doesn’t trust me with my device, fine, but then return the favor - I don’t trust them either. Both governments and corporations that are gonna use this have long track records of invasive, often illegal spying - whereas my track record is letting people mind their own business.
The German version of the eDIAS app should be completely banned from being used for age verification, if they wish to continue the project. Otherwise it effectively bans you from a sizeable portion of the internet, unless you accept unacceptable privacy violations.
True, but its really hard to name a family of commercial devices with security features in hardware, including serious security features, which were not eventually hacked.
Worse still, for new mainstream devices that are believed to be safe the state sponsored actors will likely operate unpublished exploits, and will exploit the misplaced faith people and judiciary will put in device attestation. I dont think the very likeable people who worked on Pegasus found themselves respectable jobs - they are likely still selling that sophisticated crap to all authoritarian regimes.
> An app should have absolutely no way of knowing what kind of device it’s running on or what changes the user has made to the system.
and therefore the app cannot give a reasonable guarantee that it is not running in an adversarial environment that actively tries to break the app's integrity. Thus, the app cannot be used as a verified ID with governmental level of trust.
There's a difference between needing to lock down the whole OS and just the secure element. The secure hardware component can sign a challenge and prove possession of a private key without you being able to extract it. Smartcards have done this for decades (most people here will know an implementation under the name Yubikey).
Conveying authentic information across untrusted channels (your phone screen, say) has been a solved problem since asymmetric cryptography was invented back before I was born
If your app needs to be protected from harm, it cannot protect the user from said harm. I hoped software engineering culture was lucky to not have the same precepts that make lockpicking a crime in the real world, that we successfully make it into common knowledge that you can't grant any trust to the client, but it seems "trusted computing" is making some of us unlearn that lesson.
You do not have to trust the device if you can verify the information it provides, either cryptographically or by checking with an authoritative trusted server.
> governmental level of trust
This made me laugh out loud. Not because it's a meaningless phrase (where does "governmental" rank on a scale of fully to least trusted?), but because it seems to imply that governments do not have a miserable track record when it comes to IT security.
Though I suppose considering a security model sound because it uses security through obscurity like a blackbox integrity check would be very... governmental.
Does that mean "govermental level of trust" ranks somewhere between "snake-oil" and "cope"?
> an adversarial environment that actively tries to break the app's integrity
Can you elaborate on what this means? Who is the adversary? What kind of 'integrity'? This sounds like the kind of vague language DRM uses to try to obscure the fact that it sees the users as the enemy. An XBox is 'compromised' when it obeys its owner, not Microsoft.
Exactly this. And whats more, the idea of device attestation makes people trust those devices, and the history of rooting consoles and phones proves that nothing holds, even tech backed by billions in commercial interest.
The whole point in reducing the blast radius is valid - by all means make this optional and allow the user to elect to tie their identity to the device. For everyone else, implement validation of actual transactions, not just user secrets and device secrets.
This is the original sin of modern computing. Almost all anti user features are only made possible because we didn't pass laws against "secure elements" that serve the maker and not the owner when NGSCB got announced.
That is exactly why a Duress Pin, like the one in GrapheneOS, should be standard everywhere. Ideally, it should also include an option to visibly destroy the device by overheating it, to ensure that no one can accuse you of not having actually deleted the data and keep asking for a password.
I like the idea of having a user-friendly app that lets you use LLMs locally. Tools like Ollama and LMStudio tend to put most people off because you have to decide for yourself which models to use and there are so many settings to configure. If the hardware you’re using is compatible, Ensu could be a drop-in replacement for casual ChatGPT users.
However, it’s a bit confusing because, for example, a larger LLM model was downloaded to my smartphone than to my computer. It would probably make the most sense if the app simply categorized devices into five different tiers and then, depending on which performance tier a device falls into, downloaded the appropriate model and simply informed the user of the performance tier.
Over time, it would then be possible to periodically replace the LLM for each tier with better ones, or to redefine the device performance tiers based on hardware advancements.
I don’t understand why people think it’s so difficult to build a website. If you let go of the idea that every little site has to look ‘modern’ and have thousands of features, it’s really easy. Stallman’s website would be a good example. It’s super minimalist, and there’s nothing stopping a restaurant from building a site like that too. The homepage can simply list the opening hours and special offers, and then have a subpage listing the regular menu. All you need is HTML and a Server. If you don't want to rent one just buy a Raspberry Pi and host it at the restaurant or at home. Even if you don’t know much about technology, you can always ask a computer science student or a friend’s child to do it for a bit of pocket money.
Yeah. "put some HTML on a server" may as well say "split a few atoms" for people who have never done so.
No one is saying that it's impossible to learn all that stuff. But it takes time, has a fairly high entry barrier (despite LLMs and all that), and needs to happen _while_ keeping the business afloat.
This time it's satire, but I bet someone will offer exactly that for real in the next few days. The idea is unethical but far too lucrative from a business perspective.
Often OSS is used not because you want the software, but the software and the upkeep. So even with such a service, you're now just taking code in-house that you have to maintain as well.
9b with 4bits runs with around 60 tok/s on my RTX 4070 with 12GB VRAM and 35b-A3B runs with around 14 tok/s and partial offloading. For roleplaying I prefer the faster 9b Version but for coding tasks both aren't really usable and Claude is still way better especially if you manage to persuade your employer to give you unlimited access.
Germany is an absolutely terrible choice for this. Other Email providers such as Tuta which also offer encrypted emails, were forced to install a backdoor. As soon as the police arrive, every future email sent to the account in question is copied unencrypted without the person being informed.
This is much worse than passing on payment details or stored backup email addresses, as Proton Mail is required to do in Switzerland.
> Other Email providers such as Tuta which also offer encrypted emails, were forced to install a backdoor. As soon as the police arrive, every future email sent to the account in question is copied unencrypted without the person being informed.
Important caveat: Tuta was required by a court to provide police with access to a customer's _unencrypted_ emails (ie regular SMTP mail). The police had also asked for a backdoor to Tuta's E2E emails, and that request was rejected by the courts.
But the idea behind Tuta and Proton is that emails are encrypted when they arrive in the inbox. The fact that emails sent between Tuta users are still safe offer little added value because distribution is far too limited. The reason people choose such a provider is that they do not want the authorities to have access to their mailbox, but this is undermined by a backdoor. Switzerland is much better off in terms of the legal situation in this area.
It's really cool that you can simply get the full text from sites that refuse to offer the entire text in their RSS feed, without having to go to their site.
However, there are a few things that don't work so well. When you add feeds from YouTube, the video is not embedded. Even if the feature is out of scope, it would be good if the title and a link to the video were displayed instead. Also Bluesky posts lacks the embedded content.
Furthermore, a maximum of 100 feeds is clearly not enough. If you add things like YouTube, Reddit, Lemmy, Bluesky, etc. you will reach the limit very quickly. Even if these are not content that you actually read in the reader, it would be annoying to have two different RSS Apps just for that reason.
But it's not my system it's just a container that I can delete. If you already have the image it takes less than a second to deploy them. Podman is rootless, which makes it almost impossible for anything to escape from the container.
reply