Not when my mobile device is attesting to my home server with OSS attestation software, or my USB Armory with OSS firmware for local "remote" attestation. GrapheneOS can attest to a 2nd mobile device running GrapheneOS, or a web verifier. This is not rocket science. Provide a mobile setting for attestation server URL.

> Every major service is going to use it. Guaranteed.

Hence there must be a mandatory option to define your attestation server. Advocating for the right to specify and/or host your arbiter of device trust (including firmware RoT) will do infinitely more for freedom than arguing against cryptography.

No, dude. Look at Google SafetyNet / Play Integrity. It's used by banking apps, streaming apps, certain games, and much, much more, to lock out devices that don't pass. I believe one of the last Android devices that will ever be able to pass SafetyNet while rooted is the OnePlus 7 Pro. Not that I'm ever going to tweak on Android again until TWRP adds a setting to disable OpenRecoveryScript, since a complete lack of prompting for consent is how I had my last major data loss.

(Apparently it would kill them to add anything like a "script execution in 5 seconds, cancel?" popup.)

ISV/app misuse of remote attestation does not preclude valid use cases under device owner control. Android Virtualization Framework is the first step in reducing the over-broad conflation of device measurements with "security". It can lead to narrower measurements and attestation of specific OS components , while opening up other components to user modification without "breaking" device verification.

Okay... and then someone releases some new "security" library with an all-or-nothing philosophy that contains every possible check under the sun for any kind of rooting, modification, customization or even unlocking - and then all the banking apps start using this.

You can't win against security theater. You just can't.

Don't be demoralized by PTSD :)

AVF/pKVM is not security theater, especially if "apps" are incorrectly using attestation. pKVM provides strong isolation between Android and other VMs, using CPU support for nested (2-level) virtualization. The Android "host" VM can be isolated from the Debian Linux VM.

Search for pKVM technical videos. Implementation code was upstreamed to mainline Linux around 2021 and is public.

Banking websites work on desktop Linux browsers, which can be run in the isolated Debian Linux VM.

Hah, you kidding? PTSD rules my life~

> AVF/pKVM is not security theater

I said the banking apps are full of security theater. That's why they do root checks and such. AVF/pKVM will not prevent apps from incorrectly using attestation. If there's a way for an app to check for root or any possible deviation from fully trusted and unmodified, then it will be checked by certain types of apps, like banking apps, that rely on security theater. To be clear, the checking everything possible and completely locking you out if anything is even slightly off is the security theater. Not AVF/pKVM itself.

Sadly not the first or last time that technology is wielded imprecisely or carelessly. Improvement options include:

  1. Marketing and rewarding non-theatrical attestation
  2. Open training content for attestation best practices.
  3. Symmetrical 2-way attestation of open components.
  4. Automated CI/CD detection of over-broad attestation.
  5. IETF or other advocacy to improve attestation protocols.
  6. Legal/regulatory mechanisms.

Your attestation server doesn't matter. The corporations are not gonna trust any attestation provided by your home server running open source software under your control. They're not gonna trust GrapheneOS's AOSP attestation where you provide your own keys. Simply because your open source software has the power to straight up wipe out their entire business models if left unchecked. They'll deny you service if you use it.

Think about it. You can reverse engineer their apps and network protocols and build better software that doesn't advertise to users, that doesn't collect their information, that automates boring tasks, that copies data they don't want copied, that transmits data they want censored. This stuff directly impacts their bottom line and they absolutely want cryptographic proof that you are not doing anything of the sort.

They're not gonna trust your keys. They're gonna trust Google's and Apple's. Because their interests are aligned with Google's and Apple's, and not with yours.

They've set things up so that they own the computers. They're just generously letting us use them, so long as we follow their rules and policies. If we hack the computer to take control of what should be ours to begin with, they call it "tampering". And now they have hardware cryptographic evidence of this "tampering". This allows them to discriminate against us, exclude us. Since it's hardware cryptography, it's exceedingly difficult to fake or bypass.

This is the future. Either you use a corporate pwned computer, or you're ostracized from digital society. Can't log into bank accounts. Can't exchange messages over popular services. Can't even play stupid video games. Can't do much of anything unless somehow hackers create a parallel society where none of this attestation business exists.

What good is free software if you can't use it? It's worthless.

I'm glad the conversation has moved from attestation to trust :)

If you look at inter-corporation contracts, it's clear that corporations don't trust each other. We're in a neolithic era of attestation, used primitively with wides collateral damage. More granular options exist, look at the architecture of QubesOS for one example. Android Virtualization Framework should enable more examples.

Remember when SSL certs were monopolized by a small number of players? Then the push for HTTPS usage lead us to LetsEncrypt.

There's no technical reason that a similar organization could not exist to improve tooling and coordination for decentralized and meaningful attestation of specific components (note NOT devices) and the security architecture by which components are composed into devices.

All is not lost, these are only early contests of competing visions.

It doesn't matter that better technology could theoretically exist. It matters that remote attestation almost perfectly serves the interests of corporations and governments.

The better, more granular technology doesn't matter. The banks won't use them, they'll say it enables fraud and money laundering. WhatsApp won't use them, they'll say it enables spam and scams and abuse. Streaming apps won't use them, they'll say it enables copyright infringement. And so on, and so forth. The only technology they'll use is the one where they maintain control over the machine.

They will not tolerate the machine being yours. Because if you own the computer, you can make it spam people and copy movies if you want to. They gotta own the machines. If they can't, they'll take their balls and go home.

Absolutely. My bank does not allow many operations via web browser anymore. It directs me to use the mobile apps. "Fraud prevention". All banks in my country are like that.

They only allow internet banking on a personal computer if you install their "security module". It's a kernel module that makes the computer incredibly slow. Once upon a time I tried to reverse engineer that thing to figure out why and I caught it intercepting every single network connection. That told me all I needed to know.

They want to own our computers. They think it's justified. As if "fraud" excuses everything. There is no limit they wouldn't cross. It's about control. They want to have all the control while we have zero.

These virtual machines you speak of would be running on our machines but configured so that we actually have zero access to them. Do we really own the machines if we can't see the code they're running? If we can't view or edit the memory?

Those virtual machines are little foreign embassies on our machines that lets them claim sovereignty over our computing resources. It's our land but their territory and laws. Our computers, processors and memory but their code and data. They carve out little niches out of our own hardware that even we cannot access.

Stuff like this cannot happen without them usurping some amount of power from us. And they will probably usurp far more than they need to. Because they can.

Agreed though. Any major vendor deploying this globally and making it available to developers without restriction would be an affront to our freedom.

Google and Apple have already done it. And one day it'll show up in desktops too.