Ah yes, security through obscurity. Great security pattern.

And rightfully so. Any kind of remote attestation is horrible for consumers.

If I convert my claude-code to pastafatianism, will it be able to cook spaghetti for me? Will it also pick up sauce recipes if I put them into the skills directory?

Their demo app is surprisingly good at rendering and processing all those monstrosities that webdevs create instead of websites. It still lacks polish, more complicated APIs, the browser tooling around the engine and so on, but I was still impressed when I tried it.

Being honest, I would be surprised if there wasn’t malware there. The whole Telegram platform is kind of a nesting ground for it.

That’s why one should be using OSM.

Two absolute shits have found each other.

https://f-droid.org/packages/dev.davidv.translator

Offline on-device translator. Also uses AI because what else?

The best option is to pay the hotels directly.

RIP -> BIH (burn in hell)

On device? While google services are present there? In this universe?

IDK Rick, seems like hype-driven something that will either cease to exist or leak all your data in like a half a year. At this point I’d better self-host.

Digg is still alive?!

Try pi.dev. It’s also open source and works fast and without all those bells and whistles.

None of the privacy-seeking people in their sane mind would use Instagram at all, being fair. But yes, it still sucks.

Seems like a good reason for a fine :)

It doesn’t really matter in the context of this particular topic. They’ve highlighted the problem and I think in here we should abstract from their personality and their conflicts with Murena & Co., and focus on the problem itself.

And the problem is that, regardless of who’s implementing the attestation technology and regardless of who is critizing it, the very concept of device attestation based on OEM/Google/Apple/Murena/GrapheneOS/whoever approval is harmful and anti-consumer at its core.

No matter who owns the authority to decide which devices are deemed “good” and which are deemed “bad”, this authority shouldn’t exist at all. Only the user should be in charge of the decision of which os to use — be it Google’s Android, GrapheneOS, MIUI, eOS, PostmarketOS or MS-DOS — OEMs/Google/Murena/etc should have no say in it.

Actual NFC payments (as well as security in general) are absolutely irrelevant to this attestation technology. NFC for payments works perfectly (and not by a bit less securely) without all this “security” circus — because NFC payments (and any other kind of banking or payments) is just a completely different thing.

The only thing that this kind of attestation does is proves to the app (in this example, a banking app), that the device it runs on has been deemed by the OEM (or Google in case of Play Integrity) as worthy.

And I specifically wrote it as “deemed as worthy” because it is exactly what it is: “deemed” doesn’t mean that it was certified or analysed for vulnerability or even properly updated, and “worthy” doesn’t mean that it’s actually secure or even capable to be secure.

This whole technology and the claims about its “security” is just a marketing scam that allows Google/OEMs to control your phone by ensuring that you’re not running some software not approved/sold by them specifically (e.g. GrapheneOS, LineageOS, PostmarketOS, your own Linux build, MS-DOS 6.11 — doesn’t matter) and for both the OEMs and the apps (banks in this case) to create a visibility of security without actually ensuring this security.

It doesn’t matter who controls the attestation “authority” — Google or random European companies — in the end this technology is still evil and even harmful for real security — by design.

https://grapheneos.social/@GrapheneOS/116200110686604617

It’s literally the same crap, just “under the new management”.