What the attestation system would do is give some government agency de facto control over which OSs could be installed on phones.
Right now, using GrapheneOS and being outside of corporate attestation chains just means that you can’t use the NFC payment system. It could very well be that every major commercial service would deny you access if you couldn’t pass an attestation verification via some browser API.
An example would be if age verification were a thing, they could ‘think of the children’ argue their way into only allowing OSs with age verification systems which are approved by the government to access social media or any website that would be considered 18+.
EU countries have already tried attacking GrapheneOS as a tool of criminals. It doesn’t seem like much of a stretch to see how they would refuse to allow ‘the criminal OS’ to be part of their attestation chain. Or if chat control passes, only devices that implement the mass surveillance spyware would be allowed to be attested. The government wouldn’t allow non-compliant operating systems to pass their tests.
The point of an attestation chain is to provide control over which devices are allowed to be verified and to use that verification status to gate access to services.
Isn’t that the whole point to Graphene OS?
I like my super secure OS being developed by super paranoid developers thank you very much.
Exactly.
What the attestation system would do is give some government agency de facto control over which OSs could be installed on phones.
Right now, using GrapheneOS and being outside of corporate attestation chains just means that you can’t use the NFC payment system. It could very well be that every major commercial service would deny you access if you couldn’t pass an attestation verification via some browser API.
An example would be if age verification were a thing, they could ‘think of the children’ argue their way into only allowing OSs with age verification systems which are approved by the government to access social media or any website that would be considered 18+.
EU countries have already tried attacking GrapheneOS as a tool of criminals. It doesn’t seem like much of a stretch to see how they would refuse to allow ‘the criminal OS’ to be part of their attestation chain. Or if chat control passes, only devices that implement the mass surveillance spyware would be allowed to be attested. The government wouldn’t allow non-compliant operating systems to pass their tests.
The point of an attestation chain is to provide control over which devices are allowed to be verified and to use that verification status to gate access to services.
FYI, I’m able to use NFC payments on Graphene OS using Curve Pay.