IMO a better option would be for governments to properly regulate the usage of remote integrity attestation as "presumed anticompetitive collusion until proven otherwise" in consumer contexts, unless there's an actual justification other than "because it's there", as well as a requirement to minimize which features actually *depend* on it, so "website in a tin" apps can't artificially restrict OS choice just so they can cover up their failure to properly check privileges and permissions on the server side...
(The *only* case where it makes actual sense to me is MDM on corporate-owned/BYOD devices ensuring that they remain in an authorized configuration that supports the required security controls. And *maybe* payment apps that interact with the secure element, but isn't that also the *whole damn point* of the SE?)
Emelia/Emi
npub18a…7pj7v
2025-08-20 19:52:35 UTC
in reply to nevent1q…0ul9
Author Public Key
npub18awg073vadjxw7vst9v3dduvxjulc7x7jjyskvqkjfa99xn28zdqj7pj7vSeen on
wss://relay.momostr.pinkPublished at
2025-08-20 19:52:35 UTCEvent JSON
{
"id": "1ab7f4dbc00cbffbdc61e66439caa31aad2b68f5f6dc0dfe0198ac541d2c81b2",
"pubkey": "3f5c87fa2ceb64677990595916b78c34b9fc78de94890b3016927a529a6a389a",
"created_at": 1755719555,
"kind": 1,
"tags": [
[
"proxy",
"https://tech.lgbt/@becomethewaifu/115062836756799093",
"web"
],
[
"p",
"b3ba3c5045fbaf99be9cb4daa9f1d7baeedaba0fc5b91596511e2fb7a70dd7f9"
],
[
"e",
"d242b9e207a6800bf2da88ff9f306823e80a896d2985f164e8e0d5777c06c502",
"",
"reply",
"b3ba3c5045fbaf99be9cb4daa9f1d7baeedaba0fc5b91596511e2fb7a70dd7f9"
],
[
"e",
"725722573c583b785ed7b1008641c1260ca81dafc10d88238f44fff778a058ba",
"",
"root",
"b3ba3c5045fbaf99be9cb4daa9f1d7baeedaba0fc5b91596511e2fb7a70dd7f9"
],
[
"proxy",
"https://tech.lgbt/users/becomethewaifu/statuses/115062836756799093",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://tech.lgbt/users/becomethewaifu/statuses/115062836756799093",
"pink.momostr"
],
[
"-"
]
],
"content": "IMO a better option would be for governments to properly regulate the usage of remote integrity attestation as \"presumed anticompetitive collusion until proven otherwise\" in consumer contexts, unless there's an actual justification other than \"because it's there\", as well as a requirement to minimize which features actually *depend* on it, so \"website in a tin\" apps can't artificially restrict OS choice just so they can cover up their failure to properly check privileges and permissions on the server side...\n\n(The *only* case where it makes actual sense to me is MDM on corporate-owned/BYOD devices ensuring that they remain in an authorized configuration that supports the required security controls. And *maybe* payment apps that interact with the secure element, but isn't that also the *whole damn point* of the SE?)",
"sig": "672562b13acc859d48d830f73dff9ff5fe5f8964e3f0a7b6f119904974bc417e668131b428ec1660e7fb47b3ffd0dca0bc8ed1e04b5943c0cdc200881c92920b"
}