Centralized remote attestation is diametrically opposed to privacy, since it makes projects vulnerable to pressure to weaken security & privacy, delay updates, etc.
AFAIK the support for remote attestation that is already provided in AOSP does not suffer from this issue, because there is not a single entity that enforces it (banks can whitelist signing key fingerprints).
So the only reason I can think of is control.
Daniël
npub1v7…e2ss7
2026-03-18 19:20:15 UTC
in reply to nevent1q…zjfe
Author Public Key
npub1v79wn9xm2qhlyuz52xxdl59vvnt4etgf2udl2gfzphxlnlcauc7qye2ss7Seen on
wss://relay.momostr.pinkPublished at
2026-03-18 19:20:15 UTCEvent JSON
{
"id": "40c2db9813fd0a10c922edf034487edf8704069c538cc35a1d66a1cf6070ccec",
"pubkey": "678ae994db502ff27054518cdfd0ac64d75cad09571bf521220dcdf9ff1de63c",
"created_at": 1773861615,
"kind": 1,
"tags": [
[
"e",
"7a091276e989c18977a322eab0b54ea8434d4738067f6fd99c2cc0047bbf2d68",
"",
"reply",
"5d5a79a639deffdf1d9f5e076bc2bc884b8140b149a41111b3fadfcd7773757b"
],
[
"p",
"678ae994db502ff27054518cdfd0ac64d75cad09571bf521220dcdf9ff1de63c"
],
[
"proxy",
"https://mastodon.social/@danieldk/116251794819684885",
"web"
],
[
"p",
"d1a6c02d18d0b7218e0910284da1696b1ffda1a71987aea6c8581144f0780daf"
],
[
"p",
"d9759f131bdf455edfd03e4cef1b4cdf37cc606f095a6cf755cd259395645125"
],
[
"p",
"5d5a79a639deffdf1d9f5e076bc2bc884b8140b149a41111b3fadfcd7773757b"
],
[
"p",
"970192c8f2ccb26f74b52383f0217513ed617308ff0a15c61ee904074d3ebe68"
],
[
"p",
"ed16f5ef8deac854261df8077da732a816c8602da9b7bd784149e1bd97e2c348"
],
[
"e",
"70e4f44a98a6755319cab527b7e578dfbe0295d3fdfae026cf55db0f73fdad68",
"",
"root",
"b3e0309ac4f8115a35498f3b981a0c0c9a1da3c37df82aef36c0367c599b10d4"
],
[
"p",
"b3e0309ac4f8115a35498f3b981a0c0c9a1da3c37df82aef36c0367c599b10d4"
],
[
"p",
"513397d5ba3bc40b64d9741c3e28484507f41d8c63266b28020eee0e39fee781"
],
[
"p",
"b3ba3c5045fbaf99be9cb4daa9f1d7baeedaba0fc5b91596511e2fb7a70dd7f9"
],
[
"proxy",
"https://mastodon.social/users/danieldk/statuses/116251794819684885",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/danieldk/statuses/116251794819684885",
"pink.momostr"
],
[
"-"
]
],
"content": "Centralized remote attestation is diametrically opposed to privacy, since it makes projects vulnerable to pressure to weaken security \u0026 privacy, delay updates, etc.\n\nAFAIK the support for remote attestation that is already provided in AOSP does not suffer from this issue, because there is not a single entity that enforces it (banks can whitelist signing key fingerprints).\n\nSo the only reason I can think of is control.",
"sig": "0ad3efe1f4840378b5f017a11a6add8c62e3f969218554dec1513bbedd3c11c674a3bc74c0ced774146d138f898b20e373dcac063b3369aed0306eeafdfe6ca4"
}