I don't know how to explain to people that usually, metadata is what people base their worst decisions on. People kill based on metadata. People murder based on "x talked to y". Governments round up people based on immutable markers, all of which are just metadata.
A storm of spy bills, wrapped in everything from "saving the children" to "securing digital ID systems" to "verifying real humans" unlike anything we've seen before is brewing in every remaining democracy on earth and nothing seems to be able to stop it
There needs to be a law that makes remote attestation - no matter who provides the root certificates, Google/Apple/GrapheneOS - illegal. There is only one use for this technology right now, and it is to prevent people from doing what they want to do with the devices they own, while also making interoperability cryptographically impossible. This is anti-competitive and should simply be illegal.
@mitchellh One of the best descriptions I've heard lately was that it feels like "losing coworkers to dementia" as people adopt it, where everyone feels like they know everything, but when you talk with them in person or there is a problem that needs to be fixed _now_ it becomes very clear that the capability to do that has atrophied basically completely
@mitchellh I would love to see someone commission a study on this. It _feels_ like things are in general getting less reliable atm, esp. the stack I rely on for work (GitHub, Linear, Slack, Notion, VSCode, <insert-tui-tool-here>), but then I can't find any data on any of it.
Please, for the love of god, stop calling mass surveillance bills "lawful access". There is no such thing as "lawful access" - once the backdoor is there, it will be used without oversight the second it's in place. There is literally not one example in all of (recent) history of "lawful access" bills leading to anything other than this.
@inthehands@Unlikelylass True, that's a good point. I'd love to do an analysis of Chinese spending on manufacturing infrastructure and clean energy build-outs vs. the American investments in inference hardware at some point
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
If a German citizen gets sanctioned by the US government, once this is implemented (later this year), that means they will no longer be able to be a participating member of German society, e.g. to show their (digital) driver's license to traffic police
I've said it before an I'll say it again: This entire project of identity verification with Apple/Google-account bound mobile devices is going to lead the continent down a dark, dark path into full technological submission to the US
@tdelmas The whole remote attestation thing should be dropped from the proposal. The rest of it is unfortunate (no ZKs at all, just signed credentials), but the remote attestation part is truly asinine. I have no idea how and why that decision was made. The people behind this are adding a path dependency on Google/Apple on something as simple as showing your ID to buy alcohol.
@alvan I mean I totally understand that. Idk in my mind Euro-prefixed stuff implies "transnational and universal" and e.g. Deutschland-prefixed stuff implies "nationalistic and specific to one population" in a way Euro-prefixed stuff doesn't
I will defend the GDPR to death but I will smash the DSGVO and Telemediengesetz with hammers
Building digital infrastructure that lasts with #linux #virtualization #containers #kubernetes #gnomeHead of R&D @loopholelabs, on the board @vanlug and member @gnomeshe/her, based in Vancouver, BC