| ▲ | amelius 11 hours ago |
| You don't have to use Chrome or Chromium. |
|
| ▲ | fransje26 10 hours ago | parent | next [-] |
| The irony of this is that when using Firefox to browse to /e/OS url to check for compatible devices: https://e.foundation/installer/ I get a pop-up telling me that my browser is not compatible, and I should use Edge, Opera or Chrome. See [1] [1] https://imgur.com/a/al1Q9DM |
| |
| ▲ | jamesnorden 9 hours ago | parent | next [-] | | When I clicked "Browse supported devices" it took me to https://doc.e.foundation/devices | |
| ▲ | fmo1973 10 hours ago | parent | prev | next [-] | | I think it's due to the lack of WebUSB API support in Firefox, it is needed for the web installer, both for eOS and GrapheneOS | | |
| ▲ | fransje26 9 hours ago | parent [-] | | As I explained elsewhere in this post, I got to this installer page by clicking on "Check device compatibility" on the https://e.foundation/e-os/ page. So I was actually expecting a device listing page, not a WebUSB program. |
| |
| ▲ | OJFord 10 hours ago | parent | prev [-] | | That's a bizarre one. 'You need Chrome' is bad enough, which even the bloody NHS are guilty of, but I always assume that's 'just' an assumption that not Chrome means IE or something, and they haven't woken up even to the proliferation of mobile Safari users. | | |
| ▲ | detaro 10 hours ago | parent [-] | | How is it "bizarre" when it even tells you why it needs a Chromium-based browser? | | |
| ▲ | OJFord 8 hours ago | parent [-] | | I didn't know it did, the commenter didn't mention it, and Imgur gave me an overloaded error message. (When it doesn't do that, it usually tells me it's not available in my region or that the image has been deleted anyway.) Anyway, assuming it's for WebUSB flashing, I agree with other commenters it should just explain that's not available and still give the instructions - bonus points for hiding the unusable WebUSB option. |
|
|
|
|
| ▲ | goldenarm 11 hours ago | parent | prev | next [-] |
| Yes fortunately we have browser alternatives. But on mobile, my bank and my government force me to use the Android/iOS duopoly. |
| |
| ▲ | jonathanstrange 10 hours ago | parent [-] | | How do they do that? I'm not doubting that, it's an honest question. I understand how this works on Apple phones but I don't understand why an identity or attestation service cannot be replaced by another one by the alternative operating system when the hardware is not controlled by Google. Does Google have keys in tamper-proof chips? How else would those banks determine their apps are on the right phone? Or do those apps use Google authentication directly over the Internet, using hard-coded Google public keys? | | |
| ▲ | well_ackshually 10 hours ago | parent [-] | | Depending on the level of security you ask for Play Integrity, it can be: * is this device rooted, is it an unsigned build ? * Device is signed, but is it part of the blessed signing keys ? is play services untampered with ? * Additional checks over the lifetime of the device. You could fully trust the results of Play Integrity on device, but you can also send the returned token to your server, and your server then contacts play integrity to validate that token. So unless you know how to spoof those encrypted tokens, you won't go very far. https://developer.android.com/google/play/integrity/overview | | |
| ▲ | jonathanstrange 10 hours ago | parent [-] | | So basically an alternative OS can offer a service like Play Integrity and the only problem is that those banks hard-code a dependence on Google's Play Integrity and Google has a monopoly for that service? This is something that could be addressed at least in the EU by mandating banks to allow alternative services or not use this service at all. | | |
| ▲ | well_ackshually 6 hours ago | parent [-] | | Yep. You can even run your own play integrity-like backend. >This is something that could be addressed at least in the EU by mandating banks to allow alternative services or not use this service at all. The EU mandates banks to be interoperable, and to guarantee the security of users. You can solve that issue by going through an alternative app that doesn't use play integrity and is PSD2 compliant so other banks let you call their APIs. It usually requires you to be a bank, and as a bank, you're really risk averse. So you use play integrity. |
|
|
|
|
|
| ▲ | wiseowise 11 hours ago | parent | prev [-] |
| Chrome is just an example. Google stopped pretending Android is a general purpose OS and started cracking down on what is possible without Google’s approval. See developer verification, everything within Google services, etc. |
