Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
franga2000 an hour ago

How about being banned from online banking, government services and all social networking / communication platforms? Because that's the road we're already heading down.

What makes you think they will give us this magical hypervisor capability? It's more effort, increases the chances someone finds a bypass and takes power away from the incumbent online platforms. It's so much easier to just prevent it all. The only reason it hasn't happened yet is the amount of devices without this ability in circulation. But that number is shrinking rapidly.

charcircuit an hour ago | parent [-]

>How about being banned from online banking, government services and all social networking / communication platforms?

You aren't banned. You just have to use a secure device. It's like saying that a store banned you because they stopped taking checks and started requiring a credit card since they are more secure and harder to commit fraud with. As a person you didn't lose any freedom. Freedom does not mean someone has to be able to force their will on another person. That sounds like the opposite of freedom to me.

>What makes you think they will give us this magical hypervisor capability?

It's not magical. Look at Windows WSL2 which already works like that.

dmantis an hour ago | parent | next [-]

> You just have to use a secure device.

No, you have to use government backdoored device. I.e. the most secure android rom (at least the only rom we know is not penetrable by state-sponsored celebrite based malware) is not covered by google's play protect, while bunch of outdated CVEd phones are.

Same will go with many hardened Linux machines, QubesOS, Whonix stations, you name it. I'd argue they are far more secure than any average windows/macos installation.

Hardware attestation has nothing to do with security, it's censorship.

przmk an hour ago | parent | prev | next [-]

It's not about being secure. Google allows devices with up to 10 years without any patches to pass their integrity API. Meanwhile Graphene OS, which is very secure and up-to-date, doesn't pass.

notpushkin an hour ago | parent [-]

This. Plus if I want to access my bank account on a device I trust, the bank shouldn’t say “hey we don’t trust it so buzz off”. It’s my money in that account.

I understand there’s some stupid compliance thing that makes banks do this, but it clearly isn’t a hard requirement, as there’s still plenty of banks that don’t participate in this security theatre.

inejge 31 minutes ago | parent | prev [-]

> You just have to use a secure device.

Secure as defined by a duo of monopolists. It's a contractual concept and doesn't have a firm relation to security-related characteristics. I'd trust GrapheneOS to be as secure as anything Google is capable of releasing, but that doesn't help them if Google refuses to vouch for a device running their OS. Which is also why your check/credit card analogy falls flat.