https://www.reddit.com/r/Android/comments/8cb99a/android_verified_boot_remote_attestation/dxfnt4i/ … Good luck with that "unbreakable" DRM. How exactly do you stop someone from recording the screen? Widevine already provided hardware-enforced DRM without needing general purpose remote attestation usable for non-DRM purposes and other operating systems.
I don't. I think it's harmful that the device has the functionality to begin with.
-
-
It's *mandatory* for every device launched with Android 8.0+ to have the functionality, so every Android device is going to have it. Not just every Android-only device, but any device that wants to have optional support for Android / dual boot with it.
-
Widevine was optional, but every vendor included it. This is a general purpose security feature that was carefully designed to not be identifying so it's mandatory. CopperheadOS won't support a device without these capabilities but everything is going to have support for it.
End of conversation
New conversation -
-
-
I also think it's harmful to promote hardware attestation as something users should want rather than as something they should fight against.
-
And by hardware attestation I mean the whole thing. I am not distinguishing the old limited-to-widevine-DRM stuff vs more general-purpose stuff.
-
It's a very useful security feature and we're going to get a lot out of it with our app and service as we improve them. It's particularly useful for a business deploying a fleet of devices and wanting to meaningfully monitor identity, integrity and patch level after pairing.
-
I understand and really have no sympathy there. Enterprise concerns are not my interest and usually are antithetical to my interests in protecting individuals/public.
-
Our Auditor app started with the use case of individuals: locally verifying the identity and integrity of a device. The service is currently oriented towards individuals too since it's primarily being made for individuals that have bought CopperheadOS devices.
-
It will be available for people using the stock OS on their phone too, or small companies, but it's not going to be a good fit for enterprise use without taking a much different approach to the account system and user interface. In general though, the feature is a good fit there.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.