GrapheneOS (@GrapheneOS@grapheneos.social)
grapheneos.social
Here's a post where the @vollaficationist@mastodon.social clearly refers to themselves as being part of Volla and shares internal information which would only be known to someone working at Volla This account doesn't belong to someone who uses and supports Volla's products but rather belongs to someone working at the company. Take note of how they claim to respect GrapheneOS at the end of that post. It's an extreme contrast with many of the other posts they've made trying to undermine the GrapheneOS project.

Once again, I have to remind everyone the difference between a replacement and an alternative.

  1. Yes, google is shit
  2. That dosent mean /e/, iode, and the rest is automatically better than google.

That being said, the volla attestation API is once again a google replacement. Not an alternative, but a „google” with another name. They are still just as vulnerable to corruption, court orders, etc as google is. Its like throwing out your Alexa for spying, but instead buying another Alexa, but instead of Amazon it’s nozama. Look people, instead of unsecured s3 bucket 3, I use unsecured S3 bucket 4 that I’m sending my data through via http. Me so smarty pants

    • Luffy@lemmy.mlOP
      0·
      1 个月前

      Banks cant trust every client device to be secure and not compromise their infra, therefore they are using a certificate from a software authority to make sure their apps only run on secure devices. Currently, this authority is Google.

      But since everything is using google as their authority, google can at any time decide if they want to exclude any devices/manufacturers/whatever from running most banking apps.

      For example, they are excluding everything that is not shipping their G services Spyware. (And to ship the G services, you need a license, so you can’t have most banking apps without paying google)

      Now, volla, a maker of a Linux Phone is trying to make a new attestation API. This in no way mitigates any problem I mentioned in the paragraphs above. In that case, Volla is the Authority, and they can at any time exclude anyone for any reason.

      There is already an adequate Attestation system that mitigates every issue I mentioned built into android. Since the system is present at any time, this will not only reduce the attack vector on a system, but allow any app to add any authority they want.

      • ScoffingLizard@lemmy.dbzer0.com
        0·
        1 个月前

        Does this mean that /e does it too? Why are they part of the post? Also, they just use MicroG so if it’s deleted (which is a hack) then why does it matter?

  • RobotToaster@mander.xyz
    0·
    1 个月前

    Grapheneos seem to spend as much, if not more, time attacking other rom Devs than they do Google, it’s pathetic.

    • machiavellian@lemmy.ml
      0·
      1 个月前

      Because Google doesn’t spread false claims about their security and privacy and about GOS as do volla, /e/ and others. Yeah, GOS could learn a few marketing tricks such as not engaging every bad faith argument, but that doesn’t make them pathetic. Defending yourself is not pathetic, having others shit on you without any recourse is.

      EDIT: Here is a link to a new thread displaying the underhanded tactics volla and others use.