Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too.
Google's Play Integrity API requires hardware attestation for the strong integrity level and is gradually phasing in requiring it for the more commonly used device integrity level. Apple already has it as a requirement. Over the long term, this will increasingly lock out hardware and OS competition.
The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it.
Apple's Privacy Pass brought hardware attestation to the web to help with passing captchas on their own hardware. Many people saw that as harmless since few sites would be willing to lock out non-Apple-hardware users. Apple and Google are both likely to bring broader hardware attestation to the web.
Google's reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems:
https://t.co/7rQnioRa8A
Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple's privacy pass, Google's 'cancelled' Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web.
Current media coverage for reCAPTCHA Mobile Verification misunderstands it and the impact of it. They're bringing a hardware attestation requirement to Windows, desktop Linux, OpenBSD, etc. by requiring a QR scan from a certified smartphone to pass reCAPTCHA in some cases. They could expand it more.
Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web. Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc. It's enormously anti-competitive.
Google's Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit. It also bans using any other alternative. This isn't somehow specific to an AOSP-based OS. You can't avoid this by using a mobile OS based on FreeBSD instead. You'll just be more locked out.
Google's Play Integrity API permits devices with no security patches for 10 years. The device integrity level can be bypassed via spoofing but they can detect it quite well and block it once it starts being done at scale. The strong integrity level requires leaked keys from TEEs/SEs to bypass it.
It doesn't provide a useful security feature, but it does lock out competition very well. Services requiring Apple App Attest or Google Play Integrity are primarily helping to lock in Apple and Google having a duopoly for mobile devices. Play Integrity is more relevant due to AOSP being open source.
Governments are increasingly mandating using Apple's App Attest and Google's Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them.
Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they're directly participating in locking out competition via their own services. Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security.
reCAPTCHA Mobile Verification will currently work with sandboxed Google Play on GrapheneOS but it clearly exists to provide a way for them to start using hardware attestation on systems without it. People without an iOS or Android device will be locked out when this is required even without that.
This isn't about security or any missing functionality. GrapheneOS can be verified via hardware attestation. Google bans using GrapheneOS for Play Integrity because we don't license Google Mobile Services and conform to anti-competitive rules already found to be illegal in South Korea and elsewhere.
Services shouldn't ban people from using arbitrary hardware and operating systems in the first place. Google's security excuse is clearly bogus when they permit devices with no patches for 10 years but not a much more secure OS. It's for enforcing their monopolies via GMS licensing, that's all.
wow Anthropic just published a crazy report on AI replacing your job and er... you might want to look at this:
- #1 most at-risk jobs are computer programmers, financial analysts (rip excel bros) and customer service
- most at-risk workers are female, white, older and higher paid.
- BUT high-risk jobs *aren't* firing employees... they've STOPPED HIRING. biggest victims: college graduates (4X more likely to be fucked)
- entry-level hiring has dropped 14% since chatgpt launched (for highest risk jobs)
- SAFEST jobs are... bartenders, dishwashers and lifeguards - any manual labour that AI can't automate (yet) this accounts for 30% of the job market.
- this was the scariest part: AI models are capable of automating most work TODAY but are prevented because of law and slow company adoption. so its not even a fucking skill issue its an ADOPTION issue.
- now its important to understand that the study is based on real world data but also 'theoretical' intelligence. so take it with a pinch of salt. some jobs (manual labor) didn't even meet min. data reqs
i applaud anthropic on being so damn transparent - they're literally the company behind claude who will be responsible for these impacts
studies like this will help us figure it the hell out. LOT of change coming this year.
🚨 DIABETES CURE… OR THE BEGINNING OF A MEDICAL REVOLUTION?
For over a century, diabetes has meant daily injections, constant monitoring, and a lifetime of management. But now, scientists in China and researchers at Vertex Pharmaceuticals in the United States have done something shocking, they used stem cells to create new insulin-producing cells and transplanted them into real patients.
And here’s the twist…
Some people with Type 1 diabetes started making their own insulin again.
No pump. No syringe. Just living cells doing their job. It’s not a full cure yet. Trials are still small, and long-term results are unknown. But for the first time, medicine isn’t just managing diabetes, it’s trying to rebuild the pancreas itself.
Science fiction?
Not anymore..
The PS3 alone had 512mb of ram in total (256MB of system RAM and 256MB of video memory) and it ran most demanding games like GTA V.
A single tab taking up to 1.2GB of RAM is some crazy unoptimized work, how can this possibly be more demanding than a fully fledged video-game?
This is unacceptable, especially considering how much RAM costs today...
@SnazzyLabs I understand where you are coming from. My company were throwing Old/Brand New Galaxy S6, I took one home and man, do I miss the old days when phones were thin. They were practical even with just one camera. Do I want a big battery, yes, but in reality chargers are everywhere.
Joe Rogan Guest Completely Shatters the Vaccine Narrative
Everything you’ve been told is a lie—especially when it comes to polio.
Dr. Suzanne Humphries, author of Dissolving Illusions, reveals what really made all those polio cases disappear after the vaccine was introduced.
🧵 THREAD
🚨#BREAKING: X Now Requires ID For Monetization (IMPORTANT 🇮🇱)
EVERY creator, and everyone who aspires to be on a monetized X creator, MUST oppose this.
If you don't, there's a good chance your ID will end up in the hands of Israeli intelligence.
The company that X uses to verify its user's ID is an Israeli company founded by members of Israeli intelligence units Shin Bet and Unit 8200.
The company responsible for verifying people's ID on X is called "AU10TIX".
The CEO of AU10TIX, Ron Atzomn, was a member of Israel's intelligence unit 8200.
His father was once the treasurer of the Likud party (Netanyahu's party) in Israel.
AU10TIX also has a history of helping the Israeli military with military surveillance and intelligence gathering.
It doesn't stop there however.
AU10TIX was founded in 2002 as the technology arm of a dutch firm called "ICTS international".
ICTS international was established in 1982 ALSO by former members of Israeli intelligence unit Shin Bet.
This is an extreme security risk.
Not only will regular creators have to give their ID to a company with deep ties to Israeli intelligence, but PRO-PALESTINIAN creators will also have to do the same.
This is completely and totally unacceptable.
@elonmusk you have the power to prevent this from happening.
I know I speak on the behalf of a lot of creators when I say,
don't go ahead with this.
@CensoredMen According to AI, the concentration of Jews amongst @potus cabinet is mathematically almost impossible.
Why does this pattern (seemingly, demonstrably) exist across so many industries?
https://t.co/WZaX0SdCql
@tomasseas@ProtonPrivacy@ProtonVPN It is horrible! Sometimes I had to disable the VPN just to get done with what I needed rather than wasting 10 minutes doing the challenges.