• 0 Posts
  • 67 Comments
Joined 7 months ago
Cake day: August 19th, 2025
  • lemmysmash@beehaw.orgtoOpensource@programming.devPaying without Google: New consortium wants to remove custom ROM hurdles
    3·
    18 hours ago

    It doesn’t really matter in the context of this particular topic. They’ve highlighted the problem and I think in here we should abstract from their personality and their conflicts with Murena & Co., and focus on the problem itself.

    And the problem is that, regardless of who’s implementing the attestation technology and regardless of who is critizing it, the very concept of device attestation based on OEM/Google/Apple/Murena/GrapheneOS/whoever approval is harmful and anti-consumer at its core.

    No matter who owns the authority to decide which devices are deemed “good” and which are deemed “bad”, this authority shouldn’t exist at all. Only the user should be in charge of the decision of which os to use — be it Google’s Android, GrapheneOS, MIUI, eOS, PostmarketOS or MS-DOS — OEMs/Google/Murena/etc should have no say in it.

  • lemmysmash@beehaw.orgtoBuy European@feddit.ukPaying without Google: New consortium wants to remove custom ROM hurdlesEnglish
    6·
    19 hours ago

    Actual NFC payments (as well as security in general) are absolutely irrelevant to this attestation technology. NFC for payments works perfectly (and not by a bit less securely) without all this “security” circus — because NFC payments (and any other kind of banking or payments) is just a completely different thing.

    The only thing that this kind of attestation does is proves to the app (in this example, a banking app), that the device it runs on has been deemed by the OEM (or Google in case of Play Integrity) as worthy.

    And I specifically wrote it as “deemed as worthy” because it is exactly what it is: “deemed” doesn’t mean that it was certified or analysed for vulnerability or even properly updated, and “worthy” doesn’t mean that it’s actually secure or even capable to be secure.

    This whole technology and the claims about its “security” is just a marketing scam that allows Google/OEMs to control your phone by ensuring that you’re not running some software not approved/sold by them specifically (e.g. GrapheneOS, LineageOS, PostmarketOS, your own Linux build, MS-DOS 6.11 — doesn’t matter) and for both the OEMs and the apps (banks in this case) to create a visibility of security without actually ensuring this security.

    It doesn’t matter who controls the attestation “authority” — Google or random European companies — in the end this technology is still evil and even harmful for real security — by design.

  • lemmysmash@beehaw.orgtoTechnology@lemmy.zipLLMs can unmask pseudonymous users at scale with surprising accuracyEnglish
    2·
    6 days ago

    From the article it seems that it’s not even stylometry, but profile features extraction from the large amount of text. So, for example, if I have my full true profile somewhere where I never mention something like BDSM but in another place I have a blog specifically about BDSM but intentionally (and let’s assume efficiently) omit or change every single detail about myself there, then, in theory, this particular technique should fail.

    But yes, nothing prevents people from using LLMs in the same way for stylometry (and I’m 101% sure that those who are interested in that are already doing so). And yes, local “rewriter” LLM would help to some extent, but I think there has been another research somewhere that LLM-produced text allows to, if not completely recover the original prompt, then at least kind of fingerprint it, so… I wouldn’t fully trust that method either :)

  • lemmysmash@beehaw.orgtoSolarpunk@slrpnk.netLocal Physical Media Producers Defy the Algorithmic Overlords
    11·
    7 days ago

    I think it sounds more correct like:

    each non-technological[-company-owned] activity we participate in has become an act of micro-revolution.

    There’s nothing wrong with the digital media or streaming technology on its own. It might be even more energy-efficient than some older technologies.

    What’s wrong is that now the company X Y (sheesh, you can’t even use a random alphabet letter anymore without pointing right at one of them!) owns your whole music library, decides what to remove from there and what make you add there, and just by the way also casually sells your personal data and your habits to some other companies, that also decide for you what you should read/watch/listen to/buy.