this post was submitted on 03 Aug 2023
779 points (99.9% liked)

Technology

59087 readers
3163 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] M_Reimer@lemmy.world 7 points 1 year ago (2 children)

It will be difficult to get around this on smartphones. Those are walled gardens already.

But I wonder how Google plans to make this "feature" for desktop PCs? Won't work at all on Linux and Mac and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?

[–] FoxBJK@midwest.social 3 points 1 year ago

You already can't get around this on smartphones. So many companies force you to use their app and only their app if you're not in front of a desktop.

[–] graphite@lemmy.world 2 points 1 year ago

and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?

That would be one method, yeah. The attester supplies a kernel driver and uses that to generate the auth tokens communicating with it via some protocol or via scanning memory.

The driver is just chilling in the machine, perhaps even evasive to lsmod, such that the only way to detect it is to have your own driver monitoring for some specific signal before the attestor driver gets installed, and then using that signal to track its installation.

There's always a way. But, as you say, with phones it's not as simple.

GrapheneOS or some other ROM on an unlocked Android phone is probably going to be the only way of bypassing it.