you won’t be able to use that to verify the integrity of the system when the worry is that its creators are dishonest. you may be able to verify that something has happened (e.g. a successful attestation), but you won’t be able to tell if the attestation was actually executed for your device and the app in question, or it was proxied to another device the devs run to fake attestations.
The additional problem with that is straight up discrimination. We’re replacing a predatory system with another discriminatory system. It is essentially another path that leads to the same thing. Fighting fascism with fascism.
problems with that:
so far the only answer I am aware of for these questions is “you don’t”
Public key cryptography and signatures are common technologies nowadays.
you won’t be able to use that to verify the integrity of the system when the worry is that its creators are dishonest. you may be able to verify that something has happened (e.g. a successful attestation), but you won’t be able to tell if the attestation was actually executed for your device and the app in question, or it was proxied to another device the devs run to fake attestations.
The additional problem with that is straight up discrimination. We’re replacing a predatory system with another discriminatory system. It is essentially another path that leads to the same thing. Fighting fascism with fascism.