THIS IS NOT (just) ABOUT GOOGLE

Currently, attestation and “trusted computing” are already a thing, the main “sources of trust” are:

• Microsoft
• Apple
• Smartphone manufacturers
• Google
• Third party attestators

This is already going on, you need a Microsoft signed stub to boot anything other than Windows on a PC, you need Apple’s blessing to boot anything on a Mac, your smartphone manufacturer decides whether you can unlock it and lose attestation, all of Microsoft, Apple and Google run app attestation through their app stores, several governments and companies run attestation software on their company hardware, and so on.

This is the next logical step, to add “web app” attestation, since the previous ones had barely any pushback, and even fanboys of walled gardens cheering them up.

PS: Somewhat ironically, Google’s Play Store attestation is one of the weaker ones, just look at Apple’s and the list of stuff they collect from the user’s device to “attest” it for any app.

The number of people protesting against them in their “Issues” page is amazing. The devs have now blocked the creation of new issue tickets or of comments in existing ones.

It’s funny how in the “explainer” they present this as something done for the “user”, when it’s clearly not developed for the “user”. I wouldn’t accept something like this even if it was developed by some government – even less by Google.

I have just reported their repository to GitHub as malware, as an act of protest, since they closed the possibility of submitting issues or commenting.