this post was submitted on 11 Mar 2026
88 points (98.9% liked)
Privacy
4182 readers
183 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I disagree. Attestation is definitely not wrong in a corporate setting where you want applications to only run on safe devices.
Taken out of the corporate world, it is problematic though, that I can agree with. But the solution shouldn't be abolishing it without knowing why it exists. My guess is that there is a legal precedent or threat for it existing. Banks, healthcare applications and so on have a good reason to want to run in a secure environment. However, and this I'd where I think the alternative should be, users must have the option to opt out or say "I don't care what you think, this device is secure, I will be liable for any damages to my own data should this device be insecure".
Unified Attestation might actually be the way to include an opt out that is legally binding. So, again, instead of just taking a hard-line "no, I'm right all the time, my opinion is absolute", it might help to think critically about things and ask "why" and "what if".
You make a valid point, but I still don't see why attestation is necessary. In a corporate setting, sure, it's probably important to remotely verify that the OS is still untampered--except, oh wait, you can do that with the FOSS, opt in, privacy respecting, auditor app. If you install it via MDM you can install, set up, and then block the app so the user doesn't do something dumb.
As for my bank and other such companies, from a legal standpoint I'm already liable if my device is compromised. In almost every Terms and Conditions, it will include a clause that they cannot guarantee your device, or any device you use to access their service, is free from malicious software, and thus it is up to you to keep your account secure.