Attestation certificates include detailed information about the device that signed them. Nothing is stopping services from limiting accepted devices to only those approved by the passkey gang (MSFT,AAPL,GOOGL).
Suddenly things that many so readily dismiss as being FUD such as retail Pixel devices' bootloader requiring an internet connection to unlock[1] become much more more relevant.
At the end of the day pragmatism will survive. Sure, if the OP cant put a simple SIM card to get it resolved then he/she can buy from nitrokey/other installed GrapheneOS.
The basic premise of all these authentication/fingerprint/passkeys/whatever is to benefit the COMMON public. Telling a mother of 3 to keep keypassxc backup elsewhere (in a RAID with 3-2-1 offsite is impractical).
Also all these experts that write in HN often join some company and implement closed-source. Yes, life sucks if one uses 'linux' phone
- Banks don't care
- If one is so against passkey gang then they should do something to make sure an average mum can use tech safely - see the state of PGP (very complex) - but signal/whatsapp is awesome.
- Whether or not you like Cisco DUO becomes more of less default
- Github/gitlab is developers world. Sure codeberg exists: I opened an issue asking them if they can help me configure runners - no help at all.
- Also many of the devs say all open/free/etc but finally they do consume NetFlix, Prime etc (Yes, they have Apple TV or chromecast in addition to FrameWork (and RAID + 3-2-1).
- Average Joe can't afford Framework. Get an ad-infested smartTV. Live with Google or Apple.
To clarify I'm not against passkeys and WebAuthn, only leery of the gang and their games.
With that out of the way: I'm alright with you, that hypothetical mother of 3, Average Joe, and anyone else accepting the situation as is no matter the reason. Myself, though, however pointless it may be, I haven't given up the fight and I'm likely worse off for it. I suppose that makes me a masochist.
Everything you say is true, and yet none of it relevant for the sceptical and cynical thoughts that I sometimes share here. I don't post those for people who don't care, I post them for my fellow masochists so they don't miss out on whatever new thing I found that we can all get more angry about :)
To be honest, I was once like you but eventually it is painful to have tons of harddisks and maintain things. Also when I once visited a FSF event and saw many of those so called advocates (telling amazing things in blogs about Libre) were personally using iPhone and NetFlix or every other proprietary service or M1 Apple. Sure, everyone's choice. Then I learned that we all have cognitive dissonance.
> fellow masochists so they don't miss out on whatever new thing I found that we can all get more angry about :)
Must have missed that, thanks. I'm not entirely up to date on this initiative.
Just to be clear I'm not opposed to WebAuthn, I've just gotten very weary of these big corporations - especially when they are banding together and are all super excited about the same thing as we're seeing here :)
Suddenly things that many so readily dismiss as being FUD such as retail Pixel devices' bootloader requiring an internet connection to unlock[1] become much more more relevant.
[1]: https://news.ycombinator.com/item?id=35852192