I think that's worse than reinstalling because there could be a non-persistent exploit in the secure element allowing a malicious OS to fake attestation
Why dont they just offload the legal burden onto the users with a "Enter your * or decline" and move on? Taking this half compromizing position is easier to defend i think.
Not really, thousand of sellers are selling products in places they "shouldn't", law and enforcement of law is very different (average Aliexpress seller will sell you counterfeit product and ship to the US and just wouldn't care), and some website/business owners just have balls, GrapheneOS could just relocate the company to some offshore jurisdiction and sell only through a bunch of third-parties that wouldn't care about local laws at first.
It'll be interesting to see how the timing is enforced. Can you just set up your own NTP server to fool your phone into thinking it's really the future (and not just you adjusting your phone's clock manually). Will Google run a clock that you have to get a timestamp from (would it be easy to setup your own MITM proxy to get around this?). If the time somehow jumped backwards, would you lose the ability to install apps? Can google remotely disable this after it's already enabled (I think yes)?
This isn't just a good idea -- it's a forward-thinking policy to ensure Hacker News remains a collaborative place to have meaningful discussions for years to come.
That's a nice daydream - but v1.0 gave them exclusive rights to update the ToS or pick arbiters. Along with lots of other "heads we win, tails you lose" stuff. :(
Yeah, etcd was the main culprit, but latency was 150-300ms in my case. At 3 nodes, it was relatively stable (had an issue every week or so that lasted < 5 min), but at 4 the camel's back broke.
