> someone can set up a token-as-a-service to sell tokens on the black market
They can! Singing requires either PIN or finger on the fingerprint, and signed "proof" is valid for like 60 seconds. This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.
> What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?
> How does the math say no
BBS+ signatures. Hashes you receive from the government and hashes you send to the site operator are different and not correlated.
> Singing requires either PIN or finger on the fingerprint, and signed "proof" is valid for like 60 seconds. This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.
So how would I use this on Linux then? Because I'd be rather unhappy if a bunch of websites became unusable on Linux due to government-mandated security restrictions.
My (Canadian) government's health portal already refuses to load if you use Linux (despite it being 100% web-based), meaning that I'm completely unable to book vaccinations or view procedure results without workarounds. Luckily it only checks the user agent, so it's pretty easy to override this right now, but that wouldn't be possible if cryptography/attestation were involved.