Is calling anyone who disagrees with you a "corporate mouthpiece" similar to how some people argue anyone who doesn't say "ACAB" is a boot licker?
Here's my personal take: No one is forced to use remote attestation merely to use their device. It's only if you want to use some other service. So - if you don't want to play by the requirements of the service, then just don't use the service? It seems pretty simple. There's a country club that I want to eat in, but they require me to wear a suit jacket. I don't want to wear a suit jacket - so what do I do? Simply not eat at that country club and go get food somewhere else that doesn't require a suit jacket, or do I start a PR campaign about how evil suit jackets are, and call anyone who doesn't mind wearing a suit jacket a shill for Big Golf?
I don't like knowing that my image is recorded by surveillance cameras when I go out in public.
A few decades ago someone might have said, "Well, you can choose to just not go to those places which have surveillance cameras," and that would have been a perfectly valid suggestion to solve my immediate problem at the time.
A few decades later, in 2022, the city that I live in has cameras and facial recognition everywhere. Avoiding them means never going to the supermarket, visiting the CBD, driving practically anywhere.
I don't think the hypothetical person was a shill for "Big Camera". It seems much more likely that they don't believe or haven't considered the possibility that proliferation of surveillance could lead to a future where stepping out your front door will result in your image being sent to Amazon by your neighbours doorbell. Or that they're fine with that future, but have no sympathy for people who aren't I guess.
Everything on every single app store in existence today. Even Android apps now have the ability to require hardware attestation and lock out access to rooted phones.
>There's a country club that I want to eat in, but they require me to wear a suit jacket.
Bad example. Remote attestation is more like ordering takeout to eat in your own home but the delivery guy refusing to hand you the food you ordered unless you provide cryptographic proof that you will be eating while doing a handstand. Nevermind the fact that It's none of his business how you eat in your own house.
> Here's my personal take: No one is forced to use remote attestation merely to use their device. It's only if you want to use some other service. So - if you don't want to play by the requirements of the service, then just don't use the service?
Completely and utterly disingenuously wrong. Safetynet is already required for most banks, and this will be followed by medical and government services and all forms of media.
This free market 'vote with your wallet' bullcrap only works if there's an alternative to vote for.
Please reread my statement. Safetynet may be required if you want to use online banking for most banks. If you don't want to use online banking, then you aren't subject to the requirements for safetynet, and you're free to roll your own android.
I read your statement. It's still disingenuous nonsense.
And what happens when all the physical branches within 100s of km of you shut down because 'online is so convenient' or your doctor starts using an app that requires it, or it's mandatory to do your university exam or log into your government's tax portal or the next covid where you need it to enter a shop?
Or what about when every piece of hardware you can buy has a locked bootloader, or your local phone providers decide to require using their app that puts ads on your lock screen?
Or your local taxis get price dumped out of business by uber which requires it?
How interesting that my original comment which called them out on this blatant shilling has been flagged. While it's not traditional politics, it certainly gives one an appreciation for the effort with which they're attempting to hide their true motives.
At that point it would be worth investing in a secure device which you can use to do things that require security while you can do your own thing on your insecure device.
Let's say I'm a chat service. In order to authenticate a connection with me you need to give me an access token. When you successfully login I want to give you an access token which you can use in the future to prove who you are. I don't want this token to be stolen by someone else and start sending malware to everyone on your friends list. To avoid this I want to make sure that this token is always securely handled. Remote attestation allows you to prove that you are able to offer this secure envirnment so I can trust you with this token.
You may say that you want to be able to steal this token for yourself to make your own chat client. Unfortunately if you can steal the token, then so can malware. It's a trade off between freedom and security. Platforms that suffer from being abused may opt to focus on security over freedom to offer a better service to its users.
To avoid this I want to make sure that this token is always securely handled. Remote attestation allows you to prove that you are able to offer this secure envirnment so I can trust you with this token.
That's called overreach. Absolutely massive overreach. To go one step further, do you also want to prove that my house has no windows, so "attackers" can't see what you show me?
Trust is trust, not proof. Asking someone to prove to you something is to say that you are not trusting them! It's like asking your spouse to prove that he/she is not cheating on you --- and we don't find that acceptable in the physical world either. The whole idea of trusting someone is that you do not have to constantly monitor and enforce what they're doing. I elaborated more about this "destruction of trust" here: https://news.ycombinator.com/item?id=32283134
You may say that you want to be able to steal this token for yourself
The fact that you're calling it "stealing" is also insane. As soon as that token leaves your system, it is no longer yours.
While I can trust most of my users to not try and steal an authentication token there are always a small number of people who I will. Being able to prove to me that you can't steal a token improves the security of my service.
>Asking someone to prove to you something is to say that you are not trusting them!
Unfortunately, I do not trust everyone it the world. While there are some people I can trust, my service is marketed to a large number of people who I may not trust. If my service was for just my friends I wouldn't need proof and I could just trust them.
>As soon as that token leaves your system, it is no longer yours.
No, in the real world when you take your company laptop home it doesn't automatically became your property. Knish because I send a taken to a client running on your device it doesn't mean that you can do whatever you want with that token.
Your entitlement to control what your users do in their house or on their device is sickening. Your right to control ends when you send the packet.
Requiring that everyone have a telescreen watching them at all times, wear a shock collar that goes off if their heartrate spikes and sing about how they love big brother all day would stop assaults, but that doesn't make it a secure or safe world -- it makes it a totalitarian hellhole.
Noone pushing these features cares about security or the firmware would be open and the keys would be changeable, they don't care about user rights or better experience or it wouldn't be coming from microsoft and you would be able to register a public key taking responsibility for your own device that any locally provided service would be required to accept or choose your own CA. You just want the ability to sell removing the nitro button or having a slightly less unusable UI or getting the ads off of the lock screen for $9.99 a month.
>Your entitlement to control what your users do in their house or on their device is sickening
I'm not controlling what you do. I'm just making a whitelist of allowed clients for my service. You are free to do whatever you want with your computer, but if you want to use my service you need to use an allowed client.
>Your right to control ends when you send the packet.
Again, I'm not controlling what you are doing. I'm just requiring certain software to use my service. You are free to run whatever you want on your machine, but if you can't prove to me that you are running an allowed client I can choose to not let you use my service. You can't force me to serve you if I don't want to.
This isn't spying on you, or forcing you to do something against your will. I have designed a system whose safety is better since I can trust clients. Asking you to client I trust to not compromise the safety of my service should be a reasonable request.
>No one pushing these features cares about security or the firmware would be open and the keys would be changeable
TPM providers have many interests. They have an interest of developing a secure device, but they also have an interest of protecting their IP. Just because they care about protecting their IP, it doesn't mean they don't care about security. In regards to making your own chain trust go ahead, but I won't trust you.
>You just want the ability to sell removing the nitro button or having a slightly less unusable UI or getting the ads off of the lock screen for $9.99 a month.
Yes, just like how DRM stops people from ripping content you have invented money into. This can prevent people from leaching by using a modded client that removed ads for free. People spend a lot of money building services and they rely on ad revenue in order to make money. If you choose to mod advertisements out of your client I can choose to stop responding to your requests.
I agree with you. In my country, almost every bank mandates that users install "online security modules" on their own computers before they'll allow them to log into their account via browser. These software packages were causing massive instability and low performance on the computers of everyone I know. I reverse engineered one of these things and found kernel mode software intercepting every single network connection and doing god knows what with that information.
"Just choose a company that doesn't abuse you" is absolutely invalid since abusing us gives them competitive advantage and they will compete to see who can get away with abusing us the most. Abuse should simply be illegal and the companies doing it shouldn't even be afforded the right to exist to begin with. People should not have to suffer abuse in order to learn their lesson and go elsewhere, abuse should simply not happen to begin with and any corporation violating this assumption needs to get fined out of existence.
You can just bank in some other manner, like in person, or over the phone. You don't have a right to online banking on your mobile device. It's a convenience.
What if every restaurant within 50 miles of your home required a jacket to eat (or take out) from there... and also required that you had purchased that jacket from the very same restaurant, at a 30% markup?
Your argument boils down to trivialising the imposition to the victim not being able to use a service. How do you justify the presumption that it's trivial? What if I need the service to access health care, a bank account, education, welfare etc? What if there aren't alternatives? And as victims of discrimination everywhere will say, why should I have to sacrifice things even if you think they are trivial, just because I have a preference?
The real argument should be around what is the legitimate need for attestation. Where there is a genuine need then a discussion could be had. For example, if it will threaten the bank's security or liabilities (not mine) then its reasonable for them to at least evaluate the cost of me not providing that attestation and building it into their estimate of the cost of transacting with me (even up to the point of not doing business with me). That doesn't seem to be the discussion people want to have though.
Everything we've done as a society up until now has not needed remote attestation.
That we aren't yet in a computational dystopia is proof that enough that the privation of it has kept computing safe from getting so locked in that nobody can compete or navigate the barriers to entry.
As soon as we start seeing remote attestation fetting implemented, that's gone. Period.
We all carry GPS trackers that send our personal info to large companies constantly. This has been normalized to the point where opting out is too expensive, even for people who would like to.
Is opting out of physical location tracking expensive? I just checked on my Pixel and was able to find a setting which ostensibly can disable location services after a few seconds of searching through settings.
Even if you shut off GPS, your cell provider can trivially triangulate your position with acceptable precision based on your signal strength and ping response times.
(Also, many Cell Service Providers have a backchannel API that websites can use to geolocate the source of a connection given an IP + Port)
Here's my personal take: No one is forced to use remote attestation merely to use their device. It's only if you want to use some other service. So - if you don't want to play by the requirements of the service, then just don't use the service? It seems pretty simple. There's a country club that I want to eat in, but they require me to wear a suit jacket. I don't want to wear a suit jacket - so what do I do? Simply not eat at that country club and go get food somewhere else that doesn't require a suit jacket, or do I start a PR campaign about how evil suit jackets are, and call anyone who doesn't mind wearing a suit jacket a shill for Big Golf?