At that point it would be worth investing in a secure device which you can use to do things that require security while you can do your own thing on your insecure device.
Let's say I'm a chat service. In order to authenticate a connection with me you need to give me an access token. When you successfully login I want to give you an access token which you can use in the future to prove who you are. I don't want this token to be stolen by someone else and start sending malware to everyone on your friends list. To avoid this I want to make sure that this token is always securely handled. Remote attestation allows you to prove that you are able to offer this secure envirnment so I can trust you with this token.
You may say that you want to be able to steal this token for yourself to make your own chat client. Unfortunately if you can steal the token, then so can malware. It's a trade off between freedom and security. Platforms that suffer from being abused may opt to focus on security over freedom to offer a better service to its users.
To avoid this I want to make sure that this token is always securely handled. Remote attestation allows you to prove that you are able to offer this secure envirnment so I can trust you with this token.
That's called overreach. Absolutely massive overreach. To go one step further, do you also want to prove that my house has no windows, so "attackers" can't see what you show me?
Trust is trust, not proof. Asking someone to prove to you something is to say that you are not trusting them! It's like asking your spouse to prove that he/she is not cheating on you --- and we don't find that acceptable in the physical world either. The whole idea of trusting someone is that you do not have to constantly monitor and enforce what they're doing. I elaborated more about this "destruction of trust" here: https://news.ycombinator.com/item?id=32283134
You may say that you want to be able to steal this token for yourself
The fact that you're calling it "stealing" is also insane. As soon as that token leaves your system, it is no longer yours.
While I can trust most of my users to not try and steal an authentication token there are always a small number of people who I will. Being able to prove to me that you can't steal a token improves the security of my service.
>Asking someone to prove to you something is to say that you are not trusting them!
Unfortunately, I do not trust everyone it the world. While there are some people I can trust, my service is marketed to a large number of people who I may not trust. If my service was for just my friends I wouldn't need proof and I could just trust them.
>As soon as that token leaves your system, it is no longer yours.
No, in the real world when you take your company laptop home it doesn't automatically became your property. Knish because I send a taken to a client running on your device it doesn't mean that you can do whatever you want with that token.
Your entitlement to control what your users do in their house or on their device is sickening. Your right to control ends when you send the packet.
Requiring that everyone have a telescreen watching them at all times, wear a shock collar that goes off if their heartrate spikes and sing about how they love big brother all day would stop assaults, but that doesn't make it a secure or safe world -- it makes it a totalitarian hellhole.
Noone pushing these features cares about security or the firmware would be open and the keys would be changeable, they don't care about user rights or better experience or it wouldn't be coming from microsoft and you would be able to register a public key taking responsibility for your own device that any locally provided service would be required to accept or choose your own CA. You just want the ability to sell removing the nitro button or having a slightly less unusable UI or getting the ads off of the lock screen for $9.99 a month.
>Your entitlement to control what your users do in their house or on their device is sickening
I'm not controlling what you do. I'm just making a whitelist of allowed clients for my service. You are free to do whatever you want with your computer, but if you want to use my service you need to use an allowed client.
>Your right to control ends when you send the packet.
Again, I'm not controlling what you are doing. I'm just requiring certain software to use my service. You are free to run whatever you want on your machine, but if you can't prove to me that you are running an allowed client I can choose to not let you use my service. You can't force me to serve you if I don't want to.
This isn't spying on you, or forcing you to do something against your will. I have designed a system whose safety is better since I can trust clients. Asking you to client I trust to not compromise the safety of my service should be a reasonable request.
>No one pushing these features cares about security or the firmware would be open and the keys would be changeable
TPM providers have many interests. They have an interest of developing a secure device, but they also have an interest of protecting their IP. Just because they care about protecting their IP, it doesn't mean they don't care about security. In regards to making your own chain trust go ahead, but I won't trust you.
>You just want the ability to sell removing the nitro button or having a slightly less unusable UI or getting the ads off of the lock screen for $9.99 a month.
Yes, just like how DRM stops people from ripping content you have invented money into. This can prevent people from leaching by using a modded client that removed ads for free. People spend a lot of money building services and they rely on ad revenue in order to make money. If you choose to mod advertisements out of your client I can choose to stop responding to your requests.
