| ▲ | 9NRtKyP4 2 hours ago | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Remote attestation is another technology that is not inherently restrictive of software freedom. But here are some examples of technologies that have already restricted freedom due to oligopoly combined with network effects: * smartphone device integrity checks (SafetyNet / Play Integrity / Apple DeviceCheck) * HDMI/HDCP * streaming DRM (Widevine / FairPlay) * Secure Boot (vendor-keyed deployments) * printers w/ signed/chipped cartridges (consumables auth) * proprietary file formats + network effects (office docs, messaging) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | cwillu 2 hours ago | parent | next [-] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
It very clearly is restrictive of software freedom. I've never suffered from an evil maid breaking into my house to access my computer, but I've _very_ frequently suffered from corporations trying to prevent me from doing what I wish with my own things. We need to push back on this notion that this sort of thing was _ever_ for the end-user's benefit, because it's not. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | myaccountonhn 39 minutes ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
It's interesting there's no remote attestation the other way around, making sure the server is not doing something to your data that you didn't approve of. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | digiown an hour ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
I am quite conflicted here. On one hand I understand the need for it (offsite colo servers is the best example). Basic level of evil maid resistance is also a nice to have on personal machines. On the other hand we have all the things you listed. I personally don't think this product matters all that much for now. These types of tech is not oppressive by itself, only when it is being demanded by an adversary. The ability of the adversary to demand it is a function of how widespread the capability is, and there aren't going to be enough Linux clients for this to start infringing on the rights of the general public just yet. A bigger concern is all the efforts aimed at imposing integrity checks on platforms like the Web. That will eventually force users to make a choice between being denied essential services and accepting these demands. I also think AI would substantially curtail the effect of many of these anti-user efforts. For example a bot can be programmed to automate using a secure phone and controlled from a user-controlled device, cheat in games, etc. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | Foxboron an hour ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
> * Secure Boot (vendor-keyed deployments) I wish this myth would die at this point. Secure Boot allows you to enroll your own keys. This is part of the spec, and there are no shipped firmwares that prevents you from going through this process. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | 9NRtKyP4 2 hours ago | parent | prev [-] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
The authors clearly don’t intend this to happen but that doesn’t matter. Someone else will do it. Maybe this can be stopped with licensing as we tried to stop the SaaS loophole with GPLv3? | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||