| ▲ | jorvi 5 hours ago | |||||||||||||
Weird rant. TPMs are great. The modern computing landscape needs a safe place to put secrets. It's what made the iPhone (Secure Enclave is effectively a TPM) years ahead of Android in terms of security. The problem isn't the TPM, but attestation. As soon as the TPM is required to not be under your control to get access to Y, bad things happen. Hell, in actuality, the problem isn't even attestation, its policy. The EU Parliament (the one the people vote for, the Commission are cronies) might eventually force corporations into something more citizen-friendly. Neither Apple, Google or Microsoft is going to drop a market that big. | ||||||||||||||
| ▲ | nananana9 4 hours ago | parent | next [-] | |||||||||||||
Requiring "tokens" stored in "trusted modules" and 7-factor-auth for everything is not progress, it's theater. The biggest achievement of the security orthodoxy was locking me out of my email, by requiring me to read a code sent to my email to log into my email. I -- literally -- do not care about a single "account" in any "service" I use aside from my email and bank account. Most people would add a few social media accounts to that list. You don't need a "place to put secrets". Your iPhone app does not do anything important enough to require a "trusted chain" of cryptographic bullshit, just use a password and Google/Apple login. | ||||||||||||||
| ||||||||||||||
| ▲ | pretzel5297 4 hours ago | parent | prev | next [-] | |||||||||||||
Agreed. Trying to limit progress because it may be misused is attacking the wrong part of the problem and will not work. | ||||||||||||||
| ▲ | jojobas 4 hours ago | parent | prev [-] | |||||||||||||
TPMs add security against a narrow case of evil maid attacks. They might be useful for corporate computing (for cargo cult compliance purposes more than actual security) but they trojan horse more of "not owning the device you bought" with it to people that don't and shouldn't care about evil maid attacks at all. | ||||||||||||||
| ||||||||||||||