| ▲ | charcircuit 3 hours ago |
| Do you consider being banned in a video game because of hacking to be an example of something killing computing freedom? The user still maintains all the freedom of doing whatever computing they want on their own machine, but if they want to play with others who don't want to play with cheaters then they have to use the official client. For people who want a high degree of freedom and be able to access as many digital services as possible I foresee such people using a hypervisor that runs both a provable secure OS and another OS that is as free as they want. |
|
| ▲ | franga2000 2 hours ago | parent | next [-] |
| How about being banned from online banking, government services and all social networking / communication platforms? Because that's the road we're already heading down. What makes you think they will give us this magical hypervisor capability? It's more effort, increases the chances someone finds a bypass and takes power away from the incumbent online platforms. It's so much easier to just prevent it all. The only reason it hasn't happened yet is the amount of devices without this ability in circulation. But that number is shrinking rapidly. |
| |
| ▲ | charcircuit 2 hours ago | parent [-] | | >How about being banned from online banking, government services and all social networking / communication platforms? You aren't banned. You just have to use a secure device. It's like saying that a store banned you because they stopped taking checks and started requiring a credit card since they are more secure and harder to commit fraud with. As a person you didn't lose any freedom. Freedom does not mean someone has to be able to force their will on another person. That sounds like the opposite of freedom to me. >What makes you think they will give us this magical hypervisor capability? It's not magical. Look at Windows WSL2 which already works like that. | | |
| ▲ | przmk 2 hours ago | parent | next [-] | | It's not about being secure. Google allows devices with up to 10 years without any patches to pass their integrity API. Meanwhile Graphene OS, which is very secure and up-to-date, doesn't pass. | | |
| ▲ | mike_hearn 9 minutes ago | parent | next [-] | | They allow old devices to report to Play Integrity. That doesn't mean the service provider requesting attestation has to allow such devices. These things usually give just a risk grade to the service provider and it's up to them to make the decision. Graphene OS says they are secure, but the definition of secure they're using isn't the same one the service providers are using, so that doesn't help much. The best route forward here is to push for a separation of certification types. Ideally it would be possible to pass the security related aspects of Google's CTS test suite and get approved by Play Integrity without triggering the other parts of Android certification. | |
| ▲ | notpushkin 2 hours ago | parent | prev [-] | | This. Plus if I want to access my bank account on a device I trust, the bank shouldn’t say “hey we don’t trust it so buzz off”. It’s my money in that account. I understand there’s some stupid compliance thing that makes banks do this, but it clearly isn’t a hard requirement, as there’s still plenty of banks that don’t participate in this security theatre. |
| |
| ▲ | dmantis 2 hours ago | parent | prev | next [-] | | > You just have to use a secure device. No, you have to use government backdoored device. I.e. the most secure android rom (at least the only rom we know is not penetrable by state-sponsored celebrite based malware) is not covered by google's play protect, while bunch of outdated CVEd phones are. Same will go with many hardened Linux machines, QubesOS, Whonix stations, you name it. I'd argue they are far more secure than any average windows/macos installation. Hardware attestation has nothing to do with security, it's censorship. | |
| ▲ | inejge an hour ago | parent | prev [-] | | > You just have to use a secure device. Secure as defined by a duo of monopolists. It's a contractual concept and doesn't have a firm relation to security-related characteristics. I'd trust GrapheneOS to be as secure as anything Google is capable of releasing, but that doesn't help them if Google refuses to vouch for a device running their OS. Which is also why your check/credit card analogy falls flat. |
|
|
|
| ▲ | xeyownt 3 hours ago | parent | prev | next [-] |
| I think you got it reverse. Gaming and such are dedicated services. Fine if people agree to pay premium to have the required platform / console / etc. General services such as communications / banking must be free, and must not require trusted hardware on the end point. The services must be designed to be secure even in the case of compromised end points. But that's against the current trend where all banks are trying to push all the responsibility on the end user because they want to reduce their costs. There are plenty of solutions but they don't go for it because it's not in their interest and they want to squeeze out any little penny of infrastructure cost. |
| |
| ▲ | charcircuit 2 hours ago | parent [-] | | >How about being banned from online banking, government services and all social networking / communication platforms? Defense is depth actually works. It's better security to require a dedicated device to make it harder to commit fraud. This is why credit cards became a secure device instead of just being a magnetic strip. |
|
|
| ▲ | matheusmoreira 3 hours ago | parent | prev | next [-] |
| > Do you consider being banned in a video game because of hacking to be an example of something killing computing freedom? No. It's the constant attempts to invade our computers and "prevent" the unwanted behavior that are problematic. See kernel level anticheat nonsense. They want to own our computers. > if they want to play with others who don't want to play with cheaters then they have to use the official client They should be able to play with whatever client they want. It's their computer, it should run whatever software they want. |
| |
| ▲ | charcircuit 2 hours ago | parent [-] | | >See kernel level anticheat nonsense. This nonsense mainly exists only because the operating system is unable to attest that it the app is secure and the right app is what is running. >It's their computer, it should run whatever software they want. I agree, but companies shouldn't be forced to match cheaters with legitimate players. Cheaters just can't secretly be cheating. | | |
| ▲ | matheusmoreira an hour ago | parent [-] | | To defend my own freedom, I'm forced to defend scoundrels as well in a totally unhinged manner. So be it. > the operating system is unable to attest And it should remain unable. There should be no "attestation" of anything. The corporations who want such things should remain unsure of the device's "security". They should just accept it. Let them write it off as a cost of doing business or something. The optimal amount of fraud is non-zero, as they say. > the app is secure and the right app is what is running These machines are our personal computers. They are extensions of our minds. They are general purpose tools with limitless potential, just waiting to be shaped in accordance to our wills. There is no such thing as being "secure" from us. Not inside our own computers. The mere idea of it is offensive. It is an affront to us all. We are the gods of these machines. To attempt to "secure" a video game of all things against us is an attempt to usurp our power. > Cheaters just can't secretly be cheating. Now that remote attestation is in play, the ability to do that -- forge attestations to pretend to be a corporate owned machine while remaining free and subversive -- has become key. So I'm forced to say that cheaters absolutely should be able to secretly cheat. If the cheater wants to edit his computer's memory or whatever, it's his divine right as the owner of the machine. An inability to do that means our freedom is lost. Cheating in video games is literally nothing compared to the loss of our computer freedom. Let the entire industry go bankrupt if it must. We cannot sacrifice it no matter what, and certainly not over something as mundane such as video games. There is so much more at stake here. Ubiquitous access to cryptography. Adversarial interoperability. Our very self-determination in the digital world. Video games are nothing -- and that's coming from a fellow gamer. |
|
|
|
| ▲ | greybcg 2 hours ago | parent | prev [-] |
| We had fun in online games without kernel level nonsense. Why do I need to compromise my hardware when the problem is an outlier in the social graph? Anticheat is part an arms race and part just raising the bar so people cant cheat too easily.
That said you can feed a video feed into a Kria K26 or even a pi or jetson and make automatic targeting completely transparant to the kernel. Then what? Hardware attestation in peripherals? How do old boomershooter communities tackle cheaters? When and why do methods that work on a social graph fail or necessitate anticheat?
I agree on the hypervisor part. Putting different applications in microvms would be good for isolation. |
| |
| ▲ | mike_hearn 4 minutes ago | parent | next [-] | | PC gaming has always been rife with statistical inferencing of cheating, accusations of cheating both true and false and resultant low levels of trust that do destroy gaming communities. That's with aggressive software solutions that implement an ad hoc not entirely robust form of remote attestation. A lot of gaming migrated to consoles for this reason. They have secure remote attestation implemented properly. Accusing winners of cheating doesn't work there, and it's obvious why that results in happier and healthier gaming communities. | |
| ▲ | charcircuit 2 hours ago | parent | prev [-] | | >We had fun in online games without kernel level nonsense. You might of. But there was a percentage of players turned away by cheaters or even just had a bad experience one day because of one. At scale this can cause a bad experience for a ton of players so trying to stop as many cheaters as possible does matter. >Why do I need to compromise my hardware You don't have to compromise anything. In fact it is optimal to have the system be as secure as possible that way cheats can't mess with the game. >How do old boomershooter communities tackle cheaters? By limiting the rate of new players. This goes against the wishes of games who want to achieve massive growth. >When and why do methods that work on a social graph fail or necessitate anticheat? If people provided IDs that could work too instead of anticheat, but usually people do not want to do that just to play a game. It adds friction to the onboarding process. |
|
