A hypothetical useful use of attestation is that a company promising to process personal data securely could actually prove it to end-users, by open-sourcing their server-side code and using reproducible builds combined with remote attestation, to prove to the client that the server-side is running unmodified within a secure enclave.

I struggle to think of a useful use for it on the end-user client side, though.

▲

jt2190 2 hours ago | parent [-]

Isn’t the client-side case something like “the banking app you’re entering your account password into is the binary the bank created and not a compromised binary that will drain your bank account”?

	▲	summm an hour ago \| parent \| next [-]
		No, this would just require a publicly verifyable signature of the software, and the user would just choose to have their operating system verify it. No remote attestation or other hand-over-your-controls necessary.
	▲	an hour ago \| parent \| prev [-]
		[deleted]