I'm completely missing how his example of a Word document that can only be opened by approved users on approved hardware within the corporation is supposed to be a bad thing.
Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.
Can someone please explain to me how the author might see this level of security as a bad thing?
The capacity for abuse is huge, way beyong the potential benefits.
From the USA, we get news of banned book in some states. When I read that, my head goes back to my european history, and I reach the Godwin point very quickly.
Those kind of people will abuse such system to prevent things to be shared.
It will be used for putting DRM on everything and create a more and more closed web.
It will be used by corporations and govs to prevent wisthleblowers and journalists to do their job. Or to prevent employees to get evidences of mistreatments in case they need to sue.
Because if you look at it, it's basically just a system for information control. And bad actors love that.
And of course it will be "for security reasons".
Trusting people with a terrible track record to not abuse a massive power in the future, espacially one that can be scaled up with the push of a button once the infrastructure is in place, is not a good bet.
> From the USA, we get news of banned book in some states. When I read that, my head goes back to my european history, and I reach the Godwin point very quickly.
Books are not banned, just not used in the classroom anymore. While the reasons for it may be wrong, it's something that happens constantly all over the world. No one prevents children or adults to read those books at home. Banning books could mean that owning them is illegal and that just hasn't happened.
Banning their use in classrooms is lesser but still a step on that path, and the same Republicans trying to do that are not going to stop at schools after they win but will rather see that as an invigorating first step in a long campaign. For example, book sellers in Virginia are currently fighting a lawsuit against an attempt which would ban private sales:
As a bit of an Anarcho-Libertarian who is often in the middle of these conversations from either side, I would imagine part of the problem is your framing of this issue as if it is only coming from one direction, when there is plenty of evidence that both sides are into things like banning books[0] it's just a question of which books they want banned.
The both sides framing is a common tactic used to make this seem even but there’s a pretty notable difference if you look at the details. For example, Newsweek’s right-wing owners love this framing but the left example is a single school district removing a book from the curriculum whereas the right wing examples are far more widespread and include books being removed from libraries. The motives are also different: banning books which depict racism positively (highly debatable in this example) is different from banning them because they reflect existence of gay people in a positive manner.
According to the article that I linked, California has banned "To Kill a Mockingbird" in schools due to racism and you seem to be implying that is because the book "depict[s] racism positively"; however, I read it back in school and I remember discussing extensively how the book showed racism in a most negative light.
It doesn't seem to me like you are willing to believe that both sides could be over stepping here, but I personally am sure of it.
I remember the discourse around changing Jim's name in Huck Finn and banning To Kill a Mockingbird. Those changes and bans were wrong. But still the scope and intensity with which the extreme right are gunning for books is alarming. They're doing it more, it's more widespread, and they're using state power.
When "the left" has opposed books they try to use social pressure to get book settlers to voluntarily not stock those books. The right is currently using state power to prevent the teaching of certain books, their presence in public libraries, and are even suing to make private sales of certain books a crime in Virginia.
> Apparently no one told him that the stack of books in the photo included one banned in the state he leads, To Kill a Mockingbird, which was banned from California schools on the grounds that it contained racism.
Clear cut, right? Nope, here’s what their own linked article says:
> Schools in Burbank will no longer be able to teach a handful of classic novels, including Harper Lee's To Kill a Mockingbird, following concerns raised by parents over racism.
> Until further notice, teachers in the area will not be able to include on their curriculum Harper Lee's To Kill a Mockingbird, Mark Twain's The Adventures of Huckleberry Finn, John Steinbeck's Of Mice and Men, Theodore Taylor's The Cay and Mildred D. Taylor's Roll of Thunder, Hear My Cry.
This is how the false-equivalence machine works. A single school district is expanded to an entire state (15k students isn’t nothing but it doesn’t represent many of the ~6M students in the state) and is presented as the equivalent of multiple state-wide attempts to remove books from schools & libraries, and again ignoring the difference between removing something from the curriculum with the goal of exclusion versus inclusion.
The urge to censor isn’t unique to right-wing politics but since they’re the ones pushing the most aggressively and successfully, I attributed more of it to the people causing the lion’s share of the harm.
OK then you agree that Amazon taking down Irreversible Damage was wrong, and that it should also be in every school library, or it's obviously a sign that the Left is going to ban books everywhere?
Removing something from a curriculum is not the same as banning it. There are many more books that are not in school libraries than there are books that are in them.
If you want to use the OS to ban a book or program or whatever, you don't need fancy hardware features, just a database of hashes pushed down via a software update. Apple wanted to do a version of this for CSAM images, it only didn't happen because they chose to tell users about it and got massive backlash. The implication that governments need more powerful DRM features to do something similar just obscures the fact that they could do it tomorrow if the US government gave up their free speech stances.
Chip manufacturers could even decide that nothing good happens on open source operating systems, so you're now only allowed to run Mac or Windows operating systems.
The point is really that they're taking full ownership of the chips from you.
They could, but not with the new Pluton stuff. That would be enforced with secure boot, which has been around for a while already. Again, the capabilities already exist. The barrier for a would-be censor is political not technological.
The EU just mandated chats to be scanned for content. Of course just for CSAM just as the meta data collection is only used for terrorism. Problem is that the latter is also used for parking tickets. They really try to hit the definition of a totalitarian state by the letter.
I doubt backlash will do anything. Regardless, the EU also mass collected personal data and made this behavior legal retroactively for authorities like Europol. The course for ever increasing surveillance has long been chosen. Government often disavows such decisions but that is exactly their strategy to implement such laws while evading criticism themselves.
Wider E2EE adoption was the only hope for clawing back some privacy for users who do everything on cloud services. If the EU bans E2EE and starts mandating all kinds of scanning of data stored on third party servers, it would be a massive loss.
I think it may have also been problematic legally for Apple. The US laws for CSAM are very strict and Apple wanted to do some sort of confirmation that the images are indeed CSAM which would have meant moving the images from the device to Apple servers.
If you're worried about book bannings in states like Florida, DeSantis is up for reelection in just over 3 months. Go volunteer or donate money to his opponent (probably Charlie Crist).
Did they actually ban the books, or did they merely ban their usage in K-12 instruction with the news outlet rounding that up to a book ban for dramaturgical reasons? Not that a ban in school instruction is necessarily good (though, I would guess, not nearly as rare), but the actual full-fledged ban that DRM could aid in enforcing, which would prevent you as an individual from reading a book you want to read in _any_ plausible context, is on a different level.
All Florida did was add a criteria to their selection process to disallow books that include Critical Theory/Critical Race Theory or their praxis in the teaching of math, etc. Every state selects which text books can be used by their schools so if Florida "burns books" then by definition every single other state does too.
Where are the text books in California that teach math using Biblical stories and imagery? Obviously California burned all those books if we accept the argument being put forth with Florida.
Of course, bible stories would be inappropriate because superstition and religion have no place in schools. We're supposed to educate students about reality.
But there's nothing wrong with teaching students how they can use math to understand social problems and complex real-world issues. Math is a great tool for thinking about things like income inequality, climate change and economics.
Well since you opened that can of worms, CT/CRT is just another religion, and not a nice one.
Ibram X. Kendi, in his book “How to Be an Antiracist” states, “The only remedy to racist discrimination is antiracist discrimination. The only remedy to past
discrimination is present discrimination. The only remedy to present discrimination is future discrimination.”
The whole movement is predicated, explicitly, on instilling hatred and animosity on some out-group, it's a viscous ideology masquerading as compassion.
> All Florida did was add a criteria to their selection process to disallow books that include Critical Theory/Critical Race Theory or their praxis in the teaching of math, etc.
Yep, one state decided to do something about this divisive indoctrination of kids and the peddlers of that stuff obviously don't like it, hence the "banning (math) books" stories. If you actually read into this you quicky realize that someone is clearly lying and (this time) it's not the Republicans.
What, are about to tell me that well akshually crt is only taught at the uni level? Give me a break. This is the most basic of defenses you can use and it has been done countless times before. Obviously CRT (or CT in general) itself is not being taught to little kids, but the C(R)T praxis is. I.e. C(R)T "applied" to concepts kids can understand. I've seen the books/questionnaires that are being used for this purpose, do I have to list some them?
I mean, this isn't even about Republicans, Trumpians or whatever, any self-respecting liberal can't possibly subscribe to c(r)t and still call himself/herself a "liberal".
Deciding which textbooks that are going to be used in public schools isn't banning books. If you don't want the government to decide which books are used to teach your children then homeschooling or private schooling are what you should be focused on.
Technologists often have such tunnel vision that limits their concerns to tyranny driven by technology when there's plenty of low tech attacks on open society all the time.
It reminds me of the good old "my password takes 2 billion years to crack, but my kneecaps only take a few seconds" metaphor about people in tech forgetting that physical coercion is, in fact, a possible attack vector for your IT security.
The low tech attacks often have low tech workarounds. DeSantis may "ban" a math book but there's nothing stopping a Florida resident from buying it and giving it to a child. There's plenty of other marketplaces and similar publishers I can pull from.
When computing is controlled at a hardware level, you have far fewer competitors and market places. Working around things can be significantly more difficult and you may be stuck with scrapping up old less capable tech trying to do something you should have better options for. This is the reason technologists fear technology control, not so much because of tunnel vision but because the general population can't work around it, even experts may not be able to work around such protections. Low tech always has easy work arounds--the option exists even if you may fear the consequences.
Any such bans will always take the path of least resistance to cover the largest possible population with the easiest means. Pareto Style. And I care much more about those 80% of people having access over maintaining my own. Because ultimately, those people will set cultural standards of the future, not some technologist with their fully libre laptop.
And those attacks are, as of now, not that sophisticated or blatantly censoring. An overwhelming majority already do their computing on locked down devices (running iOS, Android and ChromeOS) and the big censorship wave hasn't hit them. Every half decade or so Amazon removes a book from Kindle as a side effect of capitalism and copyright and there's a huge HN thread mistaking it for deliberate censorship, but overall it really doesn't matter.
Also, let's be completely clear that DeSantis didn't ban math books. This was an attack on ideologically inconvenient books, mostly queer literature. It's part of the push to label us as "groomers" for merely existing around underage people that has caused a spike in violence and mistrust directed towards trans people. Once our rights are sufficiently eroded, they'll go after the gays again, and after that, maybe, we'll have progressed on the fascist cataclysmic us versus them rhetoric to revive blatant antisemitism. Or racism. Who knows. But safeguarding the high end bit of tech that is not even mainstream anymore wouldn't help society out of this and being concerned for it is a very individualistic choice.
While this is true for a few people, applying coercion on a mass scale using the kind of tech described in the article makes it much more convenient... so IMO the argument still holds
But I never said it's not a problem. I said the priorities are wrong.
Establishing technical means to do something (limiting access to files via DRM) is not as urgent as actually doing it (Florida carting books out of school libraries). And technology is not a monolith. Pluton specifically is far from being a universal requirement on Windows, and the entire PC platform is open enough to support alternatives for a very long time. It's possibly worrying (though it looks like Microsoft's intention is confidentiality management in enterprises for now), but far from "turnkey tyranny".
And we don't need guns to do a genocide. We managed to kill a good chunk of the american natives with mostly blades.
Yet, you probably don't want to give willingly a nuke to a dictator.
In the same way, giving this kind of power to people that have shown in the past to abuse information control is like banking on the wolf to behave in the hen this time.
> Go volunteer or donate money to his opponent (probably Charlie Crist).
I'm not in the US. I just read those crazy news, compare it to my grandfather stories, and worry.
banking on the wolf to behave in the hen [house] this time
Fair point, but the United States is rapidly moving towards authoritarian governance right now. There are steps that every U.S. citizen who reads my comment can take to help stop this decline immediately. I don't like the idea of this sort of TPM 3.0 module in my computer's hardware, but it's a 'day after tomorrow' problem for me, not a 'right now' problem.
A good illustration of how devastating epidemics in North America among the natives were is that when the first European explorers reached the coast on the west side of what is now the United States they found that part of the continent to be highly populated.
That was in the early 1500s. It was another couple hundred years before Europeans started colonizing and conquering those areas. By the time that started those populations were already reduced by around 90% from diseases that has spread across the continent from the Europeans on the east side.
Before those diseases wiped out so many natives no European colonists were able to survive in what is now the US and Canada without the approval and help of the natives. If the local natives didn't want a colony there, they removed it.
Yes, the colonists had guns and the natives then did not but the guns in those times weren't actually superior to bows and arrows. The guns might have better range, but their accuracy was much worse and they took longer to reload.
Before diseases that the colonists (unintentionally) brought greatly weakened the native tribes pretty much the only colonists that did OK were those that allied with a native tribe.
There were a bazillion tribes, and there was a lot of conflict between them including warfare. Some smaller tribes that were losing their wars with bigger tribes allied with some of the colonies to try to get help against the bigger tribes. Those were the colonies that were allowed the stay and thrive.
For a great look at what life was like in the New World before Europe became widely aware of it, and what happened afterwards the book "1491: New Revelations of the Americas Before Columbus" by Charles C Mann is quite good.
>I can't fathom a math textbook with pornographic examples. Is this a thing in the US?
I've been out of school for quite a while, but AFAIK while there is plenty of porn out there, it's not in our math books.
No, it's just Florida politicos pandering to their base[0].
I'm guessing that what GP is going on about (please do correct me if I'm wrong) is probably some word problems that include references to non-heterosexual/non-binary folks, which seems to trigger the intolerant among us.
Which is a result of decades of attempts to put christian dogma and ideology back into US public schools, and failing that, destroy the public school system.
according to an article linked elsewhere (https://www.baynews9.com/fl/tampa/news/2022/05/06/florida-ba...) it was because they had too many black people depicted as athletes and they had word problems that treated scientific facts as if they were scientific facts.
The one example that I thought might have been somewhat improper was "Multiple exercises related to a debate between Al Gore and Rush Limbaugh, where the publisher was in favor of Al Gore's arguments based on the questions in the exercises."
If the debate in question was fictional, I'd be tempted to agree it would have been better to avoid using the names of real people although I'd disagree that is enough to ban the use of the textbooks. If the debate was actual and the textbook pointed out very real flaws with Rush Limbaugh's logic (especially if they were a real world example of bad math) I'd say that it makes perfect sense to include it in a math text book.
It depends on who is defining what is pornographic. To some of the swivel-eyed loons deep in the religious right, who are very vocal in these matters, all material depicting non-heterosexual people doing anything other than being deeply unhappy or being subject to a stoning, is pornographic. This means examples in textbooks that attempt to be inclusive can fall foul of their ire.
Mein Kampf is a banned book which I don't think many would disagree with. There are many other such books filled with propaganda that are rightly banned. I don't see why other propaganda-filled books that are being pushed on unsuspecting children shouldn't be banned too, unless the only reason is that you dislike the direction of the propaganda.
Mein Kampf is not banned in my country, I can buy it, and I think everybody should be able to read it.
You cannot defend against something you don't understand.
Reading it (or the little red book), you will notice there is nothing incredible about it.
It's a good way to understand the banality of evil.
It's a good way to see what currently in our society echoes it: we are not freed from evil, it can come back any time.
And the "push on unsuspecting children" narrative is worn out. Nobody push such dangerous book on children unless already twisted. Nobody ever told me "read it, it's good for you". Everybody always said: "dangerous book, read it with history in mind", if they ever talked about it.
I don't even think it's banned in Germany anymore. If I remember correctly it was banned for a while, but the ban was lifted and people bought it up like crazy. Not because they were Secret Nazis all along, but because people really hate being told they aren't allowed to access certain ideas. It's human nature to want to know the things you're forbidden from learning about.
If today it's "obvious" what's bad; When this generation dies off, who is appointed master of the universe and decides what's bad? It won't be you. It'll be the guys with the money; See Pluton. They're already paving the way for just that (at least in tech and what your wallet must must must spend). But, I digress.
You shouldn't ban books. You should teach morals.
My friend, Swim, who is a Jew living in Israel doesn't support banning Mein Kampf. So much so that when Swim's friend ordered it from Amazon, neither opposed it. Curriculum teaches about Hitler's rise to power and the abuse of his people to do so. That's more than enough to understand not to follow in his footstep. Swim's friend was interested in Hitler's political prowess.
I'm not interested in Mein Kampf. But, if someone is, he most surely has the right to read it. Kill the way some fanatics did because of it? No, that's immoral.
Who decides morality? That's complex, I think. But, I also think it is an innate intuition that lives in all of us.
I think many would disagree with the banning of it, not based on its contents but based on the principle of not banning books in general and not banning speech that’s unpopular.
Unpopular speech needs more protection than popular speech, not less.
If you're in the US there are not really any truly banned books. There are books that are banned from certain libraries (mostly school libraries).
But, imagine that a school adopts the DRM processes described in the article and requires this study level of control even on personal devices that are used for school. Suddenly those book bans can be enforced digitally by the school and will totally cut off access to certain books that the school chooses.
You might say that it's within the school's rights to do this for a device that is used for school and if you don't like it then use a different device. Now that's a system where there is a class-divide on the information that one is physically able to consume on their devices.
You might think Mein Kampf is ban-worthy, but the whole point is actually that you should not ban any book at all, because once you start banning books it becomes far too easy for more books to be banned. All it will take is one regime change in a school district's PTA for new books, that you maybe think should not be banned, to be added to the list.
It's worth considering the most banned books in America. His Dark Materials. A fantastic young adult fantasy novel that pokes harder at religion than some Christians can bear.
> But, imagine that a school adopts the DRM processes described in the article and requires this study level of control even on personal devices that are used for school.
The prerequisite for this to happen is that the school removes all physical editions of the books and has digital editions for all content, and a lending program for the books that is sufficient to satisfy publishers... and all students have digital book readers able to access the school library.
I don't see this happening in the near (or even within the decade) future. There is far too much content that is physical only, publishers haven't embraced digital editions for libraries, school libraries don't have the technical resources (physical or in many cases human) to convert their collections to digital.
The hypothetical school book ban for digital editions is needlessly alarmist.
When those resources are available to schools, then yes - lets talk about it... though the school banning books will continue to mean "that resource isn't in our collection" and a student can go to another library (or in many cases book store) and get a copy of that book for themselves. This is no different than today.
It's not banned here in the US[0][1][2]. Nor should it be IMHO.
I say that as a person of Eastern European/Jewish extraction.
Do I like fascists/fascism? No. Do I like Nazis? No.
But I do like freedom of expression. And if the price of that freedom is that hateful scumbags get to speak their piece, that's okay with me. But I'll have something to say about it too. As it should be.
Mein Kampf was not banned in Germany either. It is just that after Hitler's death, having no heirs, the state of Bavaria got the printing rights and decided not to allow printing of them (there was a heavily commented version made for academics like a study bible). Meaning all prints violated copyright until the book enters public domain.
District councils (so the second 'lowest' of the possible tiers) but yes. In practice, they've all deferred to the judgement of the British Board of Film Classification (née ...Film Censorship) for nearly every film since it was set up.
The same things that make it good in a corporate environment can make it abusive in a personal machine.
By forcing the kernel to be untamperable, Microsoft can arbitrarily enforce ANY policy they choose on your PC. They could spy on every single piece of network communication. They could ban any given software from being able to run on Windows - maybe Chrome, maybe Steam, any competitor at all. They actually could easily enforce laws on banned content too - any given website, book, audio or video could be impossible to consume, and an attempt to try could be reported to Microsoft. They could stream the contents of your display and mic and camera at any time to anyone they choose. There is literally nothing they cannot do with complete control over the kernel. And since the kernel and Windows itself is closed source, there are ways to hide all of it so you would never even know.
Security is great but it also goes hand-in-hand with control and surveillance. Every capability to increase security also increases the amount of control those providing the security have.
> They actually could easily enforce laws on banned content too
Exactly this. As soon as governments (or lobbyists) discover that this level of control is available to them, they will introduce whatever remaining laws they need, banning E2E encrypted chat apps, or Tor, or bittorrent clients.
I suspect that, like civil asset forfeiture, or running commands on botnet-infected devices[0], these actions will have only the thinnest veneer of "due process" applied to them. After all, if your computer is running "illegal" software, why should the government wait for your permission before deleting that software, or even tell you that it had done it after the fact?
Microsoft doesn't need an "untamperable" kernel to force spying on users. Windows 10/11 has horrible invasive telemetry that can't be disabled, but no one has figured out how to modify the OS and strip it out, all the "solutions" involve temporarily disabling services or blocking network traffic. Is there actually some new capability here that points to future surveillance and censorship, or are you just fitting everything Microsoft does into a narrative where these things are just around the corner and waiting for the right technology? In my opinion the technology has been there for many years, it's just waiting for the US to go insane enough to implement massive censorship.
But you can install your own OS. You can't disable this tool via another OS.
Particularly now that heterogeneous computing is making it big, video decoding can easily just be made not to work unless this tech stack okays it--regardless of the OS.
This chip could all out disable other operating systems if they don't provide the spyware telemetry that Microsoft requires.
By "this tool" do you just mean the Pluton system in general or some specific thing? The attestation stuff is a software feature that would be disabled by booting another OS that doesn't support it. It needs the Pluton hardware to be possible, but the software side is in the OS not hardcoded on the chip.
Disabling other operating systems would be done by the BIOS if manufacturers locked down the configuration of existing secure boot functionality, doesn't need any new features.
If I'm not mistaken, "no one has figured out" is factually incorrect. https://ameliorated.info/ blocks nearly all OS network requests (and hopefully all OS telemetry) by physically removing the relevant files from the system (though this breaks UWP apps, .appx, and such), and disables Windows Update to prevent telemetry components from being reinstalled. I use it on a near-daily basis, and it works quite well in most cases, although having a separate admin account by default, not being able to create new accounts (they show black screens), and missing features (Action Center and notifications) do sting, and I'm worried about the lack of security updates. If you do choose to use it, https://git.ameliorated.info/Joe/amecs is important for configuring the system.
> They could ban any given software from being able to run on Windows - maybe Chrome, maybe Steam, any competitor at all.
IIRC, this was the reason Valve created SteamOS: they feared Microsoft would use their control over Windows so that the only viable software store on PCs would be Microsoft's own store.
What you can install on YOUR pc will be at the sole mercy of microsoft/or maybe someone else.... That's the cusp of it. Not that it can be used for good, but that it sets the way for heavy misuse by large corporations.
Wait a few years. Smaller companies won't even be allowed to order high end cpu's. You'll be at 100% mercy of these corporations.
If after 2 years they decide to brick your pc, they'll just do it. You think government will help you out here? Lol...
Secure chips like this are already in all devices but PCs. And in none of these areas has any of that happened. Quite the opposite, Apple got a fine when they slowed down older devices to save battery (at least what they said).
So the government will clearly help out here. And none of these companies has an incentives to stop sales to smaller companies, they make a lot of money with those.
> Secure chips like this are already in all devices but PCs. And in none of these areas has any of that happened.
Ah, that must be why we all have root access and can freely modify or install anything we want on every device we own! Oh, wait, we don't have those things and our non-PC systems are increasingly locked down and routinely do things against the wishes of the people who own them.
I'm sure there will be developer options for this too. After all, Microsoft is not going to make all the software themselves.
But they could restrict this too. For a lot of platforms you now have to sign up for a developer account and license agreement. Like on iOS, Oculus Quest..
>As of January 2021 deleting SecureBoot keys and installing your own keys (for example by using KeyTool) will brick the device. This is a problem that is similar to one which has been reported on some other Lenovo laptops [0] and is likely due to a faulty firmware. If the device is stuck in a boot loop after replacing the SecureBoot keys, the only way to repair it is by replacing the mainboard of the device.
The goal is not to prevent you from running Linux, is to make it so that Linux cannot access the content you are interested in.
Remote Attestation establishes a root of trust that can be used to verify that all of the software down the line is "approved":
- You won't be able to browse sites or use apps with ads unless you run a 'trusted' device, OS and browser that does not block ads.
- You won't be able to browse sites with captchas unless you run a 'trusted' device, OS and browser that does not allow bots to interact with the browser.
- You won't be able to run Netflix unless you run a 'trusted' device, OS and browser so that you can't record the content.
- You won't be able to play online games unless, again, you run a 'trusted' device and OS so that you cannot cheat, or more importantly modify it in any way (why would you purchase skins if you can mod them in?).
- You won't be able to use online banking unless you use a trusted OS because banks.
Remote Attestation is pretty terrifying and it will be here soon unless it is regulated out of existence, which is unlikely.
As someone who enjoys hacking, looking at that list sounds terrible.
As a regular user, most of that list doesn't sound too bad. Their future devices will automatically have these features enabled, they're not likely to change those settings to "break" their device (from the perspective of Trusted Computing) so they'll have a smooth experience getting into it.
- Can't block ads? A lot of average users already don't/don't know how, but this one would probably would affect a lot of people. Probably a bad thing no matter how you slice it.
- They'll have a better experience online as they won't be interrupted with captchas. Wouldn't you prefer if you never experienced captchas and logins were smoother and easier? So a wash to a positive for an average user.
- This makes it an easier deal for streaming services to let you cache their DRM'd content offline and makes the deals they have to cut with media companies potentially cheaper. Once again they're probably buying off the shelf computing devices which will probably work seamlessly with these restrictions, so they either won't notice anything or potentially get more features than they have now with those services they're already using. I'm not necessarily a fan of DRM but the market has largely spoken, people prefer streaming rather than actually owning the media.
- Fewer cheaters in online games sure sounds like a positive to me.
- My bank account online is more secure? This is a bad thing?
This is all just giving away control to corporations. Freedom is about having the option, not using it. Even if most "regular users" never use it, if they ever change their mind they'll surely appreciate having it. It also affects the ability to develop new hardware, and being locked to hardware/software approved by the remote side (e.g. Facebook or whichever app/site you're using) is a pretty Dystopian reality.
> My bank account online is more secure?
Sincerely, why? Because I can't customize my own software anymore? Fortunately banks around here don't require SafetyNet, some of them do require a mobile device though.
If all clients interfacing with the bank's API are required to prove they're locked down devices running proven official clients it reduces the potential attack surface. Lowering the attack surface increases the security.
If the market really cared about being able to run whatever software you wanted, nobody would be buying iPhones. Fire TV sticks and Rokus wouldn't move any products. Playstations, Xboxes, and Nintendo Switches would be crushed under the massive marketshare of Mister devices and Steam PCs. One quick look at reality shows this isn't the case.
I think you're massively overestimating the market size of people who actually care.
Note that I'm not making any moral argument here, I'm not saying whether these things are good or bad. Personally as someone who likes to tinker and has been bitten several times by DRM and the likes, I'm not too much of a fan. As someone who has to try and ensure compliance on devices, its a godsend. But at the same time I know lots of people who buy Xboxes and Playstations because there's less cheating that happen on that platform. I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.
I don't like having to lock my bike, its a huge pain. But at the same time there's tons of people here arguing locks shouldn't exist. Trusted computing, in the right context, is a good thing. Being able to lock your door is good! Being able to assure your device is what you say it is is good! I definitely agree there are potential dystopian futures with this technology, but that's true of any truly revolutionary technology. Wheels move carts of grain and help tanks roll. Being able to break dinitrogen into more usable sources gives us cheap fertilizer and explosives.
> I think you're massively overestimating the market size of people who actually care. Note that I'm not making any moral argument here, I'm not saying whether these things are good or bad.
I think we're just discussing different things here then. I'm specifically talking about whether this is good or bad for the future of society. Most people buy whatever is most convenient at the time, which is fair and everyone has done this at some point, but it may or may not the best for society.
> I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.
It may be a bubble, but of all the iPhone users I know, I don't think any of them has bought it for that reason. Most here buy them for either being simpler to use, lasting longer, or status. Of all the Android users I know, I don't know any that has knowingly got any kind of malware, and that includes people with very old phones.
This smacks of fear mongering. The scenario you've outlined is just absurd. Many manufactures have pledged to turn this off by default and be an opt-in model. I'm not disagreeing that laptops given out by corporations for to you to use for work won't be heavily locked down and could be bricked remotely. But most laptops today already come this way from IT.
So if I'm understanding this correctly, you'd prefer to live in the world where the Collateral Murder Wikileaks video of journalists being murdered in cold blood was never released because it was hardware locked to the original military system it was found on? Or maybe some large viral video which triggers a social uprising simply won't play.
You are seriously so focused on pointless corporate secrets that you would actually consider giving the people in charge of the control over your information stream the ability to decide that something just shouldn't be shown? Because what? It might make discovery for a lawsuit more difficult? It'll make it easier to hide malfeasance?
This seems particularly useful if you are trying to pretend that May 35th never happened, for instance. Terrifying, and rather icky.
The way I see it: Whatever happens, the system will get abused, and so, I weigh the potential abuses along with the potential benefits. With remote attestation, you put a lot of control in the hands whoever controls the "remote", making the situation very asymmetrical, and so, ripe for centralized abuse. For example, with centralized trust systems, a leak of the signing keys are devastating for the system. For an example, see the DVD key leak:
Because that doesn't work. 2h before someone complains to IT that he cannot write/read/delete said Word document. Then management says X indeed needs access. Now you have created a maintenance nightmare sourced in rather weird security requirements.
Could as well gouge out the eyes of everyone not having a read permission on said document. There are 1001 solution to solve such problems. And as a gigantic bonus it doesn't have to be bound to hardware! User permission management is much easier.
It's like your company giving you serious protecting gear to wear while doing your work on a nuclear reactor is a good thing. But having to wear such gear at home is not a popular choice, and should not be required.
I imagine if the proponents of these systems had their way, they'd add remote attestation to websites too. Imagine your bank's website only loading on a "secure" windows environment, non-rooted android phone or an iphone.
Once these chips are in everyone's devices, it would be quite easy to add this stuff technically. And in doing so, break the web on non-approved hardware or software (like linux).
Edit: Actually on the subject of worst case scenarios: If the trusted computing attestation process was extended through the web browser, it would be possible to build a website which is impossible to scrape or interact with in any unapproved way, from any unapproved device. Eat your heart out Aaron Schwartz.
> imagine if the proponents of these systems had their way, they'd add remote attestation to websites too. Imagine your bank's website only loading on a "secure" windows environment, non-rooted android phone or an iphone.
Actually, IIUC this is already the case on Android[0].
Some (many? most?) banks/banking apps are rejecting (and/or complaining about) access from rooted phones right now.
I can't confirm this personally, as I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.
Perhaps someone who uses banking apps on their surveillance device could chime in on that?
> I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.
Well, it gets even better, even for folks with principles like you have.
If you want to use general computer, you need to log in. For logging in, you need second factor. That second factor is going to be in 99,99% cases exactly the app in the smartphone, that refuses to run on rooted devices.
So no avoidance, if you want access to your account.
>If you want to use general computer, you need to log in. For logging in, you need second factor.
The administrator of my network does not require multi-factor authentication for my logins.
That's probably because I am said administrator.
As for professional settings, if my employer wants me to use a surveillance device and/or an app on said device, they can provide that device to me.
As an alternative, I suppose I could use whatever subsidy is provided by my employer to purchase/use a separate device for such things.
If they choose not to do one of those thing, I guess I won't be logging in and will soon be working elsewhere.
Requiring me to use my personal equipment for work purposes is inappropriate IMHO, and I've yet to hear an argument (other than folks not wanting to carry multiple devices, which is a personal choice) that changes my mind about that.
I'd welcome anyone to make such an argument, mostly to discuss why it's inappropriate, but I'd certainly keep an open mind about it -- perhaps there's an angle(s) I haven't considered.
I meant access to your bank account -- in the context of the thread above --, not to computer account on your private or corporate computer.
At least in Europe, it is not even bank's initiative, it is from above them. They've got PSD2 directive to implement. And when they all have to implement it, is kind of difficult to vote with your wallet.
Yes, this is already the case on Android.
Two years ago I canceled smart-id contract (https://www.smart-id.com/) and stopped using any "smart" devices. Because one day the smart-id app ceased to work on my rooted smartphone.
Soon my old 3G dumbphone will be useless as the mobile operator ends the service. People are pushed to newer phones^W surveillance devices and I have to hunt for real 2G phone soon.
Your 3G dumbphone is not as dumb as you think. Considering the threat models from that era, it's most likely more manageable remotely and less compartmentalised.
Btw, you could acquire a Mobile-ID SIM that will work on a rooted phone (but also with feature phones, if you wish).
I can see a situation where "the authorities" decide that, say, the list of people who flew on Epstein's "Lolita express" is "evidence in a pending trial" or "confidential" in the name of "national security," and simply flip a switch to prevent our computers from being able to access any file with particular hashes that they've identified as containing the information.
Likewise. I see only potential for enormous hassle reduction if my employer (a bank, currently) can treat its entire compute infrastructure as a honking big cryptographically assured parallel universe.
It doesn't protect from malicious document leakage: you can still take screenshots or photographs or use a plain txt file. For unintentional leakage, MSIP already does what you are saying this just bakes into hardware where patching/fixes are harder than the cloud
Remember when Snowden and Manning leaked huge troves of secret information about the crimes of the State? Remember when a bunch of journos got their hands on the so-called "Panama papers"?
Basically, this will make transparency even harder than it already is. That's a terrible danger for democracy at large. Stalin's wet dream.
It's a big value add for you, as a corporate IT deployer.
Outside of corporate IT, what if Microsoft uses this remote attestation to enforce binding non-corporate PCs to a Microsoft account. Some don't have a problem exposing everything to Microsoft's cloud, but Pluto sounds like it could be used to enforce this on a hardware level.
If computing devices without bondage to a cloud service are impossible, Windows has no more value proposition for me for personal computing. I'm going to stick with Apple, because at least Apple allows me to turn it all off, off seems to mean off on at least Apple iPhones/iPads (I don't have to check hundreds of weirdly named services, policy settings, scheduled tasks that are all on for some reason), and settings don't seem to randomly sneak on between updates.
Author has a bias against Microsoft. So do hacker news readers.
News of Pluton and its security goals have been readily available since 2020 from reputable hardware sites like Anandtech, or directly from Microsoft themselves. There's nothing new or hidden or surprising about it unless you live to dream up Microsoft conspiracy theories.
Many other hardware manufacturers have similar security offerings including Intel and Apple. Microsoft is arguably late to the game here, given their only recent interest in PC hardware. OS integration isn't even new. Macs have been shipping with T1 and T2 chips for over five years. Has the sky fallen on that ecosystem?
And that's why Microsoft needs to include such a chip. If we move to a world where security is enforced more and more by hardware, you'll need a device that can participate.
A lot of this rant reminds me of the justification for crypto. The techno-anarchists are terrified of authority they can’t hack around. The fact that some governments abuse their power implies no authority should ever have any power. If we can’t break the rules then the world will end. It’s a slippery slope from content providers getting paid to complete big brother 1984.
The plugin my current employer uses is so well integrated that I don't even know its name. (I suspect it may be developed internally)
At a past job, we used Entrust [0] and I'm aware of Virtru [1] as well.
Edit: I forgot about Sharepoint, which also sort-of fills the ACL document-sharing niche. (though I'm less certain about whether it uses encryption to enforce its access policies)
I can discretely copy GBs of email messages and word docs in a reasonable amount of time, but I couldn't discretely take cell phone pictures of every page of every one of those messages and documents if I had years to do it. You don't always have to prevent something 100% of the time in every possible situation to have a devastating effect on people who want to do that thing.
I've just provided the easiest example of bypassing any boomer security nonmeasures.
give a dedicated and competent attacker 15 minutes alone with your highly secure machine and highly sensitive documents, and if your entire security model depends on DRM rather than actually effective methods, they will figure out how to exfiltrate it all.
In corporate and government environments, I imagine that they'll ban employees / civil servants from bringing camera(phone)s to work, and necessarily forbid them working from home.
The only question is whether they will trust metal detectors to prevent whistleblowers from bringing in these devices, or if they will rely on strip searches and CCTV.
if you mean there are scanners that prevent you from scanning of a banknote, that's another great example of wasting time, money and resources to accomplish nothing
Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.
Can someone please explain to me how the author might see this level of security as a bad thing?