I think a lot of us are wary of a world where we have limited selections of software stacks that we can run and do essential things. At some point, we don't own the devices anymore.

I like that Apple is a benevolent overlord, for now.

But I like to be able to run software that I control and participate in the world, and that has alternated between being somewhat harder and prohibitively so. Lockdown of devices (chain of trust, mandatory signed binaries, limitations of device drivers, bootloaders that won’t unlock) makes it increasingly difficult to experiment, repair, or even trust the tools we rely on, and is viewed as a prerequisite for many of these solutions.

--

(I appreciate the alternatives are really hard, and that there are substantial potential downsides creating pressure towards these types of solutions, above and beyond the desires to lock down marketplaces and capture rents).

I don’t see digital identity documents as a threat, though. It’s mostly orthogonal to software provenance, device ownership, secure boot, etc.

PS: we already live in a world where by and large all the software you use is only licensed to you individually. It’s crap. If digital identity makes this more plainly obvious then good. We need fuel to fight unethically and impractically licensed software.

This is true even if the protocols themselves protect privacy well, use zero knowledge proofs, etc… if Google can vacuum it all up from the device representing me, all the privacy-centric design makes no difference.

Biometric data isn't cryptographic in nature. Once you've recorded someone's fingerprint -- which any device using it for authentication would have to do and have the hardware to do -- you can then replay it to any service using the same data for authentication. You don't even have to lift them off of any of the objects people leave them on just by existing, which is also a way to get them. And once someone has them, you can't change it.

Which means the only way to use biometrics to gate this sort of thing is for everyone to be locked out of their own devices (or unable to use devices they're not locked out of), or they could use the device they control to play back the biometric data to whatever external service is nominally authenticating it.

> Which zillion vulnerabilities in the TPM are you referring to?

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=TPM

And those are only the ones specific to a TPM, not any of the ones that impact privileged code the TPM is attesting to the security of.

Notice also that this doesn't require every device to be vulnerable, it only requires any device to be vulnerable. Cheap devices are more likely to be vulnerable and then anyone who wants to bypass anything can get one of those.

This is one of the reasons these systems are so nefarious. You get an iPhone for unrelated reasons and it may not have any current known vulnerabilities, so you are locked out of your own device. Meanwhile some $50 Android or old netbook does have a vulnerability which any kid can get if they want to view age-gated sites, or people set up services to do it over the internet -- and then those services become attack vectors because kids start plugging their parents' IDs and fingerprints into shady bypass services.

The biometric data doesn't leave the device in any of these protocols. Keybinding to TPM keys and Wallet provenance is used. I’m not sure you really understand how this works it sounds more like you have a basic FUD imagining a world where instead of literally uploading a photo of your drivers license you present a digitally signed certificate with the same info. I can’t really argue with FUD other than encouraging you to onboard an mDL version of your government ID and to try using it the next time you fly, provided you live somewhere where this technology has been made available. It’s demonstrably better and you can experience it or talk to someone who has today.