undefined | Better HN

0 points66fm472tjy74y ago0 comments

Once the vast majority of devices are remote attestation capable (Windows 11 requiring TPM will accelerate this trend), content providers may refuse to serve you unless you attest that you are running a walled-garden OS that won't allow you to ad-block, capture content, run any sort of proxy server, etc.

At some point, even ISPs might require remote attestation to allow you to connect your device to the internet. The IETF is already working on standards for the attestation of network devices[0][1].

I speculate that there will temporarily (perhaps similarly to iOS jailbreaking, which is not available at this time for the newest devices/iOS version[2]) be exploits allowing you fool the attestation by e.g. redirecting it to another device as the author suggests, but the end effect will be that vast majority of people will be effectively confined to a walled garden and even determined hobbyists will only be able to use their general computation capable devices to access all content (or even connect them to the internet) some of the time.

[0] https://archive.fo/uQULm

[1] https://datatracker.ietf.org/doc/draft-ietf-rats-tpm-based-n...

[2] https://en.wikipedia.org/w/index.php?title=IOS_jailbreaking&...

0 comments

2 comments · 1 top-level

floatboth4y ago· 1 in thread

Where did the ISP idea come from?!

How can ISPs do anything close to this when they're not even concerned with how many devices you have? ISPs just do not connect individual end user "devices", they connect subnets.

> content providers may refuse to serve you

Providers of Hollywood-copyright-mafia content like Netflix have already been demanding hardware DRM (at least for high resolutions) for years.

Providers of public ad-supported content like YouTube care about maximizing views above everything. They'll happily serve a 4K stream to a Windows 98 machine if it can connect with modern TLS somehow. YouTube isn't even trying to fight youtube-dl all that much, there was an attempt at throttling recently but it was very quickly defeated. Heck, YouTube Music on the web does not use DRM at all, and that's all music-copyright-mafia content there.

dane-pgp4y ago

> How can ISPs do anything close to this when they're not even concerned with how many devices you have?

Unfortunately that's not guaranteed to always be the case. The "Trusted Computer Group" already have ways for network operators to answer "Who and what’s on my network?"[0], and it's possible to set up an IPsec VPN between your device and the ISP where the key is only known to the TPM on your device.[1]

Of course the user could try to proxy requests from an "untrusted" machine to a "trusted" one, and piggyback the connection, but I imagine that applications which allow this won't be allowed in "secure" app stores, and "secure" operating systems would in any case firewall off packets coming from "untrusted" machines in the first place.

[0] https://trustedcomputinggroup.org/work-groups/trusted-networ...

[1] https://wiki.strongswan.org/projects/strongswan/wiki/Trusted...

j / k navigate · click thread line to collapse