I don’t want Google and Microsoft to have the keys to the kingdom, but on the other hand, I really want a way to know that I’m having genuine interactions with real people.
I wish government was getting more involved here.
But you will have to use hardware and software from approved vendors.
If you look at the history of the internet it's basically a story of decentralized protocols with a choice of clients being outcompeted by centralized services with a single client, usually because centralized services can control spam better (+have incentives to innovate etc, it's not just one issue).
Examples: USENET -> phpBB -> reddit, IRC -> Slack, ISP hosted email -> Gmail -> Facebook Messenger, SMS -> WhatsApp/iMessage, self-hosted git -> GitHub.
The reason spam kills decentralized systems is that all the techniques for fighting it are totally ad-hoc security-through-obscurity tricks combined with large dollops of expensive Big Data and ML processing, all handled by full time teams. It's stuff that's totally out of reach for indy server hosters. Even for the big guys it frequently fails!
Decentralized networks suffer other problems beyond spam due to their reliance on peers being trusted. They're fully open to attack at all times, making it risky and high effort to run nodes. They're open to obscure app-specific DoS attacks. They are riddled with Sybil attacks. They leak private data like sieves. Many features can't be implemented at all. Given all these problems, most users just give up and either outsource hosting or switch to entirely centralized services.
I used to work on the Gmail spam team, and also Bitcoin, so I have direct experience of the problems in both contexts.
Remote attestation (RA) isn't by itself enough to fix these problems, but it's a tool that can solve some of them. Consider that if USENET operators had the ability to reliably identify clients, then USENET would probably have lasted a fair bit longer. Servers wouldn't have needed to make block/allow decisions themselves, they could have simply propagated app identity through the messages. Then you could have killfiled programs as well as people. If SpamBot2000 shows up and starts flooding groups, one command is all it takes to wipe out the spam. Where it gets trickier is if someone releases an NNTP client that has legit users but which can be turned into a spambot, like via scripting features. At that point users would have to make the call themselves, or the client devs would need to find a way to limit how much damage a scripted client can do. So the decision on what is or is not "approved" would be in the hands of the users themselves, in that design.
The above may sound weird, but it's a technique that allows P2P networks with client choice to be competitive against centralised alternatives. And it's worth remembering that for all the talk of the open web and maybe the EU can do this or that, Facebook just did the most successful social network launch in history as a mobile/tablet only app that blocks the EU. A really good reason to not offer a web version is because mobile only services are much easier to defend against spam, again, because mobiles can do RA and browsers cannot. So the web is already losing in this space due to lack of these tools. Denying the web this sort of tech may seem like a short term win but just means that stuff won't be served to browsers at all, and nor will P2P apps that want to be accessible from desktops be able to use it either.
Anyway it's all very theoretical, because at this time Windows doesn't have a workable app-level RA implementation, so it's mobile-only for now anyway (Linux can do it between servers in theory, but not really on the desktop).
No, it can't -- see bellow; there's also no quantitative objective stated or communicated. Hence, it is not controllable, whether it achieved the stated objective or not. What would happen, if it doesn't achieve it? Nothing, because it was not promised clearly enough, just in some vague way.
But it happens to achieve different goal -- for example, even more concentrating the control over general computing into fewer hands.
Would it be rolled back, if it doesn't achieve the stated goal? Of course not; it will achieve the hidden ("it just happened, who could ever know, pinky swear") goal, and that's important. Not the pretend-goals that was used to sell it to the general public.
Now, why it won't achieve the stated goals: because spam is problem also with closed systems. Ever got a junk call? Users use only "approved" devices, and even if the system can put limits on the source, it also limits how the destination can protect itself. The important thing with spam, scams, etc. is, what whenever there is a possibility to make money, the scammers will find a way. Even with low-tech approach (like hire a bunch of human operators of the approved machines). They weren't stopped even when what they did was illegal, why do you think RA achieve what the law didn't? To make things worse, the closed nature made it more difficult for the victims to save evidence of the spam, scam.
So of course it won't reduce the scams. But it will make the situation worse for us all. And web losing to proprietary platforms? It will certainly lose, when it is turned into one of the proprietary platforms.
To make this work, I suppose it will finally be necessary for Windows to disallow all user-space code injection (e.g. in-process hook DLLs), including from assistive technologies. I guess this tightened security could be a per-app opt-in feature, at least initially. UI Automation on Windows 11 may finally be ready to take over the work that in-process injected DLLs (particularly from screen readers) previously did without performance regressions, though as far as I know, this hypothesis hasn't really been tested yet (or if it has, that happened inside the Windows accessibility team at Microsoft after I left). The trick will be to give the third-party screen reader developers a strong incentive to prioritize moving away from third-party code injection, without harming end-users in the process (i.e. not suddenly releasing a browser or OS update that breaks web browsing with screen readers).
What other changes or API additions do you think will be necessary to enable workable app-level RA on Windows?
While Spam is a problem and affects decentralized systems more easily (if they have a critical number of users), the cost of client attestation is just too high.
I am perfectly happy if the web and stays open and a lot of people go into the app space and stay there. I am happy for facebook and don't think I am missing out on the web. I don't use any apps for social media and exclusively use browsers. I wouldn't want a second app space on the web at all because the mobile environment is an ugly abomination of software crap.
If we have a form of RA, it will get worse for users and developers alike. It will be a far worse hassle than killing a bit of spam and we give the wrong players too much power.
At which it comes back to not allowing anything but the most locked-down clients, and disempowering users... and still failing, bcecause all clients can be turned into spam bots with the most trivial application of autohotkey et al.
At least in the US. I’m not sure how EU politics is actually motivated, though they seem to advance the most useless political solutions to technological problems (browsers not having good defaults for cookies? Let’s make website owners show confusing cookie modals within the website context, that don’t usually even work!)
Corporations and govs are actually the same structure. Look to healthcare, pharma, military it is so tight connected. Now IT is just part of the puzzle.
