This is exactly my problem. Before ideas like this surfaced, the demarcation line between who controls what was purely based on ownership. The machine that I own acts only on my behalf and in my best interests, the server that you own does so for you (or atleast for PCs this has always been the case)
TPMs, attested bootchains and whatnot trample on this whole concept. It's like your very own hardware now comes with a built in Stasi agent that reports on your conduct whether you like it or not. It bothers me on a visceral level and I'm constantly wondering if it's just me.
Attestation is just a tool. It can be used for all kinds of things and doesn't privilege one side or another. The average app developer doesn't truly care what device you use, they just want to cut out abuse and fraud, which are real problems that do require effective solutions.
Ultimately, trade requires some certainty that both sides will act as they promise to act. Attestation is more important for individuals attesting to companies because individuals have so many more ways to hold companies to account if they break their agreements than technology, like the legal system, which is largely ineffective at enforcing rules against individuals due to cost.
It priveleges the side that designs and uses it. By and large that's going to be the corporations, not individuals or those acting to maximize their interest.
I don't doubt that. But the price of attestation, if it's not properly isolated from the hosting OS (like Microsoft's completely unrealistic attempts of bringing the whole OS into the trusted computing base, kernel and applications and all), would be a homogeneity of computing I don't think is necessarily worth the benefits.
The good news is that such proper isolation is not only possible but even desirable (it keeps the trusted computing base small), and if done well could actually replace annoying half-measures such as "root detection": Who cares if my phone is rooted, as long as my bank's secure transaction confirmation application is running in a trusted, isolated enclave, for example?
From this point on this is more of an emotional argument rather than a technical one, but I feel like the negative effects way outweigh the positive ones. Giving MORE power (be it technical or poltical) to big tech companies is just tipping the scales in their favor so much we will even worse off than we already are.
But if you work in anti-fraud and are fixated on solving this problem as effectively as possible, I can imagine not caring about this too if I were you...
Almost complete disagree on TPMs. A better comparison than a spy would probably be a consulate (ok, maybe an idealized one, located underground in a Faraday cage): Their staff doesn't get to spy on you, but if you ever do want to do business with companies in that country and need some letters notarized/certified, walking into their consulate in your capital sure beats sending trustworthy couriers around the world every single time.
To torture that analogy some more: Sure, the guest country could try to extend the consulate into a spy base if you're not careful, and some suspicion is very well warranted, but that possibility is not intrinsic to its function, only to its implementation.
You can absolutely install Linux, run secure boot (e.g. to protect you against "evil maid attack"), use your TPM to store your SSH keys, and live a happy and attestation-free life.
You can also do other things, but if you don't want to, why would you?
It's not just you.
It disgusts me so deeply I wish computers had never been invented. A wonderful technology with infinite potential, capable of reshaping the world. Reduced to this sorry state just to protect vested interests. They used to empower us. Now they are the tools of our oppression.
I think it's fair to assume that in a world in which almost every device supports attestation and makes it available to any service provider by default, without giving users an informed choice to say no or even informing them at all, service providers are much more likely to provide access exclusively to attestation-capable clients.
That, in turn, has obvious negative consequences for users with devices not supporting attestation (whether out of ideological choice, because it's a low cost device and the manufacturer can't afford the required audits and security guarantees etc.): Sure, these users will always be able to just refuse to transact with any service provider requiring attestation.
But think that through: We're not only talking about Netflix here. At what availability rates of attestation will decision makers at financial institutions decide that x% is good enough and exclude everybody else from online banking? What about e-signing contracts for doing business online? What about e-government services?
I am at the same time excited about the new possibilities attestation offers to users (in that they will be able to do things digitally that just weren't economically feasible for service providers, since they often have to cover the risks of doing so) as I am very wary of the negative externalities of a world in which attestation is just a bit too easy and ubiquitous.
In other words, the ideal amount of general purpose attestation availability is probably high, but significantly below 100% (or, put differently, the ideal amount of friction is non-zero). Heterogeneity of attestation providers can probably help a bit, but I'm wary of the inherent centralizing forces due to the technical and economical pragmatics of trusted computing.
When it comes to financial or legal matters (and this includes online banking) a small dedicated hardware element for signing fingerprints is all that's ever been required. Anything more is an overreach.
No, this is a misunderstanding of what a TPM is.
A TPM is a secure element inside your computer, similar to the chip running your credit and debit card. That's it. Without you using it (i.e. your OS or an application you installed asking it to do something), it's exactly as dangerous as a blank chip card in your house that you don't use and didn't open any account for.
If you don't want anybody to talk to it, don't install applications or OSes on your computer that do things you don't want. You have full control over that! Not running software that's not acting in your own best interests is generally good practice anyway, TPM or no TPM.
> [...] a small dedicated hardware element for signing fingerprints is all that's ever been required [...]
You might be happy to hear that that's exactly what a TPM is, then!
As you say, a TPM alone can't do much of anything and doesn't pose much of a threat. Of course expanding the acronym - Trusted Platform Module - is a bit of a giveaway. They were always fully intended to serve as the root of trust for much more nefarious things.
Because the immediate next step after locking devices down is profit extraction from users.
Do you think Apple would have been able to maintain their App Store margins absent device control?
It doesn't matter. Those devices fail hardware remote attestation.
> Some remote servers won't give you service if you do that, but nothing is locking you out of your device.
The device's purpose is to be used. If it can't be used without giving up things like banks and private communications, it won't be used.
Device is not locked, it just turns into a paperweight if you actually unlock it.
> As Android dominates the global market, you already live in that world where most devices are open.
Wanna know what else dominates the global market? WhatsApp. In many regions of the world, without their services, you are ostracized.
Marriott (the hotel brand) shipped a release of their Android app that refused to run on unlocked devices.
It probably didn't impact the majority of (locked) Android devices, so why would Marriott care?
And with one app update, a valid user configuration became less capable.
Everyone loves cryptography and wants it working in their favor. Everyone. It's great for us when it protects our messages and browsing from surveillance capitalism and warrantless government espionage. It's extremely bad for us when it becomes the policy enforcement tool of corporations and governments.
Remote attestation means we either we run the software which does their bidding and protects their interests and bottom line or we don't participate in society or the economy. Only way it could get worse is if the government starts signing software as well. One day even the goddamn ISPs will refuse to link to our hardware if it fails attestation.
It's literally the end of free computing as we know it. Everything the word "hacker" ever stood for, it's over.
I just installed KDE Connect, and an open source keyboard. Banking apps refuse to run because of those (because my keyboard might see my keystrokes!!!). They don't even need a failed hardware attestation to refuse you service.
So even if you don't try to modify your device, your device might still end up like half a paperweight. I either can't do banking, or I can't use the functionality I want.
