Comment by dane-pgp
4 years ago
> Remote attestation has been possible since TPMs started shipping over two decades ago.
The difference now is that Microsoft are saying they will only support machines which have these TPMs, and therefore they can credibly argue in a few years that the only secure PCs (and thus the only PCs that ISPs should allow online) are ones which can produce a remote attestation to prove they are running the latest OS updates (from an OS vendor that is approved by the government).
> If Microsoft wanted to prevent users from being able to run arbitrary applications, they could just ship an update to Windows that enforced signing requirements.
The trap hasn't been sprung yet, but those are the teeth, yes. Then say goodbye to Tor, E2E encrypted messengers, unapproved VPN apps, and bittorrent clients that don't check a Content ID database.
> The difference now is that Microsoft are saying they will only support machines which have these TPMs
That's a reason to worry about Windows 11 requiring a TPM, rather than a reason to worry about Pluton specifically. But even so, I don't think it's an especially realistic one - outside extremely constrained setups, it's very hard to make remote attestation work in a way that gives you any meaningful guarantees (eg, simply forward the challenge on to a machine that is running the "approved" OS).
> The trap hasn't been sprung yet, but those are the teeth, yes.
Again, something they could just do today while zero people have Pluton.
If Microsoft want to lock-down the entire x86 market, they can do that now. They don't need to wait years for everyone to shift to new hardware that has Pluton in it.
> it's very hard to make remote attestation work in a way that gives you any meaningful guarantees (eg, simply forward the challenge on to a machine that is running the "approved" OS).
I was imagining something like that would be possible (for people with enough tech knowledge), but it's good to have it confirmed, thank you. There would presumably be a cat-and-mouse game of the "approved" OS trying to detect if it was being co-opted into such a scheme.
> They don't need to wait years for everyone to shift to new hardware that has Pluton in it.
As you say, I'm more worried about Windows 11 than Pluton, but presumably the "importance" of Pluton is part of Microsoft's excuse for not supporting non-TPM hardware any more. Once Windows 10 is out of security support (for home users at least), it will be easier for Microsoft to claim that non-TPM Windows devices are de facto insecure.
> it will be easier for Microsoft to claim that non-TPM Windows devices are de facto insecure.
Which only means that programs can choose to not service devices without TPM - things like Netflix/Streaming Services and online competitive games, although it might take 10 years with the amount of people that will be unable to upgrade to 11 or upgrade their computer to one with a tpm at all. With computers become more and more about browsing the web, and especially with the chip shortage, people aren't upgrading their hardware as often.
17 replies →
Look at Google safety net and you will get a clear idea what is happening. If you want to use some streaming apps, etc they will make sure you run an unmodified and up to date OS.
On a side note: Microsoft already starts patronising users e.g. by blocking access to security tokens from nonelevated processes. I hate it when my os starts messing with my freedom to develop sth on top. It all comes in the name of security but will in the end effect freedom.
That's a bullshit scenario.
There are way more android and apple devices online than PCs. No ISP would do anything for PCs alone and if they did, I could easily turn my PC into an "Android Tablet". So Microsoft would have to get Google and Apple behind the same plan and then phase out all existing devices and force all ISPs to implement this. This would yield a huge public outrage because the first states to follow would be China et. al., where remote attestation would enforce you to install the latest government, ahem, upgrade, to your device. Of course the US government and various European nations would very much like to follow suit, but they would be slower than China and then look like they follow the authoritarian path a bit too closely.
Remote attestation will be sold to streaming providers so they can extend their DRM to cover unpatched systems. Maybe multiplayer games will follow. This ain't gonna happen at the ISP level.
That scenario is already reality on Android, where many apps and services will not run unless you use a blessed OS and OS version, verified through remote attestation.
can you name some of those apps?
4 replies →
Let's be realistic here. The real competition to Microsoft, Chrome OS, already has a feature to prevent you from delaying updates. It's not a bug or a risk, it's a feature. And it does not require any sort of TPM to be enforced. Microsoft could force all its users to run the latest version, and to run only signed executables today. What Pluton does is it allows those two things to happen more securely.
I don't think this is plausible (government mandate of remote attestation for any kind of Internet access), but if this happens, then I just add smallest and cheapest PC possible (think Atomic Pi) with this remote attestation hardware capability (Proton/TPM/whatever) to the separate VLAN on my home network (so it can't access any other host on LAN side of the router) and forget about the little thing until it fails, e.g. for next 15 years or so. I wouldn't trust this device with my data, I wouldn't run any meaningful applications on it, heck I won't ever attach any monitor or human input devices to the damn thing.
As I explain[0] in response to a sibling comment, sadly it won't be enough (eventually) to have just one locked down device on your home network, they will all have to be individually locked down to access the internet.
[0] https://news.ycombinator.com/item?id=29866732
No problem for me, as I'm on the verge to say goodbye to Windows anyway. But I'm pretty sure it would be a problem for most of the people using Windows.
Once the vast majority of devices are remote attestation capable (Windows 11 requiring TPM will accelerate this trend), content providers may refuse to serve you unless you attest that you are running a walled-garden OS that won't allow you to ad-block, capture content, run any sort of proxy server, etc.
At some point, even ISPs might require remote attestation to allow you to connect your device to the internet. The IETF is already working on standards for the attestation of network devices[0][1].
I speculate that there will temporarily (perhaps similarly to iOS jailbreaking, which is not available at this time for the newest devices/iOS version[2]) be exploits allowing you fool the attestation by e.g. redirecting it to another device as the author suggests, but the end effect will be that vast majority of people will be effectively confined to a walled garden and even determined hobbyists will only be able to use their general computation capable devices to access all content (or even connect them to the internet) some of the time.
[0] https://archive.fo/uQULm
[1] https://datatracker.ietf.org/doc/draft-ietf-rats-tpm-based-n...
[2] https://en.wikipedia.org/w/index.php?title=IOS_jailbreaking&...
Where did the ISP idea come from?!
How can ISPs do anything close to this when they're not even concerned with how many devices you have? ISPs just do not connect individual end user "devices", they connect subnets.
> content providers may refuse to serve you
Providers of Hollywood-copyright-mafia content like Netflix have already been demanding hardware DRM (at least for high resolutions) for years.
Providers of public ad-supported content like YouTube care about maximizing views above everything. They'll happily serve a 4K stream to a Windows 98 machine if it can connect with modern TLS somehow. YouTube isn't even trying to fight youtube-dl all that much, there was an attempt at throttling recently but it was very quickly defeated. Heck, YouTube Music on the web does not use DRM at all, and that's all music-copyright-mafia content there.
1 reply →