Comment by dane-pgp
4 years ago
> it's very hard to make remote attestation work in a way that gives you any meaningful guarantees (eg, simply forward the challenge on to a machine that is running the "approved" OS).
I was imagining something like that would be possible (for people with enough tech knowledge), but it's good to have it confirmed, thank you. There would presumably be a cat-and-mouse game of the "approved" OS trying to detect if it was being co-opted into such a scheme.
> They don't need to wait years for everyone to shift to new hardware that has Pluton in it.
As you say, I'm more worried about Windows 11 than Pluton, but presumably the "importance" of Pluton is part of Microsoft's excuse for not supporting non-TPM hardware any more. Once Windows 10 is out of security support (for home users at least), it will be easier for Microsoft to claim that non-TPM Windows devices are de facto insecure.
> it will be easier for Microsoft to claim that non-TPM Windows devices are de facto insecure.
Which only means that programs can choose to not service devices without TPM - things like Netflix/Streaming Services and online competitive games, although it might take 10 years with the amount of people that will be unable to upgrade to 11 or upgrade their computer to one with a tpm at all. With computers become more and more about browsing the web, and especially with the chip shortage, people aren't upgrading their hardware as often.
> Which only means that programs can choose to not service devices without TPM
But those "programs" could include "an online check made by your ISP, mandated by your government". If your computer doesn't pass the check, it won't be allowed online. What good is a phone call if you're unable to speak?
> it might take 10 years
I think more like 5, although the government might start slowly, like only preventing non-TPM devices from accessing "sensitive" online services, e.g. banks or anything that requires a payment.
The next step would be connecting the "online check" with a biometric ID, enforced by the device. Every time you unlock your device, it would request from the government a random ID that is included in every packet sent, and those IDs would be tied to your legal identity in a government database.
Letting someone else use your device would be similar to letting someone else use your car, in that you are responsible for whatever is done while you are logged in, unless you report it stolen.
> I think more like 5, although the government might start slowly, like only preventing non-TPM devices from accessing "sensitive" online services, e.g. banks or anything that requires a payment.
This has already happened for mobile banking apps on Android: Many of them already use SafetyNet with hardware attestation. The only reason not all of them do require hardware attestation is that not all of the older Android phones support that, which is exactly the situation Microsoft wants to change for TPM. And increasingly, other apps seem to be starting to use root detection and safety net for frivolous use cases such as McDonalds.
2 replies →
None of these have any requirement on some TPM specification. A government can already do as much invasive monitoring as they want, either by forcing citizens to install MITM root CAs[0] or generally requiring invasive identity checks when people sign in, or just limiting what privacy-invasive devices are even allowed to be sold at all. Banks can already go "lol no web frontend for you, go use our mobile app". And neither Visa/Mastercard nor their bank partners are going to allow such strict restrictions that'll surely reduce the amount of impulsive purchases people can make, and you forget that every online payment is already hard tied to your identity via your bank / credit accounts.
> in that you are responsible for whatever is done while you are logged in, unless you report it stolen.
This is only really true for insurance purposes - for stuff like red light cams, the tickets are invalid if you weren't the one driving (which is why some newer ones snap temporary pictures of people in the driver seat in case they end up running the light).
0: https://news.ycombinator.com/item?id=20472179
2 replies →
> I think more like 5 [years]
Please drop the hyperbole, there is already enough of an impedance mismatch here. We're talking about slow moving ecosystems, and social normalizing of new technological restrictions. The current locked boot mess has taken oven twenty years to develop since the Trusted Computing Platform Alliance was founded. The pace of change accelerates, but five years won't even make remote attestation available in browsers. I'd say it's at least 15 years until a significant number of websites would require it. Using it for network access control would take further technological development (probably on the corporate side), and then some kind of crisis to drive ISPs/governments to demand consumer implementation. It's worrying because it's a step on the slow monotonic authoritarian march, not because the sky is falling right now.
5 replies →
>I think more like 5, although the government might start slowly, like only preventing non-TPM devices from accessing "sensitive" online services, e.g. banks or anything that requires a payment.
if that occurs, is that really of microsoft's doing, or of the government and all the other companies that are complicit? I can plausibly imagine a future where microsoft stays its course (ie. it doesn't lock down the x86 platform), but companies still force you to use locked down devices by forcing you to use mobile apps to do online banking. You already sort of see this with messaging apps, where a few (eg. signal) are mobile-only.
3 replies →