Comment by mike_hearn

The open source community won't always find a way. Remote attestation isn't a new concept (it doesn't have to be hardware backed, the concept is general).

The industry has enough experience with this by now to know how it goes, and open source projects are always the first to drop out of the race. The time taken to keep up becomes much too high to justify doing on a voluntary basis or giving away the results, so as the difficulty of bypassing checks goes up the only people who can do it become SaaS providers.

BluRay BD+ was a good example of that back in the day. AACS was breakable by open source players. Once BD+ came along the open source doom9 crowd were immediately wiped out. For a long time the only breaks came from a company in Antigua that sold a commercial ripper, which was protected from US law enforcement by a WTO decision specific to that island.

You also see this with stuff like Google YouTube/SERP scraping. There currently aren't any open source solutions that don't get rapidly blocked server side, AFAIK. Companies that know how to beat it keep their solutions secret and sell bypasses as a service.