Comment by gigel82
3 days ago
Besides the privacy argument (the claim that the UID can't be used for tracking via derivation is shaky at best, and not much different than MS's EK), there is the freedom argument: as in, who owns the device - the user, or Apple?
If Apple can remotely lock the device that an user bought mistakenly (for example because some corporation somewhere fat-fingers some entries), that fundamentally means the user doesn't own the device they bought and paid for. Add on top DRM and all the other evil that comes along with attestation.
Plus, you can still disable TPM2 (if you don't want to run Windows on your machine), you can never disable Apple's implementation.
I'd like to add we are discussing communication over the internet. It is an open standard. I should be allowed to build my own pcb without a secure element and talk to anyone over http so long as I am abiding by the correct rfcs.