The difference now is that Microsoft are saying they will only support machines which have these TPMs, and therefore they can credibly argue in a few years that the only secure PCs (and thus the only PCs that ISPs should allow online) are ones which can produce a remote attestation to prove they are running the latest OS updates (from an OS vendor that is approved by the government).
> If Microsoft wanted to prevent users from being able to run arbitrary applications, they could just ship an update to Windows that enforced signing requirements.
The trap hasn't been sprung yet, but those are the teeth, yes. Then say goodbye to Tor, E2E encrypted messengers, unapproved VPN apps, and bittorrent clients that don't check a Content ID database.
That's a reason to worry about Windows 11 requiring a TPM, rather than a reason to worry about Pluton specifically. But even so, I don't think it's an especially realistic one - outside extremely constrained setups, it's very hard to make remote attestation work in a way that gives you any meaningful guarantees (eg, simply forward the challenge on to a machine that is running the "approved" OS).
> The trap hasn't been sprung yet, but those are the teeth, yes.
Again, something they could just do today while zero people have Pluton.
If Microsoft want to lock-down the entire x86 market, they can do that now. They don't need to wait years for everyone to shift to new hardware that has Pluton in it.
I was imagining something like that would be possible (for people with enough tech knowledge), but it's good to have it confirmed, thank you. There would presumably be a cat-and-mouse game of the "approved" OS trying to detect if it was being co-opted into such a scheme.
> They don't need to wait years for everyone to shift to new hardware that has Pluton in it.
As you say, I'm more worried about Windows 11 than Pluton, but presumably the "importance" of Pluton is part of Microsoft's excuse for not supporting non-TPM hardware any more. Once Windows 10 is out of security support (for home users at least), it will be easier for Microsoft to claim that non-TPM Windows devices are de facto insecure.
Which only means that programs can choose to not service devices without TPM - things like Netflix/Streaming Services and online competitive games, although it might take 10 years with the amount of people that will be unable to upgrade to 11 or upgrade their computer to one with a tpm at all. With computers become more and more about browsing the web, and especially with the chip shortage, people aren't upgrading their hardware as often.
But those "programs" could include "an online check made by your ISP, mandated by your government". If your computer doesn't pass the check, it won't be allowed online. What good is a phone call if you're unable to speak?
> it might take 10 years
I think more like 5, although the government might start slowly, like only preventing non-TPM devices from accessing "sensitive" online services, e.g. banks or anything that requires a payment.
The next step would be connecting the "online check" with a biometric ID, enforced by the device. Every time you unlock your device, it would request from the government a random ID that is included in every packet sent, and those IDs would be tied to your legal identity in a government database.
Letting someone else use your device would be similar to letting someone else use your car, in that you are responsible for whatever is done while you are logged in, unless you report it stolen.
> in that you are responsible for whatever is done while you are logged in, unless you report it stolen.
This is only really true for insurance purposes - for stuff like red light cams, the tickets are invalid if you weren't the one driving (which is why some newer ones snap temporary pictures of people in the driver seat in case they end up running the light).
It is much more thinkable, however, especially in 5 years, perhaps after a (false flag?) cyber-attack takes down an electricity grid in some country, that a government could prevent "insecure"/"unpatched" devices from going online. This wouldn't require any personal information to be shared with the government (at least, no more than current ISP data retention laws already require), and Microsoft would be all too happy to build support for this right into Windows for free, as it would make it harder for "unapproved" operating systems to be used in that country.
> the tickets are invalid if you weren't the one driving
I guess what I meant was "the government will punish you unless you can prove someone else was using your device" so you won't be able to escape prosecution by sharing a device and saying "I can't remember who was using it at that time". Similarly, I believe in some jurisdictions a car owner is expected to know who was using their car at any given point in the past so that speeding tickets can be assigned to the correct person.*
Anyway, I can imagine the law going further and matching the dystopian vision of "The Right to Read", which includes this passage: "Of course, if the school ever found out that he had given Lissa his own password, it would be curtains for both of them as students, regardless of what she had used it for. School policy was that any interference with their means of monitoring students' computer use was grounds for disciplinary action. It didn't matter whether you did anything harmful — the offense was making it hard for the administrators to check on you."
* "It is also illegal [in the UK] to decline to provide the driver's details, whether it was you or another person." https://news.jardinemotors.co.uk/how-to/speeding-fine-faqs-w...
Well now you hit the nail on the head. The issue hasn't been technical for a long time but rather one of "image". People have to still believe they have freedoms and whatever curtails them is for their own good. As long as you're given a good reason to submit to extreme measures (9/11 made the Patriot Act acceptable), or they happen slowly enough that you can't really see a boundary being crossed, these measures will eventually be put in place. And nobody will see a huge difference because they won't remember a time when it was hugely different.