zlacker

>>foodst+(OP)
> Remote attestation has been possible since TPMs started shipping over two decades ago.

The difference now is that Microsoft are saying they will only support machines which have these TPMs, and therefore they can credibly argue in a few years that the only secure PCs (and thus the only PCs that ISPs should allow online) are ones which can produce a remote attestation to prove they are running the latest OS updates (from an OS vendor that is approved by the government).

> If Microsoft wanted to prevent users from being able to run arbitrary applications, they could just ship an update to Windows that enforced signing requirements.

The trap hasn't been sprung yet, but those are the teeth, yes. Then say goodbye to Tor, E2E encrypted messengers, unapproved VPN apps, and bittorrent clients that don't check a Content ID database.

>>dane-p+F3
I don't think this is plausible (government mandate of remote attestation for any kind of Internet access), but if this happens, then I just add smallest and cheapest PC possible (think Atomic Pi) with this remote attestation hardware capability (Proton/TPM/whatever) to the separate VLAN on my home network (so it can't access any other host on LAN side of the router) and forget about the little thing until it fails, e.g. for next 15 years or so. I wouldn't trust this device with my data, I wouldn't run any meaningful applications on it, heck I won't ever attach any monitor or human input devices to the damn thing.

>>mkup+N31
As I explain[0] in response to a sibling comment, sadly it won't be enough (eventually) to have just one locked down device on your home network, they will all have to be individually locked down to access the internet.

[0] https://news.ycombinator.com/item?id=29866732