zlacker

>>gjsman+(OP)
I'm completely missing how his example of a Word document that can only be opened by approved users on approved hardware within the corporation is supposed to be a bad thing.

Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.

Can someone please explain to me how the author might see this level of security as a bad thing?

>>Gh0stR+eg
Sure it's fantastic in a corporate environment. Not so fantastic for personal devices. Basically this: https://youtu.be/XgFbqSYdNK4

>>squiff+qi
Well, don't put that on a personal device.

It's like your company giving you serious protecting gear to wear while doing your work on a nuclear reactor is a good thing. But having to wear such gear at home is not a popular choice, and should not be required.

>>nine_k+8p
How do you choose what you put in your CPU? What when Windows forces you to have that kind of hardware?

You can choose not to wear that gear, but choosing to not use Windows is much more complicated, at least for most people.

>>palata+ks
I imagine if the proponents of these systems had their way, they'd add remote attestation to websites too. Imagine your bank's website only loading on a "secure" windows environment, non-rooted android phone or an iphone.

Once these chips are in everyone's devices, it would be quite easy to add this stuff technically. And in doing so, break the web on non-approved hardware or software (like linux).

Edit: Actually on the subject of worst case scenarios: If the trusted computing attestation process was extended through the web browser, it would be possible to build a website which is impossible to scrape or interact with in any unapproved way, from any unapproved device. Eat your heart out Aaron Schwartz.