We would benefit from a better public discussion of what "security" encompasses. Else, we risk conflating "what MS wants me to do with my computer" with "preventing hackers from stealing my credit card number".
Imagine a world where you could submit personal information to a company, with the technological assurance that this information would not leave that company... and you could verify this with remote attestation of the software running on that company's servers.
Ask that question every time you see the word "security" written. There is no such word as bare security.
- security for who?
- security from who?
- security to what ends?
Much of the time security is a closed system, fixed-sum game. My security means your loss of it.
> - security for who?
Riot Games
> - security from who?
The users of their software.
> - security to what ends?
Ensuring a device (A) is running windows (B) is running unmodified Windows system files (C) a rootkit that replaces syscall behavior isn't installed
All of this is an effort to prevent cheats that wallhack/aimbot or otherwise give the player an unfair advantage - at least, it ensures the cheats aren't loaded early enough to where their anti-cheat is unable to detect their influence on the game process.
While i say 'Riot Games' is who benefits, it's all at the request of their users; you can search for 'hacker' or 'cheats' on r/leagueoflegends and see tons of posts from years ago complaining about cheaters scripting (automatically using abilities in the best possible way) and gaining an unfair advantage against them. Every posts' comments will boil down to "Riot really should figure out how to stop these cheaters". It's a cat-and-mouse game, but it'll be a lot easier to catch the mouse once they can safely enable the remote attestation requirement and only lose 0.1% of their players.
On the less moral side, this can also be applied to single-player games to reduce the chances of a game's anti-piracy protections being cracked.
It's like putting a camera network and automated tranq drones in every playground so kids don't play tag 'wrong'.
This insanity of trying to conflate complete submission to a third party with trust or security when in reality it provides neither because that party is an adversary is a society-wide mental illness.
I play some games like Valorant which use Ring 0 anti-cheat mechanisms, and to do this I have a Corsair i300 which I bought basically exclusively for FPS, flight simulators, and other games that I enjoy. I'm actually equally unhappy with corporate-provided Mobile Device Management and "Endpoint Protection" technologies being on personally-owned devices, but one clear solution is to just physically partition your devices by purpose and by what restrictions you're willing to tolerate on them. "But I can't do what I want with the hardware that I own" is a bit of a misnomer, you can, you just might not also have the right to participate in some communities (those that have 'entry requirements' which you no longer meet if you won't install their anti-cheat mechanisms).
Why tolerate Riot Games, why not "play games with a community that has accountability"? It's simple for me: in the extremely limited free time that I have for this activity, my objective is to click <PLAY> and quickly get into a game where my opponents are 'well balanced' (matched against my own abilities) and servers which are not infested with cheaters.
Without any question in my mind, cheaters utterly ruin online multiplayer games, Team Fortress 2 has been a haven of bots and cheats for several years and Valve is only recently starting to take steps to address.
I have exactly zero desire to spend time "locating communities with accountability". I want a matchmaking system provided by Riot Games which simply doesn't tolerate cheating, period. I'm willing to be in that community even with its 'entry requirements'. You may not be willing to submit to those entry requirements and that's okay. You should advocate that games support your desire to launch without anti-cheat protections, and restrict you to playing on 'Untrusted Servers' outside the first-party matchmaking community, where you will enjoy no anti-cheat protection, and you can gather freely with your own "communities with accountability".
Informed consent requires the consenter have understanding of what is happening, know what the implications are and agree. Riot games anticheat software doesn'tpass the first two, and is largely irrelevant to the conversation because this use case is a trojan horse anyway.
Community and social graph is a finite resource. I can't just go get another one if you colonise mine.
This is exactly the same argument libertarians have against food safety and labelling regulations. I can't go get baby formula without melamine in it if every brand has it because they price dumped to bankrupt the competition and I don't have a chemistry lab to test for it.
I can't go find another bank if they all switch to requiring attestation. I can't go buy another government. I can't go find a new social graph if everyone on it is on facebook.
Operating systems and CPUs are utilities with natural monopolies, as is communication software. Treating an ecosystem, a community, and a social graph as a fungible good is a blatant lie.