We would benefit from a better public discussion of what "security" encompasses. Else, we risk conflating "what MS wants me to do with my computer" with "preventing hackers from stealing my credit card number".
Imagine a world where you could submit personal information to a company, with the technological assurance that this information would not leave that company... and you could verify this with remote attestation of the software running on that company's servers.
Ask that question every time you see the word "security" written. There is no such word as bare security.
- security for who?
- security from who?
- security to what ends?
Much of the time security is a closed system, fixed-sum game. My security means your loss of it.
> - security for who?
Riot Games
> - security from who?
The users of their software.
> - security to what ends?
Ensuring a device (A) is running windows (B) is running unmodified Windows system files (C) a rootkit that replaces syscall behavior isn't installed
All of this is an effort to prevent cheats that wallhack/aimbot or otherwise give the player an unfair advantage - at least, it ensures the cheats aren't loaded early enough to where their anti-cheat is unable to detect their influence on the game process.
While i say 'Riot Games' is who benefits, it's all at the request of their users; you can search for 'hacker' or 'cheats' on r/leagueoflegends and see tons of posts from years ago complaining about cheaters scripting (automatically using abilities in the best possible way) and gaining an unfair advantage against them. Every posts' comments will boil down to "Riot really should figure out how to stop these cheaters". It's a cat-and-mouse game, but it'll be a lot easier to catch the mouse once they can safely enable the remote attestation requirement and only lose 0.1% of their players.
On the less moral side, this can also be applied to single-player games to reduce the chances of a game's anti-piracy protections being cracked.
It's like putting a camera network and automated tranq drones in every playground so kids don't play tag 'wrong'.
This insanity of trying to conflate complete submission to a third party with trust or security when in reality it provides neither because that party is an adversary is a society-wide mental illness.
I play some games like Valorant which use Ring 0 anti-cheat mechanisms, and to do this I have a Corsair i300 which I bought basically exclusively for FPS, flight simulators, and other games that I enjoy. I'm actually equally unhappy with corporate-provided Mobile Device Management and "Endpoint Protection" technologies being on personally-owned devices, but one clear solution is to just physically partition your devices by purpose and by what restrictions you're willing to tolerate on them. "But I can't do what I want with the hardware that I own" is a bit of a misnomer, you can, you just might not also have the right to participate in some communities (those that have 'entry requirements' which you no longer meet if you won't install their anti-cheat mechanisms).
Why tolerate Riot Games, why not "play games with a community that has accountability"? It's simple for me: in the extremely limited free time that I have for this activity, my objective is to click <PLAY> and quickly get into a game where my opponents are 'well balanced' (matched against my own abilities) and servers which are not infested with cheaters.
Without any question in my mind, cheaters utterly ruin online multiplayer games, Team Fortress 2 has been a haven of bots and cheats for several years and Valve is only recently starting to take steps to address.
I have exactly zero desire to spend time "locating communities with accountability". I want a matchmaking system provided by Riot Games which simply doesn't tolerate cheating, period. I'm willing to be in that community even with its 'entry requirements'. You may not be willing to submit to those entry requirements and that's okay. You should advocate that games support your desire to launch without anti-cheat protections, and restrict you to playing on 'Untrusted Servers' outside the first-party matchmaking community, where you will enjoy no anti-cheat protection, and you can gather freely with your own "communities with accountability".
The premise of personal computing is that my computer works as my agent. For any remote party that I'm interacting with - their sphere of influence ends at the demarcation point of the protocol that we interact with. Attempts to dictate what software my computer can run when interacting with them are unjust, and ultimately computationally disenfranchising. Despite the naive references littered throughout this thread to users being able to verify what software companies are running, it will never work out that way because what remote attestation does is magnify existing power relationships. This is why so many people are trying to fall back to usual the crutch of "Exit" as if going somewhere else could possibly tame the power imbalances.
Practically what will happen is that, for example, online banks (and then web stores, and so on) will demand that you only can use locked down Apple/Windows to do your online banking. This will progress somewhat evenly with all businesses in a sector, because the amount of people not already using proprietary operating systems for their desktop is vanishingly small. Which will destroy your ability to use your regular desktop/laptop with your regular uniformly-administered OS, your nice window manager, your browser tweaks to deal with the annoying bits of their site, your automation scripts to make your life easier etc. Instead you'll be stuck manually driving the proprietary Web TV experience, while they continue to use computers to create endless complexity to decommodify their offerings - computational disenfranchisement.
I'll admit that you might find this argument kind of hollow with respect to games, where you do have a desire to computationally disenfranchise all the other players so it's really a person-on-person game. But applying these niche standards of gaming as a justification for a technology that will warp the entire industry is a terrible idea.
Only if by "entire point of capitalism", you mean the philosophical paradigm that highly centralizing corporations market to gain more power and ultimately undermine the distributed sine qua non of capitalism.
> Saying otherwise is effectively suggesting that companies be forced to make product in a certain way to accommodate your requests.
You're missing market inefficiency and the development of Schelling points based on the incentive for uniformity. In this case specifically, the inability of a company to investigate what I am running on my computer creates the concept of protocols, and keeps each party on a more even footing. Remote attestation changes that dynamic, undermining the Schelling point of protocols and replacing them with take-it-or-leave-it authoritarianism extending further into our lives.