zlacker

[return to "Google Web Environment Integrity Is the New Microsoft Trusted Computing"]
1. Knee_P+lp[view] [source] 2023-07-27 06:31:08
>>neelc+(OP)
There is a freedom problem, there is a hardware problem and there is a social problem.

The freedom problem is this: you will not be able to roll your own keys.

This is probably the biggest nail in the coffin for a ton of computers out there. In theory you could simulate via software the workings of a TPM. If you built a kernel module the browser would have no real way of knowing if it sent requests to a piece of hardware or a piece of software. But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible.

The hardware problem is this: you will not be able to use older or niche/independent hardware.

As we established that software simulation is impossible, this makes a ton of older devices utter e-waste for the near future. Most Chromebooks themselves don't have a TPM, so even though they are guaranteed updates for 10 years how are they going to browse the web? (maybe in that case Google could actually deploy a software TPM with their keys since it's closed source). I have a few old business laptops at home that have a 1.X version of the TPM. In theory it performs just as well as TPM 2.X, but they will not be supported because, again, I will not be able to use my own keys.

Lastly there is the social problem: is DRM the future of the web?

Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests. Maybe the Wild West era of the web was a silly dream fueled by novelty and inexperience and in the future we will look back and clearly see we needed more guarantees regarding web browsing, just like we need a central authority to guarantee and regulate SSL certificates or domain names.

◧◩
2. raxxor+GM[view] [source] 2023-07-27 09:46:02
>>Knee_P+lp
The wild west internet did perform perfectly. There are some problems here and there that could be improved. None of them are addressed by suggestion like this. This is for control and market reach, nothing else. Secure boot was as well. Evil maid problem is at least believable in a corporate context. These suggestions are just fluffy crap.
◧◩◪
3. kahncl+Xg1[view] [source] 2023-07-27 13:21:25
>>raxxor+GM
Really? Spam, scams, seo trash, bots and AIs, are utterly rampant.

I don’t want Google and Microsoft to have the keys to the kingdom, but on the other hand, I really want a way to know that I’m having genuine interactions with real people.

I wish government was getting more involved here.

◧◩◪◨
4. xp84+0u1[view] [source] 2023-07-27 14:13:08
>>kahncl+Xg1
If government were, they would just be acting to further enhance the moats of the largest companies, which finance their campaigns.

At least in the US. I’m not sure how EU politics is actually motivated, though they seem to advance the most useless political solutions to technological problems (browsers not having good defaults for cookies? Let’s make website owners show confusing cookie modals within the website context, that don’t usually even work!)

[go to top]