The freedom problem is this: you will not be able to roll your own keys.
This is probably the biggest nail in the coffin for a ton of computers out there. In theory you could simulate via software the workings of a TPM. If you built a kernel module the browser would have no real way of knowing if it sent requests to a piece of hardware or a piece of software. But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible.
The hardware problem is this: you will not be able to use older or niche/independent hardware.
As we established that software simulation is impossible, this makes a ton of older devices utter e-waste for the near future. Most Chromebooks themselves don't have a TPM, so even though they are guaranteed updates for 10 years how are they going to browse the web? (maybe in that case Google could actually deploy a software TPM with their keys since it's closed source). I have a few old business laptops at home that have a 1.X version of the TPM. In theory it performs just as well as TPM 2.X, but they will not be supported because, again, I will not be able to use my own keys.
Lastly there is the social problem: is DRM the future of the web?
Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests. Maybe the Wild West era of the web was a silly dream fueled by novelty and inexperience and in the future we will look back and clearly see we needed more guarantees regarding web browsing, just like we need a central authority to guarantee and regulate SSL certificates or domain names.
This is the actual missing key bit. The problem that Google is trying to solve here is not actually a hardware / computational problem, it's a Real Identity problem. Hardware / TPMs are a poor proxy for solving that problem.
There's drastically less eWaste and impact on software freedom if you seek attestation from a national ID provider than if you seek attestation from one of a handful of personal electronics OEMs. National ID providers can offer to sign not only Real Identity attestations, but also anonymized attestations to protect citizen privacy. A web operator can decide whether to allow for attestations from only their own national ID provider, foreign national ID providers, private ID providers, or none at all if they just have a read-only site and don't really care.
The truth is that government inaction is forcing Big Tech down the road of violating user privacy and freedoms to solve Big Tech's problems. But getting the government to offer a flat Identity Provider playing field would solve these problems in a way that doesn't require such violation.
Ah, ha!
The PR spin necessary to kill this in the US would be to connect it national ID. I hadn’t thought of that.
A narrative about national ID with some vague “mark of the beast” insinuation thrown in and suddenly a large political faction who otherwise would care about this would be opposed. I like it.
I think a political strategy of getting rural school districts + 20 State governments to go on record saying they will not purchase or use computers that have Google WEI could be very effective.
It's also worth considering where this stuff comes from instead of ascribing anything the other team says to superstitious fools and their invisible sky man.
Branding people like cattle wasn't invented in modernity. It's infamous Nazi behavior, and the Nazis weren't the first to do it either. It's so old that people centuries ago saw how bad it turns out and put a warning against it in their ancient book.
You don't have to believe in the devil to believe that history repeats and learn a lesson from the people who came before.
I didn’t say any of that. You have no idea what I believe beyond that I don’t buy into the “mark of the beast”. Anything else you read into my comment is something you read in.
That you went straight to comparing my comment to Nazism seems a bit uncharitable.
I'm not comparing your comment to Nazism, I'm comparing universal identity systems to Nazi behavior, because that's what they are. Their primary use, the major thing they do that decentralized credentials systems don't, is to facilitate mass surveillance and authoritarianism.
My point is that this has been understood for a long time, and the people who say "mark of the beast" have a legitimacy to their concern that has been demonstrated throughout history, regardless of whether or not you believe the fine details of the allegory.