As always people see the happy path down the middle of the forest, not the creatures waiting to leap out and eat them two steps down the line.
Once upon a time, I was a homeless teenager running from a cult. If not for software I wouldn't have gotten out of that.
WEI (and other such things) are mainly about regulating who is allowed to write software, and so the way I think about it is this: If WEI existed when I was a homeless teenager, I might be dead.
I do not think I would like your girlfriend very much if she said keeping "her" stuff working was more important than my life, although I could understand her not understanding how big of a deal it is when you talk abstractly about the "open nature of the web" without putting it into human terms;
The "open" part is really important to get across because it means anyone who has the ability to can contribute: Does such a high level academic with a strong mathematical and logical background understand what can be lost not just to industry, but to science itself when a church wants to name itself the arbiter of who can work?
No, it's about being able to prove that your device is secure. Attestation doesn't stop you from writing software for your device.
>if she said keeping "her" stuff working was more important than my life
Arguing that you would be dead if your viewpoint isn't correct is a bad argument.
>what can be lost not just to industry, but to science itself when a church wants to name itself the arbiter of who can work?
It would be a better analogy to say that "employers can run background checks on people who want to work for them." Because it is up to each website to choose which attestors they trust and the websites have the choice of doing whatever they want with information or not requiring attestation at all.
How do I prove my device is secure while also being able to run any software that I want?
The operating system should properly prevent software from violating the security of the system. If you mean that you want to be able to run an OS that does that provide a level of security that is expected then you shouldn't be able to prove that insecure OS is secure.
As an industry we are getting better at security and finding and patching vulnerabilities.
>Attestation does not prove that a device meets any security bar.
But it can prove that a device's software and hardware is running software and hardware that does pass your security bar.
>No, it doesn’t provide any guarantee other than the power that be are empowered to grant themselves and their friends privileged status while leaving everybody else without a device that can run the software they want.
Security doesn't have to be perfect in order to be beneficial.