The difference now is that Microsoft are saying they will only support machines which have these TPMs, and therefore they can credibly argue in a few years that the only secure PCs (and thus the only PCs that ISPs should allow online) are ones which can produce a remote attestation to prove they are running the latest OS updates (from an OS vendor that is approved by the government).
> If Microsoft wanted to prevent users from being able to run arbitrary applications, they could just ship an update to Windows that enforced signing requirements.
The trap hasn't been sprung yet, but those are the teeth, yes. Then say goodbye to Tor, E2E encrypted messengers, unapproved VPN apps, and bittorrent clients that don't check a Content ID database.
That's a reason to worry about Windows 11 requiring a TPM, rather than a reason to worry about Pluton specifically. But even so, I don't think it's an especially realistic one - outside extremely constrained setups, it's very hard to make remote attestation work in a way that gives you any meaningful guarantees (eg, simply forward the challenge on to a machine that is running the "approved" OS).
> The trap hasn't been sprung yet, but those are the teeth, yes.
Again, something they could just do today while zero people have Pluton.
If Microsoft want to lock-down the entire x86 market, they can do that now. They don't need to wait years for everyone to shift to new hardware that has Pluton in it.
I was imagining something like that would be possible (for people with enough tech knowledge), but it's good to have it confirmed, thank you. There would presumably be a cat-and-mouse game of the "approved" OS trying to detect if it was being co-opted into such a scheme.
> They don't need to wait years for everyone to shift to new hardware that has Pluton in it.
As you say, I'm more worried about Windows 11 than Pluton, but presumably the "importance" of Pluton is part of Microsoft's excuse for not supporting non-TPM hardware any more. Once Windows 10 is out of security support (for home users at least), it will be easier for Microsoft to claim that non-TPM Windows devices are de facto insecure.
Which only means that programs can choose to not service devices without TPM - things like Netflix/Streaming Services and online competitive games, although it might take 10 years with the amount of people that will be unable to upgrade to 11 or upgrade their computer to one with a tpm at all. With computers become more and more about browsing the web, and especially with the chip shortage, people aren't upgrading their hardware as often.
But those "programs" could include "an online check made by your ISP, mandated by your government". If your computer doesn't pass the check, it won't be allowed online. What good is a phone call if you're unable to speak?
> it might take 10 years
I think more like 5, although the government might start slowly, like only preventing non-TPM devices from accessing "sensitive" online services, e.g. banks or anything that requires a payment.
The next step would be connecting the "online check" with a biometric ID, enforced by the device. Every time you unlock your device, it would request from the government a random ID that is included in every packet sent, and those IDs would be tied to your legal identity in a government database.
Letting someone else use your device would be similar to letting someone else use your car, in that you are responsible for whatever is done while you are logged in, unless you report it stolen.
if that occurs, is that really of microsoft's doing, or of the government and all the other companies that are complicit? I can plausibly imagine a future where microsoft stays its course (ie. it doesn't lock down the x86 platform), but companies still force you to use locked down devices by forcing you to use mobile apps to do online banking. You already sort of see this with messaging apps, where a few (eg. signal) are mobile-only.
> in that you are responsible for whatever is done while you are logged in, unless you report it stolen.
This is only really true for insurance purposes - for stuff like red light cams, the tickets are invalid if you weren't the one driving (which is why some newer ones snap temporary pictures of people in the driver seat in case they end up running the light).
Please drop the hyperbole, there is already enough of an impedance mismatch here. We're talking about slow moving ecosystems, and social normalizing of new technological restrictions. The current locked boot mess has taken oven twenty years to develop since the Trusted Computing Platform Alliance was founded. The pace of change accelerates, but five years won't even make remote attestation available in browsers. I'd say it's at least 15 years until a significant number of websites would require it. Using it for network access control would take further technological development (probably on the corporate side), and then some kind of crisis to drive ISPs/governments to demand consumer implementation. It's worrying because it's a step on the slow monotonic authoritarian march, not because the sky is falling right now.
It is much more thinkable, however, especially in 5 years, perhaps after a (false flag?) cyber-attack takes down an electricity grid in some country, that a government could prevent "insecure"/"unpatched" devices from going online. This wouldn't require any personal information to be shared with the government (at least, no more than current ISP data retention laws already require), and Microsoft would be all too happy to build support for this right into Windows for free, as it would make it harder for "unapproved" operating systems to be used in that country.
> the tickets are invalid if you weren't the one driving
I guess what I meant was "the government will punish you unless you can prove someone else was using your device" so you won't be able to escape prosecution by sharing a device and saying "I can't remember who was using it at that time". Similarly, I believe in some jurisdictions a car owner is expected to know who was using their car at any given point in the past so that speeding tickets can be assigned to the correct person.*
Anyway, I can imagine the law going further and matching the dystopian vision of "The Right to Read", which includes this passage: "Of course, if the school ever found out that he had given Lissa his own password, it would be curtains for both of them as students, regardless of what she had used it for. School policy was that any interference with their means of monitoring students' computer use was grounds for disciplinary action. It didn't matter whether you did anything harmful — the offense was making it hard for the administrators to check on you."
* "It is also illegal [in the UK] to decline to provide the driver's details, whether it was you or another person." https://news.jardinemotors.co.uk/how-to/speeding-fine-faqs-w...
What if I had told you 5 years ago that in 2020, people in Western countries would be forbidden from leaving their homes without permission, and would have to show a digital pass on their phone to be allowed to go into shops?
The technology for remote attestation already exists, and it would take less than a year to roll out checks for it across all ISPs in a country. As you say, it would need some sort of crisis for a government to demand it, but an ill-intentioned government with an offensive cyber-war capability could manufacture that crisis tomorrow if it wanted.
We already have authoritarian Western nations like Poland allegedly using cyber-weapons against opposition politicians[0]. I don't think that claiming existing technology could be used in 5 years is a claim that "the sky is falling right now". The main thing holding back such a scheme is that it would force a lot of legitimate users offline, which is why I think 5 years should be enough time to make those affected users a small enough minority that a government could ignore them.
[0] https://www.euronews.com/2022/01/05/polish-watergate-tension...
When predictions of our future read like dystopian science fiction such as Stallman's "Right to Read", 1984, etc. the only course of action is to educate the masses and strongly oppose any further progression down that path.
Signal has clients for Windows, Mac, and GNU/Linux.
At some point, even ISPs might require remote attestation to allow you to connect your device to the internet. The IETF is already working on standards for the attestation of network devices[0][1].
I speculate that there will temporarily (perhaps similarly to iOS jailbreaking, which is not available at this time for the newest devices/iOS version[2]) be exploits allowing you fool the attestation by e.g. redirecting it to another device as the author suggests, but the end effect will be that vast majority of people will be effectively confined to a walled garden and even determined hobbyists will only be able to use their general computation capable devices to access all content (or even connect them to the internet) some of the time.
[1] https://datatracker.ietf.org/doc/draft-ietf-rats-tpm-based-n...
[2] https://en.wikipedia.org/w/index.php?title=IOS_jailbreaking&...
There are way more android and apple devices online than PCs. No ISP would do anything for PCs alone and if they did, I could easily turn my PC into an "Android Tablet". So Microsoft would have to get Google and Apple behind the same plan and then phase out all existing devices and force all ISPs to implement this. This would yield a huge public outrage because the first states to follow would be China et. al., where remote attestation would enforce you to install the latest government, ahem, upgrade, to your device. Of course the US government and various European nations would very much like to follow suit, but they would be slower than China and then look like they follow the authoritarian path a bit too closely.
Remote attestation will be sold to streaming providers so they can extend their DRM to cover unpatched systems. Maybe multiplayer games will follow. This ain't gonna happen at the ISP level.
This has already happened for mobile banking apps on Android: Many of them already use SafetyNet with hardware attestation. The only reason not all of them do require hardware attestation is that not all of the older Android phones support that, which is exactly the situation Microsoft wants to change for TPM. And increasingly, other apps seem to be starting to use root detection and safety net for frivolous use cases such as McDonalds.
Well now you hit the nail on the head. The issue hasn't been technical for a long time but rather one of "image". People have to still believe they have freedoms and whatever curtails them is for their own good. As long as you're given a good reason to submit to extreme measures (9/11 made the Patriot Act acceptable), or they happen slowly enough that you can't really see a boundary being crossed, these measures will eventually be put in place. And nobody will see a huge difference because they won't remember a time when it was hugely different.
How can ISPs do anything close to this when they're not even concerned with how many devices you have? ISPs just do not connect individual end user "devices", they connect subnets.
> content providers may refuse to serve you
Providers of Hollywood-copyright-mafia content like Netflix have already been demanding hardware DRM (at least for high resolutions) for years.
Providers of public ad-supported content like YouTube care about maximizing views above everything. They'll happily serve a 4K stream to a Windows 98 machine if it can connect with modern TLS somehow. YouTube isn't even trying to fight youtube-dl all that much, there was an attempt at throttling recently but it was very quickly defeated. Heck, YouTube Music on the web does not use DRM at all, and that's all music-copyright-mafia content there.
Best we can do is start educating people now.
On a side note: Microsoft already starts patronising users e.g. by blocking access to security tokens from nonelevated processes. I hate it when my os starts messing with my freedom to develop sth on top. It all comes in the name of security but will in the end effect freedom.
To me, the platforms are simply improving security and slowly jettisoning older systems which cause security issues. We don't allow TLS 1.1 for a reason.
Well I'm coming from a USian perspective, so that prediction wouldn't have come true. But really, trying to contain contagious disease is a societal response with longstanding precedent, and implementing a digital ID like that is technologically easy (at minimum, it's just showing fields from a database). If you had predicted these actions because of a pandemic, it would have been plausible.
Meanwhile if you had predicted similar digital passes in 2000 it would not have been immediately plausible because very few people were carrying around a computer in their pocket. That had to be developed first by private industry, wanted by the consumer market, and the idea of having "apps" for various facets of your life socially normalized, before it could come to pass.
> The technology for remote attestation already exists
What do you mean by technology ? Yes the concept exists, and yes some implementations exist, and yes some are in the hands of consumers. But I wouldn't say the "technology exists" for general web browsing, in that it's available for a single actor, even controlling both ends, to decide to start using remote attestation.
> The main thing holding back such a scheme is that it would force a lot of legitimate users offline
Yes that is one aspect. Another aspect is the lack of implementations for companies to use to start demanding its use. Another aspect is that there has been no application of it to network access control. Yet another aspect is that the government does not understand they have this lever to pull until the trail is blazed by industry. In Y2K authoritarian government went "find a way to stop bad communications on the Internet" and their underlings went "uhh pull the plug?". In Y2020 there are many companies selling carrier-scale TLS MITM and other DPI gear.
All of these things take time. As I said, it has been over 20 years since the TCPA was founded, and you can see where we are. You can directly translate your arguments here to arguments about secure boot in 2000, and yet governments in 2005 were not trying to prohibit computers without secure boot. We had to take a long roundabout trip through a new device type of phones/tablets (for RA this could be security keys) for it to become palatable.
Only now that the market has gotten there on its own would it be plausible for a government to prohibit any device that isn't locked down with secure boot. Even so, it wouldn't be currently advantageous for the more totalitarian countries to mandate this, since they do not fully control the device's manufacturers. That is another progression that will take time before it's ready to click into place.
It also makes it harder to spread awareness of the threat, since the really concerning implications sound farfetched. Not thinking about it too hard, why would anybody buy a computer that restricts what they can do? Well, the Market finds a way.
But the general point is taken. For example my HOA requires payment via Zelle, and my bank requires that I use their mobile app to make Zelle payments. I can still run their app on CalyxOS just fine via microG, but I feel like microG is something Google would find a way to shut down if it were to hit some critical mass of adoption.
Unfortunately that's not guaranteed to always be the case. The "Trusted Computer Group" already have ways for network operators to answer "Who and what’s on my network?"[0], and it's possible to set up an IPsec VPN between your device and the ISP where the key is only known to the TPM on your device.[1]
Of course the user could try to proxy requests from an "untrusted" machine to a "trusted" one, and piggyback the connection, but I imagine that applications which allow this won't be allowed in "secure" app stores, and "secure" operating systems would in any case firewall off packets coming from "untrusted" machines in the first place.
[0] https://trustedcomputinggroup.org/work-groups/trusted-networ...
[1] https://wiki.strongswan.org/projects/strongswan/wiki/Trusted...