Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.
Can someone please explain to me how the author might see this level of security as a bad thing?
Wait a few years. Smaller companies won't even be allowed to order high end cpu's. You'll be at 100% mercy of these corporations.
If after 2 years they decide to brick your pc, they'll just do it. You think government will help you out here? Lol...
From the USA, we get news of banned book in some states. When I read that, my head goes back to my european history, and I reach the Godwin point very quickly.
Those kind of people will abuse such system to prevent things to be shared.
It will be used for putting DRM on everything and create a more and more closed web.
It will be used by corporations and govs to prevent wisthleblowers and journalists to do their job. Or to prevent employees to get evidences of mistreatments in case they need to sue.
Because if you look at it, it's basically just a system for information control. And bad actors love that.
And of course it will be "for security reasons".
Trusting people with a terrible track record to not abuse a massive power in the future, espacially one that can be scaled up with the push of a button once the infrastructure is in place, is not a good bet.
https://www.baynews9.com/fl/tampa/news/2022/05/06/florida-ba...
If you're worried about book bannings in states like Florida, DeSantis is up for reelection in just over 3 months. Go volunteer or donate money to his opponent (probably Charlie Crist).
Yet, you probably don't want to give willingly a nuke to a dictator.
In the same way, giving this kind of power to people that have shown in the past to abuse information control is like banking on the wolf to behave in the hen this time.
> Go volunteer or donate money to his opponent (probably Charlie Crist).
I'm not in the US. I just read those crazy news, compare it to my grandfather stories, and worry.
It reminds me of the good old "my password takes 2 billion years to crack, but my kneecaps only take a few seconds" metaphor about people in tech forgetting that physical coercion is, in fact, a possible attack vector for your IT security.
To be pedantic, it was diseases and outright, explicit murder. (which is not an excuse. Biological warfare is a modern war crime, after all.)
https://en.wikipedia.org/wiki/Population_history_of_Indigeno...
banking on the wolf to behave in the hen [house] this time
Fair point, but the United States is rapidly moving towards authoritarian governance right now. There are steps that every U.S. citizen who reads my comment can take to help stop this decline immediately. I don't like the idea of this sort of TPM 3.0 module in my computer's hardware, but it's a 'day after tomorrow' problem for me, not a 'right now' problem.
By forcing the kernel to be untamperable, Microsoft can arbitrarily enforce ANY policy they choose on your PC. They could spy on every single piece of network communication. They could ban any given software from being able to run on Windows - maybe Chrome, maybe Steam, any competitor at all. They actually could easily enforce laws on banned content too - any given website, book, audio or video could be impossible to consume, and an attempt to try could be reported to Microsoft. They could stream the contents of your display and mic and camera at any time to anyone they choose. There is literally nothing they cannot do with complete control over the kernel. And since the kernel and Windows itself is closed source, there are ways to hide all of it so you would never even know.
Security is great but it also goes hand-in-hand with control and surveillance. Every capability to increase security also increases the amount of control those providing the security have.
The difference is for now you can still go to BIOS and enable Microsoft's key for 3rd party OS.
Maybe when Windows 12 comes out that option isn't there.
It's like your company giving you serious protecting gear to wear while doing your work on a nuclear reactor is a good thing. But having to wear such gear at home is not a popular choice, and should not be required.
Face book, for example…
:sigh:
If today it's "obvious" what's bad; When this generation dies off, who is appointed master of the universe and decides what's bad? It won't be you. It'll be the guys with the money; See Pluton. They're already paving the way for just that (at least in tech and what your wallet must must must spend). But, I digress.
You shouldn't ban books. You should teach morals.
My friend, Swim, who is a Jew living in Israel doesn't support banning Mein Kampf. So much so that when Swim's friend ordered it from Amazon, neither opposed it. Curriculum teaches about Hitler's rise to power and the abuse of his people to do so. That's more than enough to understand not to follow in his footstep. Swim's friend was interested in Hitler's political prowess.
I'm not interested in Mein Kampf. But, if someone is, he most surely has the right to read it. Kill the way some fanatics did because of it? No, that's immoral.
Who decides morality? That's complex, I think. But, I also think it is an innate intuition that lives in all of us.
You can choose not to wear that gear, but choosing to not use Windows is much more complicated, at least for most people.
Basically, this will make transparency even harder than it already is. That's a terrible danger for democracy at large. Stalin's wet dream.
Not everywhere in the world (https://en.wikipedia.org/wiki/Mein_Kampf#Current_availabilit...)
In the USA, freedom of speech is in very high regard, and that’s in conflict with the idea of banning any publication.
It's like saying "don't worry about gun control because car accidents kill way more people right now".
https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...
You cannot defend against something you don't understand.
Reading it (or the little red book), you will notice there is nothing incredible about it.
It's a good way to understand the banality of evil.
It's a good way to see what currently in our society echoes it: we are not freed from evil, it can come back any time.
And the "push on unsuspecting children" narrative is worn out. Nobody push such dangerous book on children unless already twisted. Nobody ever told me "read it, it's good for you". Everybody always said: "dangerous book, read it with history in mind", if they ever talked about it.
We push Harry Potter on kids, not Mein Kampf.
Once these chips are in everyone's devices, it would be quite easy to add this stuff technically. And in doing so, break the web on non-approved hardware or software (like linux).
Edit: Actually on the subject of worst case scenarios: If the trusted computing attestation process was extended through the web browser, it would be possible to build a website which is impossible to scrape or interact with in any unapproved way, from any unapproved device. Eat your heart out Aaron Schwartz.
I say that as a person of Eastern European/Jewish extraction.
Do I like fascists/fascism? No. Do I like Nazis? No.
But I do like freedom of expression. And if the price of that freedom is that hateful scumbags get to speak their piece, that's okay with me. But I'll have something to say about it too. As it should be.
[0] https://archive.org/details/mein-kampf-audiobook
[1] https://harperandharley.org/pdf/mein-kampf/
[2] https://www.amazon.com/Mein-Kampf-Adolf-Hitler-ebook/dp/B002...
Exactly this. As soon as governments (or lobbyists) discover that this level of control is available to them, they will introduce whatever remaining laws they need, banning E2E encrypted chat apps, or Tor, or bittorrent clients.
I suspect that, like civil asset forfeiture, or running commands on botnet-infected devices[0], these actions will have only the thinnest veneer of "due process" applied to them. After all, if your computer is running "illegal" software, why should the government wait for your permission before deleting that software, or even tell you that it had done it after the fact?
[0] https://uk.pcmag.com/security/139675/us-disrupts-cyclops-bli...
Actually, IIUC this is already the case on Android[0].
Some (many? most?) banks/banking apps are rejecting (and/or complaining about) access from rooted phones right now.
I can't confirm this personally, as I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.
Perhaps someone who uses banking apps on their surveillance device could chime in on that?
[0] https://www.howtogeek.com/241012/safetynet-explained-why-and...
Could as well gouge out the eyes of everyone not having a read permission on said document. There are 1001 solution to solve such problems. And as a gigantic bonus it doesn't have to be bound to hardware! User permission management is much easier.
Unpopular speech needs more protection than popular speech, not less.
Soon my old 3G dumbphone will be useless as the mobile operator ends the service. People are pushed to newer phones^W surveillance devices and I have to hunt for real 2G phone soon.
nothing. there's nothing you can do to stop that.
Btw, you could acquire a Mobile-ID SIM that will work on a rooted phone (but also with feature phones, if you wish).
Establishing technical means to do something (limiting access to files via DRM) is not as urgent as actually doing it (Florida carting books out of school libraries). And technology is not a monolith. Pluton specifically is far from being a universal requirement on Windows, and the entire PC platform is open enough to support alternatives for a very long time. It's possibly worrying (though it looks like Microsoft's intention is confidentiality management in enterprises for now), but far from "turnkey tyranny".
It's only through constant vigilance and fighting back that it has been slowed dowm by two decades.
News of Pluton and its security goals have been readily available since 2020 from reputable hardware sites like Anandtech, or directly from Microsoft themselves. There's nothing new or hidden or surprising about it unless you live to dream up Microsoft conspiracy theories.
Many other hardware manufacturers have similar security offerings including Intel and Apple. Microsoft is arguably late to the game here, given their only recent interest in PC hardware. OS integration isn't even new. Macs have been shipping with T1 and T2 chips for over five years. Has the sky fallen on that ecosystem?
Books are not banned, just not used in the classroom anymore. While the reasons for it may be wrong, it's something that happens constantly all over the world. No one prevents children or adults to read those books at home. Banning books could mean that owning them is illegal and that just hasn't happened.
[0] https://forums.lenovo.com/t5/ThinkPad-X-Series-Laptops/BIOS-...
From https://wiki.archlinux.org/title/Lenovo_ThinkPad_T14/T14s_(I...
When computing is controlled at a hardware level, you have far fewer competitors and market places. Working around things can be significantly more difficult and you may be stuck with scrapping up old less capable tech trying to do something you should have better options for. This is the reason technologists fear technology control, not so much because of tunnel vision but because the general population can't work around it, even experts may not be able to work around such protections. Low tech always has easy work arounds--the option exists even if you may fear the consequences.
So the government will clearly help out here. And none of these companies has an incentives to stop sales to smaller companies, they make a lot of money with those.
But the devices were actually slowed down, so the danger is real.
The only question is whether they will trust metal detectors to prevent whistleblowers from bringing in these devices, or if they will rely on strip searches and CCTV.
Ah, that must be why we all have root access and can freely modify or install anything we want on every device we own! Oh, wait, we don't have those things and our non-PC systems are increasingly locked down and routinely do things against the wishes of the people who own them.
Market rejected it. At the time, there was an alternative. What are most people going to do, when there is not?
https://www.virginiamercury.com/2022/07/06/free-speech-group...
I...don't share your optimism, to put it lightly.
IIRC, this was the reason Valve created SteamOS: they feared Microsoft would use their control over Windows so that the only viable software store on PCs would be Microsoft's own store.
Well, it gets even better, even for folks with principles like you have.
If you want to use general computer, you need to log in. For logging in, you need second factor. That second factor is going to be in 99,99% cases exactly the app in the smartphone, that refuses to run on rooted devices.
So no avoidance, if you want access to your account.
All this has already happened since 2008 when the app store came out.
Also, thank God for the Internet Archive.
The administrator of my network does not require multi-factor authentication for my logins.
That's probably because I am said administrator.
As for professional settings, if my employer wants me to use a surveillance device and/or an app on said device, they can provide that device to me.
As an alternative, I suppose I could use whatever subsidy is provided by my employer to purchase/use a separate device for such things.
If they choose not to do one of those thing, I guess I won't be logging in and will soon be working elsewhere.
Requiring me to use my personal equipment for work purposes is inappropriate IMHO, and I've yet to hear an argument (other than folks not wanting to carry multiple devices, which is a personal choice) that changes my mind about that.
I'd welcome anyone to make such an argument, mostly to discuss why it's inappropriate, but I'd certainly keep an open mind about it -- perhaps there's an angle(s) I haven't considered.
That was in the early 1500s. It was another couple hundred years before Europeans started colonizing and conquering those areas. By the time that started those populations were already reduced by around 90% from diseases that has spread across the continent from the Europeans on the east side.
Before those diseases wiped out so many natives no European colonists were able to survive in what is now the US and Canada without the approval and help of the natives. If the local natives didn't want a colony there, they removed it.
Yes, the colonists had guns and the natives then did not but the guns in those times weren't actually superior to bows and arrows. The guns might have better range, but their accuracy was much worse and they took longer to reload.
Before diseases that the colonists (unintentionally) brought greatly weakened the native tribes pretty much the only colonists that did OK were those that allied with a native tribe.
There were a bazillion tribes, and there was a lot of conflict between them including warfare. Some smaller tribes that were losing their wars with bigger tribes allied with some of the colonies to try to get help against the bigger tribes. Those were the colonies that were allowed the stay and thrive.
For a great look at what life was like in the New World before Europe became widely aware of it, and what happened afterwards the book "1491: New Revelations of the Americas Before Columbus" by Charles C Mann is quite good.
Enforcement is a different issue.
Where are the text books in California that teach math using Biblical stories and imagery? Obviously California burned all those books if we accept the argument being put forth with Florida.
Outside of corporate IT, what if Microsoft uses this remote attestation to enforce binding non-corporate PCs to a Microsoft account. Some don't have a problem exposing everything to Microsoft's cloud, but Pluto sounds like it could be used to enforce this on a hardware level.
If computing devices without bondage to a cloud service are impossible, Windows has no more value proposition for me for personal computing. I'm going to stick with Apple, because at least Apple allows me to turn it all off, off seems to mean off on at least Apple iPhones/iPads (I don't have to check hundreds of weirdly named services, policy settings, scheduled tasks that are all on for some reason), and settings don't seem to randomly sneak on between updates.
Hopefully we get the digital markets act over here for similar protections
Remote Attestation establishes a root of trust that can be used to verify that all of the software down the line is "approved":
- You won't be able to browse sites or use apps with ads unless you run a 'trusted' device, OS and browser that does not block ads.
- You won't be able to browse sites with captchas unless you run a 'trusted' device, OS and browser that does not allow bots to interact with the browser.
- You won't be able to run Netflix unless you run a 'trusted' device, OS and browser so that you can't record the content.
- You won't be able to play online games unless, again, you run a 'trusted' device and OS so that you cannot cheat, or more importantly modify it in any way (why would you purchase skins if you can mod them in?).
- You won't be able to use online banking unless you use a trusted OS because banks.
Remote Attestation is pretty terrifying and it will be here soon unless it is regulated out of existence, which is unlikely.
But there's nothing wrong with teaching students how they can use math to understand social problems and complex real-world issues. Math is a great tool for thinking about things like income inequality, climate change and economics.
As a regular user, most of that list doesn't sound too bad. Their future devices will automatically have these features enabled, they're not likely to change those settings to "break" their device (from the perspective of Trusted Computing) so they'll have a smooth experience getting into it.
- Can't block ads? A lot of average users already don't/don't know how, but this one would probably would affect a lot of people. Probably a bad thing no matter how you slice it.
- They'll have a better experience online as they won't be interrupted with captchas. Wouldn't you prefer if you never experienced captchas and logins were smoother and easier? So a wash to a positive for an average user.
- This makes it an easier deal for streaming services to let you cache their DRM'd content offline and makes the deals they have to cut with media companies potentially cheaper. Once again they're probably buying off the shelf computing devices which will probably work seamlessly with these restrictions, so they either won't notice anything or potentially get more features than they have now with those services they're already using. I'm not necessarily a fan of DRM but the market has largely spoken, people prefer streaming rather than actually owning the media.
- Fewer cheaters in online games sure sounds like a positive to me.
- My bank account online is more secure? This is a bad thing?
Chip manufacturers could even decide that nothing good happens on open source operating systems, so you're now only allowed to run Mac or Windows operating systems.
The point is really that they're taking full ownership of the chips from you.
Particularly now that heterogeneous computing is making it big, video decoding can easily just be made not to work unless this tech stack okays it--regardless of the OS.
This chip could all out disable other operating systems if they don't provide the spyware telemetry that Microsoft requires.
But, imagine that a school adopts the DRM processes described in the article and requires this study level of control even on personal devices that are used for school. Suddenly those book bans can be enforced digitally by the school and will totally cut off access to certain books that the school chooses.
You might say that it's within the school's rights to do this for a device that is used for school and if you don't like it then use a different device. Now that's a system where there is a class-divide on the information that one is physically able to consume on their devices.
You might think Mein Kampf is ban-worthy, but the whole point is actually that you should not ban any book at all, because once you start banning books it becomes far too easy for more books to be banned. All it will take is one regime change in a school district's PTA for new books, that you maybe think should not be banned, to be added to the list.
It's worth considering the most banned books in America. His Dark Materials. A fantastic young adult fantasy novel that pokes harder at religion than some Christians can bear.
With this tech stack, you wouldn't be able to.
[0] When It Comes to Banning Books, Both Right and Left Are Guilty | Opinion: https://www.newsweek.com/when-it-comes-banning-books-both-ri...
The government is probably part of the driving factor in building this system.
The government probably doesn't want Wikileaks type material to be rendered. There are _so_ many ways the government likely wants to abuse this.
Disabling other operating systems would be done by the BIOS if manufacturers locked down the configuration of existing secure boot functionality, doesn't need any new features.
At a past job, we used Entrust [0] and I'm aware of Virtru [1] as well.
Edit: I forgot about Sharepoint, which also sort-of fills the ACL document-sharing niche. (though I'm less certain about whether it uses encryption to enforce its access policies)
Yep, one state decided to do something about this divisive indoctrination of kids and the peddlers of that stuff obviously don't like it, hence the "banning (math) books" stories. If you actually read into this you quicky realize that someone is clearly lying and (this time) it's not the Republicans.
Any such bans will always take the path of least resistance to cover the largest possible population with the easiest means. Pareto Style. And I care much more about those 80% of people having access over maintaining my own. Because ultimately, those people will set cultural standards of the future, not some technologist with their fully libre laptop.
And those attacks are, as of now, not that sophisticated or blatantly censoring. An overwhelming majority already do their computing on locked down devices (running iOS, Android and ChromeOS) and the big censorship wave hasn't hit them. Every half decade or so Amazon removes a book from Kindle as a side effect of capitalism and copyright and there's a huge HN thread mistaking it for deliberate censorship, but overall it really doesn't matter.
Also, let's be completely clear that DeSantis didn't ban math books. This was an attack on ideologically inconvenient books, mostly queer literature. It's part of the push to label us as "groomers" for merely existing around underage people that has caused a spike in violence and mistrust directed towards trans people. Once our rights are sufficiently eroded, they'll go after the gays again, and after that, maybe, we'll have progressed on the fascist cataclysmic us versus them rhetoric to revive blatant antisemitism. Or racism. Who knows. But safeguarding the high end bit of tech that is not even mainstream anymore wouldn't help society out of this and being concerned for it is a very individualistic choice.
I'm sure there will be developer options for this too. After all, Microsoft is not going to make all the software themselves.
But they could restrict this too. For a lot of platforms you now have to sign up for a developer account and license agreement. Like on iOS, Oculus Quest..
Do you know what Critical Race Theory actually is, and where it's taught?
Just within the last century it was illegal to send a copy of Ulyesses or The Canturbury Tales through US mail.
> My bank account online is more secure?
Sincerely, why? Because I can't customize my own software anymore? Fortunately banks around here don't require SafetyNet, some of them do require a mobile device though.
The prerequisite for this to happen is that the school removes all physical editions of the books and has digital editions for all content, and a lending program for the books that is sufficient to satisfy publishers... and all students have digital book readers able to access the school library.
I don't see this happening in the near (or even within the decade) future. There is far too much content that is physical only, publishers haven't embraced digital editions for libraries, school libraries don't have the technical resources (physical or in many cases human) to convert their collections to digital.
The hypothetical school book ban for digital editions is needlessly alarmist.
When those resources are available to schools, then yes - lets talk about it... though the school banning books will continue to mean "that resource isn't in our collection" and a student can go to another library (or in many cases book store) and get a copy of that book for themselves. This is no different than today.
Ibram X. Kendi, in his book “How to Be an Antiracist” states, “The only remedy to racist discrimination is antiracist discrimination. The only remedy to past discrimination is present discrimination. The only remedy to present discrimination is future discrimination.”
The whole movement is predicated, explicitly, on instilling hatred and animosity on some out-group, it's a viscous ideology masquerading as compassion.
If the market really cared about being able to run whatever software you wanted, nobody would be buying iPhones. Fire TV sticks and Rokus wouldn't move any products. Playstations, Xboxes, and Nintendo Switches would be crushed under the massive marketshare of Mister devices and Steam PCs. One quick look at reality shows this isn't the case.
I think you're massively overestimating the market size of people who actually care.
Note that I'm not making any moral argument here, I'm not saying whether these things are good or bad. Personally as someone who likes to tinker and has been bitten several times by DRM and the likes, I'm not too much of a fan. As someone who has to try and ensure compliance on devices, its a godsend. But at the same time I know lots of people who buy Xboxes and Playstations because there's less cheating that happen on that platform. I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.
I don't like having to lock my bike, its a huge pain. But at the same time there's tons of people here arguing locks shouldn't exist. Trusted computing, in the right context, is a good thing. Being able to lock your door is good! Being able to assure your device is what you say it is is good! I definitely agree there are potential dystopian futures with this technology, but that's true of any truly revolutionary technology. Wheels move carts of grain and help tanks roll. Being able to break dinitrogen into more usable sources gives us cheap fertilizer and explosives.
I think we're just discussing different things here then. I'm specifically talking about whether this is good or bad for the future of society. Most people buy whatever is most convenient at the time, which is fair and everyone has done this at some point, but it may or may not the best for society.
> I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.
It may be a bubble, but of all the iPhone users I know, I don't think any of them has bought it for that reason. Most here buy them for either being simpler to use, lasting longer, or status. Of all the Android users I know, I don't know any that has knowingly got any kind of malware, and that includes people with very old phones.
At least in Europe, it is not even bank's initiative, it is from above them. They've got PSD2 directive to implement. And when they all have to implement it, is kind of difficult to vote with your wallet.
I want my technological barrier back please.
I mean, this isn't even about Republicans, Trumpians or whatever, any self-respecting liberal can't possibly subscribe to c(r)t and still call himself/herself a "liberal".
As does every financial or government website for 'security'