On one side, we'll have a "clean", authority-sanctioned "corpweb", where everyone is ID'ed to the wazoo; on the other, a more casual "greynet" galaxy of porn and decentralized communities will likely emerge, once all tinkerers get pushed out of corpnet. It could be an interesting opportunity to reboot a few long-lost dreams.
Probably already written by someone, but it fits, I guess.
As cool as 90's cyberpunk dreams are, to me they always seem to ignore the physical reality that your connection to "the net" always has to go through the chokepoint of an ISP, and that this ultimately is an indissoluble barrier on just how anti-establishment the internet can ultimately be.
“Finally I can put all my skills to the test, which people have been teasing me about for so long.”
In both cases, this attitude has the problem that they ignore the vast majority of people who would suffer under the new order. Very few people would find their way out of the corporate walled gardens and into the free information superhighway.
I also kind of want it in the public-cloud-meets-private-use home environment (that is, my Cloudflare Access tunnels and MS365 business tenant I use for private stuff).
I don’t want it to touch my personal browsing experience or in any way involved in my personal-use browser environments.
These are effectively opposed desires at this point, and it’s a cat-out-of-the-bag technology.
These open devices would be running slow hot CPUs compared to the newer faster chips that the non-open devices would be running.
Veering offtopic a little, but your comment reminded me, hilariously, that after Stay-At-Home was mandated, my older, "prepper" friends and acquaintances were generally the first to crack and start complaining on Facebook about unfair it was that they were expected to just stay home in their bunkers and not go to bars and shop for their khakis. So much for the rugged self-reliance they loved to crow about!
I can imagine the Internet Anarchists behaving the same way. They'll be, in reality, the first to sign up for the AmazoGoogoMetaAppleInternet so they can keep posting to Social Media and doing their online shopping.
I can also imagine an IPv7 with ephemeral addresses based on private keys (like on yggdrasil), and a way for the browser to remember keys if wanted by the user. Authenticate sessions with the "IP address".
Popped-collar-lacoste-polo madras-shorts-wearing dudes whose only survival skills are knot-tying, trying to get by in the apocalypse. LOL.
You say it can't happen again, but IMHO that's not true.
Attestation does a reasonably well job at that, as you now need a kernel or bootloader exploit.
IMHO, there won't be a split like this if attestation or similar proposals come to pass. Simply put the number of problems that come with anonymous users dwarf whatever legitimate benefits that anonymity provides. Everyone will build sites using it because of the problems they solve. And they will ignore the segment that refuses to use them because that segment will be small and a significant chunk of them will use that anonymity to do bad things you don't want on your site.
Besides, it's not about being excited as much as trying to find silver linings in a rapidly deteriorating environment.
I can certainly sympathize, but I think the best path forward for any anarchist would be to fight the attestation initiatives fiercely, rather than to resign and say “maybe we could have a good web again if we start over fresh”.
That aside, I’m not sure what you are saying with that comment about myself. I don’t think it serves the discussion.
It doesn't really take over because so far we are pretty much free to do what we want from our ISP connection. Some countries impose dns censorship but appart from the few dictatures that run their great firewall, it is light censorships as they let people query the DNS server they want.
For anyone reading this, look for the π symbol and CTRL click onto it.
On desktop? Nope, which is the point. Placing a piece of malware is easy without a kernel exploit. On standard Linux distributions that do not use dm-verity and friends, local root is enough - modify the kernel image or initrd in /boot, and you can do whatever you want with very few ways for a system administrator to detect it upon the next boot. The challenge more is getting local root in the first place, especially as a lot of systems now use selinux or at least have daemons drop privileges.
Windows is a bit harder since Windows refuses to load unsigned drivers since the Win7 x64 days (x86 IIRC didn't mandate the checks), but that's not as much of a hurdle as most think - just look at the boatload of cases where someone managed to steal (or acquire legitimately) a signing certificate to ship malware. Getting local root here is probably the easiest of all three OSes IMO, given the absurd amount of update helpers and other bloatware that got caught allowing privilege escalation regularly.
The hardest IMO/E is macOS, where you have to manually boot to recovery to deactivate SIP and they've been phasing out kexts pretty much already, and you get a crapton of very strong warnings if you mess around with them - you have to manually load them.
With attestation and code-signing done right, it's all but impossible to get your code running in kernel space on Linux and macOS without a kernel exploit, the achilles heel will always be who gets signing certificates that allow loading a module.
The entire internet is "corpnet." For this fantasy freezone to happen, actual alternative physical networks would have to be built, the parts that those networks require will have to be sold to consumers without the hardware being locked down or nerfed, and if authorities do not approve of these networks, they'll have to be invisible.
I don't see a technical answer to that. Sneakernets maybe, but dogs can smell hard drives. Certainly not anything wireless, unless there's some sort of geometric arrangement or algorithm that allows them to hide their locations in other signals.
I'm of the clearly minority opinion that the people who run totalitarian governments are neither stupid nor weak. I also believe that the fantasy that there's always going to be an answer (that always looks like teen hackers dressed up like 90s punks in a Gibson Blade Runner urbanscape theme park) is a drug that allows people to take our real situation less seriously.
I'd say this is an unfounded assumption. Given a choice of two massive changes that I could snap my fingers and will into existence:
1. Grassroots community and individual-run mesh networks of individual dwellings, not controlled by corporate entities, running IP/DNS/HTTPS and other naive protocols already in widespread use.
2. The same corporate-controlled physical Internet we have right now, but with widespread use of protocols that allow for decentralized permissionless identities (nyms), independent of the centrally-adminstered IP/DNS namespaces. Most traffic going to individually-run VPSs or consumer connections.
I would choose #2 in a heartbeat. The only reason I would see that we might need #1 is because #2 failed to gain a critical mass before the ISPs clamped down on non-corporate-endpoint traffic while it still only affects a minority of users. It's also not clear how the networks in #1 wouldn't just borg back up into corporate Ma Dell, or at the very least succumb to government regulation (each a different avenue for authoritarianism).
As opposed to the masses of people exploring sites other than Facebook, Instagram, Twitter, TikTok, and Reddit? We're already there.
Most people are not even willing to pay a few cents extra for a banana that didn’t cause cancer on plantation workers.
The fundamental problem with current remote attestation schemes is the corporate-owned attestation key baked in at the factory [0]. This allows the manufacturer to create a known class of attestation keys that correspond to their physical devices, which is what prevents a user from just generating mock attestations when needed.
If manufacturers were prohibited from creating these privileged keys [1], then the uniform-corporate-control attestation fears would mostly vanish, while your use cases would remain.
A business looking to secure employee devices could record the attestation key of each laptop in their fleet. Cloud host auditors could do the same thing to all their hardware. Whereas arbitrary banks couldn't demand that your hardware betray what software you're running, since they'd have no way of tying the attestation key to a known instance of hardware.
(The intuition here is similar to secure boot, and what is required for good user-empowering secure boot versus evil corporate-empowering secure boot. Because they're roughly duals.)
[0] actually it's something like a chained corporate signing key that signs any attestation key generated on the hardware, but same effect.
[1] or if the user could import/export any on-chip attestation keys via a suitable maintenance mode. Exporting would need a significant delay of sitting in maintenance mode to protect against evil maid attacks and the like.
If we expect consumers to choose the open, anarchist, Internet over the corporate clean Internet, then we expect too much of them.
More likely is a bifurcation of the internet between West and BRICS, which is already partially in place
The goal of remote attestation is only to be able to prove to a third party that your device is "secured", which does not benefit the user in any way other than awkward/indirect stuff like where in the Google proposal they argue that users have a "need" to prove to a website that they saw an ad (to get free content).
wym?
Absolutely. Smarter people than me have predicted it at various points over the last 30 years, and it has yet come to fully pass. We are seeing pieces coming slowly together, though.
> More likely is a bifurcation of the internet between West and BRICS
You are using BRICS very liberally here - I don't think Brazil is particularly internet-hostile, and South Africans have more important issues to think about.
Is there a movement towards a more balcanized network? Absolutely - most European countries now have individual DNS blacklists (the UK one is basically at full discretion of an opaque paralegal entity that answers to no-one); Turkey, Iran, and every other Middle-Eastern or South-Asian country (including Israel, India, Pakistan) can and do shut down their networks whenever they see fit; China have had their Great Firewall since Day 1; and Russia, well, they do what Putin likes to do on any given day.
None of that is particularly new though, it's just the usual autocratic crap. Corpweb will be much more cyberpunk.
Not true anymore.
If I’m Apple, or Google, or Samsung, then I have a genuine interest in device attestation in my own ecosystem for various good reasons. Apple makes extensive use of this capability in servicing, for example. That makes sense to me.
That’s what I mean by a cat-out-of-the-bag technology. Threat actors, counterfeits, and exploits being what they are in this era, it’s almost an inevitability that these capabilities become a sort of generalized device hygiene check. Device manufacturers don’t have to provide these APIs of course, or allow the use of their device attestation mechanisms, but they’d be pressured to by industry anyway. And then we would have something else.
I do like your idea of having the platform bring keys to the table and requiring some kind of admin privileged action to make them useful. But I wonder if we had started that way with web attestation, would it inevitably turn into this anyway?
The other way around is not so simple, because of the IDs etc.
Hence the anarchists lose.
So no, I do not buy the argument that we should just let manufacturers implement increasingly invasive privileged backdoors into the hardware they make, as if its inevitable. With the mass production economics of electronics manufacturing, the end result of that road can only be extreme centralization, where a handful of companies outright control effectively all computing devices. If we want to live in a free society, this must not be allowed to happen!
> But I wonder if we had started that way with web attestation, would it inevitably turn into this anyway?
The main threat with web attestation is that a significant number of devices/customers/visitors are presumed to have the capability, so a company can assert that all users must have this capability, forgoing only a small amount of business (similar how they've done with snake oil 2FA and VOIP phone numbers, CAPTCHAs for browsing from less-trackable IPs, etc). So creating some friction such that most devices don't by default come with the capability to betray their users would likely be enough to prevent the dynamic from taking off.
But ultimately, the point of being able to export attestation keys from a device is so that the owner of a device can always choose to forgo hardware attestation and perform mock attestations in their place, regardless of having been coerced into enrolling their device into an attestation scheme.
Either you build a massive database of "known good" combinations of hardware, OS, kernel modules versions and corresponding TPM checksums, or you leave that job to a third party - and that is what remote attestation is at its core. Apple has it the easiest there, they control everything in the entire path, while Google has to deal with a myriad of device manufacturers.
Note I massively dislike the path that more and more applications take to restrict user freedom, but I do see why corporations find it appealing.
As someone who intentionally has removed myself from social media, it's been a win. The same goes for a lot of online services.
There is a cost side to this, it's not a free ride, but the scale problem reduces the cost. My crappy $200 hosting box scales to hundreds of users.
What is the replacement? Mesh wifi? Guerilla fiber deployments? Or just a bunch of VPN tunnel brokers trying to evade blocklists on the corp-approved ISPs you have to keep using in place of POTS?
Running an adblocker? Sorry. Using a non-Chromium based browser? Nuh-uh. Running an old machine with no TPM? Sucks to be you. Running a Linux distribution? Tough luck.
Sure, you can have fun with your free decentralized web. But at the end of the day even tinkerers have to log into their gov website to pay their taxes.
This is the same way that SafetyNet killed alternative ROMs on Android.
You can make devices around being unbreachable and self-attesting. Go build a SBC and sink in a block of epoxy.
But they also want the appeal of the open, hackable world-- cheap kit that's advancing quickly, commodity technology and infrastructure.
I am actually sort of disappointed we never ended up with a world of special-purpose sealed devices-- put a proper payment terminal on everyone's desk instead of trusting nobody slapped a keylogger into your browser while you're typing card numbers, for example.
Their revealed preference is that they don’t want a free information superhighway.
>viable Windows alternative
Coffee just shot across my desk reading this. You are too deep in a bubble to realize that to 99.7% of people desktop Linux is an "obscure hobby OS", on the off chance they even know what it is.
You're talking about the popularity of Linux as an alternative, I'm talking about its viability. It's viable because it runs web browsers just as well as Windows and that's all the average user cares about.
Regardless, the point is that any alternative, Linux or not, will be dead in the water once WEI rolls out. Doesn't matter how good your OS is, if it can't access the mainstream web it will die in obscurity. The same way that Windows on phones died because it couldn't get all the useful apps.