←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 7 comments | 26 Jul 22 03:46 UTC | HN request time: 0.001s | source | bottom
Show context
Gh0stRAT ◴[26 Jul 22 06:26 UTC] No.32235028[source]
I'm completely missing how his example of a Word document that can only be opened by approved users on approved hardware within the corporation is supposed to be a bad thing.

Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.

Can someone please explain to me how the author might see this level of security as a bad thing?

replies(18): >>32235120 #>>32235149 #>>32235164 #>>32235474 #>>32235546 #>>32235795 #>>32235875 #>>32236359 #>>32236639 #>>32236668 #>>32236673 #>>32236797 #>>32236864 #>>32237450 #>>32237580 #>>32238544 #>>32238583 #>>32240740 #
BiteCode_dev ◴[26 Jul 22 06:45 UTC] No.32235149[source]
The capacity for abuse is huge, way beyong the potential benefits.

From the USA, we get news of banned book in some states. When I read that, my head goes back to my european history, and I reach the Godwin point very quickly.

Those kind of people will abuse such system to prevent things to be shared.

It will be used for putting DRM on everything and create a more and more closed web.

It will be used by corporations and govs to prevent wisthleblowers and journalists to do their job. Or to prevent employees to get evidences of mistreatments in case they need to sue.

Because if you look at it, it's basically just a system for information control. And bad actors love that.

And of course it will be "for security reasons".

Trusting people with a terrible track record to not abuse a massive power in the future, espacially one that can be scaled up with the push of a button once the infrastructure is in place, is not a good bet.

replies(5): >>32235233 #>>32235313 #>>32235723 #>>32236892 #>>32238508 #
aaronbrethorst ◴[26 Jul 22 07:00 UTC] No.32235233[source]
Ron DeSantis doesn't need hardware-level DRM to ban math books.

https://www.baynews9.com/fl/tampa/news/2022/05/06/florida-ba...

If you're worried about book bannings in states like Florida, DeSantis is up for reelection in just over 3 months. Go volunteer or donate money to his opponent (probably Charlie Crist).

replies(8): >>32235258 #>>32235289 #>>32235549 #>>32235569 #>>32235954 #>>32236716 #>>32237832 #>>32238416 #
1. sascha_sl ◴[26 Jul 22 07:08 UTC] No.32235289[source]
Technologists often have such tunnel vision that limits their concerns to tyranny driven by technology when there's plenty of low tech attacks on open society all the time.

It reminds me of the good old "my password takes 2 billion years to crack, but my kneecaps only take a few seconds" metaphor about people in tech forgetting that physical coercion is, in fact, a possible attack vector for your IT security.

replies(4): >>32235302 #>>32235516 #>>32235865 #>>32236917 #
2. aaronbrethorst ◴[26 Jul 22 07:11 UTC] No.32235302[source]
Indeed, the XKCD $5 wrench attack vector. https://xkcd.com/538/
3. gitanovic ◴[26 Jul 22 07:50 UTC] No.32235516[source]
While this is true for a few people, applying coercion on a mass scale using the kind of tech described in the article makes it much more convenient... so IMO the argument still holds
4. BiteCode_dev ◴[26 Jul 22 08:50 UTC] No.32235865[source]
This is not an Xor proposition.

It's like saying "don't worry about gun control because car accidents kill way more people right now".

replies(1): >>32236778 #
5. sascha_sl ◴[26 Jul 22 11:16 UTC] No.32236778[source]
But I never said it's not a problem. I said the priorities are wrong.

Establishing technical means to do something (limiting access to files via DRM) is not as urgent as actually doing it (Florida carting books out of school libraries). And technology is not a monolith. Pluton specifically is far from being a universal requirement on Windows, and the entire PC platform is open enough to support alternatives for a very long time. It's possibly worrying (though it looks like Microsoft's intention is confidentiality management in enterprises for now), but far from "turnkey tyranny".

6. Frost1x ◴[26 Jul 22 11:36 UTC] No.32236917[source]
The low tech attacks often have low tech workarounds. DeSantis may "ban" a math book but there's nothing stopping a Florida resident from buying it and giving it to a child. There's plenty of other marketplaces and similar publishers I can pull from.

When computing is controlled at a hardware level, you have far fewer competitors and market places. Working around things can be significantly more difficult and you may be stuck with scrapping up old less capable tech trying to do something you should have better options for. This is the reason technologists fear technology control, not so much because of tunnel vision but because the general population can't work around it, even experts may not be able to work around such protections. Low tech always has easy work arounds--the option exists even if you may fear the consequences.

replies(1): >>32240943 #
7. sascha_sl ◴[26 Jul 22 17:05 UTC] No.32240943[source]
I very much disagree.

Any such bans will always take the path of least resistance to cover the largest possible population with the easiest means. Pareto Style. And I care much more about those 80% of people having access over maintaining my own. Because ultimately, those people will set cultural standards of the future, not some technologist with their fully libre laptop.

And those attacks are, as of now, not that sophisticated or blatantly censoring. An overwhelming majority already do their computing on locked down devices (running iOS, Android and ChromeOS) and the big censorship wave hasn't hit them. Every half decade or so Amazon removes a book from Kindle as a side effect of capitalism and copyright and there's a huge HN thread mistaking it for deliberate censorship, but overall it really doesn't matter.

Also, let's be completely clear that DeSantis didn't ban math books. This was an attack on ideologically inconvenient books, mostly queer literature. It's part of the push to label us as "groomers" for merely existing around underage people that has caused a spike in violence and mistrust directed towards trans people. Once our rights are sufficiently eroded, they'll go after the gays again, and after that, maybe, we'll have progressed on the fascist cataclysmic us versus them rhetoric to revive blatant antisemitism. Or racism. Who knows. But safeguarding the high end bit of tech that is not even mainstream anymore wouldn't help society out of this and being concerned for it is a very individualistic choice.