←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 1 comments | | HN request time: 0s | source
Show context
userbinator ◴[] No.32234457[source]
What is to prevent school WiFi from one day requiring a Pluton assertion that your Windows PC hasn’t been tampered with before you can join the network?

Remote attestation is the true enemy of your freedom. The power of the authoritarian corporatocracy to force you to use only the (entire) systems they control. It's worth reading https://www.gnu.org/philosophy/right-to-read.en.html again just to see how prescient Stallman was.

replies(12): >>32234704 #>>32235241 #>>32236203 #>>32236379 #>>32236408 #>>32237069 #>>32237245 #>>32238451 #>>32239672 #>>32239680 #>>32239999 #>>32240046 #
aplanas ◴[] No.32235241[source]
Windows security models and policies are the enemy, not remote attestation (RA).

RA is a technology that has its fair use, and can be desired for other systems, like in Linux. With a pure RA system your services can decide to trust or not those devices on your network that can be compromised, and report to other devices that there is something suspicious.

As anything, this can be used properly to increase the security of your edge architecture, or wrongly to limit the users actions.

Let me put another example. With RA I should be able to authorize validated systems in my R&D VPN. If you are using your own laptop with the company certificate, and the verifier tag the systems as "unknown" or "unhealthy", it will not allow the access to the internal network, but sure you can still use your laptop for anything else. This, IMHO, is a fair use of this technology.

replies(2): >>32235470 #>>32235515 #
fulafel ◴[] No.32235515[source]
Yes, lots of Linux devices apply it like that today: You can't use your banking app or consume DRM crippled media on your Android phone if you have root or run a open source Android distribution.
replies(1): >>32235557 #
Aeolun ◴[] No.32235557[source]
> if you have root

Because god forbid you have control of your own PC?

replies(6): >>32235581 #>>32235770 #>>32235990 #>>32236047 #>>32236569 #>>32237462 #
newsclues ◴[] No.32236569[source]
For me that’s a problem for the average user? That’s everyone else’s problem that idiots don’t care to control their technology and need big tech to do so with an iron fist
replies(1): >>32237006 #
1. acdha ◴[] No.32237006[source]
Calling the problem is “idiots” is a cognitive trap which prevents you from meaningfully dealing with it. Everyone is at risk from zero-days, almost anyone can be phished (yes, this includes you), many people have no way or time to investigate whether some well-known vendor is misrepresenting their product, and even security experts have to trust other people on a daily basis because they don’t have time to reverse-engineer every software update. Most people who get snide about this are a single malicious package in their favorite programming language away from a big mess!

The best progress we’ve seen in decades came from most people using locked-down phone operating systems, followed by stricter desktop OSes. If you don’t like that trajectory, you should be focused on how to get the benefits with other trade offs. One of the first steps is respecting people enough to understand their needs rather than calling them idiots.