←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 1 comments | 26 Jul 22 03:46 UTC | HN request time: 0.2s | source
Show context
Gh0stRAT ◴[26 Jul 22 06:26 UTC] No.32235028[source]
I'm completely missing how his example of a Word document that can only be opened by approved users on approved hardware within the corporation is supposed to be a bad thing.

Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.

Can someone please explain to me how the author might see this level of security as a bad thing?

replies(18): >>32235120 #>>32235149 #>>32235164 #>>32235474 #>>32235546 #>>32235795 #>>32235875 #>>32236359 #>>32236639 #>>32236668 #>>32236673 #>>32236797 #>>32236864 #>>32237450 #>>32237580 #>>32238544 #>>32238583 #>>32240740 #
ftyhbhyjnjk ◴[26 Jul 22 06:39 UTC] No.32235120[source]
What you can install on YOUR pc will be at the sole mercy of microsoft/or maybe someone else.... That's the cusp of it. Not that it can be used for good, but that it sets the way for heavy misuse by large corporations.

Wait a few years. Smaller companies won't even be allowed to order high end cpu's. You'll be at 100% mercy of these corporations.

If after 2 years they decide to brick your pc, they'll just do it. You think government will help you out here? Lol...

replies(4): >>32235226 #>>32235674 #>>32236926 #>>32240490 #
eertvertvbw ◴[26 Jul 22 06:59 UTC] No.32235226[source]
still waiting on the secure boot lockdown everyone has insisted is coming for the better part of two decades...
replies(9): >>32235552 #>>32235677 #>>32235684 #>>32235688 #>>32235827 #>>32236857 #>>32236915 #>>32237116 #>>32239001 #
alex7734 ◴[26 Jul 22 14:44 UTC] No.32239001[source]
The goal is not to prevent you from running Linux, is to make it so that Linux cannot access the content you are interested in.

Remote Attestation establishes a root of trust that can be used to verify that all of the software down the line is "approved":

- You won't be able to browse sites or use apps with ads unless you run a 'trusted' device, OS and browser that does not block ads.

- You won't be able to browse sites with captchas unless you run a 'trusted' device, OS and browser that does not allow bots to interact with the browser.

- You won't be able to run Netflix unless you run a 'trusted' device, OS and browser so that you can't record the content.

- You won't be able to play online games unless, again, you run a 'trusted' device and OS so that you cannot cheat, or more importantly modify it in any way (why would you purchase skins if you can mod them in?).

- You won't be able to use online banking unless you use a trusted OS because banks.

Remote Attestation is pretty terrifying and it will be here soon unless it is regulated out of existence, which is unlikely.

replies(2): >>32240134 #>>32242248 #
tester756 ◴[26 Jul 22 18:45 UTC] No.32242248[source]
>- You won't be able to browse sites

How would that work?

HTTP is just HTTP

replies(2): >>32242698 #>>32252728 #
1. bilkow ◴[26 Jul 22 19:19 UTC] No.32242698[source]
Sites could require remote attestation via a new API just like some sites (Netflix, etc) require DRM to play content.