The Dangers of Microsoft Pluton

I'm completely missing how his example of a Word document that can only be opened by approved users on approved hardware within the corporation is supposed to be a bad thing.

Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.

Can someone please explain to me how the author might see this level of security as a bad thing?

What you can install on YOUR pc will be at the sole mercy of microsoft/or maybe someone else.... That's the cusp of it. Not that it can be used for good, but that it sets the way for heavy misuse by large corporations.

Wait a few years. Smaller companies won't even be allowed to order high end cpu's. You'll be at 100% mercy of these corporations.

If after 2 years they decide to brick your pc, they'll just do it. You think government will help you out here? Lol...

still waiting on the secure boot lockdown everyone has insisted is coming for the better part of two decades...

The goal is not to prevent you from running Linux, is to make it so that Linux cannot access the content you are interested in.

Remote Attestation establishes a root of trust that can be used to verify that all of the software down the line is "approved":

- You won't be able to browse sites or use apps with ads unless you run a 'trusted' device, OS and browser that does not block ads.

- You won't be able to browse sites with captchas unless you run a 'trusted' device, OS and browser that does not allow bots to interact with the browser.

- You won't be able to run Netflix unless you run a 'trusted' device, OS and browser so that you can't record the content.

- You won't be able to play online games unless, again, you run a 'trusted' device and OS so that you cannot cheat, or more importantly modify it in any way (why would you purchase skins if you can mod them in?).

- You won't be able to use online banking unless you use a trusted OS because banks.

Remote Attestation is pretty terrifying and it will be here soon unless it is regulated out of existence, which is unlikely.

As someone who enjoys hacking, looking at that list sounds terrible.

As a regular user, most of that list doesn't sound too bad. Their future devices will automatically have these features enabled, they're not likely to change those settings to "break" their device (from the perspective of Trusted Computing) so they'll have a smooth experience getting into it.

- Can't block ads? A lot of average users already don't/don't know how, but this one would probably would affect a lot of people. Probably a bad thing no matter how you slice it.

- They'll have a better experience online as they won't be interrupted with captchas. Wouldn't you prefer if you never experienced captchas and logins were smoother and easier? So a wash to a positive for an average user.

- This makes it an easier deal for streaming services to let you cache their DRM'd content offline and makes the deals they have to cut with media companies potentially cheaper. Once again they're probably buying off the shelf computing devices which will probably work seamlessly with these restrictions, so they either won't notice anything or potentially get more features than they have now with those services they're already using. I'm not necessarily a fan of DRM but the market has largely spoken, people prefer streaming rather than actually owning the media.

- Fewer cheaters in online games sure sounds like a positive to me.

- My bank account online is more secure? This is a bad thing?

This is all just giving away control to corporations. Freedom is about having the option, not using it. Even if most "regular users" never use it, if they ever change their mind they'll surely appreciate having it. It also affects the ability to develop new hardware, and being locked to hardware/software approved by the remote side (e.g. Facebook or whichever app/site you're using) is a pretty Dystopian reality.

> My bank account online is more secure?

Sincerely, why? Because I can't customize my own software anymore? Fortunately banks around here don't require SafetyNet, some of them do require a mobile device though.

If all clients interfacing with the bank's API are required to prove they're locked down devices running proven official clients it reduces the potential attack surface. Lowering the attack surface increases the security.

If the market really cared about being able to run whatever software you wanted, nobody would be buying iPhones. Fire TV sticks and Rokus wouldn't move any products. Playstations, Xboxes, and Nintendo Switches would be crushed under the massive marketshare of Mister devices and Steam PCs. One quick look at reality shows this isn't the case.

I think you're massively overestimating the market size of people who actually care.

Note that I'm not making any moral argument here, I'm not saying whether these things are good or bad. Personally as someone who likes to tinker and has been bitten several times by DRM and the likes, I'm not too much of a fan. As someone who has to try and ensure compliance on devices, its a godsend. But at the same time I know lots of people who buy Xboxes and Playstations because there's less cheating that happen on that platform. I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.

I don't like having to lock my bike, its a huge pain. But at the same time there's tons of people here arguing locks shouldn't exist. Trusted computing, in the right context, is a good thing. Being able to lock your door is good! Being able to assure your device is what you say it is is good! I definitely agree there are potential dystopian futures with this technology, but that's true of any truly revolutionary technology. Wheels move carts of grain and help tanks roll. Being able to break dinitrogen into more usable sources gives us cheap fertilizer and explosives.

> I think you're massively overestimating the market size of people who actually care. Note that I'm not making any moral argument here, I'm not saying whether these things are good or bad.

I think we're just discussing different things here then. I'm specifically talking about whether this is good or bad for the future of society. Most people buy whatever is most convenient at the time, which is fair and everyone has done this at some point, but it may or may not the best for society.

> I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.

It may be a bubble, but of all the iPhone users I know, I don't think any of them has bought it for that reason. Most here buy them for either being simpler to use, lasting longer, or status. Of all the Android users I know, I don't know any that has knowingly got any kind of malware, and that includes people with very old phones.