←back to thread

596 points pimterry | 2 comments | | HN request time: 0s | source
Show context
vessenes ◴[] No.36863209[source]
This feels like such a juicy and divisive area to me. There are an immense number of use cases where we'd like to know we're talking to a 'trusted' hardware and software stack on the web. For many years now, we have just assumed there is little to no trust in the stack, and architected and built accordingly. It adds an amazing amount of complexity and cost, limits features, and makes everything way, way harder than if you could assume a trusted stack.

At the same time, as is being pointed out quite vocally right now, 'trusted' is a very, very difficult concept when large tech monopolies are involved.

On the one hand, it's difficult because there are only a few companies in the world that can field large tech teams that deal with persistent threat actors, and therefore, it would be very nice to be able to trust the security promises made. And, if those promises are trustworthy, they are better promises than any individual can make for their own software and platfoms.

On the other hand, if you're a hacker (in the platonic sense), 'trusted' immediately codes to 'monopoly-backed', along with 'probably back-doored by a local government agency' and we head one more step down the primrose path of control, lack of innovation and finally perhaps a fascistic technology future controlled by a few players.

Ultimately, I think the solution here can only be successful if it involves a trustable, open hardware certification technology that's not registry based, e.g. can create strong local proofs that are independently verifiable. There are a few tech companies I know of working on this on the silicon side, but it's a very difficult problem, and I'm not clear if there's really enough demand to make them viable right now.

I guess I personally come down to leaving this turned on in Safari for now, and seeing what happens over the next year or two.

replies(3): >>36863342 #>>36863609 #>>36865023 #
1. hgsgm ◴[] No.36865023[source]
If you don't want to be part of "State" society, then you communicate peer-to-peer with your friends. You have to choose whether you want the benefits of the State system and if it is worth the cost.
replies(1): >>36873878 #
2. ikekkdcjkfke ◴[] No.36873878[source]
"After nine years, you know what I realize? Ignorance is bliss."