Matthew GarrettPeople will complain that a technology can be used to oppress user freedom while contributing to free software that gets used in literal weapons of war
I do entirely understand the idea that functionality that can be used against users (even if it can also be used to enhance user security) is bad, I just don't understand why people will simultaneously make that argument and support the idea that a software license that says "You may not use this software to murder people" is incompatible with the ideals of free software
DRM is pretty obviously something that inherently removes user freedom without benefit, and decrying it is entirely reasonable. Hardware identity and state attestation *can* be used for DRM, but can also be used for other purposes that improve things for users (like Signal verifying that it's communicating with a genuine enclave before disclosing any sensitive data), and attacking the technology rather than the ways it's used seems short-sighted
Botch Frivarg@mjg59 that does raises the question is it possible to implement attestation in such a way that it can't be used for DRM (or worse surveillance tech), while still keeping it useful for apps like signal? Since if that isn't possible there is an argument to be made that DRM/surveillance tech is such a big treat to our freedoms(not just software!) that the other more user beneficial use cases for attestation aren't worth it. That said I'm pretty sure you have considered this already and have a plan (or at least an idea) on how this could work?
@deetwenty The technology as a whole? Not really, since it's just an application of cryptography - all it's fundamentally saying is that you have a chain of trust back to a private key, and that key can be used to sign specific material. What that material is is an implementation detail, and if someone wants to implement it for evil, they can
@mjg59 Yes which is why if it is possible to make a attestation system/standard that is both privacy preserving and keeps the control of the device (mostly) in the users hand we should be the ones to build that and not let Google/Apple/Palantir decided how such a system should or shouldn't work.
@deetwenty Cool, so let's do that instead of arguing that it's intrinsically evil?
@mjg59 Agreed! (provided it is actually possible to make it both privacy preserving and in the user control of course)
march38@mjg59 @deetwenty when even freedom advocates confuse the abstract crypto and some of its usage, imagine what will happen when they ask technology-illiterate lawmakers to regulate it. The latter would as usual let lobbies guide their hand which would hilariously backfire! Careful what you wish for 🙂