Matthew GarrettPeople will complain that a technology can be used to oppress user freedom while contributing to free software that gets used in literal weapons of war
I do entirely understand the idea that functionality that can be used against users (even if it can also be used to enhance user security) is bad, I just don't understand why people will simultaneously make that argument and support the idea that a software license that says "You may not use this software to murder people" is incompatible with the ideals of free software
DRM is pretty obviously something that inherently removes user freedom without benefit, and decrying it is entirely reasonable. Hardware identity and state attestation *can* be used for DRM, but can also be used for other purposes that improve things for users (like Signal verifying that it's communicating with a genuine enclave before disclosing any sensitive data), and attacking the technology rather than the ways it's used seems short-sighted
jfk@mjg59 I don't know if you are subtooting this, but this threas broadly summarizes my experience:
https://grapheneos.social/@GrapheneOS/116550899908879585
As someone with an infosec background, I am of course highly intrigued by the tech and what it *theoretically* enables. But my experience with big tech so far has been: if a technology is widely deployed and has the potential to strengthen their monopoly, it will be used for that sooner rather than later.
GrapheneOS (@[email protected])
Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too.
@jfkimmes I agree! But this is true of a great deal of technology that we enthusiastically endorse, and in general we argue about the specific use rather than the technology that allows that, and I don't understand why we're fixating on the technology rather than the abusive use of it in this case
@mjg59 The fixation on this topic may come from the fact that there is no turning back on this one once hardware attestation is baked into everone's personal devices.
I see a lot of advantages if I am the attesting party, instead of being the attested party (i.e. your signal use case vs GrapheneOS's Google/Android issue). But again, Google started by letting users attest their own boot chain and is now continuously switching to a Google-only solution.