new | ask | show | jobs
digiown 3 hours ago  [ - ]

> right to be different without being refused service

You can check my comment history to see the arguments I have against attestation. That's exactly what I argue. It's not an open source problem, it's a user freedom problem, and this is exactly why corporate interests like "open source", but not "free software". Open source is freedom-agnostic: you can use it to hurt users just fine. The current iterations of remote attestation is especially egregious, because most of it is the government itself or an entity the government forces you to deal with (banks).

In general I believe remote attestation is actually fine, so long as it does not transcend ownership boundaries. A company can use it to ensure its own colo servers aren't tampered with, for example. But an external authority shouldn't be able to exert control over something I own. In particular there should be no expectation that my device is "trustworthy" in any way at all. Anything else ends privacy and freedom as we know it.

altairprime 27 minutes ago  [ - ]

> this will effectively ban all open-source implementations

This is the only point where I differ: it will effectively ban most implementations, with no regard for whether they’re open source, closed source, or private. 1Password could be open-sourced tomorrow and continue being an approved implementation, no sweat, because they can be trusted not to disguise and release “export your passkeys as plaintext at rest” functionality — but in today’s market, there are certainly a thousand implementations (whether source or not) that died on the vine, whose sole purpose would have been to circumvent that one restriction, far more than there are implementations that are willing to genuinely try to uphold it.

Glad someone else is fighting for repurposeability — but there is no universal answer for how to balance privacy, freedom, and security. It’s something people have to decide for themselves, and just as my phone has an “highest security, lower convenience” mode for certain scenarios, so too I wish it had a “no security, total modifiability” mode for other scenarios. (Even if that denied me app store access, and I would demand that it wipe pre-existing passkeys from the HSM when I enabled freedom mode, or else it’s just an uncontrolled attack vector!)