No, you can reliably attest public source builds of critical software for the ultimate in transparency. That even includes models running on GPUs. Combine that with blind tokens and you get trusted, anonymous identity verification.
No, you can reliably attest public source builds of critical software for the ultimate in transparency. That even includes models running on GPUs. Combine that with blind tokens and you get trusted, anonymous identity verification.
What you also get is mobile devices that can't run unblessed code, make it impossible to remove legally-mandated spyware or backdoors, as well as websites that you can't use anonymously, even when you have very valid reasons to do so.
You also can’t build a house which violates building or electrical codes, or drive without a license. These are safety and security protocols and the digital realm now has them.
Mobile devices are secure and that’s why they’re not infected with malware, like any Windows machine. This is why Android is the host of 98% of all mobile malware and iPhone is not.
You have the freedom to make your own insecure devices which don’t have any trusted or secure elements. Go for it! Take your GNU and go wild.
That's just it - if remote attestation becomes commonplace, you can't make your own devices. No apps you need to live your life will work, no mainstream websites will let you visit them... Not to mention that once you get to hardware, "just build your own" login simply stops working.
The internet has plent, of security elements. Devices use TLS to communicate, are encrypted by disk encryption, users' messages/calls/data are encrypted with various protocols... This is already in place.
Building codes and such are laws, the government didn't go and change the laws of physics to make it impossible to build something not up to code. They also don't limit the same of materials and tools to only certified builders who they know will respect the code. You can still break the rules to some extent, or even follow them, just without external certification.
Remote attestation and related technologies change the laws of physics - not complying is simply not possible. You can't just make one little change and hope nobody bothers you about it, the system makes the change impossible, or it detects it and "burns the whole house down".
If your house isn't certified because you repaired a light fixture on your own, you can still invite friends over, you can receive mail and packages to it, you can get phone, internet and other utilities. If you want to change the color of the icons on your phone, or if you want to disable the pre-installed spyware, you're cut off from talking to your firends and family, from social networks, reading the news, you can't pay your taxes, can't get a bank account, can't get paid for your work or even apply for a job. That is the reality we're going towards.
The thing that changes isn't that your every action will be followed. That already happens. It's that you are powerless to avoid it. It's a technological lock to keep you obedient. There is no security element to it. We as an industry need to stop pretending like these are security technologies and start talking to more social sciences experts. Before it's too late...