> Imagine you want to watch your favorite show on Netflix in 4k, but your hardware trust factor is low? Too bad you’ll have to settle for the 720p stream. Untrusted devices could be watching in an instance of Linux KVM, and we can’t risk your pirating tools running in the background!
Oh no, video platforms don't want me pirating their stuff. Video game companies don't want me to cheat with aimbots and wallhacks. And all it needs is "has this user tampered with the OS to the point that I can't figure out if they've tampered with my process". This is 1984 at long last.
No one is arguing against all form of verification of trust, hell even fully open public domain content would benefit from simple verification, what people are (rightfully) angry over is the fact that:
A: It's not open for anyone to audit/modify
B: It's a forced dictation upon the customer, not the bad guy.
In essence in the name of "trust" don't trust the customer, even though customers would gladly see individual implementations such as anti-cheat be implemented.
I admit that's the weakest article out of the ones I posted but still makes still makes a few good points defusing commonly repeated sentences like "I can just patch out the bad stuff" like we all read during the W11 announcement.
I think it's the point that trusted computing is optional. If you don't want to provide that trust by running W11 with the appropriate chain of cryptographic assurances, you're not going to be able to experience services and products that require it - why should Netflix give you a full 4k stream when you've chosen to disable the widevine extension in your browser? They can't tell their media provider "we try our best to prevent piracy" if they do that. The same goes for things like Valorant and the inevitable age where online games require TPM attestation - if someone runs their computer in an untrusted state that makes it nigh impossible for the anti-cheat to figure out they're running aimbot/wallhacks (or other cheats that do best by reading the process's memory), why should they let that computer play, when it could ruin the experience for other players?
> I think it's the point that trusted computing is optional. If you don't want to provide that trust by running W11 with the appropriate chain of cryptographic assurances, you're not going to be able to experience services and products that require it
So, it's important that it's optional, so everybody will do their best to make it mandatory.
> why should Netflix give you a full 4k stream when you've chosen to disable the widevine extension in your browser? They can't tell their media provider "we try our best to prevent piracy" if they do that. The same goes for things like Valorant and the inevitable age where online games require TPM attestation - if someone runs their computer in an untrusted state that makes it nigh impossible for the anti-cheat to figure out they're running aimbot/wallhacks (or other cheats that do best by reading the process's memory), why should they let that computer play, when it could ruin the experience for other players?
Ah yes, of course; just like, in the name of preventing anything that they possibly could, it's totally reasonable for them to demand that you leave your webcam on and stream a screen share and the webcam to their servers at all times, since that will make it extremely difficult to cheat. Privacy and security concerns are irrelevant, since after all they have to do their very best possible job, right?
> it's totally reasonable for them to demand that you leave your webcam on and stream a screen share and the webcam to their servers at all times, since that will make it extremely difficult to cheat.
This is already how tests for school (including higher education) have been done, especially since the pandemic started[0]. In most situations, like playing a game, you can choose to play a different game (perhaps one not tied to being internet connected), but with higher education it's effectively forced on you to get a degree.
"I think it's the point that trusted computing is optional"
It is optional the way the Internet is optional; in theory you can live without it but no longer practical. If companies keep pushing these systems, eventually they will become a requirement all over the place. Microsoft's track record with UEFI bootloader restrictions makes it pretty clear what that future looks like: cheap devices used by the masses will be more heavily restricted, while those who can shell out 3-4x the money can get a computer that at least allows them to run whatever software they want to run.
"why should Netflix give you a full 4k stream when you've chosen to disable the widevine extension in your browser?"
Why should Netflix dictate what hardware and operating system I get to run? A basic design principle of the Web, which Netflix relies on to avoid having to provision set-top boxes for their customers, is that anyone can implement a client without first seeking permission. In an ideal world Netflix would have to respect the basic design principles of the Web and of the Internet in order to benefit from those systems, but we obviously do not live in an ideal world.
The largest companies in tech and media are trying to rewrite the rules of the consumer markets they do business in for their own benefit. For the entertainment companies DRM is a convenient way to avoid copyright laws (i.e. the part where copyrights expire and where fair use is a defense against infringement claims), and for tech companies DRM is a strategic play that allows them to control the devices they sell to users and monetize that control by selling DRM features to media companies. The legal and financial structures in place today encourage this behavior, and the concentration of power and lack of effective competition are making it possible.
This is a balance of power issue, and corporations will always try to shift more power to themselves when the technology to enable that is available.
I don't want Netflix to have the ability to verify the software I'm running before it gives me the stream I paid for. None of the things they could do with that power, such as forcing me to watch ads before the stream I've already paid for, or charging me different prices based on the kind of device I'm using benefit me.
We as technologists should be wary of technologies that further shift the balance of power away from users.
> This is a balance of power issue, and corporations will always try to shift more power to themselves when the technology to enable that is available.
Exactly, This is why I said below that this is a political issue. The question is whether the politics will see big tech as a threat and restrict them or as a potential ally and merge with their power.
You are right, Netflix and Valorant can choose to require this and the world will go on as before. However this tech has the potential to put you at the mercy of a handful digital lords that may or may not let you access your bank's(If they decide to enforce attestation, just like on phones) website or just participate on the internet if you piss them off.
I certainly wouldn't want to live in a world where this is a possibility.
> why should Netflix give you a full 4k stream when you've chosen to disable the widevine extension in your browser?
... beause we are a paying customer, want stuff in standard formats instead of proprietary ephemeral garbage, and we can just torrent it in 3 minutes? ...
So we're presumed guilty of stealing and cheating unless we can prove to The Company that our computers are obedient consumers. And if our own computer makes a mistake and testifies against us, it's our word against a black box.
- This (whatever it is) will lead to vendor lock in and more incompatibilities as usual
- It will cause privacy problems, despite little hip kids pretending that caring about privacy is not cool, then again video cards are already full of privacy problems, and just connecting to an online game uniquely identifies you. These are not the end of the world but they are a misfeature.
- It will cause security problems. Every time someone implements some trash like this that mentions it "has security" in an abstract content-free marketing description, it causes vulns. Cloudflare leaking bank passwords to other websites and the RCE in Intel ME come to mind
- This is the 1000th time an OS/hardware vendor has proposed a "security" gimmick that we are all forced to put up with because of mindless consumers. The previous 999 things have failed to even remotely achieve their goal.
- Whatever it is does not conceptually solve game cheating; the multiplayer design meta is broken and in flux for the last 30 years. Right now anyone can make their own client for a game. Is this allowed? Oh no it renders shadows with a different set of pixels, what will we do? Oh wait, so do video cards probably (not into 3D so no idea).
> Oh no, video platforms don't want me pirating their stuff.
Video piracy is literally impossible to prevent, why even bring that up.
> > Imagine you want to watch your favorite show on Netflix in 4k, but your hardware trust factor is low? Too bad you’ll have to settle for the 720p stream. Untrusted devices could be watching in an instance of Linux KVM, and we can’t risk your pirating tools running in the background!
Well, viewers will have their 4k shows one way or the other, so it's not the strongest of arguments. This system deals better with cheaters, that's for sure, but even then, I'd like this trust to work both ways: if the software doesn't trust my computer, that's fine, I could give control, but then my files, network shares etc should be locked away from that software too. In fact this is what I'm currently doing by dual-booting, and separating my Windows network into a separate vlan. It's fine for games to not trust my gaming system, but then I'm not trusting it either with my private stuff.
> Imagine you want to watch your favorite show on Netflix in 4k, but your hardware trust factor is low? Too bad you’ll have to settle for the 720p stream. Untrusted devices could be watching in an instance of Linux KVM, and we can’t risk your pirating tools running in the background!
Oh no, video platforms don't want me pirating their stuff. Video game companies don't want me to cheat with aimbots and wallhacks. And all it needs is "has this user tampered with the OS to the point that I can't figure out if they've tampered with my process". This is 1984 at long last.