this post was submitted on 29 Jul 2023
757 points (98.8% liked)

Programming

17313 readers
241 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 2 years ago
MODERATORS
 

Attacks and doxing make me personally MORE likely to support stronger safety features in chromium, as such acts increase my suspicion that there is significant intimidation from criminals who are afraid this feature will disrupt their illegal and/or unethical businesses, and I don't give in to criminals or bullies

Kick a puppy
Get attacked for kicking a puppy
"These attacks make me MORE likely to keep kicking puppies, as I don't give in to intimidation from criminals and bullies that want healthy puppies for their nefarious ends."

you are viewing a single comment's thread
view the rest of the comments
[–] drdabbles 3 points 1 year ago

IMO, requiring a TPM for any kind of attestation wouldn't do much because they can be procured in the tens of thousands for not much money at all. Then they use an SPI bus to communicate, so you could basically build a cheap device that only multiplexes dozens, hundreds, or thousands of TPM on a single physical host.

The real sham of this, to me, is that Google's talking nonsense about ensuring the client device is "trustworthy" for whatever their criteria means. But in reality the client needs a real assurance that the site it's visiting isn't malicious, serving malicious content, or otherwise collecting data that could be used for malicious purposes. Google has directly failed two of those three for many years, and one of them is their entire business model. Where is our protection from Google?

Maybe Google should use their clout to work against DRM online, and push back on the insatiable corporate greed of most of the content creation corporations? Especially those busy cutting down trees to prevent striking workers from getting shade?

Adding on to this, what of people in sanctioned nations? Google, as a US entity, is compelled to adhere to US law and to sanction nations that the US deems should be sanctioned. What about activists in those nations? What about targeted populations in those countries? What happens when a minority group is targeted by a hostile government and that government demands logs of device tokens accessing information the government doesn't like? This idea is nonsense on so many levels, and such a 180 degree turn from how the internet has developed over its existence.