(no title)
dane-pgp | 3 years ago
But you'd need the attested device to run the proxy server software, which would obviously not be allowed in the app store, and would be blocked by the gatekeeper daemon or the OS-level firewall. Well, proxy software would be allowed, but it would have to perform its own attestation checks on the devices it proxies for.
> Not to mentioned the billion of internet enabled devices that would never support it
The billion internet enabled devices would be allowed onto a special "safe" segment of the internet, which companies could apply to add their static IPs to. So your internet connected fridge could still phone home, but the manufacturer would take liability for any data that a rooted fridge managed to send out to the internet.
There might still be millions of old devices that don't support TPMs and don't have manufacturers willing to apply to have their IPs whitelisted, but the government will say that kicking these insecure unpatched devices off their internet would be a huge win for cybersecurity. Making people buy a whole load of new devices would probably also give a temporary boost to the economy too.
flangola7|3 years ago
An attacker with physical access and unbounded time cannot be defeated.
dane-pgp|3 years ago
Applying DRM to kernels and applications rather than to media files is completely different. If someone wants to have an E2E encrypted conversation, not only do they have to have jailbroken their own device by extracting the secret keys from inside its processor (using an electron microscope, perhaps) but their conversation partner has to have done the same to their own device.
Even if a few brave and well-resourced journalists/lawyers/activists managed to do this among themselves, they would quickly be exposed by traffic analysis, allowing the government to simultaneously arrest all of them and use their devices as evidence.