It strikes me that if the FOSS brigade (and I count myself among them) zoomed out a little and focussed on the political scene that causes user freedoms to be infringed - i.e. vested interests of capital, copyright as enforcement of artificial scarcity - they might be more successful than they are by talking about user freedom in the abstract. It would perhaps push the argument outside their own niche and make it relevant to the people they dismiss as the “standard consumers of the world”.
Things like TPMs are a bit unfortunate because they have a lot of good uses. Secure boot is great for ensuring that I don’t have kernel-level malware if I can load my own signing keys. It’s then a building block that can prevent the TPM from disclosing my disk encryption key to anything other than an OS image that I trust and even to prevent it from disclosing my home directory’s encryption key to anything other than an OS image that I trust and that presents a PIN that I know. Combined with trusted I/O paths, it can even be used to prevent my home directory being unlocked unless I use a biometric sensor. For remote use, it can be used to store private key for use by WebAuthn, which can use a derived key based on a TPM secret and the host so that the private key that’s used to sign into site X is completely distinct from the key I use to sign into site Y.
The same technology can also be used to prevent me from playing Netflix streams unless your computer provides a remote attestation that guarantees that it will enforce rights limits that extend well beyond fair use.
If you care about freedom, do not to try to ban the technology. If you do then you’re easy to dismiss because the legitimate uses have huge benefits. The correct strategy is to advocate for laws that limit vigilante action by copyright holders that infringes on the fair use rights and on the doctrine of first sale. I would advocate for laws that consider anything that is protected by DRM to be subject to trade secret law, not to copyright (and DRM is very useful for trade secrets because you want to store them only on devices that your company trusts and has some degree of control over). If you want copyright protections then you have to distribute your work in a way that respects the doctrine of first sale and fair use. If you instead distribute it with DRM then that’s fine, you get trade secret protections and as soon as someone bypasses the DRM your work is in the public domain.
I don’t think the author was advocating for banning TPMs. The thrust of the article seems to be that Windows 11 (and compatible hardware) is more harmful than Windows 10, so it is even more important to avoid it to preserve a market for alternatives. Small changes in market share can have small immediate effects, but building a movement to pass copyright reform is much more difficult.
If we’re dreaming big, I would advocate for a complete overhaul of the copyright system and a ban on DRM.
The problem with this thrust is that, as a user, the majority of the TPM-backed features in Windows 11 are useful to me. Drive encryption with a protected key that has rate-limiting on the unlock attempts from a memorable PIN is useful. Being able to log into a load of web-based things without needing a password is useful. Being protected from boot-sector malware is useful. I’d love to have all of those be baseline features in any computer / OS.
I don’t like DRM (though I’ll note that yesterday I tried to stream Netflix to an AirPlay-enabled display from my 2013 MacBook Pro and it didn’t work, in spite of my Mac not having a TPM or Apple’s equivalent) but using DRM as the argument for not wanting trusted computing is conflating two arguments.
It’s also convenient to use the most popular OS, which will be increasingly pre-installed on new computers. That doesn’t change the argument from the other side. Different people will have different calculations based on how much they value convenience or useful features vs. avoiding the future where PCs are as locked down as a phone or console.
using DRM as the argument for not wanting trusted computing is conflating two arguments.
I don’t think it’s a conflation if investment in trust-us computing increases the reach of DRM.
To paraphrase the article: If you look around the article, shallow technical documentation, and the myriad of buzzwords like “last bastion of digital freedom,” “agenda,” “tyranny,” and “special interests,” you still haven’t received a well-reasoned argument against TPMs.
It has only the slightest veneer of technical justification over an emotional appeal against a very useful and important keystone of system security.
I dug out a windows 10 phone vm for the fun of it and it’s surprising how much stuff works. And then the stuff that doesn’t .
The one thing that got me is that the x86 “emulator” has no TPM module so while the media player can connect to the store and see movie purchases, you can’t actually play any of them.
I suspect like the HDMI cables we use today a lot of this software tyranny we endure is Hollywood, and as the article mentioned we end up all slaves to the Netflix binge crowd.
It strikes me that if the FOSS brigade (and I count myself among them) zoomed out a little and focussed on the political scene that causes user freedoms to be infringed - i.e. vested interests of capital, copyright as enforcement of artificial scarcity - they might be more successful than they are by talking about user freedom in the abstract. It would perhaps push the argument outside their own niche and make it relevant to the people they dismiss as the “standard consumers of the world”.
Completely agreed.
Things like TPMs are a bit unfortunate because they have a lot of good uses. Secure boot is great for ensuring that I don’t have kernel-level malware if I can load my own signing keys. It’s then a building block that can prevent the TPM from disclosing my disk encryption key to anything other than an OS image that I trust and even to prevent it from disclosing my home directory’s encryption key to anything other than an OS image that I trust and that presents a PIN that I know. Combined with trusted I/O paths, it can even be used to prevent my home directory being unlocked unless I use a biometric sensor. For remote use, it can be used to store private key for use by WebAuthn, which can use a derived key based on a TPM secret and the host so that the private key that’s used to sign into site X is completely distinct from the key I use to sign into site Y.
The same technology can also be used to prevent me from playing Netflix streams unless your computer provides a remote attestation that guarantees that it will enforce rights limits that extend well beyond fair use.
If you care about freedom, do not to try to ban the technology. If you do then you’re easy to dismiss because the legitimate uses have huge benefits. The correct strategy is to advocate for laws that limit vigilante action by copyright holders that infringes on the fair use rights and on the doctrine of first sale. I would advocate for laws that consider anything that is protected by DRM to be subject to trade secret law, not to copyright (and DRM is very useful for trade secrets because you want to store them only on devices that your company trusts and has some degree of control over). If you want copyright protections then you have to distribute your work in a way that respects the doctrine of first sale and fair use. If you instead distribute it with DRM then that’s fine, you get trade secret protections and as soon as someone bypasses the DRM your work is in the public domain.
I don’t think the author was advocating for banning TPMs. The thrust of the article seems to be that Windows 11 (and compatible hardware) is more harmful than Windows 10, so it is even more important to avoid it to preserve a market for alternatives. Small changes in market share can have small immediate effects, but building a movement to pass copyright reform is much more difficult.
If we’re dreaming big, I would advocate for a complete overhaul of the copyright system and a ban on DRM.
The problem with this thrust is that, as a user, the majority of the TPM-backed features in Windows 11 are useful to me. Drive encryption with a protected key that has rate-limiting on the unlock attempts from a memorable PIN is useful. Being able to log into a load of web-based things without needing a password is useful. Being protected from boot-sector malware is useful. I’d love to have all of those be baseline features in any computer / OS.
I don’t like DRM (though I’ll note that yesterday I tried to stream Netflix to an AirPlay-enabled display from my 2013 MacBook Pro and it didn’t work, in spite of my Mac not having a TPM or Apple’s equivalent) but using DRM as the argument for not wanting trusted computing is conflating two arguments.
It’s also convenient to use the most popular OS, which will be increasingly pre-installed on new computers. That doesn’t change the argument from the other side. Different people will have different calculations based on how much they value convenience or useful features vs. avoiding the future where PCs are as locked down as a phone or console.
I don’t think it’s a conflation if investment in trust-us computing increases the reach of DRM.
To paraphrase the article: If you look around the article, shallow technical documentation, and the myriad of buzzwords like “last bastion of digital freedom,” “agenda,” “tyranny,” and “special interests,” you still haven’t received a well-reasoned argument against TPMs.
It has only the slightest veneer of technical justification over an emotional appeal against a very useful and important keystone of system security.
That’s not really paraphrasing.
I would greatly like TPMs if I could claim them for my own (aka: generate my own key and harden it appropriately).
But right now, this key is ordained in sealed storage in an environment in which I am not an owner. That means this hardware isn’t mine.
I’m very tired of ownership being subverted by sabotaging software and firmware. Insert IoT, vehicle computing, TPMs, and plenty more.
I dug out a windows 10 phone vm for the fun of it and it’s surprising how much stuff works. And then the stuff that doesn’t .
The one thing that got me is that the x86 “emulator” has no TPM module so while the media player can connect to the store and see movie purchases, you can’t actually play any of them.
I suspect like the HDMI cables we use today a lot of this software tyranny we endure is Hollywood, and as the article mentioned we end up all slaves to the Netflix binge crowd.
Video killed the radio star