> But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible.
Yes completely impossible to fake by design. Otherwise whats the point? But I think the root of trust is whatever signs the hardware TPM module. So, Intel, AMD and Apple.
If I understand it correctly, the secure chain of trust will be something like, hardware TPM module -> secure boot -> windows signed kernel -> Chrome (signed binary). Its not clear to me if desktop linux will be able to participate in this ecosystem at all - which is ironic given how much google uses linux. Maybe a couple of the big distributions like Canonical will be able to sign their linux kernel builds.
> Lastly there is the social problem: is DRM the future of the web?
Its opt-in by website operators at least. Assuming this happens, there are two big questions in my mind:
1. How much of the web will go dark to anyone not using a corpo software stack? I imagine bank websites will adopt this technology immediately, while sites like HN, personal blogs and wikipedia won't touch this stuff. How much of the web will stop working on my terrible "hacker" computer where I use firefox on linux?
2. How will this interact with browser extensions and dev tools? If websites won't function outside of chrome, will we be able to continue to drive chrome programmatically? Will chrome's dev tools still work? Will websites be told about my ad blocker extensions? Will webdriver (and similar tools) be blocked?
I really hate it - banks are already so inaccessible these days that it is a nightmare. Why isn't there a read-only key that I can use to programmatically and automatically pull transactions? I need to login though third-party OTC apps from an "unmodified" mobile phone (I only bought for banking, which I consider as e-waste the other 99% of time), download the proprietary PDFs, process them in some custom and complex Python code I hacked together, to finally extract the information into a proper usable format.
Just think about it: I really conceptualized how I can hook my Android phone to my server, add a digital camera to photograph the OTP-Code, OCR it and have a docker based Selenium script with chromedriver to login to my bank to pull the PDFs. All that just because big banks can afford to be so customer unfriendly.
Well, perhaps it will drive adoption of Web3 and permissionless decentralized open protocols — * ducks *
I mean — all this doom from HN about huge centralized corporations, about banks being inaccessible, but the moment you mention the only viable (at the moment) alternative — many people reach for their trusty downvote button.
I mean, with all the hate towards all alternatives to trusting Big Tech corporations, with all the effort to actively bury any potential to build and improve decentralized systems, some of you deserve to live in a world controlled by large states and corporations. This would be your future dystopia, because you actively dismissed every alternative out of hand. But it won’t be your future — because many people outside of HN continue to build systems like MaidSAFE, IPFS and BitTorrent which do not have these restrictions. There are far better and nore scalable networks coming out that are beyond blockchain and beyond smart contracts that allow building backends which CAN’T discriminate against clients, and let anyone generate their own public-private keys. Even though you may hate on these technologies and downvote any post mentioning them, they’ll be there when you finally need them. You’re welcome!!
> How much of the web will go dark to anyone not using a corpo software stack?
If you can detect if anyone is using a system that supports this then you can ban only them instead of allowing only them, right?
Maybe we should nip this in the bud? If even 10% of sites banned anyone with this enabled from day zero before anyone else is requiring it, users would turn it off and then it wouldn't be there for anyone else to use.
> I imagine bank websites will adopt this technology immediately, ...
I don't see banks adopting it at all for consumer banking. I work for a bank; I can tell you a bank isn't interested in adopting any technology that introduces friction for high-balance customers. What would they gain? A little extra fraud protection? You'll find lots of articles online spelling out the reasons that the optimal amount of fraud is not zero.
Plus they may start to see in person traffic soar. I won't have signed software, so now I'll go to the bank for all transactions while also filing FTC complaints.
I imagine many elderly folks that haven't kept their systems current or updated may also face the same issue.
For now. But in many countries you already have to show ID to buy a SIM card. This could be extended to all devices that have this key on them. And then it could become a dereliction of duty for certain types of websites not to do checks they could easily do.
> But in many countries you already have to show ID to buy a SIM card.
I can buy a SIM card that gives internet pretty much everywhere around the world with bitcoin with silent.link. Granted you don't get an IP matching the local country, but still...
You can do all sorts of things to circumvent all sorts of rules for all sorts of reasons.
But over time rules are tightened, penalties increased, more loopholes closed and fewer people will have the expertise, the determination, the funds and the nerve to work around the rules, even if it is theoretically their right to do so.
Eventually only hardened criminals and highly knowedgable and principled activists and professionals will realistically have access to some of these options.
Yes completely impossible to fake by design. Otherwise whats the point? But I think the root of trust is whatever signs the hardware TPM module. So, Intel, AMD and Apple.
If I understand it correctly, the secure chain of trust will be something like, hardware TPM module -> secure boot -> windows signed kernel -> Chrome (signed binary). Its not clear to me if desktop linux will be able to participate in this ecosystem at all - which is ironic given how much google uses linux. Maybe a couple of the big distributions like Canonical will be able to sign their linux kernel builds.
> Lastly there is the social problem: is DRM the future of the web?
Its opt-in by website operators at least. Assuming this happens, there are two big questions in my mind:
1. How much of the web will go dark to anyone not using a corpo software stack? I imagine bank websites will adopt this technology immediately, while sites like HN, personal blogs and wikipedia won't touch this stuff. How much of the web will stop working on my terrible "hacker" computer where I use firefox on linux?
2. How will this interact with browser extensions and dev tools? If websites won't function outside of chrome, will we be able to continue to drive chrome programmatically? Will chrome's dev tools still work? Will websites be told about my ad blocker extensions? Will webdriver (and similar tools) be blocked?