That's totally true, you actually have examples of unsafe capabilities delegation in the other article mentioned in the References: https://juggernaut-sec.com/capabilities/
DNS0 was launched at a time when no other EU public DNS resolver was available. Today, you have DNS4EU that is actively funded and pushed throughout the EU administration (and critical infrastructures), so I believe that the DNS0/NextDNS founders saw that there was very little differenciating factors to their proposal, and decided to shut it down.
Had they "captured" a larger marketshare in the EU while they were ahead, situation might have been different today, but in my opinion it never happened.
Which public funds ? DNS0.eu was a private initiative, from the NextDNS founders. DNS4EU is a public initiative, as mentioned in the news, and this one is still supported and actively developed.
"However, Confidential Computing is not secure enough to protect data integrity and confidentiality against a hostile administrator performing targeted, active attacks. Under such a threat model, users must avoid running on shared infrastructure operated by providers they cannot trust, and are rather encouraged to leverage Confidential Computing to increase their security posture on dedicated hardware instead."
In their current form, AMD and Intel proposals never fulfilled the Confidential Computing promises, one can hope they will do better in their next iteration of SGX/TDX/SEV, but they were always broken, by design.
Unrelated to the topic, but does anyone know if an equivalent service (à-la-carte blood testing with online booking) is available in Europe, specifically the Netherlands (or France) ?
Exploited in the wild, difficult to say, but there has been numerous vulnerabilities reported on underlying technologies used for confidential computing (Intel SGX, AMD SEV, Intel TDX, for example) and quite a good amount of external research and publications on the topic.
The threat model for these technologies can also sometimes be sketchy (lack of side channel protection for Intel SGX, lack of integrity verification for AMD SEV, for example)
I'd recommend anyone interested in Confidential Computing to read the work from Rodrigo Branco (@BSDaemon) to understand why it's mostly a failure and a PR stunt from cloud providers to give the illusion that the customer stays in control, while at the same time the hardware capabilities CC is built upon are unsecure (and can't be fixed by firmware or microcode update, most of the time).
The slides were an interesting read, I'd enjoy seeing the talk if it was recorded.
They finish mentioning in "2023" though, we're in the back half of 2025 now - has anything changed significantly in the past couple of years? (I genuinely don't know)
I work in the space as a developer of an SGX based application. In the last few years, VM solutions have become much more popular, and our cloud provider has been pushing us to transition to AMD SEV-SNP. We haven't transitioned yet, so I cannot speak to them in great detail, but they certainly appear to greatly simplify app development.
