What we know about the new Intel ME vulnerabilities and their potential impact: https://mjg59.dreamwidth.org/49611.html
-
-
Remote attestation means that you can be sure the software running on your computer is the software you wanted running. It is very useful especially if you're running stuff on someone else's computer
-
No, local attestation does that. Remote attestation is purely so a THIRD PARTY can ensure that the software running on YOUR machine is the sw THEY want running on it.
-
Yes that mildly benefits the user in the case where the user is renting someone else's computer (aka cloud), but there are plenty of other ways the cloud provider can still deceive you.
-
In the opposite case, where it's your personal computer and you're not "renting it as general-purpose computing" but trying to do your work with third-party sw/service, it's devastating to your privacy & control.
-
"renting it OUT to others as general-purpose computing", that is.
End of conversation
New conversation -
-
-
Remote attestation is fundamentally a user-hostile feature & an attack on general purpose computing.
-
In practice Remote Attestation has never been used for that, but has been used for a variety of meaningful security assurances
-
Eg, see https://mjg59.dreamwidth.org/45602.html for a mechanism that would allow tor hidden services to prove they hadn't been compromised
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.