Widevine has the same kind of hardware support for remote attestation as this. It just isn't usable for anything other than DRM.
-
-
Replying to @CopperheadOS
That's why devices with hardware attestation are actively harmful. Once they're near-universal, support for devices without it can be dropped.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
Support for hardware attestation is universal across iPhones, Android phones, Chromebooks and most business laptops (TPM). However, until Android 8.0+, there was only proper attestation support for DRM. Android 8.0+ provides a general purpose feature and it supports other OSes.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
We've spent months working on making the attestation feature usable for users to verify devices locally and now to pair devices with an account on our service so their integrity can be automatically monitored on a schedule. Not sure how exactly you think it's harmful to do that.
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
I don't. I think it's harmful that the device has the functionality to begin with.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @CopperheadOS
I also think it's harmful to promote hardware attestation as something users should want rather than as something they should fight against.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @CopperheadOS
And by hardware attestation I mean the whole thing. I am not distinguishing the old limited-to-widevine-DRM stuff vs more general-purpose stuff.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
It's a very useful security feature and we're going to get a lot out of it with our app and service as we improve them. It's particularly useful for a business deploying a fleet of devices and wanting to meaningfully monitor identity, integrity and patch level after pairing.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
I understand and really have no sympathy there. Enterprise concerns are not my interest and usually are antithetical to my interests in protecting individuals/public.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
Our Auditor app started with the use case of individuals: locally verifying the identity and integrity of a device. The service is currently oriented towards individuals too since it's primarily being made for individuals that have bought CopperheadOS devices.
2 replies 0 retweets 0 likes
It may be good for an individual who chooses to use it, at the expense of individuals' collective interest in control over how their own devices work.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.