Could you elaborate on why this is so evil?
Ensuring our remote employees’ machines are secure is a serious problem for us, and it’s absolutely impossible to require employees to be diligent. We require attestation upon connection to our corporate VPN that checks for basic things such as latest security patches, certain tools installed, etc.
When you access a service with your own device, you control what your device does with what they send. You can block ads or malware, inspect code they send you or network traffic you send them to see if it's exfiltrating your private data, extract the data to analyze or keep as evidence when the service is violating a law or contract, write or use third party code to process the data when the service is trying to force a dark pattern interface on you, etc.
If your device will attest that it's running their code then they refuse access to the service under any other conditions, and then you can't do any of those things because their code won't allow it.
It's also a huge antitrust problem because it precludes new independent platforms from being used, since it cements the chicken and egg problem that people won't use a device that can't access existing services and the services won't support a system nobody uses. In other words, WINE is banned and Firefox is banned and everyone is stuck with IE/Edge on Windows forever.
It's a tool. Remote attestation isn't "evil" in the same way a knife isn't inherently evil. It's how they're used.
It's not that remote attestation can't be used for good. Obviously it can. It's that there's so many ways we can use it for evil, and given the track the world is on, it's quite obvious it will be.
Doing it for company-owned laptops seems a lot different than doing it for customers' devices. I think the complaint is more about the latter.