logoalt Hacker News

davidfialatoday at 4:23 AM2 repliesview on HN

Attestation of any type: A double edged sword, where you are guaranteed to lose freedom. Attestation entrenches, empowers, and enriches other entities that aren't you.

Ironic how this post got upvoted in parallel to polar opposite in the #1 slot: "John Deere owners will get the right to repair equipment under FTC settlement" https://news.ycombinator.com/item?id=48838876

Engineers may debate about what-about-isms of vulnerabilities and counterexamples of TPM failures, but that misses the point: We should be debating about where society will be when devices you paid for serve other masters.

Probably we should just write/vibe/demand better software. Otherwise we're going to end up with a law demanding TPMs that watch more than just your firmware...


Replies

solenoid0937today at 4:48 AM

You don't understand the use case or audience of this article:

> If your infra consistently enforces mTLS

This is for mutual authentication in corporate infrastructure. Attestation is a critical security property for these environments.

show 1 reply