• moonpiedumplings@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    2 months ago

    There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core ‘root’ of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data

    https://en.m.wikipedia.org/wiki/Trusted_Computing

    Literally all TPM’s are proprietary. It’s basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).

    We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don’t need to trust the server, like end to end encryption.

    Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.