2 comments

[ 3.1 ms ] story [ 14.8 ms ] thread
This is so fucked. Anyone trying to do any web scraping will be totally hosed. If this happens it could be one of the most bold gains by site-operators over web users ever.

The existence of the TPM is a terrifying capability that puts computing deliberately beyond the reach of the operator. It hands the computer over to coders. So many upsides for regular use, but what a sad sad sad forever ratcheting of the War on General Purpose Computing it enables.

I'm fairly convinced we should make TPMs that have a special lower rung security offering that lets them see and do whatever. Make the user have to boot a custom USB stick to access it, sign in in blood, whatever weird scheme you please, but locking users out of their own secrets absolutely seems malicious & malignant; this proposal is a great example of what a blood curdling infernal machine TPM can be.

Doesn't this mean that a 3rd party tracking cookie is now a cryptographic proof that device A traversed sites X Y Z in session N?