Comment by mrguyorama

A fundamentally flawed way to make an argument?

Yeah I know what analogies are.

Why does my bank need to know whether the machine in my hands that is accessing their internet APIs was attested by some uninvolved third party or not?

You know we used to hand people pieces of paper with letters and numbers on them to do payments right? For some reason, calling up my bank on the phone never required complicated security arrangements.

TD Bank never needed to come inspect my phone lines to ensure nobody was listening in.

Instead of securing their systems and working on making it harder to have your accounts taken over (which by the way is a fruitful avenue of computer security with plenty of low hanging fruit) and punishing me for their failures, they want to be able to coerce me to only run certain software on my equipment to receive banking services.

This wasn't necessary for banking for literally thousands of years.

Why now? What justification is there?

A third party attesting my device can only be used to compel me to only use certain devices from certain third parties. The bank is not at all going to care whether I attest to it or not, they are going to care that Google or Microsoft will attest my device.

And for what? To what end? To prevent what alleged harm?

In what specific way does an attested device state make interacting with a publicly facing interface more secure?

It WILL be used to prevent you from being able to run certain code that benefits you at corporation's expense, like ad blockers.

Linux is supposed to be an open community. Who even asked for this?