"The rationale for forcing uses to choose between security and freedom is because you can't provide both together." Freedom to use - you are correct. My employer, for example, doesn't give me complete freedom on their network. Neither does my bank. Freedom to know - you are incorrect. It is imperative that how security functions is known so that the owners, operators and other parties can be sure it actually works and will actually do what it claimed. So, for example, I know how SSH works. Doesn't do me a blind bit of good in accessing an SSH connection unless the owner has configured for me to use and given me the key/passphrase.
"You should, as a user, feel comfortable and secure using one that you do not own." If one does *anything* sensitive on a device one does not own, one is a blithering idiot. Even a network one doesn't own is suspect (hence VPNs, HTTPS etc). I don't think SecureBoot solve this the problem of nasties on a device someone else owns in any shape or form.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Rationale
Date: 2013-02-04 09:09 pm (UTC)Freedom to use - you are correct. My employer, for example, doesn't give me complete freedom on their network. Neither does my bank.
Freedom to know - you are incorrect. It is imperative that how security functions is known so that the owners, operators and other parties can be sure it actually works and will actually do what it claimed.
So, for example, I know how SSH works. Doesn't do me a blind bit of good in accessing an SSH connection unless the owner has configured for me to use and given me the key/passphrase.
"You should, as a user, feel comfortable and secure using one that you do not own."
If one does *anything* sensitive on a device one does not own, one is a blithering idiot. Even a network one doesn't own is suspect (hence VPNs, HTTPS etc). I don't think SecureBoot solve this the problem of nasties on a device someone else owns in any shape or form.