Many people will switch to Linux (people will still work around SystemD, so don’t bring that up).
The part that will be the killer move is when they enact a law requiring all US hosted websites to enact age verification via attestation from the operating system. Some savvy people will get around that while they still have root, but then you’re gonna see a Google Play Services style ramp up where the attestation will only pass if Secure Boot is enabled, and eventually root is restricted.
the masses will never comprehend that this is just the early stages of having every device tied to a name, address, and photo. until that’s exactly what happens, and then it’ll be the same “ohwellwhaddayagonnado. imma check my insta”
It’ll be the same until “We noticed you follow an LGBTQ influencer on that Insta, please comply with the reeducation ICE crew who will arrive shortly.”
not only that, but since they’ll have hundreds (thousands?) of unique data points tied to everything you’ve ever posted, DM’d, emailed, photographed, they’ll also know all your friends, enemies, family, coworkers, former coworkers, etc. do you use a “rewards” card issued by your grocery store? now they’ll know every item you’ve bought for the last however long the grocery corporation (who very likely donated millions to trump’s campaign) keeps their records. this is all ignoring any meds, procedures, medical history you may have. HIPAA? LOL GFYS
yes, they could always get this information, but it took time and effort, not to mention a warrant. now it’ll all be instant, ready to be spreadsheeted and cross-referenced. yea, they’re looking for people to arrest/murder, because that’s what fascists do
Secure boot by itself isn’t a bad thing. It basically just says the OS you boot from has to have a signed and approved bootloader/drivers. The problem is, the approval list is handled by the board manufacturer and not every version of Linux supports it since it has to be signed and approved. Also, if you have unsigned kernel level modules (such as an open source video driver) that can cause the process the break as the driver isn’t signed. I believe user space is much more accepting.
From a privacy aspect, it isn’t directly impacting, except it limits which distros you use, and may prevent you from doing other privacy related changes as a low level or forcing you to use signed binaries that you may not be able to audit.
Edit: a few notes as I went diving further. So Microsoft actually controls the root CA that SecureBoot is based on and signs other apps, including Linux and then they add their own shims in. So sadly MS still has control out of the box.
However, it is possible on most (not all) systems to add in your own signing keys to the secureboot enclave. So with enough work you can do it yourself, but you basically have to make sure everything is signed with your key when you compile the kernel and associated drivers.
Oh I see, so it is basically a corporate controlled allow list that could be used for forcing you to have a specific system. Absolutely disgusting that this is hidden under the guise of security
That’s…. a stretch. The issue is that the default CA that manufacturers include is Microsoft, so Debian developed a shim, signed by Microsoft, so that they could sign their own distros ans modules.
Since a lot of boards allow you to inject your own key into the MOK for UEFI, you can basically roll your own with a little work. It’s just not “out of the box” since they’d have to validate multiple different distros.
It’s more a matter of sheer size of Microsoft vs Linux rather than locking. I’ve said “a lot” and “most” around boards given that I’m not sure what the breakdown is, but I haven’t seen a board that doesn’t do that.
Many people will switch to Linux (people will still work around SystemD, so don’t bring that up).
The part that will be the killer move is when they enact a law requiring all US hosted websites to enact age verification via attestation from the operating system. Some savvy people will get around that while they still have root, but then you’re gonna see a Google Play Services style ramp up where the attestation will only pass if Secure Boot is enabled, and eventually root is restricted.
if that happens, techies will flee the web to something else. Gopher, Gemini, who knows. And then adapt it to their needs.
the masses will never comprehend that this is just the early stages of having every device tied to a name, address, and photo. until that’s exactly what happens, and then it’ll be the same “ohwellwhaddayagonnado. imma check my insta”
It’ll be the same until “We noticed you follow an LGBTQ influencer on that Insta, please comply with the reeducation ICE crew who will arrive shortly.”
not only that, but since they’ll have hundreds (thousands?) of unique data points tied to everything you’ve ever posted, DM’d, emailed, photographed, they’ll also know all your friends, enemies, family, coworkers, former coworkers, etc. do you use a “rewards” card issued by your grocery store? now they’ll know every item you’ve bought for the last however long the grocery corporation (who very likely donated millions to trump’s campaign) keeps their records. this is all ignoring any meds, procedures, medical history you may have. HIPAA? LOL GFYS
yes, they could always get this information, but it took time and effort, not to mention a warrant. now it’ll all be instant, ready to be spreadsheeted and cross-referenced. yea, they’re looking for people to arrest/murder, because that’s what fascists do
Not only will it be instant and ready, but some shitty AI can make incorrect conclusions based on that data!
just like a real cop, except no donuts required!
What happens if secure boot is enabled privacy wise?
Secure boot by itself isn’t a bad thing. It basically just says the OS you boot from has to have a signed and approved bootloader/drivers. The problem is, the approval list is handled by the board manufacturer and not every version of Linux supports it since it has to be signed and approved. Also, if you have unsigned kernel level modules (such as an open source video driver) that can cause the process the break as the driver isn’t signed. I believe user space is much more accepting.
From a privacy aspect, it isn’t directly impacting, except it limits which distros you use, and may prevent you from doing other privacy related changes as a low level or forcing you to use signed binaries that you may not be able to audit.
Edit: a few notes as I went diving further. So Microsoft actually controls the root CA that SecureBoot is based on and signs other apps, including Linux and then they add their own shims in. So sadly MS still has control out of the box.
However, it is possible on most (not all) systems to add in your own signing keys to the secureboot enclave. So with enough work you can do it yourself, but you basically have to make sure everything is signed with your key when you compile the kernel and associated drivers.
Oh I see, so it is basically a corporate controlled allow list that could be used for forcing you to have a specific system. Absolutely disgusting that this is hidden under the guise of security
That’s…. a stretch. The issue is that the default CA that manufacturers include is Microsoft, so Debian developed a shim, signed by Microsoft, so that they could sign their own distros ans modules.
Since a lot of boards allow you to inject your own key into the MOK for UEFI, you can basically roll your own with a little work. It’s just not “out of the box” since they’d have to validate multiple different distros.
It’s more a matter of sheer size of Microsoft vs Linux rather than locking. I’ve said “a lot” and “most” around boards given that I’m not sure what the breakdown is, but I haven’t seen a board that doesn’t do that.