Remote attestation is another example of cryptography favoring corporations at our expense. It provides cryptographic proof to corporations that their user hostile software has not been defeated or otherwise tampered with.
Don't forget that you can also remotely attest a server... in which case you can get guarantees on how a corporation is manipulating your data. For instance, you could make sure that your data is reasonably secured and not shared with third parties. So I don't believe remote attestation in itself favors corporation, it really depends on how and where you make use of it.
Sadly the adoption of "trusted computing" on the server side has been slower than expected. Maybe because of lack of user pressure? Also my guess is that most companies prefer not to be too transparent regarding how they process our data...
> So I don't believe remote attestation in itself favors corporation, it really depends on how and where you make use of it.
This is true but also ultimately irrelevant. The truth is these corporations have all the leverage and they use it to force us to accept those terms. If you can get a business to give up its limitless power over their servers via remote attestation, you're probably a business with leverage yourself. We mere mortals don't enjoy such privileges. To them, we're cattle to be herded and monetized.
These days apps will not even start up if they detect anything out of the ordinary. I can't exactly choose not to use my bank's app and it refuses to run even if I so much as enable developer mode on my phone. I used to be able to hack these things and use them on my own terms if I cared enough. Now the remote service will refuse to interoperate unless they get cryptographic proof their hostile software is running unmodified.
It's all about who owns the keys to the system. If we do, it's good. If they do, it's bad. The paper explains it really well: "Cryptography rearranges power: it configures who can do what, from what." These corporations are using it to systematically reduce our power and increase their own. The reverse should happen: they should be completely powerless and we should be omnipotent.
Attestation can be considered a good security feature if we own the keys to the machine. Some PCs let us use our own keys in secure boot. For the people who use it, this absolutely enhances security without sacrificing any freedom. What's unacceptable is corporations using the same technology to protect themselves from the users of the computers.
