A canonical use of Oak is to build privacy-preserving sealed computing applications.
In a sealed computing application, a node (usually a client device) sends data to an enclave application (usually a server), which processes data without the service provider hosting the enclave application being able to see the inputs, outputs, or side effects of the computation.
It both predates the Apple approach and is more thorough. I cannot inspect or ensure the software BoM of my image with Apple’s approach, I just have to trust them. With Oak you have trust down to the hardware.
> When on-device computation with Apple devices such as iPhone and Mac is possible, the security and privacy advantages are clear: users control their own devices, researchers can inspect both hardware and software, runtime transparency is cryptographically assured through Secure Boot, and Apple retains no privileged access
Waitasec - ZOOM AND ENHANCE!
> users control their own devices
I’ll believe that when Apple lets me downgrade my iOS version.
Honestly, I think it will be used for the reverse (and unfortunately more evil) - Google wants to be able to control YOUR machine's compute environment for things like playing back of DRM'd content. They want a chain of trust that your browser cannot be modified to do things like block ads.
From a service owner perspective, if I offer content and want to enforce strong identity from the user then this seems like a win. I may lose eyeballs but will gain higher confidence that my content is being consumed as intended.
I'm fine with more controls in place, a safer internet is clearly a social win that would reduce life alerting fraud, scams etc. If power users want to go to their peer-to-peer cesspool then go for it.
A safer internet does not necessarily follow from having this system in place. I'd like to point out that this is an opinion that you have which I and others disagree with.
I also don't believe that content creators have any kind of legal or moral right to force the general public to "consume as intended". For instance, I've got a shelf in my office that's built with supports that are designed for plumbing. I have not consumed these pipes as intended.
How does enforcing strong attestation from the user result in a safer internet or reduce life alerting frauds and scams? It's not users injecting that onto pages, it's the ad networks that operators choose to use.
I've been fortunate to be paid by Google to hide user data from Google since 2016. Not many companies would shell out anything for this sort of privacy feature.
As for the Oak stack, they win the race. It is the only stack that currently provides full hardware attestation covering 100% of the code running in the enclave, and 100% of it is open-source. There are other good efforts, such as CoCo containers with their Key Broker, but so far they only cover the initial boot firmware, not the full set of software running inside the enclave.
It’s really apples and oranges, Oak is about being able to execute code without side effects, even when it’s running in an environment you don’t provide. If it gets extended to the phone you can snark about ads, but really it would only be able to address whether any data associated with your viewing an ads escapes to a third party. So it would largely make ads be more like a billboard vs the way they work today. But that’s speculation, Oak isn’t trying to make the world safe from advertisers, it’s trying to make your data safe from being used in ways you didn’t permit, even when it’s being operated on in an environment you didn’t provide.
## Sealed Computing
A canonical use of Oak is to build privacy-preserving sealed computing applications.
In a sealed computing application, a node (usually a client device) sends data to an enclave application (usually a server), which processes data without the service provider hosting the enclave application being able to see the inputs, outputs, or side effects of the computation.
[1]: https://github.com/project-oak/oak?tab=readme-ov-file#sealed...
---
Seems like an attempt at a privacy-preserving alternative to running your whole phone OS image on a server?