DRM is a technology and is inherently evil. Web attestation is DRM for the web, and is inherently evil. Age ID is a technology and is inherently evil.

We have over 30 years of the world wide web and for these more than 3 decades this was never a problem. Suddenly, we "need" to create new technology that seem to be security features, but are essentially just being used for evil, thus being inherently bad.

It's not like these technologies were created for the greater good and misappropriated by bad actors. They were proposed by bad actors in the first place, they cannot not be inherently good.

Different technologies may selectively amplify existing power. If the actions that it enables are disproportionately evil, it may at the very least be considered very useful for evil.

Suppose someone invents a mind-reader that lets the user read the thoughts of anybody else in range. But the mind-reader requires great up-front costs to produce and also allows people with stronger readers to remotely destroy weaker readers, where strength is basically a function of cost.

In a vacuum, the mind-reader is "just a technology". But it aids autocratic surveillance much more than it aids citizens who want to surveill back. It's "neutral" but its impact is decidedly not.

TPMs and remote attestation enable entities with power to enforce their existing power much more effectively. In contrast, a general-purpose computer does the opposite because anybody can run whatever code they want, they can adversarially interoperate with anybody they feel like, and so on.

One of these is more evil than the other, even though they're both "just technologies".

I think people are too quick to dismiss the possibility that some technologies are just bad and harmful and we can't shrug off responsibility and say I'm just making a neutral technology and the people using it are the ones causing harm.

Then explain why RA was invented? It is inherently against user freedom, just like "secure" boot and the rest of the corporate-authoritarian crap.

People have woken up to the truth as the pieces come together.

This article from 2022 is fun to look at and see how prescient it was: https://news.ycombinator.com/item?id=29859106

Remote attestation is a policy, not a technology.

The policy is "I will not let you access this system unless your system software implements this technological protection."

A camera is technology. A security camera is policy, because it's a camera hooked up to policies on how to watch, record, and respond to what is required, and it is a political effort when connected with laws about face masks, prohibiting spray painting of the cameras, and allowing privacy intrusions.

"It’s a poor atom blaster that won’t point both ways."