[Hackbraten]

One of the threat models is that a fraudster tricks a non-technical user into installing malware, which then manipulates the user interface so that next time the user tries to send money to Bob, it actually goes to Mallory. That's a legitimate concern, and one of the causes why PSD2 mandates that all 2FA devices must have a display that shows the user where they're about to send the money and how much.

[63stack]

And one of the threat models that police use in the US is tracking women suspected of going for abortions through the use of road cameras, and other surveillance methods.

Once you have the attestation in place you have no guarantee who is going to get access to data like what apps are present on your device, and there will be nothing you can do to stop it.

Meanwhile, we could educate people against common scams.

How is this not just trading one smaller bad for a bigger bad? Why is this touted as an improvement?

[Hackbraten]

That's why I'm strongly against remote attestation of general-purpose hardware.

I use a handheld card reader with a display as a 2FA for my bank transactions. It shows me the transaction and, after I confirm, sends a TAN to the bank. It is not a general-purpose device but a certified, tamper-evident/-resistant black box that does just that one thing.

> Meanwhile, we could educate people against common scams.

There's a million ways you can get scammed, no matter how many hours of training you've had.

[axus]

You can't educate (many) people against common scams. But people should have the freedom to opt out of surveillance in their private lives, at the risk of exposure to scams.

[63stack]

I don't see why we couldn't have both better education around this, and the freedom to opt out of surveillance