Slashdot videos: Now with more Slashdot!
Not so good for Slashdot of course, but for the real world... it would be succinct and satisfying.
What you would ideally want is something that takes a name and something that changes every time you try it, then combines them in a certain manner that cannot be reversed but can be checked. To use the name analogy, if you have to give both your login and password (or your name and password), then if someone steals your password, you're safe unless he also knows your name - you have a window in which to change your password before the adversary determines what your name is. Yet like with names, if the adversary has properly prepared his plan and is attacking you alone, the biometrics won't help you. He might record your voice, lift fingerprints, etc.
It may seem tempting to get around that problem by making a tamper-resistant fingerprint reader so that your fingerprint is never really exposed to the world. The reader would then do some sort of authentication with a remote site and the data would stay on the reader (or be dynamically sampled). The problem with that is that there's no such thing as being fully tamper-proof, and you leave fingerprints everywhere. The bad guys can get another reader and wire it up to take fingerprint info from an external source, then lift your prints from somewhere. That is -- unless the reader itself holds a key that it combines with the fingerprint data, but then you're back to two factors as mentioned above: a name (your print) and a password (the device itself, which can be replaced if compromised).
More or less. I Am Not A Quantum Physicist, grain of salt, etcetera.
So if you want to play that movie or clip on mplayer instead of Windows Media Player, you're of course free not to divulge any information that you're using mplayer - but if the site doesn't get a signed "I'm using Windows Media Player" token, it won't play the video clip in question. That freedom, like the freedom to work or not to work, is worthless if there's an imbalance of power - if all the video sites only want WMP for instance, or if you want to leak evidence of illicit goings-on at your company and the company server will only serve the data to an MSOffice version that can be trusted to stick the document in sealed storage.
How about this solution: put a switch somewhere on the computer. Switch up? Then you can't forge TPM keys. Switch down? Then you can do so at your discretion. If you want protection that is truly for your own good, you'll just leave the switch up (and no virus can forge anything). If the programs you're running start professing allegiance to their owners in preference to you, flip that switch down and bypass them. Sure, lusers may be socially engineered, but if they're that gullible, the malware could do a DoS by instructing them to stick pieces of metal into the closest outlet, too.
If Trusted Computing is truly about empowering the user, then this switch solution should only empower the user more and so there should be no opposition to it beyond the social engineering complaint.
That sounds like a pretty big incentive to find someone with an electron microscope, or if you're part of organized crime, getting your own. It's not like TPM hacks haven't been pulled off before.
To be a devil's advocate right back (angel's advocate?):
The danger is that preemptive treatment of, say, schizophrenia, can turn into preemptive treatment of sluggishly progressing schizophrenia, were the government to become sufficiently corrupt.
There's also the usual Bayesian argument: if the pre-crime test has 0.1% false positive and negative rate, and there are 10 terrorists in the US, the test is useless, even though 0.1% sounds really impressive and could convince lawmakers. For ordinary crimes, it would still claim a lot of innocents to be suspect.
How about a "do call" registry? Ban solicitations from said marketers, charities, surveys, political groups, et cetera to any number not on the list, and have all new phone numbers start off-list.
(I still think sodium or lithium borohydride would be a better reversible energy carrier, as it has a greater energy density than gasoline and can be easily used in direct borohydride fuel cells, but first they have to get the "recharging" working at better than 10% efficiency.)