a possibly unforeseen side effect of end to end encryption everywhere is that it makes it far more difficult to man in the middle your traffic and hold companies accountable for their privacy policies
I don't think it's an unforseen effect, but one that is highly downplayed by advocates pushing the security angle. When it was revealed that smart TVs phoned home with detailed viewing information, including filenames, I remember making a similar comment - if they had used TLS, that discovery might not have occurred.
The ability to MITM your own devices is very important, if only so you can figure out exactly what they're sending out.
Another thing is the widespread use of enforced code signing, accompanied by pinning to specific (e.g. MS) CAs; if this had happened a decade or more ago, it would've been pretty easy to pinpoint the parts of the OS responsible and just patch them out. Now the same thing is likely still possible (theoretically, as long as you can change any byte on the disk it is), but involves plenty of bypassing other protection mechanisms on the way and could get pretty hairy if hardware is involved (e.g. secure boot/TPM.) From this perspective, remote attestation and the other upcoming security technologies are immensely disturbing. The desktop PC ecosystem is gradually being locked-down in the same way that mobile is.
These security mechanisms certainly have benefits, but their goal is ensuring that your software is completely unchanged from what the author wants you to have; in situations like these, that is precisely what you don't want. Nevertheless, I hope the hackers/crackers out there find a solution so those that are forced to use Win10 can still retain some privacy.
The "feature" to worry about is the new SGX instructions. With those, the secure boot/TPM stuff is locked down at the hardware level, and we lose root access.
Unfortunately, given how many in this very thread are willing to apologize for MS's behavior and justify their power grabs, I don't expect there will be much resistance in this War On General Purpose Computing.
In general, as long as you have root access to a machine, you can decrypt any traffic coming out of it, either by locating the private key in the filesystem or memory, or by patching the encryption methods to skip the encryption step.
If you do not have root access to a machine, and software on it signs traffic with a certificate you do not have access to, then you simply cannot see the traffic. If you ask me, that's a huge problem, especially when coupled with the "locking down" of ecosystems that you describe.
The skeptic in me wonders if the same entities pushing the privacy agenda are the same ones with vested interest in encrypted traffic that phones home.
I don't think it's an unforseen effect, but one that is highly downplayed by advocates pushing the security angle. When it was revealed that smart TVs phoned home with detailed viewing information, including filenames, I remember making a similar comment - if they had used TLS, that discovery might not have occurred.
The ability to MITM your own devices is very important, if only so you can figure out exactly what they're sending out.
Another thing is the widespread use of enforced code signing, accompanied by pinning to specific (e.g. MS) CAs; if this had happened a decade or more ago, it would've been pretty easy to pinpoint the parts of the OS responsible and just patch them out. Now the same thing is likely still possible (theoretically, as long as you can change any byte on the disk it is), but involves plenty of bypassing other protection mechanisms on the way and could get pretty hairy if hardware is involved (e.g. secure boot/TPM.) From this perspective, remote attestation and the other upcoming security technologies are immensely disturbing. The desktop PC ecosystem is gradually being locked-down in the same way that mobile is.
These security mechanisms certainly have benefits, but their goal is ensuring that your software is completely unchanged from what the author wants you to have; in situations like these, that is precisely what you don't want. Nevertheless, I hope the hackers/crackers out there find a solution so those that are forced to use Win10 can still retain some privacy.