zlacker

>>matthe+(OP)
I posted a comment a few days ago here (https://news.ycombinator.com/item?id=31670689#31671551) about my views about this “feature”, which I’ll repeat verbatim here. Needless to say, it’s something I don’t like.

Original comment follows:

In my view, this would just DRM-ize everything on the web. Of course, Cloudflare and Fastly don't talk about this much, and Cloudflare keeps assuring you'll still get captchas if device attestation fails or is unsupported. But realistically, once all Microsoft, Google and Apple implement it in their devices, there isn't much of a reason to keep accepting non-attested devices. You can already see where this is starting to go - if you're using Linux/BSD or another niche OS, congratulations, you can't submit forms any more. And since device verification would become extremely cheap to perform this way, you'd also see websites protected entirely by this tech, effectively locking out Linux/BSD users. The Cloudflare article also talks about how, at least in the case of Apple, they'd run something like a posture assessment to confirm that your device components are genuine. I can also see this new tech locking out users of non-OEM repairs. This is a much bigger deal than what it seems like on the surface, and I'm genuinely scared about how this one simple move dwarfs all of the "evil" things that big tech has done so far.

>>stevew+e3
THis "you're approved by one of the big 5" before you get to use the web is just fucking awful. Logins (or security tokens) should be kept to a minimum for things like banks, customized web apps, etc where they have an actual -need- to know who you are and you have actively agreed to it. Forcing cloudflare to verify every web site access would be awful via tokenization. Maybe on the upside it would result in more content available via a more distributed web.

>>stjohn+eS
I don't want my bank making rules about what OS and web browser I can use for online banking. I'd like them to use TOTP though.