zlacker

>>matthe+(OP)
It will kill captchas the same way it killed non USB-C USB ports when apple forced them on Mac.

ReCaptcha already doesn't require entering a captcha in 90% of the cases. Adding a man-in-the-middle to avoid captchas is not the solution, improving captcha technology is.

>>iLoveO+F2
ReCaptcha is already a man-in-the-middle for any non-Google property. This is just switching to another “man” that is less annoying.

>>oefrha+T2
No, it is fundamentally different, because firstly, it requires the client device to be locked down enough - and to monitor your activity enough - that it can provide attestation that the user is human, and secondly, it ties that attestation to an Apple ID so Apple knows exactly which Apple ID accessed which website at what time.

ReCaptcha requires neither of these privacy-invading or gatekeeping things.

If this becomes standard, this is the end of the open web as we know it, because you will only be able to access many websites if you are using an approved, locked-down browser in a locked-down computing environment, backed by a tech giant who can provide the attestation and ID service.

If you care at all about the open web, this must be resisted at all costs.

>>marmar+Y4
It is not true that Apple will know what web sites were visited. The article states “the device manufacturer or attester only knows the minimum amount of device data required for attestation. It doesn't know the destination URL or the user's IP address.”

>>matthi+lo
That's assuming that the issuer, mediator, and destination are all distinct entities who don't communicate with each other except as described in the protocol. If they are the same entity, or they collaborate, all those nice privacy guarantees disappear. And the destination—not the user—decides which issuers & mediators they accept.