zlacker

[return to "Google Chrome Proposal – Web Environment Integrity"]
1. Klonoa+Mc[view] [source] 2023-07-18 22:15:01
>>screen+(OP)
AKA: The shadow war on bot traffic continues humming along.
◧◩
2. kevinc+xf[view] [source] 2023-07-18 22:35:55
>>Klonoa+Mc
Bot traffic? Anyone using Linux will get blocked because "they can't be trusted". Only people running an "approved" operating system from a billion dollar corporation will be allowed to access.

This is already what is happening with SafetyNet on Android. For now most applications don't require hardware attestation so you can pass by spoofing an old device that didn't support hardware attestation but I'm sure that will change within a decade.

◧◩◪
3. charci+Ph[view] [source] 2023-07-18 22:52:56
>>kevinc+xf
You don't have to be a billion dollar corporation to become Play Protect certified.

Being able to trust the security of a client can protect against many attacks and it is up to web sites to evaluate what to do with into information that a client is proven to be secure.

◧◩◪◨
4. nine_k+Mm[view] [source] 2023-07-18 23:36:37
>>charci+Ph
Fair. Two questions:

- What is the least expensive device that can be certified like that? The least expensive process?

- What is the highest level of openness such a device can offer to the user, and why?

To my mind, it would be best to have an option of a completely locked down and certified hardware token, a device like a Yubikey, that could talk to my laptop, desktop, phone, or any other computing device using a standard protocol. As long as it's unforgeable, the rest of the system can be much. much less secure, without compromising the overall security.

[go to top]