zlacker

[return to "Google Chrome Proposal – Web Environment Integrity"]
1. Klonoa+Mc[view] [source] 2023-07-18 22:15:01
>>screen+(OP)
AKA: The shadow war on bot traffic continues humming along.
◧◩
2. kevinc+xf[view] [source] 2023-07-18 22:35:55
>>Klonoa+Mc
Bot traffic? Anyone using Linux will get blocked because "they can't be trusted". Only people running an "approved" operating system from a billion dollar corporation will be allowed to access.

This is already what is happening with SafetyNet on Android. For now most applications don't require hardware attestation so you can pass by spoofing an old device that didn't support hardware attestation but I'm sure that will change within a decade.

◧◩◪
3. charci+Ph[view] [source] 2023-07-18 22:52:56
>>kevinc+xf
You don't have to be a billion dollar corporation to become Play Protect certified.

Being able to trust the security of a client can protect against many attacks and it is up to web sites to evaluate what to do with into information that a client is proven to be secure.

◧◩◪◨
4. bitwiz+ll[view] [source] 2023-07-18 23:23:50
>>charci+Ph
Play Protect is different from SafetyNet.

SafetyNet means the app checks to make sure you're not rooted or running a custom ROM because those are considered a security risk. If you are not running a locked-down OEM ROM, you can't run many apps including banking apps.

Microsoft's Pluton on-CPU attestation technology means this is coming to PCs.

◧◩◪◨⬒
5. nine_k+jn[view] [source] 2023-07-18 23:41:13
>>bitwiz+ll
Having a dedicated, locked-down device to access banks or other high-stakes services could be a good, if more expensive, solution.

Keep it powered down when not needed for extra security.

Idealy, it could be smaller than a smartphone, and use smartphone's or laptop's hardware for UI and networking.

[go to top]