zlacker

>>christ+(OP)
Absolute worst spec I've ever seen. Google needs to be loaded into a cannon and fired into the sun.

> How does this affect browser modifications and extensions?

> Web Environment Integrity attests the legitimacy of the underlying hardware and software stack, it does not restrict the indicated application’s functionality: E.g. if the browser allows extensions, the user may use extensions; if a browser is modified, the modified browser can still request Web Environment Integrity attestation.

Then what's the point? I can make modified bot browser that commits ad fraud as long as I don't use a rooted Android phone?

I don't believe they're being honest with how this will be used. We need to legally regulate remote attestation.

> As new browsers are introduced, they would need to demonstrate to attesters (a relatively small group) that they pass the bar, but they wouldn't need to convince all the websites in the world.

It speaks for itself. Horrid.

>>jchw+G5
Trusted computing is all about ensuring that your machine is trusted to run payloads and you can't observe or interact with them. Sad! I see why the free software people call it treacherous computing

>>hoover+Jn
Shameless plug for the article I wrote 1 year ago now, "Remote Attestation Is Coming Back," which warned that this was coming to the web and had quite a discussion about that idea:

>>32282305

>>gjsman+Qo
Thank you for writing this. Remote attestation for consumer software is such a disturbing idea.

In the past the main adversarial pressure has been exploiting security vulnerabilities ("jailbreaking"), but the software industry is getting its act together re that.