zlacker

[return to "Google Chrome Proposal – Web Environment Integrity"]
1. jaunty+6b[view] [source] 2023-07-18 22:03:29
>>screen+(OP)
> Motivation: Users often depend on websites trusting the client environment they run in.

Aka corporations insist on control & want to make sure users are powerless when using the site. And Chrome is absolutely here to help the megacorp's radically progress the War On General Purpose Computing and make sure users are safe & securely tied to environments where they are powerless.

There's notably absolutely no discussion or mention of what kind of checks an attestation authority might give, other than "maybe Google Play might attest for the environment" as a throwaway abstract example with no details. Any browser could do whatever they want with this spec, go as afar as they want to say, yes, this is a pristine development environment. If you open DevTools, Google will probably fail you.

It appalls me to imagine how much time & mind-warping it must have taken to concoct such a banal "user motivation" statement as this. This is by the far the lowest & most sold-out passed-over bullshit I have ever seen from Chrome, who generally I actually really do trust to be doing good & who I look forward to hearing more from.

◧◩
2. warkda+kf[view] [source] 2023-07-18 22:34:48
>>jaunty+6b
How do you, as website owner, protect your users from something like this?

https://www.bleepingcomputer.com/news/security/451-pypi-pack...

◧◩◪
3. Asooka+Gg[view] [source] 2023-07-18 22:44:30
>>warkda+kf
You do not, the user is responsible for the operation of their device. Most of the time this should be caught by whatever malicious software detector the user runs. Also, Chrome and Firefox very heavily guard against extensions being installed from outside of the usual way, i.e. by outside programs.
◧◩◪◨
4. flango+Ap[view] [source] 2023-07-19 00:00:16
>>Asooka+Gg
> You do not, the user is responsible for the operation of their device.

As time goes on hand-waving the matter as "user's responsibility" is becoming a less and less acceptable answer. Hard assurances are being demanded and applied technologies are progressively patching the existing loopholes.

◧◩◪◨⬒
5. yjftsj+Cq3[view] [source] 2023-07-19 19:49:58
>>flango+Ap
It's not hand-waving; it literally is not the website's responsibility.
◧◩◪◨⬒⬓
6. flango+sM6[view] [source] 2023-07-20 18:55:18
>>yjftsj+Cq3
Organization executives and lawmakers are increasingly demanding that digital services be made un-hackable. Someone with an attitude and trying to shirk duty by claiming we just have to trust that all of the users will always be responsible and non-abusive all of the time, will at best be laughed and shooed out of the room. More realistically be given a final PIP. Telling your bosses "no I'm not going to do that" is a resume generating event.
[go to top]