>- The web page executing in a user's web browser
>- A third party that can “attest” to the device a web browser is executing on, referred to as the attester
>- The web developers server which can remotely verify attestation responses and act on this information.
Chome only for now but I imagine after it's pushed to Chromium and all the browser based on that Mozilla will implement it too (just like all the other DRM FF has now).
- make OSS systems second class systems online
- make older devices second class systems online
- prevent people from modifying devices they own (as it'll break the chain of trust and therefore the attestation)
- prevent people from modifying software (custom builds of Chrome, Firefox, etc won't be signed and therefore break the chain of trust and therefore the attestation)
- prevent people from running browser plugins that do things browser authors don't approve of
But hey, from google's PoV, it's a giant win, they can:
- make it harder for anyone else to crawl the web, and therefore compete with google
- make it harder for people to not watch ads, preserving google's revenue streams
- make it harder for anyone to automate the web in ways they or other browser vendors don't like
The 'holdback' mechanism is a joke and I imagine would disappear after a year or two.
Feels like a really good reminder of why it's a terrible idea for google to both be in control of really large important web properties like google search, youtube, maps, ads, but also the single most popular browser.
edit: I hope Apple and MS push back, as they're both vendors with significant marketshare (Mozilla too, but they're smaller). At least if Apple didn't do it, it'd be hard to rely on in US/UK.