zlacker

[return to "Web Environment Integrity API Proposal"]
1. quenix+Wg[view] [source] 2023-07-21 19:26:32
>>reacto+(OP)
What's strange to me is that the main author of the spec -- Ben Wiser -- seems to be against closed, wall-garden paradigms as he has written in a blog post "I just spent £700 to have my own app on my iPhone" [1]. In the post, he laments the state of the App Store monopoly on iOS and ponders returning to Android for the app installation freedom.

How can he reconciliate these views with this spec, which he is the main author of? Surely Ben sees the parallels?

He writes: "Apple’s strategy with this is obvious, and it clearly works, but it still greatly upsets me that I couldn’t just build an app with my linux laptop. If I want the app to persist for longer than a month, and to make it easy for friends to install, I had to pay $99 for a developer account. Come on Apple, I know you want people to use the app story but this is just a little cruel. I basically have to pay $99 a year now just to keep using my little app."

It's honestly comical and a little sad.

[1]: http://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-my-o...

◧◩
2. kromem+xz1[view] [source] 2023-07-22 04:44:21
>>quenix+Wg
The intent may genuinely be to help decrease bot activities versus human activities.

Even the ad example is about not charging advertisers for bot views, which is a huge problem right now.

The problem is that a tool can often be used for evil as easily as for good, and the more the standard was used to block ad blockers over simply filtering out User Agent spoofing bots, the more this tool ends up evil.

And even if the limited scope in the proposal was the true intent, there's nothing preventing scope creep.

Though reading over it all, I do think the assumption of motivations in most of the comments here are misaligned. This does seem to be primarily focused on the issue of growth in bot activity and making it harder on bots to act as if human to servers.

Still, the spirit of who controls the client is very much at stake, and the comments here are ostensibly right that this is a measure that should not happen.

(And frankly, given the bubbling attitudes about enshittification coupled with the coming lowered barrier of entry for competition against software firms and content production, I think this is very much the kind of thing that may backfire horribly if forced though.)

◧◩◪
3. zb3+eU1[view] [source] 2023-07-22 09:02:57
>>kromem+xz1
This is meant to be a Play Integrity API proxy for the web.

Now, I'm not opposed to having a locked down device when performing actions like using a bank app.

However, Google is abusing this, because they force their adware and spyware into that device, so I can't have a secure, locked down Android device without that.

◧◩◪◨
4. MzHN+902[view] [source] 2023-07-22 10:20:02
>>zb3+eU1
You could have, with Graphene OS Attestation[1].

But bank apps won't implement it because the market share isn't large enough. This is a great showcase of the issues with the new proposal as well.

[1] https://grapheneos.org/articles/attestation-compatibility-gu...

[go to top]