zlacker

[return to "Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web"]
1. codedo+rg[view] [source] 2023-07-24 22:28:33
>>jakobd+(OP)
> Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data.

There is no value in this "attestation" for me as a user. I want to be able to do whatever I want with the browser (for example, remove ads or block access to canvas and webgl) and I want sites to be unable to know this. And probably this attestation will provide additional fingerprinting signals which is what I don't want.

◧◩
2. jeroen+el[view] [source] 2023-07-24 23:00:10
>>codedo+rg
Attestation is a great concept for stuff you're in control of. Employee laptops, your own servers, your own phone, you name it. You want to be able to control and verify your devices are still under your control, preferably without manually entering the data center every week to check. The concept isn't inherently bad.

That said, the concept is seemingly aimed at blocking ad blockers and preventing browsers like Brave from impersonating Chrome so it can block ads without the need for extensions and such.

The only user-positive use case I can think of for this is for self-hosted software. Maybe it can be used to detect MitM attacks or malware messing with the browser? In practice this will just mean "no Firefox, no Linux, no adblockers".

[go to top]