zlacker

>>danShu+(OP)
Expected, but meaningless if we can't drive people towards Firefox and away from Chromium products. That's something of a responsibility we all have, especially those of us invested in the safety and security (collectively, trust) of the web.

I haven't seen anything yet on whether Brave will support it, though if I'm understanding correctly, they won't have a choice since they're using Chromium. Hopefully I'm misinformed.

>>eganis+s8
The end result is that DRM and banking sites will just tell you to use chrome to continue. And users will keep migrating to chrome until Mozilla is forced to implement it.

>>Gigach+b9
I dunno about banking sites, currently they seem to be some of the worst out there in terms of caring about modern security techniques. eg SMS 2FA at best, terrible password handling etc. They don't move very fast at all.

It feels weird that I'm now grateful for how crap they are.

>>antod+5c
Since this is currently being built on Play Integrity API, and banking _apps_ are some of the most prominent users of it, I'm sure banking sites will follow if possible.

For example it is currently the reality in EU, that in order to use any of the native banking apps, a user has no choice but to expose themselves to privacy violations by either Google or Apple, i.e. US companies.

While at least one alternative exists, https://grapheneos.org/articles/attestation-compatibility-gu..., these alternatives are not being used in practice.

I see no way of preventing this happening on the web as well, if the Web Environment Integrity API ships.

>>MzHN+tg
I have heard podcast with lead dev of local bank app talking about how they wish PWAs would be possible. Because right now they have to secure and audit web, ios, android. Instead having one platform would be easier and probably more secure.

Maybe web is the right platform for these. But of course Google will use this to close things down.