zlacker

[return to "So, you don't like a web platform proposal"]
1. rtpg+Jj[view] [source] 2023-07-25 06:59:18
>>KoftaB+(OP)
Since this is here and there is a point made about discussing the technical merits of [0]... can someone explain to me how the WEI stuff isn't easily "faked" by scrapers and the like?

I could see this being used in a similar way to user agents (sometimes helpful when working on bugs and fixing them on minor platforms!), but I'm really struggling to see the overall value-add here.

I get the politics aspect of it (I think...), but what's the new technical thing being added here?

[0]: https://github.com/RupertBenWiser/Web-Environment-Integrity/...

◧◩
2. mattlo+lm[view] [source] 2023-07-25 07:22:31
>>rtpg+Jj
I believe the idea is that an independent third party will cryptographically sign something to attest that the client is legit.

So you can't fake that unless you have the third party's private key.

If course the question is then, how does the attestation third party ensure you are sending it real information? I've not bothered to read the proposal because I don't care, but I suspect it will require client-side plugins/libraries etc snooping on what is going on kinda like an antivirus thing snoops on things going on.

◧◩◪
3. charci+8o[view] [source] 2023-07-25 07:37:28
>>mattlo+lm
Even if the client is legit someone can just use a web extention or the devtool protocol to navigate to pages and extract text.
[go to top]