zlacker

>>jakobd+(OP)
> Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data.

There is no value in this "attestation" for me as a user. I want to be able to do whatever I want with the browser (for example, remove ads or block access to canvas and webgl) and I want sites to be unable to know this. And probably this attestation will provide additional fingerprinting signals which is what I don't want.

>>codedo+rg
Ehhh, it depends.

In theory one could imagine a scenario like a bank website refusing to be accessed unless the entire OS & browser stack pass attestation - as that would rule out things like keyloggers, malicious browser extensions, and session hijacking.

In practice it'll just be used to lock down content and force unskippable ads on users, of course.

>>crote+hn
IT in big banks is usually horrible and their security departments would close you and your family in a cage if it was possible and helped them avoid liability. If attestation exposes let's say your password policy, be sure you'll be required to set it for monthly changes the moment they can do that.

I don't want them to have a say in how I run my devices.

>>dzikim+871
Absolutely this. Banks are notorious for cargo culting. Their ideas of security are often inane.

I'm also sure it'll end up with things like "your browser is too up-to-date" or crap like that.