zlacker

[return to "Mozilla Standards Positions Opposes Web Integrity API"]
1. eganis+s8[view] [source] 2023-07-25 03:35:49
>>danShu+(OP)
Expected, but meaningless if we can't drive people towards Firefox and away from Chromium products. That's something of a responsibility we all have, especially those of us invested in the safety and security (collectively, trust) of the web.

I haven't seen anything yet on whether Brave will support it, though if I'm understanding correctly, they won't have a choice since they're using Chromium. Hopefully I'm misinformed.

◧◩
2. Gigach+b9[view] [source] 2023-07-25 03:44:08
>>eganis+s8
The end result is that DRM and banking sites will just tell you to use chrome to continue. And users will keep migrating to chrome until Mozilla is forced to implement it.
◧◩◪
3. antod+5c[view] [source] 2023-07-25 04:12:09
>>Gigach+b9
I dunno about banking sites, currently they seem to be some of the worst out there in terms of caring about modern security techniques. eg SMS 2FA at best, terrible password handling etc. They don't move very fast at all.

It feels weird that I'm now grateful for how crap they are.

◧◩◪◨
4. MzHN+tg[view] [source] 2023-07-25 04:55:26
>>antod+5c
Since this is currently being built on Play Integrity API, and banking _apps_ are some of the most prominent users of it, I'm sure banking sites will follow if possible.

For example it is currently the reality in EU, that in order to use any of the native banking apps, a user has no choice but to expose themselves to privacy violations by either Google or Apple, i.e. US companies.

While at least one alternative exists, https://grapheneos.org/articles/attestation-compatibility-gu..., these alternatives are not being used in practice.

I see no way of preventing this happening on the web as well, if the Web Environment Integrity API ships.

◧◩◪◨⬒
5. hilios+8k[view] [source] 2023-07-25 05:23:30
>>MzHN+tg
So far I haven't encountered ans issues with banking apps using MicroG in Germany. Could be our banking apps are even more backward though. Also given PSD2 there is always the option of someone developing 3rd party banking apps.
◧◩◪◨⬒⬓
6. iggldi+l81[view] [source] 2023-07-25 12:42:20
>>hilios+8k
> Also given PSD2 there is always the option of someone developing 3rd party banking apps.

1. From what I've seen, the PSD2 APIs haven't really been created with end users in mind – there are non-trivial accreditation requirements on people/entities wishing to make use of those APIs, the expectation being that only professional middlemen will dally with those APIs.

2. The PSD2 APIs don't necessarily cover the full functionality of a bank's online banking functionality.

3. While you can probably still get quite far with "just" the ability to query the current account data and recent transactions, as well as being able to initiate payments, this doesn't sidestep the bank's authorisation requirements – meaning that unless you can use a hardware TAN generator or something like that, you're still dependent on the bank's app for payment and account access authorisation.

[go to top]