zlacker

[return to "Google is already pushing WEI into Chromium"]
1. anshum+Qc[view] [source] 2023-07-26 13:12:43
>>topshe+(OP)
As someone who is a somewhat new to web technologies, can someone really explain why this is bad? I saw the techical discussions in the PRs made to the WEI repo but it was all super technical that I was not able to understand the arguments made for and against it.
◧◩
2. mplewi+Ee[view] [source] 2023-07-26 13:20:39
>>anshum+Qc
WEI turns non-compliant browsers into second-class citizens. You’re perfectly free to use whatever compliant browser engine and OS combo you like today – but in a world with WEI, you’ll have to use Approved Chrome on an Approved OS on Approved Hardware with Approved Signing Keys, or you won’t be able to sign into your bank.
◧◩◪
3. netdur+kh[view] [source] 2023-07-26 13:30:54
>>mplewi+Ee
isn't this good? banks can raise security while we can still use any browser to check hackers news! or this 3 cows story?
◧◩◪◨
4. yborg+en[view] [source] 2023-07-26 13:54:12
>>netdur+kh
In what way does this increase the security of my bank account? A criminal can use credentials it obtained via a hack, etc. using an approved platform to access my account. My own approved platform can be compromised by malware and used to access my account. This class of problems is addressed by physical ID tokens, not attestation.
◧◩◪◨⬒
5. kccqzy+ym1[view] [source] 2023-07-26 17:33:03
>>yborg+en
Presumably a criminal now no longer can install a piece of malware that looks into the memory of your browser to steal credentials in the first place.

They will now have to use old fashioned social engineering to make you cough up that credential to steal.

[go to top]