It is unbelievable that over the course of 3 days, the potential future of the web has been put in such dire straits. There's already an existing, far less troubling (while still bad), proposal in the form of Private Access Tokens going through a standards committee that Google chose to ignore. They presented this proposal in the shadiest way possible through a personal GitHub account. They immediately shut down outside contribution and comments. And despite the blowback they are already shoving a full implementation into Chromium.
What we need is real action, and this is the role Mozilla has always presented itself as serving. A "true" disinterested defender of the ideals of the web. Now is the time to prove it. Simply opposing this proposal isn't enough. This is about as clear and basic an attack on what fundamentally differentiates the web from every walled garden as possible. If someone drafted a proposal to the W3C that stated that only existing browsers should be allowed to render web pages, the correct response would not be to "take the stance that you oppose that proposal," it would be to seriously question whether the submitting party should even participate in the group. Make no mistake, that is what is happening now.
Citation? To be sure, there was not universal outrage over Safari's attestation implementation, but out of curiosity I looked up the only thread I was aware of, in part because I couldn't remember what my reaction was at the time. That thread was a year ago and the overwhelming sentiment of the comments section is critical: >>31751203
Here were my comments at the time:
They're less forceful than they are now with Google, partially because I know more now about how attestation works than I did over a year ago, and partially because (as some people have also pointed out) Chrome's implementation is straightforwardly more dangerous than Apple's is.
But HN "actively defending" Safari? That's not the impression I get from the overall comment section and it's definitely not what I personally was doing. There are a lot of people in these comments calling Apple's implementation DRM. So I'm a little skeptical of the "nobody on HN cared about this with Safari" narrative that has sprung up; from what I can see media coverage was fairly positive, but people on HN were rightly critical. I'm not sure the facts match the narrative: Safari was criticized for this.
It's a fair critique that there wasn't a coordinated attempt to outright stop Apple, but I would once again remind everyone that attestation in Chrome is way more dangerous than attestation in iOS. The market matters, that's not context that can be ignored. So it's not really all that weird to me that people are more willing to react more strongly to abusive behavior in Chrome.