zlacker

[return to "Google vs. the Open Web"]
1. Alifat+Bx[view] [source] 2023-07-26 13:22:38
>>ColinW+(OP)
So, how can this be bypassed in theory? Any ideas? Brainstorming is allowed.

EDIT: Saw a few mention two solutions to disable the automatic verification on iOS & macOS.

https://blog.cloudflare.com/how-to-enable-private-access-tok...

https://support.apple.com/en-us/HT213449

◧◩
2. nptelj+t81[view] [source] 2023-07-26 15:38:00
>>Alifat+Bx
My semi uninformed theories:

1. Someone could set up a server that proxies WEI required requests to regular clients. The client initiates the process, the request goes to the middleman, the middleman makes the proper WEI authorized request, gets the response, passes the response back to the client.

2. The private key could leak somehow, and so, software can forge the required signature.

I'm not holding my breath for either one. Some kind of regulation has to step in, otherwise Google puts the internet in a chokehold.

◧◩◪
3. a2128+vn1[view] [source] 2023-07-26 16:32:17
>>nptelj+t81
My guess is that on desktop, the endgame will involve implementing Easy Anti-Cheat levels of anti-tampering into the browser to prevent anyone from proxying through an automated Chrome instance or whatever. On Android, Google already has SafetyNet or Play Integrity, they can already refuse if the app or operating system has been modified
◧◩◪◨
4. nptelj+l94[view] [source] 2023-07-27 09:39:04
>>a2128+vn1
I agree that ultimately, this is what we're going to end up with. This is the only outcome that makes sense politically, and business-wise.
[go to top]