> How does this affect browser modifications and extensions?
> Web Environment Integrity attests the legitimacy of the underlying hardware and software stack, it does not restrict the indicated application’s functionality: E.g. if the browser allows extensions, the user may use extensions; if a browser is modified, the modified browser can still request Web Environment Integrity attestation.
Then what's the point? I can make modified bot browser that commits ad fraud as long as I don't use a rooted Android phone?
I don't believe they're being honest with how this will be used. We need to legally regulate remote attestation.
> As new browsers are introduced, they would need to demonstrate to attesters (a relatively small group) that they pass the bar, but they wouldn't need to convince all the websites in the world.
It speaks for itself. Horrid.
I'd go a step further. We need to ban it. It should be illegal to sell devices to consumers that already contain private keys, unless all of said keys are provided to the consumer at the time of purchase.
So computers, phones, and game consoles cannot have remote attestation but home security systems, ATMs, e-Readers, medical devices, water/electricity usage meters can do remote attestation.