zlacker

[return to "Google vs. the Open Web"]
1. protoc+vY[view] [source] 2023-07-26 15:05:49
>>ColinW+(OP)
This is kind of overblown isnt it?

I remember sites doing all sorts of hacks to identify and shut down IE back in the day. "Works best in Chrome/Firefox".

"The proposal calls for at least the following information in the signed attestation:

    The attester's identity, for example, "Google Play".
    A verdict saying whether the attester considers the device trustworthy.
"

So a user agent string and a weak attestation?

This seems an overcomplex nothingburger.

◧◩
2. allisd+a71[view] [source] 2023-07-26 15:34:10
>>protoc+vY
What part of attestation don't you understand? If linked with a OS level signing with keys stored on TPM, it's game over for private browsing. The only thing worse than companies proposing such measures are the useful idiots downplaying the impact. If someone disagrees, pray tell us muddle brains how to bypass this on a proprietary OS with locked boot and tpm stored keys.
◧◩◪
3. protoc+Qza[view] [source] 2023-07-29 01:30:25
>>allisd+a71
>If linked with a OS level signing with keys stored on TPM

Is that listed in the article anywhere? Is that part of the proposal?

The proposal does however say that even if the attestation fails, that the user should be allowed to access the website.

Are you upset with the proposal, or some other proposal that you are imagining?

[go to top]