zlacker

[parent] [thread] 2 comments
1. wzdd+(OP)[view] [source] 2023-07-25 16:05:34
> then a web that is populated by identified humans (and their authorised proxies!)

You wrote "I kind of get both sides here", but, to be clear, this is the polar opposite of both the WEI proposal and Apple's thing, both of which go to some lengths to not allow identification of actual humans (they focus on proving that the device is legit).

replies(1): >>lifeis+d4
2. lifeis+d4[view] [source] 2023-07-25 16:18:11
>>wzdd+(OP)
Because the proving the human is legit is also the next obvious step, it's where many governments (democratic and not!) are heading. I mean it's not a huge leap to go from "this device number 1234 is legit to "paul bought device 1234" or "paul used device 1224 to access bank account 5678".

The next step is barely a step.

replies(1): >>wzdd+I51
◧◩
3. wzdd+I51[view] [source] [discussion] 2023-07-25 20:11:30
>>lifeis+d4
Actually, these two things are orthogonal.

If you require some kind of authentication process to prove your identity, it doesn't matter whether your device has TPM-supported device attestation or not. If Apple or Google wanted to do that, they already have the in-browser infrastructure for it in the form of login with Apple or login with Google. Making such a thing anonymous for third parties (so they just know it's a human, rather than which human) would be trivial.

[go to top]