zlacker

[parent] [thread] 5 comments
1. gloosx+(OP)[view] [source] 2023-07-26 06:36:49
i dont need debug tools in the browser - if the bytes of encoded content are getting transmitted to the socket on my machine, there is no realistic way to prevent me from taking and replicating them, i don't see how some software inside the browser can have any effect on this, because the browser has zero idea where these bytes can go after they hit the socket. A good analogy would be filming your screen manually - computer has no idea of this filming and in no way can prevent it, because it cannot act on a real world around it, the same applies for browser, i can take a document, video or sound from any page without involing the browser
replies(1): >>kuschk+kb
2. kuschk+kb[view] [source] 2023-07-26 08:12:21
>>gloosx+(OP)
> because the browser has zero idea where these bytes can go after they hit the socket

The attestation uses a secure enclave in your processor with a secret key you can't access to verify that secure boot is on, you booted a signed OS, the OS is in locked-down mode, etc.

replies(1): >>gloosx+164
◧◩
3. gloosx+164[view] [source] [discussion] 2023-07-27 06:12:44
>>kuschk+kb
>The attestation uses

>you can't access

Don't you see how contradictory this is?

No secure enclave of registers or hidden secret keys can help, because a person can utilize the lower-level physical world around the processor to manipulate it (e.g sending electrical currents from a programator device manually). But that is a last resort, there are simple software attacks available already to fake as many "attested" devices as needed (for the same DRM system of Android). It will only bring more jeopardy to the "integrity"

replies(1): >>kuschk+sp4
◧◩◪
4. kuschk+sp4[view] [source] [discussion] 2023-07-27 08:57:30
>>gloosx+164
See that's exactly the issue why I hate this. You can always circumvent it, worst case with an electron microscope and some acid. So all it really does is prevent the average user from gaining control over their own hardware.

And for tech-minded people it doesn't fundamentally change anything, it just means that it now takes more time to do the same than before

replies(1): >>gloosx+3E4
◧◩◪◨
5. gloosx+3E4[view] [source] [discussion] 2023-07-27 10:50:54
>>kuschk+sp4
True, a cat-and-mouse game going on forever. Anyways, I don't believe they can succeed in walling such a monstrosity of technologies as the web, just by controlling some parts of it, even significant parts like the browser or search. It is only something governments can do by requiring a passport scan each time you open a connection (which is closing when you eject the passport from the scanner)
replies(1): >>ninten+jCa
◧◩◪◨⬒
6. ninten+jCa[view] [source] [discussion] 2023-07-28 23:13:01
>>gloosx+3E4
This is why Risc-V being developed in China and other countries and exported elsewhere is ironically a good thing at the base-level of computing. The chinese computers will require China's bugs, whereas exported good will NOT have it, otherwise it won't be bought.
[go to top]