zlacker

[parent] [thread] 9 comments
1. Knobbl+(OP)[view] [source] 2023-07-26 10:50:46
A good and measured article marred only by a silly, clickbait title.

Unless there is a plan to allow attesters that are independent bodies then this is absolutely a threat to the open internet, or what's left of it.

The biggest dead canary for me is the lack of calling this out explicitly by Google or Apple. We're left to assume that Google is hand-wavingly saying "don't worry we can take care of that" when the private companies already monopolizing parts of the Internet are the absolute last people we want handling attestation.

replies(3): >>jackda+Q >>heisen+u3 >>fooyc+Dl
2. jackda+Q[view] [source] 2023-07-26 10:57:38
>>Knobbl+(OP)
even assuming unbiased and objective attesters, the issue lies with the "baseline criteria" of attestation and who defines them.

There are two risks here (examples follow):

1. hostile requirements - "the agent won't feature adblockers", or "scraping without explicit website permission must be forbidden"

2. prohibitive requirements - "the agent implements protocols X, Y and Z and adheres to standards A, B and C" - all of these may be reasonable things, but en masse they may be too much work to carry by anyone but a reasonably big vendor

Additionally these criteria must be verifiable, so user can't basically modify the agent, because then the attestation is practically void.

replies(1): >>Knobbl+6H
3. heisen+u3[view] [source] 2023-07-26 11:14:02
>>Knobbl+(OP)
What is wrong when walking into a web shop with disclosing how much money you earn and may be able to part with?
replies(2): >>smeej+N4 >>bloope+8D
◧◩
4. smeej+N4[view] [source] [discussion] 2023-07-26 11:21:36
>>heisen+u3
It terrifies me that I'm actually unsure whether this comment is sarcastic.
replies(2): >>civili+w8 >>heisen+Of7
◧◩◪
5. civili+w8[view] [source] [discussion] 2023-07-26 11:44:15
>>smeej+N4
On HN Poe’s Law can always be assumed in the affirmative.
6. fooyc+Dl[view] [source] 2023-07-26 12:57:55
>>Knobbl+(OP)
Consider this scenario:

- Content sites implement Web Integrity API to block bots

- But they still allow Google crawlers, because Google is their source of traffic

- Google competitors are locked out

How do attesters solve this problem?

◧◩
7. bloope+8D[view] [source] [discussion] 2023-07-26 14:07:33
>>heisen+u3
Obviously this is awful, but I wanted to share some organizations could use that as a bad pattern:

"Oh, this area of $hot_social_media_site is for people earning ($user_salary * 1.4). But you can get access for just $10/month paid monthly or $9/month paid a year in advance! You don't want to be left out and lose the chance to network with higher earners, do you?!?"

◧◩
8. Knobbl+6H[view] [source] [discussion] 2023-07-26 14:22:43
>>jackda+Q
Absolutely. Independent bodies don't solve the other myriad issues with attestation, but they don't add the ones that corporate interests do either.
◧◩◪
9. heisen+Of7[view] [source] [discussion] 2023-07-28 05:44:16
>>smeej+N4
Rest assured it is sarcastic. It is terrifying because you start sensing what power shift that is. And it is not theoretical in the slightest, my wife starts complaining about dynamic pricing in web shops where she used to find deals at seasons end.

Or what is wrong with meeting politicians what have always a very good brief in their hands telling them what words have maximum impact on the small group before them? It seems to work looking at the increasing number of spineless chameleons.

replies(1): >>smeej+RD7
◧◩◪◨
10. smeej+RD7[view] [source] [discussion] 2023-07-28 10:19:03
>>heisen+Of7
I think for me it's terrifying because it sounds like the same line of reasoning as, "Why should I care about encryption? I don't have anything to hide," and people say (and mean) that a LOT.

So many people genuinely don't understand what would be wrong with this scenario, and that's why I'm afraid.

[go to top]