zlacker

[parent] [thread] 8 comments
1. rezona+(OP)[view] [source] 2023-07-26 17:58:33
That's exactly what WEI is supposed to do... And yes, websites should not be able to use the TPM for attesting the user's environment.
replies(1): >>endisn+h
2. endisn+h[view] [source] 2023-07-26 17:59:17
>>rezona+(OP)
why not? how do you want to solve the problem of provenance? if you feel it's not a problem to begin with, then the sites in question can simply choose not to enable it. if they enable and believe it is a problem, then clearly there's a dissonance between the places you choose to visit and their goals, no?
replies(5): >>lxgr+K >>rezona+N2 >>rvba+z5 >>jerf+A5 >>howint+6G
◧◩
3. lxgr+K[view] [source] [discussion] 2023-07-26 18:01:22
>>endisn+h
WEI does not solve any "problem of provenance"; it's DRM for the web. It asserts things about the browser environment to the website operator, not the other way around.

Are you sure you actually understand these two technologies (WEI and TLS) sufficiently to make these claims?

◧◩
4. rezona+N2[view] [source] [discussion] 2023-07-26 18:08:30
>>endisn+h
> sites in question can simply choose not to enable it.

My problem isn't that I as a developer don't have an option to not implement attestation checks on my own web properties. I already know that (and definitely won't be implementing them).

My problem is that a huge number of websites will, ostensibly as an easier way to prevent malicious automation, spam etc, but in doing so will throw the baby out with the bathwater: That users will no longer have OS and browser choice because the web shackles them to approved, signed, and sealed hardware/software combinations primarily controlled by big tech.

◧◩
5. rvba+z5[view] [source] [discussion] 2023-07-26 18:18:29
>>endisn+h
> then the sites in question can simply choose not to enable it

Google can reduce the page rank of websites that dont enable it (or just not give any page rank at all) and now everyone who wants to be found has to enable it

replies(2): >>erosen+Yj >>nfw2+7X
◧◩
6. jerf+A5[view] [source] [discussion] 2023-07-26 18:18:31
>>endisn+h
The problem of provenance is significantly smaller than the problem of monopolistic companies given control over who is and is not an approved user of the web.

Provenance to the extent it is a problem is already handleable and largely handled. Note that "handled" here does not mean it is 100% gone, only that it is contained. Monopolistic control over the web is not containable.

◧◩◪
7. erosen+Yj[view] [source] [discussion] 2023-07-26 19:11:54
>>rvba+z5
That would clearly be an antitrust violation or deceptive business practice in one or more countries. Though by the time they get penalized for it, the damage would have been done.
◧◩
8. howint+6G[view] [source] [discussion] 2023-07-26 20:39:13
>>endisn+h
Under capitalism (or really any socio-economic system) we engage with services for reasons other than choice all the time. For example, if you're living in an area where just one or two banks exist, and both of them suddenly decide to force DRM because their cyber insurance company told them to, you can suddenly no longer access their sites on Linux. That's pretty fucked up.

The people who want to use DRM to solve their problems should just suck it up and find alternatives.

◧◩◪
9. nfw2+7X[view] [source] [discussion] 2023-07-26 21:58:18
>>rvba+z5
Google can already do this if they want to. For example, they could increase the page rank of sites use Google Analytics (or any other Google client library). But this would be exceedingly stupid because it would compromise the quality of their search results, and remaining the leader in search should be their highest priority.
[go to top]