zlacker

Anyone using a browser without this feature will end up becoming second class citizens who must jump through (extreme) hoops to use the web...

Or they're just walled off from most of the web entirely.

I use a variety of personally developed web scraper scripts. For instance, I have digital copies of every paystub. These will almost all become worthless. My retirement plan at a previous employer would not let me download monthly statements unless I did it manually... it was able to detect the Mechanize library, and responded with some creepy-assed warning against robots.

No one would go to the trouble to do that manually every month, and no one was allowed robots apparently. But at least they needed to install some specialty software somewhere to disallow it. This shit will just make it even easier for the assholes.

I also worry about tools I sometimes use for things like Selenium.

This isn't SSL.

>>NoMore+(OP)
This is not true. Sites will not be obligated to implement WEI. At the end of the day bots are a real issue, with no real solution other than attestation. AI is accelerating this issue. This (WEI or something else) is inevitable.

>>NoMore+(OP)
To be fair it's only a matter of time until CV and NNs replace Webdriver/Selenium as the goto for scraping. First using accessibility APIs and later on imagine something you plug into USB C that emulates DisplayPort and HID devices.

>>endisn+O2
> This is not true. Sites will not be obligated to implement WEI.

There are a number of sites I frequent but don't log in to or register for an account.

Every single one of them has an absurd number of captchas, or I see the cloudflare protection thing come up for first for 3 seconds.

So while hypothetically it may be true that they don't have to do it, they will. It's not even clear to me that Firefox could implement it too... so do I have to switch back to Chrome (or [barf] Safari?)? Dunno. I can't predict the future, but you'd have to be in some sort of denial to not see where this is going.

> At the end of the day bots are a real issue

Bots are fucking awesome. We should all have bots, out there doing the boring stuff, bringing back the goodies to us. If someone tells you that bots are bad, they're lying to you because they're afraid that you might find out how much you'd want one.

>>hnav+04
> To be fair it's only a matter of time until CV and NNs replace Webdriver/Selenium as the goto for scraping. First using accessibility APIs and later on imagine something you plug into USB C that emulates DisplayPort and HID devices.

*exactly*. The analog loophole is where this cat/mouse game must end. Since we already know how it'll play out, can't we invest our time into more useful endeavors?

>>endisn+O2
Maybe so, but if so, let's please make it something else.

I'm fine with attestation when it comes to high-risk tasks such as confirming financial transactions or signing legal documents, or anonymous "proof-of-humanity" solutions such as Apple's Private Access Tokens (as long as there's a CAPTCHA-based or similar alternative!) for free trials or account creations (beats using SMS/phone number authentication, at least), but applying Trusted Computing to the entire browser just goes much too far.

>>baby_s+L8
But then google will integrate HDCP into this mess, forcing us to have a camera pointed at a monitor :P

>>endisn+O2
McDonalds app requires safetynet (effectively the same as this proposal) passing to access their app. Is that really required?

If you put a capability in, people will use (and abuse) it.

>>lxgr+lf
With the rate AI is accelerating, it's possible that nothing akin to a CAPTCHA may be viable soon. That sort of verification is already approaching the threshold of what's reasonable to ask humans to solve.

>>hnav+04
At which point you use CAPTCHA.

The goal of WEI is not to get rid of bots, that's just a bonus, it is to remove user control and customization over his own experience.