All these elites always want to know what we plebs are running. The governments want Venmo to report anything that adds up to over $600 a year to the IRS. FATCA travel rule pushes all countries to do the same, for $1K but FINCEN has lobbied for as low as $250!
Meanwhile the Pentagon can’t account for trillions, and both parties give them more money than they even ask for. We have government officials in constant secret meetings, failing to avert disasters, then the plebs have to fight.
I say — we should have attestation that the server is running verified code, the one that was audited by third parties that I accept! That would be what I always wanted on the Web. Instead, they only do it the other way.
We the People have to rise up and demand that Google implements a standard that uses SGX extensions or whatever, to guarantee that the code managing the website matches the audited code. This is long overdue! It is also why we use smart contracts and Web3 for now.
All I really want, on the mobile Web, is a way to visit a URL that has a content hash, and it will load a static file matching a content hash, and save it so it’s always available locally. That’s it! So I can trust the code. Without having to install an extension. Instead Apple clears everything after 7 days, making it useless! And SRI only works for subresources. Which means the server can be hacked and serve malicious code to me anytime!
https://arstechnica.com/information-technology/2022/08/archi...