2329

And since you won't be able to modify web pages, it will also mean the end of customization, either for looks (ie. DarkReader, Stylus), conveniance (ie. Tampermonkey) or accessibility.

The community feedback is... interesting to say the least.

you are viewing a single comment's thread
view the rest of the comments
[-] tenth@lemmy.ml 60 points 1 year ago

Can someone give me an easy to understand example of what they are proposing? Assume that I don’t allow them to install any software/tool that helps them track me/my device.

I saw this comment and found it helpful but its still not clear to me

At its core, it establishes software components called "attesters" that decide whether your device and/or browser is "trustworthy" enough - as defined by the website you are trying to visit. Websites can enforce which "attesters" users must accept, simply by denying everybody access who refuses to bow down to this regime; or who uses attesters that are deemed "inappropriate"; or who is on a platform that does not provide any attesters the website finds "acceptable".

In short: it is specifically designed to destroy the open web by denying you the right to use whatever browser you want to use, on whatever operating system. It is next-level "DRM", introduced by affiliates of a company that already has monopolized the browser market. And the creators of this "proposal" absolutely know what they are attempting here.

[-] vvvvv@lemmy.world 32 points 1 year ago* (last edited 1 year ago)

Basically, it would allow websites to only serve users who comply with website requirements (i.e., no extensions, no ad blockers, only Chrome-based, whatever) whatever these requirements are.

You (your browser) go to a website, example.com, which requires attestation. So you must go to an attestation server and attest your device/browser combo (by telling the attestation server whatever information it requires). If the attestation server thinks you are trustworthy, it gives you an integrity token that you pass to example.com, and then you can see example.com. The website knows which attestation server issued your integrity token, so you can't create your own.

So no extra software means no attestation server would attest you; means you can't see example.com. End of story. It's the same as the current "your browser is not supported" window, only you can't get around it by changing the user agent.

As usual with these initiatives, bullshit is spread across different specs - this spec by itself implies that any number of attestation servers can exist, and they can check whatever they want, and no browser should be excluded, etc., etc., but practical implementation would probably check installed extensions, etc.

[-] Araozu@lemmy.world 9 points 1 year ago

Wouldn't spoofing work? Like, if the browser just sends "yes, no extensions, adblock, blah blah" then how would the attestation server know if that's true? Or does it require signed binaries, or some special hardware?

[-] vvvvv@lemmy.world 14 points 1 year ago

That is conveniently left out of the speck. Attestation server may require signed binary on a client system, it may require whatever it wants really, because why not? It's a website who decides to trust attestation server or not.

load more comments (5 replies)
load more comments (5 replies)
load more comments (9 replies)
this post was submitted on 21 Jul 2023
2329 points (99.3% liked)

Privacy

31981 readers
286 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS