I have to say again, I don't know if you expect this to sway anyone reading these comments, but it's not going to. this is not very difficult to look up, you should have been able to find this link yourself. > uBlock Origin already objectively runs worse on Chrome than Firefox > I use it just fine on Chrome and do not see any ads. please do any amount of research into how this has played out. > And there is a ton of evidence that attestation will be used for DRM and to prevent adblocking > Please share it. The entire premise falls apart if fully user-controlled environments are supported. There is no definition of "trusted computing environment" for a website provider that doesn't involve blocking access to arbitrary user-controlled code execution at the OS and browser level.īecause if you couldn't block that access, you wouldn't have any security guarantees. > With attestation doesn't reveal what OS you are using, so it owned still be impossible to reliably block Linux.ĭo you genuinely think that an Open Linux environment is going to support attestation? We're having a hard enough time getting Passkey to support Linux, there is zero chance that Arch Linux becomes a trusted attestation provider for the Web Environment Integrity API.Īnd if it did, this whole proposal would be useless, because I'd be able to use Headless Chromium on Arch Linux and just have Arch Linux say that my computing environment was secure. If this doesn't block extensions, then it's not a useful proposal for blocking bots. And blocking that behavior is explicitly one of the use-cases listed in this proposal for the integrity API. If you allow arbitrary extension access, you can't provide guarantees about whether someone is human or not, extension APIs allow for automation and scraping. Second of all, attestation has a lot to do with extensions because extensions are based on browser functionality, and attestation impacts which software you can run.Īnd attestation has even more to do with extensions when extended to websites because if the point of this is to established "trusted" environments, then arbitrary extension access means an environment is not trusted. Attestation has nothing to do with extentions.įirst of all, extensions are not serverside code, so no. >Conflating serverside generated code to native app restrictions is nonsensical, they are not the same thing > You did it first.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |