this post was submitted on 21 Jul 2023
68 points (97.2% liked)

Programming

17423 readers
85 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 1 year ago
MODERATORS
 

Related discussions:

you are viewing a single comment's thread
view the rest of the comments
[–] ruffsl@programming.dev 18 points 1 year ago

This proposed standard raises my concerns about the ability to continue using the public internet with user-preferred hardware/software and custom extensions, and does not instill my confidence in maintaining the level of freedom and accessibility users currently enjoy:

Some examples of scenarios where users depend on client trust include:

  • Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they're human, sometimes through tasks like challenges or logins.

What information is in the signed attestation?

The proposal calls for at least the following information in the signed attestation:

  • The attester's identity, for example, "Google Play".
  • A verdict saying whether the attester considers the device trustworthy.

How does this affect browser modifications and extensions?

Web Environment Integrity attests the legitimacy of the underlying hardware and software stack, it does not restrict the indicated application’s functionality: E.g. if the browser allows extensions, the user may use extensions; if a browser is modified, the modified browser can still request Web Environment Integrity attestation.