Apple already shipped attestation on the web, and we barely noticed - eviltoast
  • SirQuackTheDuck@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 year ago

    A very short TLDR would be:

    Apple (in this case) decides if your device should be trusted as a human, or if it’s suspicious / a robot, which could break parts of the Internet for those not joining this “attestation”, or using software that doesn’t support it.

    A more ELI5 version would be that Apple has implemented a controversial API (The Web Environment Integrity API) that indicates if a combination of OS + Browser + User behaviour is to be trusted as being human.

    Attestation before used to mean “is this device who it says it is”, and one can check that in some ways as part of WebAuthN (aka “Passwordless login”), where it would be useful to know if an Android device a site knows you have (as you’ve logged in before) is that same device. It’s a system to trust devices. The WEI-API expands this to look at your OS, your browser and your environment, like installed applications.

    Problem with this, is that the requirements don’t have to be public. Apple can decide what makes a “trustworthy device” and what can be considered “suspicious”.

    Bad examples like these are to “fail” attestation if you have torrent clients installed, of if you’re connected via a VPN, or if you’re not using Bing + Edge on Windows.

    Browsers and OS’es refusing to support attestation are likely to become a minority (most users use Chrome, and Google seems to be in favour). Should sites start blindly trusting this “attestation” - in replacement of captcha’s -, we could start seeing more privacy-prone combinations being locked out of these kind of sites.

    • YⓄ乙 @aussie.zone
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      4
      ·
      1 year ago

      Thanks mate. I’ll tell everyone to stop buying apple products but people are really ignorant and would not careless. Their $2000 phone is more imp. to showoff than fucking Internet.

      • SirQuackTheDuck@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Ehh, way to miss the point. This article is about Apple, but Google is doing the same with Android and Chrome.

        Parties that have issues with this are Linux distros and browsers like Firefox, that leave control and “humanness indicators” more in the hands of the users, instead of in the hands of big, influential companies.