(httptoolkit.com)

596 points pimterry | 2 comments | 25 Jul 23 14:10 UTC | HN request time: 0s | source

Show context

gooob ◴[25 Jul 23 14:31 UTC] No.36862804[source]▶

what even is the reasoning they have for proposing and implementing this?

replies(3): >>36862852 #>>36862893 #>>36862910 #

1. capableweb ◴[25 Jul 23 14:36 UTC] No.36862893[source]▶

Pretty clear from the announcement ("Challenge: Private Access Tokens" - June 9, 2022 - https://developer.apple.com/news/?id=huqjyh7k):

> Private Access Tokens are powerful tools that prove when HTTP requests are coming from legitimate devices without disclosing someone's identity

The value add is pretty clear and good, but the downsides are probably bigger than the value add, so personally I wouldn't say the compromise is worth it.

replies(1): >>36864600 #

2. gooob ◴[25 Jul 23 16:13 UTC] No.36864600[source]▶

>>36862893 (TP) #

oh yeah, i read up on it from the explainer right after commenting. should've updated that sorry

↑

Apple already shipped attestation on the web, and we barely noticed