Most active commenters
  • shuckles(3)

←back to thread

Apple already shipped attestation on the web, and we barely noticed

(httptoolkit.com)
596 points pimterry | 12 comments | 25 Jul 23 14:10 UTC | HN request time: 0.862s | source | bottom
Show context
Santosh83 ◴[25 Jul 23 14:28 UTC] No.36862751[source]
Maybe I'm wrong but Web Attestation will also be a death knell for Linux devices (not Android/Chrome OS) as far as being able to use them as equal clients to use the Web goes. They're simply too diverse and 'hackable' as a plotform for remote attestation to work reliably and thus they'll be excluded altogether (except a few 'blessed' distros that will then become industry controlled, and not Linux in spirit anymore).
replies(7): >>36862825 #>>36862993 #>>36863025 #>>36863063 #>>36863230 #>>36864206 #>>36865119 #
1. shuckles ◴[25 Jul 23 14:47 UTC] No.36863063[source]
So far, Private Access Tokens are not widely adopted so you can get a feel for the potential Linux experience by browsing the web with iCloud Private Relay enabled. This flags almost every website's anti-spam classifiers, and you end up having to do 3-5 captchas to access anything protected by one. Wikipedia also blocks you from editing: https://meta.wikimedia.org/wiki/Talk:Apple_iCloud_Private_Re....
replies(4): >>36863139 #>>36863163 #>>36863224 #>>36863242 #
2. api ◴[25 Jul 23 14:51 UTC] No.36863139[source]
Playing devils advocate: how else do you prevent spam without requiring a login on every single web page? Especially in the world of AI-powered spam that can be indistinguishable from humans and automated at scale and can solve captchas.

Spam destroys everything. The open web has been at war with it forever, and soon it will win just like it has won in every other domain that is not completely locked down.

I love the fediverse but I fully expect it be destroyed by spam as soon as it gets big and influential enough to be a juicy target.

The Internet is a dark forest. The future is private encrypted networks, private forums, etc.

replies(4): >>36863274 #>>36865133 #>>36865524 #>>36866335 #
3. flangola7 ◴[25 Jul 23 14:53 UTC] No.36863163[source]
How is this different from using Tor or an anonymization VPN?
replies(2): >>36863216 #>>36866260 #
4. shuckles ◴[25 Jul 23 14:56 UTC] No.36863216[source]
IME, browsing the web with iCloud Private Relay is much better than Tor, since your client is not outright blocked by websites. I have not browsed the web much behind a VPN, so I can't compare the experiences.
5. simonklitj ◴[25 Jul 23 14:56 UTC] No.36863224[source]
Thank you! I’ve been going crazy trying to figure out why I’m completing so many captchas recently.
6. cush ◴[25 Jul 23 14:57 UTC] No.36863242[source]
I haven’t noticed anything different with Private Relay enabled
7. shuckles ◴[25 Jul 23 14:59 UTC] No.36863274[source]
I think Private Access Token is a reasonable design, and it should be standardized with multiple attestation providers that any client can use. That seems like it would move the web forward, unlike simply not making headway on the problem of spam and fingerprinting/tracking as an anti-spam measure at all.
8. tjoff ◴[25 Jul 23 16:39 UTC] No.36865133[source]
> how else do you prevent spam without requiring a login on every single web page?

Probably missing something, what can you spam without an account today?

9. r00fus ◴[25 Jul 23 17:00 UTC] No.36865524[source]
Spam even exists where logins ARE required. Look at Reddit or Twitter/X and any web-accessible forum where logins are required. Lots of spam everywhere.

I don’t think attestation will prevent this, it does however, prevent scraping if attestation is required to even view content.

replies(1): >>36891786 #
10. lost_tourist ◴[25 Jul 23 17:41 UTC] No.36866260[source]
VPN works for almost any internet service and not just web browsing

VPN can be bought outside of a 5 eyes company

Tor is much better at making it easier to hide your browser footprint and thus anonymity browsing across sites as long as you reconnect often and don't change default settings.

11. yborg ◴[25 Jul 23 17:46 UTC] No.36866335[source]
Based on where the MAU counts are, by your criteria the Fediverse will be safe from spam forever. Which falls into your last point, it's essentially a set of private forums, that interconnect. It's kind of ironic that the idea of the Fediverse apparently being beyond the neuron activation threshold of most people ends up being an effective filter.
12. Tokumei-no-hito ◴[27 Jul 23 11:02 UTC] No.36891786{3}[source]
What would prevent bots from using “approved” attester devices to navigate and scrape? Is attestation done by checking what local processes are running?