←back to thread

Apple already shipped attestation on the web, and we barely noticed

(httptoolkit.com)
596 points pimterry | 3 comments | 25 Jul 23 14:10 UTC | HN request time: 0.749s | source
1. skybrian ◴[25 Jul 23 15:09 UTC] No.36863440[source]
A possible difference between private access tokens and the web integrity proposal is the idea of “holdback” which means that for some reasons chosen at random it would fail to work, and any websites that use it would be forced to have alternative fallback mechanisms.

Why bother, then? This is for things like captchas and credit card risk scores. It’s useful to be able to know that some users are low risk (not a bot, not being phished) and then to have additional verification for others.

It’s listed under “open questions” but I think it would go a long way towards preserving an open web.

replies(1): >>36869612 #
2. dahwolf ◴[25 Jul 23 21:10 UTC] No.36869612[source]
The type of websites requiring advanced anti-abuse tactics currently make heavy use of fingerprinting techniques. Google's idea that fingerprinting will cease to exist if this is implemented is a joke.
replies(1): >>36886244 #
3. skybrian ◴[26 Jul 23 22:51 UTC] No.36886244[source]
If all efforts at coming up with a suitable replacement are thwarted, I think it's safe to say that fingerprinting will continue and increase. It's not like businesses are going to stop caring about bots and fraud. Fraud and anti-fraud are big businesses.