←back to thread

Apple already shipped attestation on the web, and we barely noticed

(httptoolkit.com)
596 points pimterry | 2 comments | 25 Jul 23 14:10 UTC | HN request time: 1.826s | source
Show context
Santosh83 ◴[25 Jul 23 14:28 UTC] No.36862751[source]
Maybe I'm wrong but Web Attestation will also be a death knell for Linux devices (not Android/Chrome OS) as far as being able to use them as equal clients to use the Web goes. They're simply too diverse and 'hackable' as a plotform for remote attestation to work reliably and thus they'll be excluded altogether (except a few 'blessed' distros that will then become industry controlled, and not Linux in spirit anymore).
replies(7): >>36862825 #>>36862993 #>>36863025 #>>36863063 #>>36863230 #>>36864206 #>>36865119 #
shuckles ◴[25 Jul 23 14:47 UTC] No.36863063[source]
So far, Private Access Tokens are not widely adopted so you can get a feel for the potential Linux experience by browsing the web with iCloud Private Relay enabled. This flags almost every website's anti-spam classifiers, and you end up having to do 3-5 captchas to access anything protected by one. Wikipedia also blocks you from editing: https://meta.wikimedia.org/wiki/Talk:Apple_iCloud_Private_Re....
replies(4): >>36863139 #>>36863163 #>>36863224 #>>36863242 #
api ◴[25 Jul 23 14:51 UTC] No.36863139[source]
Playing devils advocate: how else do you prevent spam without requiring a login on every single web page? Especially in the world of AI-powered spam that can be indistinguishable from humans and automated at scale and can solve captchas.

Spam destroys everything. The open web has been at war with it forever, and soon it will win just like it has won in every other domain that is not completely locked down.

I love the fediverse but I fully expect it be destroyed by spam as soon as it gets big and influential enough to be a juicy target.

The Internet is a dark forest. The future is private encrypted networks, private forums, etc.

replies(4): >>36863274 #>>36865133 #>>36865524 #>>36866335 #
1. r00fus ◴[25 Jul 23 17:00 UTC] No.36865524[source]
Spam even exists where logins ARE required. Look at Reddit or Twitter/X and any web-accessible forum where logins are required. Lots of spam everywhere.

I don’t think attestation will prevent this, it does however, prevent scraping if attestation is required to even view content.

replies(1): >>36891786 #
2. Tokumei-no-hito ◴[27 Jul 23 11:02 UTC] No.36891786[source]
What would prevent bots from using “approved” attester devices to navigate and scrape? Is attestation done by checking what local processes are running?