←back to thread

Apple already shipped attestation on the web, and we barely noticed

(httptoolkit.com)
596 points pimterry | 4 comments | 25 Jul 23 14:10 UTC | HN request time: 0.806s | source
Show context
meandmycode ◴[25 Jul 23 14:56 UTC] No.36863228[source]
Some of the takes about why attestation is bad seem purposely false because the author dislikes the feature. If attestation isn't triggered then prior behaviour will happen (captcha etc).. this is a progressive feature.. and the point of the attestation isn't to prove you're using an approved device, it's to prove a human is actually present, of which, a verified software stack is needed, otherwise the feature is useless..
replies(5): >>36863679 #>>36864216 #>>36868839 #>>36869537 #>>36873169 #
1. dahwolf ◴[25 Jul 23 21:05 UTC] No.36869537[source]
It doesn't prove that a human is present at all.
replies(1): >>36877968 #
2. meandmycode ◴[26 Jul 23 14:07 UTC] No.36877968[source]
It actually does, that's entirely it's purpose.. I know it takes a little effort to actually go and research yourself, but here you go https://developer.apple.com/videos/play/wwdc2022/10077/
replies(1): >>36884523 #
3. dahwolf ◴[26 Jul 23 20:31 UTC] No.36884523[source]
You must have never heard of test automation with real devices? No human there, still passes this check.
replies(1): >>36894351 #
4. meandmycode ◴[27 Jul 23 14:42 UTC] No.36894351{3}[source]
Even if that's true (apple is a bit ambiguous here because they say passcode login is enough), this is still connected to a need to login physically, it sets a much higher cost of acquisition for most.. plus this isn't relevant.. the tech is still aimed at proving real human interaction, even if it's not perfect at that today..