Apple already shipped attestation on the web, and we barely noticed

Apple uses it for its iCloud Private Relay service. The blind token is used so that Cloudflare can verify that a given device pays for iCloud Private Relay without revealing their identity.

Attestation is when such a blind token is proving the integrity of the software running on the device, not proving arbitrary properties. Privacy Pass could actually enable a fast, semi-decentralized system of anonymizing proxies.

If Apple exposed the “is System Integrity Protection enabled” bit to the web, then that amounts to attestation to me. But yes, Apple can do this whenever it wants, and companies want Apple to do it, and it’s scary. They’ve already done this for Apple Pay, Widevine and HDCP.

https://blog.cloudflare.com/private-attestation-token-device...

> At WWDC 2022, Apple announced Private Attestation Tokens. Today, we’re announcing that Cloudflare Access will support verifying a Private Attestation token. This means that security teams that rely on Cloudflare Access can verify a user’s Apple device before they access a sensitive application — no additional software required.

> Private Attestation Tokens do not require any additional software to be installed on the user’s device. This is because the “attestation” of device health and validity is attested directly by the device operating system’s manufacturer — in this case, Apple.

> This means that a security team can use Cloudflare Access and Private Attestation Tokens to verify if a user is accessing from a “healthy” Apple device before allowing access to a sensitive corporate application. Some checks as part of the attestation include:

> Is the device on the latest OS version?

> Is the device jailbroken?

> Is the window attempting to log in, in focus?

> And much more.