←back to thread

Unpacking Google’s Web Environment Integrity specification

(vivaldi.com)
756 points dagurp | 3 comments | 26 Jul 23 11:30 UTC | HN request time: 0.001s | source
Show context
endisneigh ◴[26 Jul 23 17:54 UTC] No.36881965[source]
How exactly is WEI any worse than say a peep-hole on a door? At the end of the day bots are a huge problem and it's only getting worse. What's the alternative solution? You need to know who you're dealing with, both in life and clearly on the web.

I'm probably alone in this, but WEI is a good thing. Anyone who's run a site knows the headache around bots. Sites that don't care about bots can simply not use WEI. Of course, we know they will use it, because bots are a headache. Millions of engineer hours are wasted yearly on bot nonsense.

With the improvements in AI this was inevitable anyway. Anyone who thinks otherwise is delusional. Reap what you sow and what not.

edit: removing ssl comparison since it's not really my point to begin with

replies(16): >>36881994 #>>36882000 #>>36882015 #>>36882024 #>>36882088 #>>36882221 #>>36882265 #>>36882387 #>>36882539 #>>36882591 #>>36882677 #>>36883051 #>>36883062 #>>36883781 #>>36884189 #>>36884296 #
JohnFen ◴[26 Jul 23 17:55 UTC] No.36881994[source]
SSL doesn't demand that some third party approve your software and hardware in order for it to work for you.
replies(1): >>36882002 #
endisneigh ◴[26 Jul 23 17:56 UTC] No.36882002[source]
TPMs with attestation do exactly that. Are you opposed to that as well?
replies(7): >>36882017 #>>36882018 #>>36882043 #>>36882127 #>>36882424 #>>36882537 #>>36883819 #
JohnFen ◴[26 Jul 23 17:57 UTC] No.36882018[source]
Yes, I have been opposed to TPM since the start.
replies(1): >>36882054 #
endisneigh ◴[26 Jul 23 17:59 UTC] No.36882054[source]
What's your solution then to the problem TPMs solve?
replies(3): >>36882137 #>>36882150 #>>36882219 #
1. mindslight ◴[26 Jul 23 18:04 UTC] No.36882150[source]
What do you get from blasting this thread with a bunch of naive one liners that you could answer yourself if you studied the topic on your own for a little bit?

The answer to this one is that the fundamental problem that current TPMs aim to "solve" is that of allowing corporate control and inspection of end users' computers. To continue having a free society where individuals have some autonomy over the devices they purportedly own, this needs to be soundly rejected.

replies(1): >>36882836 #
2. pptr ◴[26 Jul 23 18:45 UTC] No.36882836[source]
Good idea, we just throw out all the security mechanisms to avoid "corporate control" and even worse anti virus software "inspecting end users' computers". I'm sure people will be very happy about all the mal- and ransomware they receive. Imagine the utopia we would live in.
replies(1): >>36883002 #
3. mindslight ◴[26 Jul 23 18:55 UTC] No.36883002[source]
You're using scare quotes, but I do specifically mean corporate control. Current TPMs were designed around giving centralized parties (eg corporations) privileged keys. TPMs could certainly be designed to not have any baked in privileged keys, instead putting the owner at the trust root. The current crop just wasn't.

Also that you're talking about anti virus shows that you're not really in touch with the gamut of computing. From my perspective, anti virus was something that was relevant two decades ago.