@unholysweater@fosstodon.org

  • 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle



  • Pardon formatting, on mobile. Its a form of device authentication. Apple does this with safari already BTW, and it can reduce things like captcha because the authentication is done on the backend when a request hits a server. While still an issue in concept with Apple doing it, chromium browsers are a much larger market share. In layman’s terms this is basically the company saying, hey you are attempting to visit this site, we need to verify the device (or browser, or add on configuration, or no ad blocker, etc) is ‘authentic’. Which of course is nebulous. It can be whatever the entity in charge of attestation wants it to be.

    This sets the precedent that whomever is controlling verification, can deny whomever they see fit. I’m running GrapheneOS on my phone currently, they could deny for that. Or, if you are blocking ads. Maybe you’re not sharing specific information about your device, and they want to harvest that. Too bad, comply or you’re ‘not allowed to do x or y’.

    This is the gist. The web should be able to be accessed by anybody. It isn’t for companies to own nor should it be built that way. Web2 is a corporate hellscape.

    Edit wrt Safari: https://httptoolkit.com/blog/apple-private-access-tokens-attestation/