this post was submitted on 03 Sep 2023
316 points (95.7% liked)
Technology
59217 readers
3143 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It wouldn’t be an instance. It would be their CDN. And your browser.
And any instance of significant size is going to have a CDN to help deal with the DDoS attacks and bots. Hell I would bet that outside of very carefully curated instances, all fediverse instances will start using CDNs here soon just because of bots.
And chances are they will use cloudfare or Fastly.
But there’s nothing to “enforce”. It’s not a “you must be attested or you can’t access” it will be “if you’re not attested you will have a captcha shown for most things”.
Cloudfare already does this. If your browser looks suspicious, and the website you’re visiting using cloudfare as a CDN, you’ll be redirected to cloudfare to enter a captcha before they’ll let you into the site.
Attestation removes that captcha part using a token generated by your device and validated by the maker of the browser you’re using. So you’d never even see the redirect at all, it would just take a second or two longer to connect.
People using heavily modified machines or browsers wouldn’t be attested and would have to enter a captcha. That’s about it.
The captcha is a good compromise.
It is. Until you have to enter a captcha for every redirect. Then it will get real annoying.
Then I won't use those services if I get to that point. Like with the cookies. For the most part, I get out of my way to reject all cookies and "legitimate interest" requests. But sometimes I just don't want to do that and say "fuck it" and go somewhere else.