this post was submitted on 03 Sep 2023
316 points (95.7% liked)

Technology

59152 readers
2297 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 1 year ago (1 children)

A very short TLDR would be:

Apple (in this case) decides if your device should be trusted as a human, or if it's suspicious / a robot, which could break parts of the Internet for those not joining this "attestation", or using software that doesn't support it.

A more ELI5 version would be that Apple has implemented a controversial API (The Web Environment Integrity API) that indicates if a combination of OS + Browser + User behaviour is to be trusted as being human.

Attestation before used to mean "is this device who it says it is", and one can check that in some ways as part of WebAuthN (aka "Passwordless login"), where it would be useful to know if an Android device a site knows you have (as you've logged in before) is that same device. It's a system to trust devices. The WEI-API expands this to look at your OS, your browser and your environment, like installed applications.

Problem with this, is that the requirements don't have to be public. Apple can decide what makes a "trustworthy device" and what can be considered "suspicious".

Bad examples like these are to "fail" attestation if you have torrent clients installed, of if you're connected via a VPN, or if you're not using Bing + Edge on Windows.

Browsers and OS'es refusing to support attestation are likely to become a minority (most users use Chrome, and Google seems to be in favour). Should sites start blindly trusting this "attestation" - in replacement of captcha's -, we could start seeing more privacy-prone combinations being locked out of these kind of sites.

[–] [email protected] -2 points 1 year ago (1 children)

Thanks mate. I'll tell everyone to stop buying apple products but people are really ignorant and would not careless. Their $2000 phone is more imp. to showoff than fucking Internet.

[–] [email protected] 0 points 1 year ago

Ehh, way to miss the point. This article is about Apple, but Google is doing the same with Android and Chrome.

Parties that have issues with this are Linux distros and browsers like Firefox, that leave control and "humanness indicators" more in the hands of the users, instead of in the hands of big, influential companies.