lautan to Technology@lemmy.worldEnglish · 1 year agoApple already shipped attestation on the web, and we barely noticedhttptoolkit.comexternal-linkmessage-square86fedilinkarrow-up1342arrow-down115cross-posted to: [email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]
arrow-up1327arrow-down1external-linkApple already shipped attestation on the web, and we barely noticedhttptoolkit.comlautan to Technology@lemmy.worldEnglish · 1 year agomessage-square86fedilinkcross-posted to: [email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]
minus-squarerealharo@lemm.eelinkfedilinkEnglisharrow-up18·1 year agoCan you post any source at all that would back your claims? Or any technical details at all? Neither the actual proposal https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md#what-information-is-in-the-signed-attestation, nor the article itself seem to show that there would be a difference when it comes to privacy. The entire problem with this proposal is that it limits client choice, similar to how Google Play integrity API on Android restricts some apps from running on rooted/unlocked phones. That same problem obviously also exists in Apple’s implementation.
Can you post any source at all that would back your claims? Or any technical details at all?
Neither the actual proposal https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md#what-information-is-in-the-signed-attestation, nor the article itself seem to show that there would be a difference when it comes to privacy.
The entire problem with this proposal is that it limits client choice, similar to how Google Play integrity API on Android restricts some apps from running on rooted/unlocked phones.
That same problem obviously also exists in Apple’s implementation.