this post was submitted on 08 Aug 2023
603 points (98.1% liked)

Technology

59719 readers
2965 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Summary

  • Google's proposal, Web Environment Integrity (WEI), aims to send tamper-proof information about a user's operating system and software to websites.
  • The information sent would help reduce ad fraud and enhance security, but it also raises concerns about user autonomy and control over devices.
  • The authors argue that implementing WEI could lead to websites blocking access for users not on approved systems and browsers.
  • They express worries about companies gaining more control over users' devices and the potential for abuse.
  • The authors emphasize that users should have the final say over what information their devices share.
  • Remote attestation tools, like WEI, might have their place in specific contexts but should not be implemented on the open web due to potential negative consequences.
  • The authors advocate for preserving user autonomy and the openness of the web, emphasizing that users should be the ultimate decision-makers about their devices.

Joke:

Two pieces of string walk into a bar. The first piece of string asks for a drink. The bartender says, “Get lost. We don’t serve pieces of string.”

The second string ties a knot in his middle and messes up his ends. Then he orders a drink.

The bartender says, “Hey, you aren’t a piece of string, are you?” The piece of string says, “Not me! I'm a frayed knot.”

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Ok I assumed you were thinking of something like TPM on the desktop as I couldn't imagine any other way around it. For android the hardware backed attestation support is like tpm as well, no? Surely there's a bypass for it if one wants to but there hasn't been a reason to do it yet.

Edit :reading up on it, a lot relies on the encryption keys baked into the hardware and being impossible to read, right? If that remains to be the case, then ye I can imagine that would be an issue. Security will once again becomes the Trojan horse for exploitation