lautan@lemmy.ca to Technology@lemmy.worldEnglish · 1 year agoApple already shipped attestation on the web, and we barely noticedhttptoolkit.comexternal-linkmessage-square86fedilinkarrow-up1331arrow-down115cross-posted to: technology@beehaw.orgtechnology@lemmy.worldtechnology@beehaw.orgtechnology@lemmy.world
arrow-up1316arrow-down1external-linkApple already shipped attestation on the web, and we barely noticedhttptoolkit.comlautan@lemmy.ca to Technology@lemmy.worldEnglish · 1 year agomessage-square86fedilinkcross-posted to: technology@beehaw.orgtechnology@lemmy.worldtechnology@beehaw.orgtechnology@lemmy.world
minus-squarerealharo@lemm.eelinkfedilinkEnglisharrow-up18·1 year agoCan you post any source at all that would back your claims? Or any technical details at all? Neither the actual proposal https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md#what-information-is-in-the-signed-attestation, nor the article itself seem to show that there would be a difference when it comes to privacy. The entire problem with this proposal is that it limits client choice, similar to how Google Play integrity API on Android restricts some apps from running on rooted/unlocked phones. That same problem obviously also exists in Apple’s implementation.
Can you post any source at all that would back your claims? Or any technical details at all?
Neither the actual proposal https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md#what-information-is-in-the-signed-attestation, nor the article itself seem to show that there would be a difference when it comes to privacy.
The entire problem with this proposal is that it limits client choice, similar to how Google Play integrity API on Android restricts some apps from running on rooted/unlocked phones.
That same problem obviously also exists in Apple’s implementation.