• mainframegremlin@programming.dev
    link
    fedilink
    arrow-up
    81
    ·
    edit-2
    1 year ago

    Pardon formatting, on mobile. Its a form of device authentication. Apple does this with safari already BTW, and it can reduce things like captcha because the authentication is done on the backend when a request hits a server. While still an issue in concept with Apple doing it, chromium browsers are a much larger market share. In layman’s terms this is basically the company saying, hey you are attempting to visit this site, we need to verify the device (or browser, or add on configuration, or no ad blocker, etc) is ‘authentic’. Which of course is nebulous. It can be whatever the entity in charge of attestation wants it to be.

    This sets the precedent that whomever is controlling verification, can deny whomever they see fit. I’m running GrapheneOS on my phone currently, they could deny for that. Or, if you are blocking ads. Maybe you’re not sharing specific information about your device, and they want to harvest that. Too bad, comply or you’re ‘not allowed to do x or y’.

    This is the gist. The web should be able to be accessed by anybody. It isn’t for companies to own nor should it be built that way. Web2 is a corporate hellscape.

    Edit wrt Safari: https://httptoolkit.com/blog/apple-private-access-tokens-attestation/

    • floofloof@lemmy.ca
      link
      fedilink
      arrow-up
      30
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I suspect “authentic” will mean “pays a license fee to Google.” In this respect it will work like other forms of DRM, and it will have the same effect of excluding new and smaller players from the market. Except in this case the market is the whole of the web.

      • mainframegremlin@programming.dev
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        Yeah, definitely. Some form of extortion because ultimately that’s what will happen either way. I mean, that’s really the whole point of being the party that chooses what is authentic or not (and, what the definition of that word even means in this context). Monetary, data, whatever. Gotta keep the bottom line increasing for shareholders.

      • mainframegremlin@programming.dev
        link
        fedilink
        arrow-up
        6
        ·
        edit-2
        1 year ago

        Yeah, definitely. Some form of extortion because ultimately that’s what it will be either way. I mean, that’s really the whole point of being the party that chooses what is authentic or not (and, what the definition of that word even means in this context). Monetary, data, whatever. Gotta keep the bottom line increasing for shareholders.

      • xradeon@lemmy.one
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        No, there are no fees at all. Authentic just means approved device state, which will be defined by the website you go to I believe. So youtube might required many different things in order to be “authentic” like no ad blockers, genuine browser, non-rooted phone, etc., whereas bank-xyz may just check for one thing, like a genuine browser. Also, websites have to enable this on their side, so its not going to be used by default on all websites. The whole thing is crap though, even if only a few websites enable this, it could have huge impacts.

      • Johem@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Not necessarily. With some forms od tracking being curbed, just being sent the who accesses which webpage on what device when (the bare minimum for attestation) has lots of value. And google won’t stop at the bare minimum of data grabbing, of course.