lautan@lemmy.ca to Technology@lemmy.worldEnglish · 1 year agoApple already shipped attestation on the web, and we barely noticedhttptoolkit.comexternal-linkmessage-square85fedilinkarrow-up1329arrow-down115cross-posted to: technology@beehaw.orgtechnology@lemmy.worldtechnology@beehaw.orgtechnology@lemmy.mltechnology@lemmy.worldprivacy@lemmy.mltechnews@radiation.partyhackernews@derp.foo
arrow-up1314arrow-down1external-linkApple already shipped attestation on the web, and we barely noticedhttptoolkit.comlautan@lemmy.ca to Technology@lemmy.worldEnglish · 1 year agomessage-square85fedilinkcross-posted to: technology@beehaw.orgtechnology@lemmy.worldtechnology@beehaw.orgtechnology@lemmy.mltechnology@lemmy.worldprivacy@lemmy.mltechnews@radiation.partyhackernews@derp.foo
minus-squarephx@lemmy.calinkfedilinkEnglisharrow-up31·1 year agoIt’s not a problem until more sites start REQUIRING it, and then it’s too late. Even if some Apple already provides it, it’s more dangerous as use grows
minus-squarePetter1@lemm.eelinkfedilinkEnglisharrow-up9·1 year agoIt makes it even more easy to adjust online prices for apple users, lol
minus-square_number8_@lemmy.worldlinkfedilinkEnglisharrow-up6arrow-down1·1 year agois there any positive use case for it for the user at all?
minus-squareHello Hotel@lemmy.worldlinkfedilinkEnglisharrow-up14arrow-down1·1 year agoNo, its an alternate evil scheme to uniquely identify users and not bots. Replacing the phone number.
minus-squareSerinus@lemmy.worldlinkfedilinkEnglisharrow-up3·1 year agoFor sites that support it, you don’t have to fill out a captcha. Instead it transmits a list of running processes (or other, formerly private info).
minus-squareSirQuackTheDuck@lemmy.worldlinkfedilinkEnglisharrow-up1·1 year ago^Instead it transmits a list of running processes (or other, formerly private info). No it doesn’t. Attestation is simply a cryptographicly signed “we trust this user is human” message.
minus-squareSirQuackTheDuck@lemmy.worldlinkfedilinkEnglisharrow-up1·1 year agoBased on the spec. The token is simply a signature that can be checked at the issuing party (Apple for this news item).
It’s not a problem until more sites start REQUIRING it, and then it’s too late. Even if some Apple already provides it, it’s more dangerous as use grows
It makes it even more easy to adjust online prices for apple users, lol
is there any positive use case for it for the user at all?
No, its an alternate evil scheme to uniquely identify users and not bots. Replacing the phone number.
For sites that support it, you don’t have to fill out a captcha.
Instead it transmits a list of running processes (or other, formerly private info).
^Instead it transmits a list of running processes (or other, formerly private info).
No it doesn’t. Attestation is simply a cryptographicly signed “we trust this user is human” message.
Based on what?
Based on the spec. The token is simply a signature that can be checked at the issuing party (Apple for this news item).