> With attestation doesn't reveal what OS you are using, so it owned still be impossible to reliably block Linux.ĭo you genuinely think that an Open Linux environment is going to support attestation? We're having a hard enough time getting Passkey to support Linux, there is zero chance that Arch Linux becomes a trusted attestation provider for the Web Environment Integrity API.Īnd if it did, this whole proposal would be useless, because I'd be able to use Headless Chromium on Arch Linux and just have Arch Linux say that my computing environment was secure. If this doesn't block extensions, then it's not a useful proposal for blocking bots. And blocking that behavior is explicitly one of the use-cases listed in this proposal for the integrity API. If you allow arbitrary extension access, you can't provide guarantees about whether someone is human or not, extension APIs allow for automation and scraping. Second of all, attestation has a lot to do with extensions because extensions are based on browser functionality, and attestation impacts which software you can run.Īnd attestation has even more to do with extensions when extended to websites because if the point of this is to established "trusted" environments, then arbitrary extension access means an environment is not trusted.
Attestation has nothing to do with extentions.įirst of all, extensions are not serverside code, so no. >Conflating serverside generated code to native app restrictions is nonsensical, they are not the same thing > You did it first.
0 kommentar(er)
