• narc0tic_bird@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Will have to wait and see how Apple reacts with Safari. Mozilla dismissing the proposal is big, but Apple has the second largest mobile OS marketshare with iOS, and so Safari is very relevant for websites to support it.

      • thatsnothowyoudoit@lemmy.ca
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        They do indeed: https://httptoolkit.com/blog/apple-private-access-tokens-attestation/

        From the article:

        The focus here is primarily on removing captchas, and as such it’s been integrated into Cloudflare (discussed here) and Fastly (here) as a mechanism for recognizing ‘real’ clients without needing other captcha mechanisms.

        Fundamentally though, it’s exactly the same concept: a way that web servers can demand your device prove it is a sufficiently ‘legitimate’ device before browsing the web.

        • 𝕸𝖔𝖘𝖘@infosec.pub
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          From the article:

          “We work hard to build great products, and what consumers do with those tools is up to them — not Apple, and not broadband providers,” Cynthia Hogan, VP of public policy at Apple

          Prove it, then. Unlock the bootloader. Allow us to install our own apps. Let us install our own OS on the hardware. I get they don’t want to open source their iOS, that’s fine. They say “what consumers do with those tools is up to them”, but then they lock those tools down TIGHT. Actions speak much louder than words. They say those tools are ours? They need to show us that this is true.

          • meseek #2982@lemmy.ca
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            A part of Apple’s long term, multi-stage deployment to phase out passwords entirely. They announced it last year during WWDC and said it will be messy and not without hurdles, but they’re committed to having strong cryptography without need for password at all.

            Related: https://www.wired.com/story/apple-passkeys-password-iphone-mac-ios16-ventura/

            A far cry from what Google is trying to do or their long term plans (we all know Google is trying to siphon more ad revenue).

            Google’s proposition is as bad for Apple as it is for the rest of us.

            • aberrate_junior_beatnik@midwest.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Passkeys (which are broader than just Apple) and this are not related at all. Regardless, Apple absolutely has interest in controlling browsers. Hell, they already do it on iOS, where you can’t use any rendering engine other than theirs.

              The only reason they might be against this is because they feel they can’t control it the way they want.

            • dan@upvote.au
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              I don’t think it’s related at all. You can implement passwordless technologies like FIDO2 and Webauthn without browser attestation.

              A far cry from what Google is trying to do or their long term plans

              It’s literally very similar technology though, and none of us know Apple’s long-term plans for it. It’s well-known in the digital ad industry that Apple are trying to increase the size of their ad network. Locking down tracking (app tracking transparency) is also advantageous to them as it only applies to third parties - Apple can still track users.