• brothershamus@kbin.social
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Private Access Tokens are powerful tools that prove when HTTP requests are coming from legitimate devices without disclosing someone’s identity.

    So I don’t know the details, but it makes a couple of points that either mean this isn’t the same thing as the google thing, or “attestation on the web” isn’t DRM, or something else. So far as I can interpret the article, it seems to suggest the feature is “is this a safari device on ios, if yes then skip captcha” but that seems to be up to the website’s discretion.

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      That’s the sticky thing, from the initial standpoint I get it, how trustworthy is this device? Everyone hates captchas and jumping through hoops to prove they’re not a bot, and bot traffic now dwarfs human traffic on the net. BUT…

      They can turn up the dials whenever they want. Who decides how trustworthy a person is? What if I prefer Firefox (and I do) and they aren’t as “attested” to Google? What if they decide me using an “untrusted” OS means that I can’t access my bank? These are the giant glaring details that are conveniently overlooked.

      These are all also things that would conveniently also push out all other browsers and “proper” OSes from the markets, if they got the inkling to do so. Which I mean, this is Google we’re talking about, the company that decided Don’t Be Evil didn’t belong as their mantra.