The much maligned “Trusted Computing” idea requires that the party you are supposed to trust deserves to be trusted, and Google is DEFINITELY NOT worthy of being trusted, this is a naked power grab to destroy the open web for Google’s ad profits no matter the consequences, this would put heavy surveillance in Google’s hands, this would eliminate ad-blocking, this would break any and all accessibility features, this would obliterate any competing platform, this is very much opposed to what the web is.

  • Adora 🏳️‍⚧️@beehaw.org
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    I’m a non-techie and don’t understand half of this, but from what I do understand, this is a goddamn nightmare. The world is seriously going to shit.

    • ricecake@beehaw.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      So, a lot of the replies are highlighting how this is “nightmare fuel”.
      I’ll try to provide insight into the “not nightmare” parts.

      The proposal is for how to share this information between parties, and they call out that they’re specifically envisioning it being between the operating system and the website. This makes it browser agnostic in principle.

      Most security exploits happen either because the users computer is compromised, or a sensitive resource, like a bank, can’t tell if they’re actually talking to the user.
      This provides a mechanism where the website can tell that the computer it’s talking to is actually the one running the website, and not just some intermediate, and it can also tell if the end computer is compromised without having access to the computer directly.

      The people who are claiming that this provides a mechanism for user tracking or leaks your browsing history to arrestors are perhaps overreacting a bit.

      I work in the software security sector, specifically with device management systems that are intended to ensure that websites are only accessed by machines managed by the company, and that they meet the configuration guidelines of the company for a computer accessing their secure resources.

      This is basically a generalization of already existing functionality built into Mac, windows, Android and iPhones.

      Could this be used for no good? Sure. Probably will be.
      But that doesn’t mean that there aren’t legitimate uses for something like this and the authors are openly evil.
      This is a draft of a proposal, under discussion before preliminary conversations happen with the browser community.