Sweet jesus! It’s worse than I thought. Buckle up everybody. We‘re going dark.
Private Access Tokens are powerful tools that prove when HTTP requests are coming from legitimate devices without disclosing someone’s identity.
So I don’t know the details, but it makes a couple of points that either mean this isn’t the same thing as the google thing, or “attestation on the web” isn’t DRM, or something else. So far as I can interpret the article, it seems to suggest the feature is “is this a safari device on ios, if yes then skip captcha” but that seems to be up to the website’s discretion.
That’s the sticky thing, from the initial standpoint I get it, how trustworthy is this device? Everyone hates captchas and jumping through hoops to prove they’re not a bot, and bot traffic now dwarfs human traffic on the net. BUT…
They can turn up the dials whenever they want. Who decides how trustworthy a person is? What if I prefer Firefox (and I do) and they aren’t as “attested” to Google? What if they decide me using an “untrusted” OS means that I can’t access my bank? These are the giant glaring details that are conveniently overlooked.
These are all also things that would conveniently also push out all other browsers and “proper” OSes from the markets, if they got the inkling to do so. Which I mean, this is Google we’re talking about, the company that decided Don’t Be Evil didn’t belong as their mantra.
What if they decide me using an “untrusted” OS means that I can’t access my bank?
This already happens! safetynet can suck a fat, rotten cock!