this post was submitted on 13 Oct 2023
1218 points (98.8% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
53911 readers
271 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
💰 Please help cover server costs.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
IIRC the proposal includes some crypto-handshake verification to make sure the attestor is who it claims to be, so no, apps can't just fake it. Or, if some of those secret keys leak and apps use it, sites won't accept it anymore.
It's a question of trust. Google will select the certificates they trust for the services they provide, and the entities that own those certificates will decide what do to with them. If they trust a certificate from Mozilla, and Mozilla agrees to make that certificate open to everyone for instance, than Google's only choice is to stop trusting it. But if Mozilla decides that is the certificate Firefox will use, than Google has to choose kicking off Firefox as well as other third party apps. Same with Microsoft and Apple, but I think Mozilla is more likely to oppose this kind of standard rather than try to reach some kind of agreement with Google.
The other way that this could play out every browser dev makes some kind of arrangement. Very unstable when we are talking about competitors.
At the end of the day, it requires a level of co-operation with the browser developers and internet service providers that I don't think a lot of people will go for, for various reasons. Especially not regulators. I guess I am just more optimistic about the open internet.