• thatsnothowyoudoit@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      They do indeed: https://httptoolkit.com/blog/apple-private-access-tokens-attestation/

      From the article:

      The focus here is primarily on removing captchas, and as such it’s been integrated into Cloudflare (discussed here) and Fastly (here) as a mechanism for recognizing ‘real’ clients without needing other captcha mechanisms.

      Fundamentally though, it’s exactly the same concept: a way that web servers can demand your device prove it is a sufficiently ‘legitimate’ device before browsing the web.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        From the article:

        “We work hard to build great products, and what consumers do with those tools is up to them — not Apple, and not broadband providers,” Cynthia Hogan, VP of public policy at Apple

        Prove it, then. Unlock the bootloader. Allow us to install our own apps. Let us install our own OS on the hardware. I get they don’t want to open source their iOS, that’s fine. They say “what consumers do with those tools is up to them”, but then they lock those tools down TIGHT. Actions speak much louder than words. They say those tools are ours? They need to show us that this is true.

        • meseek #2982@lemmy.ca
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          A part of Apple’s long term, multi-stage deployment to phase out passwords entirely. They announced it last year during WWDC and said it will be messy and not without hurdles, but they’re committed to having strong cryptography without need for password at all.

          Related: https://www.wired.com/story/apple-passkeys-password-iphone-mac-ios16-ventura/

          A far cry from what Google is trying to do or their long term plans (we all know Google is trying to siphon more ad revenue).

          Google’s proposition is as bad for Apple as it is for the rest of us.

          • dan@upvote.au
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            I don’t think it’s related at all. You can implement passwordless technologies like FIDO2 and Webauthn without browser attestation.

            A far cry from what Google is trying to do or their long term plans

            It’s literally very similar technology though, and none of us know Apple’s long-term plans for it. It’s well-known in the digital ad industry that Apple are trying to increase the size of their ad network. Locking down tracking (app tracking transparency) is also advantageous to them as it only applies to third parties - Apple can still track users.

          • aberrate_junior_beatnik@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Passkeys (which are broader than just Apple) and this are not related at all. Regardless, Apple absolutely has interest in controlling browsers. Hell, they already do it on iOS, where you can’t use any rendering engine other than theirs.

            The only reason they might be against this is because they feel they can’t control it the way they want.