> “We work hard to build great products, and what consumers do with those tools is up to them — not Apple, and not broadband providers,” Cynthia Hogan, VP of public policy at Apple
Prove it, then. Unlock the bootloader. Allow us to install our own apps. Let us install our own OS on the hardware. I get they don’t want to open source their iOS, that’s fine. They say “what consumers do with those tools is up to them”, but then they lock those tools down TIGHT. Actions speak much louder than words. They say those tools are ours? They need to show us that this is true.
A part of Apple’s long term, multi-stage deployment to phase out passwords entirely. They announced it last year during WWDC and said it will be messy and not without hurdles, but they’re committed to having strong cryptography without need for password at all.
Passkeys (which are broader than just Apple) and this are not related at all. Regardless, Apple absolutely has interest in controlling browsers. Hell, they already do it on iOS, where you can’t use any rendering engine other than theirs.
The only reason they might be against this is because they feel they can’t control it the way they want.
I don’t think it’s related at all. You can implement passwordless technologies like FIDO2 and Webauthn without browser attestation.
> A far cry from what Google is trying to do or their long term plans
It’s literally very similar technology though, and none of us know Apple’s long-term plans for it. It’s well-known in the digital ad industry that Apple are trying to increase the size of their ad network. Locking down tracking (app tracking transparency) is also advantageous to them as it only applies to third parties - Apple can still track users.
The focus here is primarily on removing captchas, and as such it’s been integrated into Cloudflare (discussed here) and Fastly (here) as a mechanism for recognizing ‘real’ clients without needing other captcha mechanisms.
Fundamentally though, it’s exactly the same concept: a way that web servers can demand your device prove it is a sufficiently ‘legitimate’ device before browsing the web.
Doesn’t Safari already have their own version of this?
Lmao, no. Google is out of their minds. Apple has zero interest in controlling browsers or ads.
https://money.cnn.com/2017/08/31/technology/business/apple-net-neutrality/index.html
From the article:
> “We work hard to build great products, and what consumers do with those tools is up to them — not Apple, and not broadband providers,” Cynthia Hogan, VP of public policy at Apple
Prove it, then. Unlock the bootloader. Allow us to install our own apps. Let us install our own OS on the hardware. I get they don’t want to open source their iOS, that’s fine. They say “what consumers do with those tools is up to them”, but then they lock those tools down TIGHT. Actions speak much louder than words. They say those tools are ours? They need to show us that this is true.
I’m sorry to disappoint you, but this is basically the same thing: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/
Then what’s this? https://httptoolkit.com/blog/apple-private-access-tokens-attestation/
A part of Apple’s long term, multi-stage deployment to phase out passwords entirely. They announced it last year during WWDC and said it will be messy and not without hurdles, but they’re committed to having strong cryptography without need for password at all.
Related: https://www.wired.com/story/apple-passkeys-password-iphone-mac-ios16-ventura/
A far cry from what Google is trying to do or their long term plans (we all know Google is trying to siphon more ad revenue).
Google’s proposition is as bad for Apple as it is for the rest of us.
Honest to god doublethink right here.
It’s crazy when I see it. And I see it far too often these days.
Passkeys (which are broader than just Apple) and this are not related at all. Regardless, Apple absolutely has interest in controlling browsers. Hell, they already do it on iOS, where you can’t use any rendering engine other than theirs.
The only reason they might be against this is because they feel they can’t control it the way they want.
Curious how this push comes after fairly set standards that passwords can’t be compelled
I don’t think it’s related at all. You can implement passwordless technologies like FIDO2 and Webauthn without browser attestation.
> A far cry from what Google is trying to do or their long term plans
It’s literally very similar technology though, and none of us know Apple’s long-term plans for it. It’s well-known in the digital ad industry that Apple are trying to increase the size of their ad network. Locking down tracking (app tracking transparency) is also advantageous to them as it only applies to third parties - Apple can still track users.
https://httptoolkit.com/blog/apple-private-access-tokens-attestation/
They do indeed: https://httptoolkit.com/blog/apple-private-access-tokens-attestation/
From the article:
The focus here is primarily on removing captchas, and as such it’s been integrated into Cloudflare (discussed here) and Fastly (here) as a mechanism for recognizing ‘real’ clients without needing other captcha mechanisms.
Fundamentally though, it’s exactly the same concept: a way that web servers can demand your device prove it is a sufficiently ‘legitimate’ device before browsing the web.
So basically boiling frog slowly.
not to my knowledge