148
Apple already shipped attestation on the web, and we barely noticed
(httptoolkit.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 25 Jul 2023
148 points (96.8% liked)
Privacy
32177 readers
602 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Hypothetically, I wonder if it would be possible to spoof this if you also had an actual unmodified attested device. Something like a device in your home network that would, if you have an iPhone as well as an unattested computer that you actually want to use: get request for attestation from a website, send that request to your iphone instead, as if your iphone had opened the page and was receiving the request (or just have the iphone also try to load the page), intercept the signature the iphone sends to the website, and have your computer send it to the website instead.