Conversation

Notices

1. Embed this notice
   feld (feld@bikeshed.party)'s status on Friday, 21-Jul-2023 01:28:44 JST feld

   in reply to

   • Erica "digifox" Kovac 🌐⚛️⚡
   • Koinu
   I'm not currently finding this to be a plausible outcome, especially as Google knows how many people on the web have extensions etc etc.
   
   But it's good that people are being made aware of what's being proposed so we can stay vigilant. Thank you for that.
   • Embed this notice
     Koinu (gsderp@packmates.org)'s status on Friday, 21-Jul-2023 01:28:45 JST Koinu

     • Erica "digifox" Kovac 🌐⚛️⚡

     @digifox As a framework it doesn’t and can’t do anything to mitigate against sites deciding to trust only attesters that require immoral (anti-user freedom) criteria as part of their “baseline”.

     The “holdback” mitigation is incapable of delivering the stated goals of making sure this isn’t usable for discrimination. The framework is prima facie immoral if the holdback percentage isn’t high enough to to make this useless for every case except measuring ad fraud. However, If holdback isn’t stable, even if the holdback percentage is high, sites can still discriminate against users that never pass it. If the set of held-back destinations is stable the set of held-back destinations becomes a useful and durable fingerprint. Furthermore there’s the relatively intractable problem of destinations colluding to share trust signals and enabling discrimination based on that.

     There is no open web if an attestation framework gains critical mass, so such a framework must not be allowed to exist.