undefined | Better HN

0 pointsgloosx2y ago0 comments

i dont need debug tools in the browser - if the bytes of encoded content are getting transmitted to the socket on my machine, there is no realistic way to prevent me from taking and replicating them, i don't see how some software inside the browser can have any effect on this, because the browser has zero idea where these bytes can go after they hit the socket. A good analogy would be filming your screen manually - computer has no idea of this filming and in no way can prevent it, because it cannot act on a real world around it, the same applies for browser, i can take a document, video or sound from any page without involing the browser

0 comments

kuschku2y ago

> because the browser has zero idea where these bytes can go after they hit the socket

The attestation uses a secure enclave in your processor with a secret key you can't access to verify that secure boot is on, you booted a signed OS, the OS is in locked-down mode, etc.

gloosxOP2y ago

>The attestation uses

>you can't access

Don't you see how contradictory this is?

No secure enclave of registers or hidden secret keys can help, because a person can utilize the lower-level physical world around the processor to manipulate it (e.g sending electrical currents from a programator device manually). But that is a last resort, there are simple software attacks available already to fake as many "attested" devices as needed (for the same DRM system of Android). It will only bring more jeopardy to the "integrity"

kuschku2y ago

See that's exactly the issue why I hate this. You can always circumvent it, worst case with an electron microscope and some acid. So all it really does is prevent the average user from gaining control over their own hardware.

And for tech-minded people it doesn't fundamentally change anything, it just means that it now takes more time to do the same than before

gloosxOP2y ago

True, a cat-and-mouse game going on forever. Anyways, I don't believe they can succeed in walling such a monstrosity of technologies as the web, just by controlling some parts of it, even significant parts like the browser or search. It is only something governments can do by requiring a passport scan each time you open a connection (which is closing when you eject the passport from the scanner)

1 more reply

j / k navigate · click thread line to collapse

0 comments

kuschku2y ago

> because the browser has zero idea where these bytes can go after they hit the socket

The attestation uses a secure enclave in your processor with a secret key you can't access to verify that secure boot is on, you booted a signed OS, the OS is in locked-down mode, etc.

gloosxOP2y ago

>The attestation uses

>you can't access

Don't you see how contradictory this is?

kuschku2y ago

And for tech-minded people it doesn't fundamentally change anything, it just means that it now takes more time to do the same than before

gloosxOP2y ago

1 more reply

j / k navigate · click thread line to collapse