this post was submitted on 07 Nov 2023
8 points (100.0% liked)

Hacker News

3871 readers
3 users here now

This community serves to share top posts on Hacker News with the wider fediverse.

Rules0. Keep it legal

  1. Keep it civil and SFW
  2. Keep it safe for members of marginalised groups

founded 1 year ago
MODERATORS
 

There is a discussion on Hacker News, but feel free to comment here as well.

you are viewing a single comment's thread
view the rest of the comments
[–] autotldr@lemmings.world 1 points 1 year ago

This is the best summary I could come up with:


When you tried to access some protected content, a browser supporting the Web Integrity API would first contact a third-party "environment attestation" server, and your computer would have to pass some kind of test.

The company says: "We’ve heard your feedback, and the Web Environment Integrity proposal is no longer being considered by the Chrome team."

Unlike the web version, which would have been a big step "forward" for invasive DRM solutions, Android already has environment attestation, so it doesn't sound like this is doing that much.

If you are Spotify or YouTube, you could already block modified devices at the app level before the embedded WebView even boots up, via the Play Integrity API.

Netflix famously demands preinstallation of Widevine on devices in order to show HD content, and problems with the DRM are a common support issue.

The blog post notes that while Android's WebView system brings "a lot of flexibility... it can be used as a means for fraud and abuse, because it allows app developers to access web content, and intercept or modify user interactions with it.


The original article contains 784 words, the summary contains 181 words. Saved 77%. I'm a bot and I'm open source!