Privacy

31833 readers

131 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

485

Google is already pushing WEI(DRM Webpage) into Chromium (github.com)

submitted 1 year ago by mastermind@lemm.ee to c/privacy@lemmy.ml

148 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] redezem@infosec.pub 10 points 1 year ago (2 children)

Question for anyone with more understanding of the implementation…

Doesn’t this still presume the browser tells the truth to the third party attester? Could we not build something that just straight up lies to the attester? Says I’m a good Google chrome user with no extensions please serve me ads sir?

[–] donnachaidh@lemmy.world 7 points 1 year ago

My understanding was that the browser vendor itself would be the attester. So if Google says it's Google Chrome, it probably is. Unless you somehow reverse engineer how Google decides that it's Google Chrome and spoof that or something...

[–] koper@feddit.nl 1 points 1 year ago (1 children)

This system would use cryptography and hardware to make sure that you are unable to lie about any of this. Basically, there is a chip inside your CPU that contains special keys installed by the manufacturer. However, this chip only activates itself when it detects that your device is running the approved software. Furthermore, it is made (almost) impossible to open this chip and retrieve the keys without destroying it.

[–] redezem@infosec.pub 2 points 1 year ago (1 children)

I dunno man, you can virtualise tpms, and if you can virtualise it, you can lie about it.

[–] koper@feddit.nl 1 points 1 year ago

You can virtualize a TPM, but you can't obtain a valid endorsement key.