• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 26th, 2023

help-circle


  • That makes a lot of sense. Not sure how that would work on Windows where users typically run with admin credentials. Yes, I cannot modify the boot loader, but with admin credentials I can do many malicious things to your traffic in between the browser and the OS, up to and including attaching a debugger to your browser process to see kernel memory.

    I know it is possible for Linux to pass secure boot in some cases, so in theory it could be possible for there to attestation on Linux systems, but this suffers from the same flaw as Windows since users have root access.

    In the end the only thing this will do is prevent someone from using curl or cli tools to access a site that requires attestation. Will this prevent bots? I am not certain. You could in effect guarantee a 1-1 relationship of users to TPM/Secure Enclaves. This would slow down bot farmers, but not stop them.

    Chinese bot farm with 100’s of physical smartphones -> https://youtu.be/aSESD6rm54o