And since you won’t be able to modify web pages, it will also mean the end of customization, either for looks (ie. DarkReader, Stylus), conveniance (ie. Tampermonkey) or accessibility.
The community feedback is… interesting to say the least.
And since you won’t be able to modify web pages, it will also mean the end of customization, either for looks (ie. DarkReader, Stylus), conveniance (ie. Tampermonkey) or accessibility.
The community feedback is… interesting to say the least.
Non-goals [...] Enforce or interfere with browser functionality, including plugins and extensions. [...]
But guys they gave their pinky promise it’s totally fine
let’s just allow them to irreversibly make this change so that there is nothing preventing them from applying this totally Non-Goals in the future what could happen
Also
Challenges and threats to address
[...] Tracking users’ browser history User agents will not provide any browsing information to attesters when requesting a token. We are researching an issuer-attester split that prevents the attester from tracking users at scale, while allowing for a limited number of attestations to be inspected for debugging—with transparency reporting and auditability [...]
Cross-site tracking
While attestation tokens will not include information to identify unique users, the attestation tokens themselves could enable cross-site tracking if they are re-used between sites. For example, two colluding sites could work out that the same user visited their sites if a token contains any unique cryptographic keys and was shared between their sites.
Good to see where your priorities lie in terms of user protection when deciding to launch this into conversation. Dude idk we’ll fix it later don’t worry bro
Perhaps most tellingly:
If that’s the level of seriousness they treat user privacy with, these engineers deserve to be lambasted.
This is a conscious abrogation of engineering ethics, and as a software engineer myself, it offends me immensely. It makes me and my entire profession look bad.
Edit: leaving less pressing design concerns as a
TODO
is fine. My issue is that user privacy is implicitly being declared as a secondary concern by the simple fact that it’s left as aTODO
. The engineers should not have even considered releasing this, even in draft form, until they had something coherent and meaningful to address user privacy with. It should have been treated as a core design element.That doesn’t represent disinterest by the developers. In fact, that’s a big red circled F on a report card to them, and including that comment is intentionally bringing attention to a glaring deficiency. It’s very likely that they have a plugin implemented in their IDE which surfaces TODO items vividly, and their associated Jira task or epic can’t be closed out until all of the remaining work is complete.
I’d be more worried if the code presented a clear danger to privacy and DIDN’T directly address concerns in one form or another. You should be praising this dev for raising awareness to his peers and making sure this gets done, not the opposite.
I’m a software engineer. I know what a
TODO
is.My point is that privacy should have been a core design consideration, not something you factor in and handle later as a secondary concern. Put another way: the initial problem thesis that they wrote a proposal to solve should have included the idea of user privacy as a core element.
It’s a matter of incorrectly prioritized design goals that yield something which has very obvious potential to be actively harmful to users.
Lol. Just like Google used to say “Don’t be evil.”
Wonder when this text will receive a similar strikethrough.