• floofloof@lemmy.ca
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Won’t there need to be backwards compatibility with sites that don’t implement this? The default would have to be that the browser is allowed to see a site that doesn’t require attestation. So if the whistleblower or political site just didn’t implement this, would that be a way around it?

    • 𝕸𝖔𝖘𝖘@infosec.pub
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      At first, maybe. But not ultimately. If you compare it to TLS, for example, if the site use TLS 1.0, your browser will simply not load the site. This web integrity thing is similar.

      Another, maybe more relevant, example, is Flash. Once Google decided Flash will no longer be supported on their browser, Flash died. I actually don’t disagree with the killing of Flash, but the idea is similar.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I actually don’t disagree with the killing of Flash

        I miss it sometimes. There’s still no good way to have lightweight vector animations that wen designers or animators can work on (no code required), that work the same cross-browser. There’s some JS libraries but they often need developer involvement (a designer can’t always set everything up themselves) and tend to be quite heavy libraries (which slows down the page, which reduces your ranking in search engines)…