top | item 46943006

(no title)

cferry | 21 days ago

The "they" is any corporation that has an interest in the user not controlling their system, and whom this technology caters to. This sea has plenty of fish already. Streaming services serving Hollywood content, banks, dating apps...

Lastly I even faced another one. Something as simple as a gym token wants GMS, attestation and GPS positioning because it treats its users as liars prima facie. That's the new norm this attestation enables. No conspiracy needed, simple business interest and greed to juice "customers" to the last penny drives you there.

discuss

FreakLegion|20 days ago

You're on a tangent from the discussion you're replying to. Individual services get to decide requirements for their users, but that's not at all the same as "banning" KeePassXC from the entire ecosystem.

Like, there are lots of services that require SMS or email link MFA. I guess KeePassXC is just banned from everything, then?

To repeat, the GitHub issue digiown linked is not a threat to ban KeePassXC. A random guy from Okta doesn't have that power. Okta itself doesn't have that power or want to have that power. The GitHub issue is simply a description of what attestation is.

int_19h|18 days ago

OPs point is that we shouldn't allow "individual services get to decide requirements for their users". If the spec requires being implemented in a way that allows that, it's a user-hostile spec.