Banks that do this are just ignorant and hypocritical. Those same banks will let you log in from a web browser on the phone that is just as (un)likely to be compromised or from a desktop computer where you also have admin rights.
There is no additional security to be gained by a random megacorp that has leaks every other month “attesting” that I can use my things well.
And Google didn’t add attestation to make sure my bank details are safe, it did it as part of a concerted effort from the industry to make sure I am not able to make my computer work as I want it to work and run code I want it to run. Google does not care about bank fraud as long as it doesn’t affect its stock price.
The complaint isn’t, “banks allow connections from browsers that might be compromised!”
The complaint is, “banks claim they cannot allow apps to run in scenarios where they can’t determine if anything is compromised but have been perfectly fine doing it and continuing to do it in the case of browsers, so their stated reason sounds like bullshit.”
Those complaining about Google wanting to add attestation either didn’t want that in the first place, or don’t want the trade-offs required for such a thing to work. Like remote banking requiring using a corporate-approved platform and ad blocking not being as agile.
Banks that do this are just ignorant and hypocritical. Those same banks will let you log in from a web browser on the phone that is just as (un)likely to be compromised or from a desktop computer where you also have admin rights.
that’s why chrome added remote attestation and yall threw a fit
There is no additional security to be gained by a random megacorp that has leaks every other month “attesting” that I can use my things well.
And Google didn’t add attestation to make sure my bank details are safe, it did it as part of a concerted effort from the industry to make sure I am not able to make my computer work as I want it to work and run code I want it to run. Google does not care about bank fraud as long as it doesn’t affect its stock price.
this is the fit i mentioned
The complaint isn’t, “banks allow connections from browsers that might be compromised!”
The complaint is, “banks claim they cannot allow apps to run in scenarios where they can’t determine if anything is compromised but have been perfectly fine doing it and continuing to do it in the case of browsers, so their stated reason sounds like bullshit.”
Those complaining about Google wanting to add attestation either didn’t want that in the first place, or don’t want the trade-offs required for such a thing to work. Like remote banking requiring using a corporate-approved platform and ad blocking not being as agile.