I’ve seen a lot of people saying how this will be unenforceable and so isn’t something we need to worry about.
Except this could be enforced. Google came out with a proposal a few years ago for a method of validating the a request came from a “trusted” (aka, signed and with secure boot enabled OS), ostensibly to combat bot traffic. They dropped it after push back, but it still provides a blueprint for how this could be enforced.
If web platforms are mandated by law to enforce something like this then the web could be effectively restricted to only approved operating systems. There could still be a dark web, but with the weight of the law behind it, once anything gained momentum access to it could be shut down at the service provider layer.
This shouldn’t be dismissed as a threat because it’s “unenforceable”, because it is.
I’ve seen a lot of people saying how this will be unenforceable and so isn’t something we need to worry about.
Except this could be enforced. Google came out with a proposal a few years ago for a method of validating the a request came from a “trusted” (aka, signed and with secure boot enabled OS), ostensibly to combat bot traffic. They dropped it after push back, but it still provides a blueprint for how this could be enforced.
https://github.com/explainers-by-googlers/Web-Environment-Integrity
If web platforms are mandated by law to enforce something like this then the web could be effectively restricted to only approved operating systems. There could still be a dark web, but with the weight of the law behind it, once anything gained momentum access to it could be shut down at the service provider layer.
This shouldn’t be dismissed as a threat because it’s “unenforceable”, because it is.