Surveillance by Attester concerns
Opened this issue · 2 comments
This proposal seems to assume that the Attester has a very broad & deeply rooted control & visibility over the end user's computer, otherwise they could not make a valid Attestation. What kind of information would be gathered? How much telemetry needs to be send to the mothership to make an Attestation claim? How are users aware of what data they are giving up to participate in Attestation? How can users protect or limit the amount of data they are sending up to their Attester? Are there any settings, a sliding scale that users can set? Or do we have to assume the Attester has complete superuser power beyond those of the computer's physical owner?
An attester must be able to attest the security state of the device and enable rate limiting against that particular device. The attester may require elevated privileges for the mechanism that establishes trust, but it only has to observe the system state, not the user’s data. This is already the case on Android for the existing Play Integrity API.
To make users aware of the data flows, we can rely on Android’s existing transparency mechanisms around how apps collect and use data, e.g. through Android permissions and Play Safety Labels. For example, the Attester will declare its data usage via Play Safety Labels, and browsers integrating with the Attester will need to declare these dependencies in their own Play Safety Labels. Since software distribution is somewhat specific to each platform, we hope to establish best practices around transparency that can be implemented in any software distribution model.
I think users should definitely have the power to opt out. The explainer calls this out under the Quality of attesters section. Making sure that the "Continue to allow web browsers to browse the Web without attestation" goal is fulfilled will mean that these users are not unfairly impacted by this decision.
but it only has to observe the system state
But we've known for years that system state is more than sufficient for fingerprinting users. There is no reason to believe that distinguishing system state vs user data is meaningful for end user privacy.