TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

0% Positive

Analyzed from 551 words in the discussion.

Trending Topics

#device#google#integrity#block#app#attestation#scrapers#trust#android#used

Discussion (15 Comments)Read Original on HackerNews

rvzabout 1 hour ago
I am going to assume that this also destroys millions of AI agents and bot scrapers this time which is why some “AI Engineers” were complaining about this recently.

Well, this is how Google will kill all the scrapers on its search data.

jeroenhd35 minutes ago
Not entirely, Google's own page says:

> Fraud Defense leverages a sophisticated and adaptable risk analysis engine to shield against automated software. It is specifically designed to orchestrate trust for the agentic web, neutralizing malicious scrapers while welcoming legitimate AI agents.

I'm sure it'll block a whole bunch of awful scrapers but if Google doesn't hate a bot, it'll be able to pass.

dns_snek7 minutes ago
Sounds like an anti-competitive play to build an AI moat. They'll introduce a sham "verification program" and only allow bots operated by entities large enough to sue them for anti-competitive conduct.
CalRobertabout 2 hours ago
Aside from the horrendous privacy implications, is there a possible argument that this is anti-competitive?
jeroenhd31 minutes ago
the only anticompetitive element I can think of is the way they pushed their scanning app to Android phones with Play Services. On IOS they're not in control but still able to launch an app (app snippets the feature is called, I think?) but on Android they themselves killed off Instant Apps because nobody used it. If one of Google's competitors like hCAPTCHA tries to do the same, they'll have more friction on Android than Google does.

When it comes to GrapheneOS, it's the website owners that decided to block those devices by using this service. There are other services that don't block those phones they can use instead.

realusernameabout 1 hour ago
That's the whole goal of the concept. Safetynet (the predecessor of Play Integrity) was developed to block CyanogenMod and then later used to block Huawei.
jeroenhd28 minutes ago
App developers need to put effort into enabling these APIs so it's not like Google is actively blocking your favorite apps. Their makers are.

Like with reCAPTCHA, there are other services and libraries out there to detect root access and other things companies want to detect in their apps.

bekon31 minutes ago
So fuck blind people I guess?
charcircuitabout 1 hour ago
If Windows wasn't so far behind Apple and the rest of the industry in regards to integrity APIs this wouldn't be necessary. It's embarrassing for Microsoft that someone needs to use a separate, more secure device since their security is so bad.
chadgpt3about 1 hour ago
It's embarrassing for Hacker News that people here are commenting to support attestation systems that prevent you from owning the device you bought.
charcircuitabout 1 hour ago
Attestation isn't against being able to do whatever you want with your own device. It just means that if you want other people to trust your custom device you need to get them to trust your signing key.
dns_snek1 minute ago
[delayed]
foltik2 minutes ago
Not sure if you’re being deliberately obtuse, but a signing key means nothing by itself. What exactly do you think is being attested TO when they trust it?

Thats right: that the user can’t do what they want with their own device. There is no other conceivable purpose that attestation could serve.

jeroenhd22 minutes ago
Windows Hello offers an attestation API according to the releases I found, though because Microsoft has called at least four products "hello" now, I can't easily find the details. I don't think there's a technical reason why Google couldn't have released an app with a URL handler that uses that API except maybe for the Windows TPMs being less secure than mobile ones in general.
realusernameabout 1 hour ago
Integrity doesn't guarantee any security to your device, just that the device is same as from the factory. That's a common misconception.
jeroenhd17 minutes ago
"strong integrity" also takes into account if a security update has been installed recently enough. I don't believe hardware integrity spoofing has been accomplished on Android yet. Software integrity and compatibility with old hardware has been used to spoof device IDs and pretend a phone doesn't have the ability to do hardware attestation.

It's technically possible to exploit a kernel and get root access on a running device, of course, but the persistent root that is used most often will be detected by hardware integrity mechanisms. Exploit based root might be as well if it makes itself detectable enough.