We need a totally new approach. We need to kill the entire web stack because this is getting absurd. All this build atop of protocol used for fixed document transfer and display? It needs to die so a optimal solution can be realized.
However I won't digress because I see bigger problem here than AI...right in the paragraph above;
"Broader ecosystem of trusted software" is corporate talk for 'attested browser', a still-vague notion that floats around security circles these days and associated to so called smart devices. Because you don't own them. The idea is to have a totally locked down phone, so applications cannot be tampered with. Then atop of that a closed source browser, picking up client/device keys from the hardware security chip and engaging against some web application like banking. In turn the application 'knows' the entirety of the code path is closed off to the user/administrator/hacker/owner/tinkerer.
We need to get our heads out of the sand and realize PC is nothing, it drives nothing anymore. They could as well conceal all the current popular web services, Youtube, LLMs, whatnot, behind 'attested' systems, nothing would change in real world. Most people that run PCs still run Windows and Mac which are attestation friendly. And that would count to like 0.05% of usage of those web services. Meaning out target group, the ownership and privacy minding people, come down to nothing. They're going to run us over.
blog.mozilla.org
