Admin @ federated.club
Could’ve sworn I saw it in an article or post on here somewhere… but of course now that I actually need the post I can’t find it. Doesn’t really matter though, Chrome can unfortunately push standards through even if others don’t approve, just due to their sheer size alone.
Cloudflare registrar or Porkbun are my goto’s. Keep in mind that Cloudflare registrar currently requires you to use their (free) DNS service, you can’t change the nameservers yet.
It’s ridiculous how nowadays a lot of hardware car features are locked behind a simple software switch. Feels like both a massive waste of resources for people that don’t buy the upgrades, and like having to pay for a feature that is already physically present in your car. Software-only upgrades like full self driving are understandable, hardware upgrades locked behind a software gate aren’t.
[cross-posted from my reply to the same article on c/news]
Canvas rendering differs slightly depending on a lot of factors like operating system, browser, installed fonts, and many others. This information can be used to uniquely identify and track your machine across the web, even if you have stuff like cookies blocked and switch IPs. Just outright blocking canvas access attempts to prevent this. Keep in mind that while it can help prevent against canvas tracking, it can also be used as yet another variable to uniquely identify your browser, ‘has canvas blocking enabled’, just like blocking cookies, do not track requests, etc…
Luckily, other browser manufacturers (Mozilla, Vivaldi, Brave, and even the WWWC) have already spoken out against this proposal. Google loves marketing it as ‘optional’, which it obviously won’t be once implemented. A system like this would be very dangerous for smaller browsers, as it’s incredibly vague who decides what authorities would be allowed to verify browsers.
Additionally, this is presented as a way to remove captchas from the web by proving a request is coming from genuine hardware. However, this proves absolutely nothing about a request being genuine or non-spam. The only thing this proves is that it was created by a ‘genuine device’, so all a malicious user would have to do is to (automatically) send the request via a verified device and they’d pass the check.
It doesn’t prove you’re not a bot though, only that the request is coming from a ‘genuine device’. You just need to pipe your malicious requests through a ‘real browser’ to get them approved and you’re set.