this post was submitted on 16 Apr 2026
1052 points (97.3% liked)
Technology
83858 readers
3187 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I've seen a lot of people saying how this will be unenforceable and so isn't something we need to worry about.
Except this could be enforced. Google came out with a proposal a few years ago for a method of validating the a request came from a "trusted" (aka, signed and with secure boot enabled OS), ostensibly to combat bot traffic. They dropped it after push back, but it still provides a blueprint for how this could be enforced.
https://github.com/explainers-by-googlers/Web-Environment-Integrity
If web platforms are mandated by law to enforce something like this then the web could be effectively restricted to only approved operating systems. There could still be a dark web, but with the weight of the law behind it, once anything gained momentum access to it could be shut down at the service provider layer.
This shouldn't be dismissed as a threat because it's "unenforceable", because it is.
If I understand correctly, Android already has something like this: the Play Integrity API. It's responsible for rooted Android devices being unable to use banking apps. iOS might have something similar. And the term for this if you want to learn more is remote attestation. It's far more insidious than devices with locked boot loaders.
government id apps too in Europe
I mean… What’s easier, implementing an unpopular APi into your already production ready service or blacklisting a country from making requests to your reverse proxy?
Personally I would choose the latter. Enough blowback from people will likely get this overturned.
EU has dumped similar legislation out however, they recently have had a poor streak in regards to legislation involving digital privacy.
You assume commercial apps will choose to lose the US market rather than comply.
Big techs are all ready to comply with chinese authorities in order to get in! Apple did. Facebook tried repeatedly to get a pass, offering complete access to chinese authorities.
Corporates will just do whatever makes more profit.
Commercial software publishers will bend over backwards no matter what.
Selfhosting folk have it significantly easier and I’m sure a lot of people rely on small obscure websites.