@fabrice I'm saying that implications you'd naturally draw of 4 webkit.org, or mozilla.org, folks doing something similar are absolutely not what you can expect here, in large part because the process is both more open (by design) and more responsive to input (by design).

Blink is used to adjudicating risks from leadership, so the usual "go fever" of other projects, rather than a public exploratory phase, aren't comprable.

@fabrice To put meat on these bones, imagine working in an org that has been on the backfoot for ~10+ years as regards web APIs. The noise you'll make from a deficit of investment is always about how terrible the leaders are for, you know, leading!

Meanwhile, the local effort is all around differentiating on some OS/stack basis to prove value in a commodity environment.

In that environment, the idea that there are unruly, unkempt engineers running around proposing things is *wild*.

@fabrice Now, switch places: imagine working on the leading engine, all caught up (to a first approximation), doing All The Good One Can Do for the the web.

Your project is to improve anti-fraud in a privacy-improving way, and you're inheriting all the goodwill of a team that has bested all, both with quality and openness.

You don't feel all the anticipatory pain of what *could* go wrong, because Google doesn't have the sort of hierarchy that would force you to ask anyone "should we?"

@lispi314 @fabrice Just ask Apple!

https://httptoolkit.com/blog/apple-private-access-tokens-attestation/