Shecky - Third Wheel3d ago
Taggart 

Near as I can tell, this is all very good news. More things should take advantage of secure enclaves, and this open standard protects against one of the hardest current defense surfaces.

https://security.googleblog.com/2026/04/protecting-cookies-with-device-bound.html

Protecting Cookies with Device Bound Session Credentials

Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April ...

Google Online Security Blog
Apr 9 at 5:26pmWeb
Show threadminiBill (Leonardo)3d ago
@mttaggart if the privacy is respected then this looks very interesting. On the other hand it's Google, so I'm worried about version 3 introducing attestation shit
Show threadKevin Mirsky 3d ago
@mttaggart this is great. I remember the beta being announced and am glad it's moved forward. I know of some pain points that exist because of fears around cookie theft, and am hoping this can be used to alleviate some of that
Show threadAMS3d ago
@mttaggart Shame that I have absolutely no trust that Google and/or lawmakers won't use this for evil one or two updates from now. Burned all the goodwill with how they've dealt with Android and SafetyNet.
Show threadYehuda T. Deutsch3d ago
@mttaggart
This actually ensures that Microsoft, Apple, and other Orgs that managed to get hold of the keys signing the Secure Enclaves, will be able to impersonate users, and trust me, when it'll be the government, the excuse will be "to protect the kids" or "to fight terrorism"
It's like we are trying really hard to prove @pluralistic right on his Red Team Blues piece about Secure Enclaves being useless once they become critical enough and a target for criminals, in or outside the government