Mastodawn

Near as I can tell, this is all very good news. More things should take advantage of secure enclaves, and this open standard protects against one of the hardest current defense surfaces.

https://security.googleblog.com/2026/04/protecting-cookies-with-device-bound.html

Protecting Cookies with Device Bound Session Credentials

Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April ...

Google Online Security Blog

Show thread

Yehuda T. Deutsch

@mttaggart
This actually ensures that Microsoft, Apple, and other Orgs that managed to get hold of the keys signing the Secure Enclaves, will be able to impersonate users, and trust me, when it'll be the government, the excuse will be "to protect the kids" or "to fight terrorism"
It's like we are trying really hard to prove @pluralistic right on his Red Team Blues piece about Secure Enclaves being useless once they become critical enough and a target for criminals, in or outside the government