It wouldn’t be an instance. It would be their CDN. And your browser.
And any instance of significant size is going to have a CDN to help deal with the DDoS attacks and bots. Hell I would bet that outside of very carefully curated instances, all fediverse instances will start using CDNs here soon just because of bots.
And chances are they will use cloudfare or Fastly.
But there’s nothing to “enforce”. It’s not a “you must be attested or you can’t access” it will be “if you’re not attested you will have a captcha shown for most things”.
Cloudfare already does this. If your browser looks suspicious, and the website you’re visiting using cloudfare as a CDN, you’ll be redirected to cloudfare to enter a captcha before they’ll let you into the site.
Attestation removes that captcha part using a token generated by your device and validated by the maker of the browser you’re using. So you’d never even see the redirect at all, it would just take a second or two longer to connect.
People using heavily modified machines or browsers wouldn’t be attested and would have to enter a captcha. That’s about it.
Then I won’t use those services if I get to that point. Like with the cookies. For the most part, I get out of my way to reject all cookies and “legitimate interest” requests. But sometimes I just don’t want to do that and say “fuck it” and go somewhere else.
It wouldn’t be an instance. It would be their CDN. And your browser.
And any instance of significant size is going to have a CDN to help deal with the DDoS attacks and bots. Hell I would bet that outside of very carefully curated instances, all fediverse instances will start using CDNs here soon just because of bots.
And chances are they will use cloudfare or Fastly.
But there’s nothing to “enforce”. It’s not a “you must be attested or you can’t access” it will be “if you’re not attested you will have a captcha shown for most things”.
Cloudfare already does this. If your browser looks suspicious, and the website you’re visiting using cloudfare as a CDN, you’ll be redirected to cloudfare to enter a captcha before they’ll let you into the site.
Attestation removes that captcha part using a token generated by your device and validated by the maker of the browser you’re using. So you’d never even see the redirect at all, it would just take a second or two longer to connect.
People using heavily modified machines or browsers wouldn’t be attested and would have to enter a captcha. That’s about it.
The captcha is a good compromise.
It is. Until you have to enter a captcha for every redirect. Then it will get real annoying.
Then I won’t use those services if I get to that point. Like with the cookies. For the most part, I get out of my way to reject all cookies and “legitimate interest” requests. But sometimes I just don’t want to do that and say “fuck it” and go somewhere else.