Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Apple could eliminate most ad fraud that pretends to be its platforms, by generating tokens from its secure enclave for advertisers, and providing a REST API to validate the token is from a live device.

What stops someone from buying an Apple device and generating a zillion tokens?



Rate limiting access to the enclave? Somewhat related, I fear this is where we are going to end up with secure attestation, limiting web access to approved devices.


I wonder if there are ways to trick the enclave into thinking time is passing faster...

Pegging the rate limiter to 100% on an old iphone is also going still give you a lot of tokens very cheaply.


> I wonder if there are ways to trick the enclave into thinking time is passing faster...

Most of serious implementations have their own clocks or incremented counters, which makes tricking them very hard even for a state actor.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: