⁡jaseg 🔜 GPN24 on Nostr: Additionally, the verifying device has no way of verifying that the verification ...

Additionally, the verifying device has no way of verifying that the verification request actually comes from the website in question. For instance, a malicious news website could display a verification prompt that it proxies from say, a porn website that the user never visited. Afterwards, the porn website has a non-repudiated token that someone visited it, and the signature provider could link that token to a user identity.