And since you won't be able to modify web pages, it will also mean the end of customization, either for looks (ie. DarkReader, Stylus), conveniance (ie. Tampermonkey) or accessibility.
Rich idiots threw money at anything because while a million dollars is more than the vast amount of us will ever have, to them it's like buying a lotto scratcher.
It's like in Silicon Valley when the VC tells them they don't need to be profitable they just need to market, then as soon as he dips below technically being a billionaire he demands that they focus on being profitable immediately
But a small minority of really determined people is enough to change the world 🙌
I love to see how people nowadays find easier to imagine the end of the world than the end of capitalism.. That's how they've been brainwashing us till now.
I know, right? It’s so weird. In every single instance of some bullshit happening it’s easy to brush it off as incompetence or an attempt at profit maximization, but overall it feels a lot like some kind of targeted disassembly of whatever made the internet great and facilitated open discussions.
I don't think it's coordinated, I think it all starts from the same root cause: Silicon Valley Bank failed. These companies all need to do something they've really not done much of in the past: turn a profit. But these companies are not run by the business geniuses we were once convinced were running the show. Most of them live so far removed from a normal persons life that they don't understand what motivates us, what we want in a platform, and as soon as we provide feedback after they've already made a decision, they decide it's because we don't understand the squeeze they're under to make money.
Twitter: Elon Musk thinks he could make more money from subscriptions than advertisements. The whole thing's a disaster because that's really dumb. This case may be a little different though because there's some evidence Musk just wanted more people to see his tweets and to pay people to be his friend
Reddit: Spez fails to see that he has multiple revenue sources available to him so long as he keeps his users around. Somewhere, there was the right balance of charging for the API at a reasonable price, performing better market research on his user base to provide a better ad platform, and keeping the Reddit coin system in place as the base liked it because the user base paid more for that than most similar online payment schemes.
Google: this is the scary one. This is the one that seems like they know exactly what they're doing. They're ramping up their enshittification following the fall of SVB, but the way they're doing it is both malicious and a minor enough inconvenience that the majority of their users will stay. And they're doing it in small quiet ways. A little bit of tweaking how YouTube bans users here. A little bit of RFCs about DRM on the web there. Some PRs to chromium and android no one will notice. All to squeeze more ads into peoples online experiences. Their search product has been utter shit for about 6 years now, but people still prefer it over Bing or DuckDuckGo (which is a wrapper for Bing). They've learned the following lesson: if you're big enough, the citizens of the web will let you do it
Google has already been a worthless pos for years. Impossible to get relevant results, even with operators. You just get ads and irrelevant SEO sites. And adding "reddit" at the end of the query will probably not work so well in the future either, seeing how that site has also gone to shit.
And they have already tried monopolising the entire internet with their amp bullshit.
So this is just in line with their vision of making the whole internet into a pile of burning shit under their total control.
Nothing about this is recent, those who pay attention to the standards process have been screaming for ages about the Google problem. It's just that now between interest rates being what they are and them having a monopoly on the browser market that they're cashing in on their investment.
Recently? This is a long time coming. Users have been accepting all kinds of shit from big players without complaint. Even if they protest it's usually just performative and they keep using the services, sites and software that violates all kinds notions of user and privacy rights. Most people unfortunately are (understandably) not equipped to really even understand the kind of shady shit these companies pull on the daily. The internet is going to shit and its users will gobble it up and ask for more. It has been frustrating watching this happen, but there's really very little that can be done.
The main problem with us users is that we are god damn lazy. We want everything to be the most convenient it possibly can be.
Remember when Apple updated iOS to allow users to stop cross-app tracking, which severly upset the Zuck, that absolute manchild?
Turns out that if you actually inform people and give them a clear choice to make, the overwhelming majority of users do in fact not agree with being tracked, as an example.
and now Google of all companies wants to lock down the whole internet?
Of all the companies, Google always seemed the most likely, both to want to and to be successful. They’ve tried before, sometimes in small ways, sometimes in larger more obvious ways (AMP, the implementation of content filtering in Chrome etc.).
They’re the world’s largest advertising and data harvesting company. It’s their business. Of course they want to lock the internet down to serve their goals of learning as much about you as possible and using that data to shove ads in your face.
Whenever using any Google/Alphabet product you have to ask yourself, “am I ok with this thing I’m about to use being built by the world’s largest advertising company?”. The answer should be “no” more than it is “yes”, particularly for things that have access to lots of your data, like web browsers, phones, home speakers etc.
The tech sector just hit a major correction recently. Wall Street found companies like Google to be overvalued and as such their stocks suffered. This is Google trying to claw back some of that value. See step 3 in the enshittification process. This isn't just Google. It's the entire tech sector.
I haven’t read the replies but there was a very interesting episode by Derek Thomson’s Plain English podcast which I found incredibly interesting.
Derek made the conjecture that we were on a cusp of a big paradigm shift in the Internet.
For the last 20 years, it was essentially about building a consumer basis. So companies like Netflix and Facebook and Amazon did not care about current profits. The point was to just get consumers, drive out the competition, and commandeer the monopoly.
Now and especially post Covid companies like Twitter are realising that this isn’t going to work. The next movement is going to all be about paying models. This is what we’re seeing with Twitter. This is what we’re seeing with OnlyFans or Patreon.
So in light of the above comments, none of this is surprising. The next era will be about paid models of the internet.
Sounds you might enjoy the Enshittification of TikTok article floating around. It explains quite well the mechanism why a site have to becoming worse and worse over time.
Because for the first time in 14 years money is no longer free.
Right now the interest rate sits at 5% and it will remain there for the foreseeable future. Investors no longer have the patients to wait for growth because bonds are actually investable now, so all your “get user first find business later” companies began to panic and tries to squeeze everything out of its users.
Hilariously, the only social media company that will come out of this relatively unharmed is probably Facebook, because their unethical practices actually makes money
What do you mean, Google of all companies... It's a company that makes 90% of its money from ads and all of its products are made with the express purpose of enabling them to spy on you or creating technical dependencies so you can't quit their services.
Plus they've already tried to lock the web into proprietary formats (AMP, PWA etc.) and have maneuvered so they have 90% of the browser market and the smartphone market but can't be actioned for it.
Growth reaches a saturation point and now they have to cannibalise every single thing in order to continue growth (in company values). This comes at the expense of product quality for the person using it but that's fine if you have no competition because everything is a monopoly.
The capitalist system is the problem. The system will ALWAYS reach this endpoint for as long as it is a system that demands infinite growth.
Their fake advert viewing numbers and YouTube's inability to monetise without ruining itself are forcing them to think of new ways to encrapsulate user's and drain their wallets.
Instead of, you know, providing a service people want and would pay for.
AI happened. The promises, benefits, opportunity for massive financial gain, and the clear and present danger of how transformative it can be have all caused internet-bases companies to throw out the rulebook and lose their collective minds.
A race to the bottom with who can come up with the next dogshit idea on how to ruin the internet and make things actively worse for the people who use it
One comment mentions possible incompability with article 22 of the GDPR, and I sure hope the EU will stand their ground on this.
I can only imagine noyb letting all hell break loose. We need more people like him, dissecting corporations legal bs to find every last little thing we can possibly hold against them.
Let's hope there's already a law that the EU can find to apply (since they already don't like the non-EU dominance of big tech), or that they make one in time.
I was just thinking that I'm sure Google will lobby the US government to get this model enforced as law, making it illegal for anyone to create workarounds, or alternative browsers. And the US legislative government being what it is, will hand Google whatever legislation it wants to turn their nightmare into a reality.
What legitimacy does the U.S. government even have anymore in light of not only this, but everything that they've done in the 21st century? Why do we keep listening to them? Why don't we build our own networks and design our own chips?
I guess now is one of those famous best times to do it. If you want even more privacy and security ootb, you can try Librewolf. Recently released Mullvad Browser seems to be pretty up there too, at least from what I've read so far.
And if you're on Android, Mull is pretty much for Smartphones what Librewolf is for Desktops.
The EU is rapidly becoming a neoliberal hellehole resembling the US. I no longer have any hope for existing institutions resisting corporate encroachment. Best that can be done is the support of initiatives like the fediverse and foss in general but if the current trend continues even that is in a precarious position.
No way. Why should I feel obligated to use something I feel has inferior UX and UI than the browser I'm using now? For Mozilla's CEO to rais her wage (again): https://calpaterson.com/mozilla.html ?
You people are really delusional if you really think that Mozilla are the only good guys (or good guys at all, for that matters).
Inb4, unimaginative people downvoting just because they can't stand different opinions.
EDIT: Oh I just found in the profile. It's Brave. I used it for half a year before I got tired of the crypto ads sneaking into my home page's links no matter how many times I deleted them and of some other stuff. I prefer Firefox's UI. Also I don't expect any browser to be 100% ethical but Brave is below Firefox in that list for me
I downvoted you because you made a terrible case for yourself. Learn to make a salient point, or learn to love being "edgy". the choice is up to you, but the internet already has plenty of the latter, why not become the former?
I feel obligated to raise awareness about these topics. I won't prevent anyone from choosing Chrome, but at the very least it's important for people to know what their choice can entail, and base their decision on that.
There is a huge difference between mozilla and google. That's quite obvious to most. The ceo raising his salary is a problem for you, and you prefer Google, where they have enormous salaries and incomes? It's one of the richest companies in the world.
Firefox doesn't have inferior UX at all. It has more functions and features than chrome. It also has very good default privacy and the plugin system is amazing.
They're not saying you should feel obligated to use Firefox. It's a tongue-in-cheek joke about how everything FLOSS, Privacy or GDPR related always includes a comment thread about using Firefox. I use Brave too but you gotta read the room. Lemmy users in general are going to be much more pro-Firefox than anything else.
This is the result of the world blindly using Chrome and other Chromium based browsers. Now with effectively full control over the browser that more than 90% of the world uses Google can force its will on the internet
Momentum. And it's likely most people won't be about to tell, or regularly run comparisons to find out for themselves. Theres enough value added to Chrome that people kind of assume it's "the best" ... It took me years to convince my boss to switch, but the one thing that did it for him was just that the PDF viewer is better in Firefox.
People have weird preferences that don't always line up with what software developers expect.
Always have been, and they're in it for the long game. They've already acquired a stupid amount of control on the web and web standards with everything from Chromium to Youtube, not to mention it doesn't help that they basically control the world's most popular mobile OS. Google wants it all if we let them.
i'm not really a tech-savvy guy here, so can someone explain if having DRMs like this would make ad-blocking near impossible for other chromium-based browsers too?
It would also mean that you can’t use extension that modify the page, not only affects ad blocks but things like blocking Facebook “like” buttons or Google trackers.
Right now we need more people to use non-chromium browsers, like Firefox, so hopefully Chrome looses market share and with it Google starts loosing control over the internet.
Well, the engineers say it themselves: nothing would prevent websites developers to prevent access from browsers that do not support this "Web DRM".
My biggest fear though is that it becomes a standard which all browsers will have to support to stay relevant. And with Google building the engine used by the vast majority of browsers, they can force this upon other browser engines (ie. Safari and Firefox).
It's such a potent example why everyone who cares need to stop using Chromium based browsers before it's too late. Stunts like this would be much harder to pull if there wasn't a de facto browser monopoly.
I have exceeding low expectations, but I would hope that would be grounds for an antitrust lawsuit against Google as Chromium browsers account for roughly 70% of all users (based on numbers I pulled from Wikipedia)
When is the last time any of the big tech companies got hit with antitrust? Microsoft is brazenly doing shit on windows they wouldn't even dream of in early 2000s. Resetting user defaults to their products. Constantly advertising their products when user launches a competitors software.
They don't give a fuck and neither do the governments.
Subscription-based, restricted to verified accounts Chromium, that shares your personally identifiable public key with each website you visit. Shudders
I would stop visiting any website that implements this. Simple as that. I will step away (will try at least) from any system that doesn't respect my privacy or myself.
Like I ditched Facebook, Reddit and others.
Ben Wiser (Google)
Borbala Benko (Google)
Philipp Pfeiffenberger (Google)
Sergey Kataev (Google)
Congratulations, guys. You are now internet pariahs. Your unrepentantly mercenary lack of engineering ethics is now recorded for all eternity. You have nobody but yourselves to blame.
That's a good way for me to never visit your website again. Honestly, this kinda sounds like the death of the internet if I'm being honest. This would transform it from a free medium into a full blown corporate dystopia. It's really scary to see the digital (corporate) development over the past couple decades. Would be really cool if we don't move further towards some cyberpunk like future where megacorps control everything.
I think the level of government capture in the US is unique. The EU is kinda balanced, as many good things as bad in this regard, while the authoritarian part of the world is definitely not corporate controlled.
And they went ahead and blocked comments now - "An owner of this repository has limited the ability to comment to users that have contributed to this repository in the past."
Fucking cowards
EDIT: I went ahead and reported the distro as malware. Also, it feels like the internet is about to split in a open internet (basically just like tor) and a corporate internet where if you don't pay the big tech you can't access anything.
Easy to confuse stupidity with malice. They're chasing one thing and one thing only: the almighty dollar. Look at it through that lens and their actions make sense. For the rest of us though, that's just stupid.
The web changed, and complexity increased and even staying in there against a larger adversary is hard. Unless you run a company that is competing with Google, I don't think you're really qualified to comment.
Edit: Just realise your description has "Fuck Mozilla!" and you've been bashing it since you started on Lemmy. Looks very shilly to me.
It's not doing something dumb. It's another power grab. We passed the stage where giving the benefit of the doubt is a reasonable thing to do well over a decade ago.
I wonder how much of the money would go to the creators themselves rather than YouTube though. I'd rather use adblock and give money directly through patreon or something. Fuck Google.
I quit playing games because of all the greed and hype, I went back to piracy when streaming started to fracture and greed set in, I left non-federated social media because of the enshittifaction and invasiveness, and I go to fairly extensive lengths to block ads and protect my privacy as much as possible...
And instead of moving to any number of fair, non-exploitive business models, they're just going to force ads down my throat like that episode of black mirror.
If this goes through I'll be sorely tempted to wipe everything I can and start over as best I can. Only interact with the Internet when I need to.
You'll find me paying cash at the local used bookstore, at least until all the major publishers make that illegal.
EDIT: It's honestly depressing, I genuinely enjoy technology and the internet, but when companies like Google are able to force garbage like this it just sucks all the joy out of it for me.
It's like everying is becoming a shitty mobile game. Do the toolsheds that develop Candy Crush clones not think we can understand why in app currencies are sold in bundles of 100 but every thing we purchase with them requires amounts that end with a five? Does Google not think we know the real motivation behind a system that strives to prove ads were delivered to your browser either?
I know a lot of people may not see the real driver here, but I'm tired of being underestimated and infantalized by a bunch of dorks trapped in a corporate echo chamber. I think I'd prefer it if they just straight up said they're going to sacrifice our privacy and user experience for a quick bump in stock value.
Most people don't have an understanding as to why things are the way they are. I'm constantly shocked at how I need to explain things which I consider to be blatantly obvious. From what I can tell, the average person just goes about their lives without much evaluation of the world they're in. They buy the things they're told to buy, like the things they're told to like, and don't think much about why they do the things they do.
True, but I don't think it's due to a lack of faculties for most people, it's just not an area of interest or a primary concern. It should be, because this sort of consumer and media manipulation is being used to enable some very dangerous things at present, but it's really hard to make headway when you're telling people how fucked up and unhealthy the one thing that's providing them with a little escape and joy is.
It might be easier to lead an addiction intervention.
I try to reframe privacy concerns with the idea that if someone was stalking you and recording your every action in physical public spaces that you'd be pretty disturbed. Most people get it, they understand the idea and can view their internet activity through the lense of that metaphor.
But they don't really feel it, and that's where the disconnect comes in. How do you get people who don't feel the Internet is part of "real life" to understand how invasive this is on both and intellectual and emotional level? Because of digital privacy and user rights don't hold some sort of emotional significance for them, it's going to stay a back burner issue in their lives.
It's like the evolution of the $x.99 mental trickery. They realize that getting $1 1-2 times a day was much more palatable than $20 a month or once.
I refuse to play mobile trash because not only will I not give in to that shit, I refuse to play games that purposely are made worse because not enough people are paying (and there's never enough)
Yup, it's easier for a user to justify a small purchase and lose track of how much they're spending and that's exactly why they do it.
It's the same with in-app currency, they sell you 100 coins or gems or whatever for $2.99, then charge you 75 for the shortcut to the progression required upgrade. You don't want to let a quarter of your money go to waste, so you're more tempted to put another $2.99 down to utilize it and buy the next upgrade. Cue the leveling treadmill.
It's a sort of weaponization of the study of human behavior IMO.
I do muddle around a little bit with indie games, and I've honestly let some of this make me a little too cynical, but it just feels different these days.
It was more due to the way a lot of the games I liked to play started to make changes to gameplay to try and push players to spend more money. Unnecessarily long grinds with subscription based paid shortcuts, freemium/premium BS, game modes that started to require you to be online for a certain amount of time each week to progress.
Gaming was always more of a social thing for me, and once it started to feel like an unpaid, part time job for me and my friends it stopped being fun.
EDIT: I may be projecting dark patterns onto something that's just driven by market forces these days, but I kind of doubt it.
Just this week or was it last week, I made a comment on some post that putting privacy aside, we should still be encouraging people to use Firefox instead of any chromium browsers to break control. It is good to see that right now I am just given a very good example why Chromium being a monopoly allows Google to control the spec (even if other companies are on board)
This is exactly the kind of thing that demostrates why DRM shouldn't be part of the web standards. It's very existence is abuse and this use even more so.
Yes. Degoogle completely. It might not be easy. It is not one action, but a process. But every one of their services you use is power you give them over you: they not only track you, but have the power to lock and remove your data. Leave as soon as you can.
This summer I have switched my Reddit, web browser, password manager, laptop, external keyboard, mouse type and now I either have to learn to live with Windows 11 or deal with the head ache of installing Linux. In other words I feel you. And figuring how to make Windows 11 to be tolerable and having to look into keyboard as touch typist is annoying as hell. I am not sure how I can completely degoogle myself as I use or used everything they have although not for really sensitive content in long, long time. But the fact is my gmail is my first adult email address and is even older than my Reddit account is.
I remember some time in high school somewhere around their IPO my friend told me google will be the next really big thing. If I had had listened listened him and had had some money I might have become a lot richer than I am. There was some now weird optimism and exitement around the now big tech companies. The vision I have of google is really different now than then but I still carry some attachement as sentimental person. I guess I am taking steps. And if anyone has input into which securish cloud storage to use that is somewhat cheap for multiple terabyte of things and can be used from file explorer, please tell me. Thankfully sensitive data is mostly elsewhere.
And there’s zero chance of some other company dethroning Chrome like IE was. The only way that happens is with government intervention to protect the free market.
But of course antitrust enforcement is dead in this country, so that’s not happening. Just look at the obviously anticompetitive Activision acquisition that went through recently. Too many politicians slept through their economics classes, and they think that giant corporations are good for consumers.
I'm old enough to remember when the line was "IE has 90% marketshare and nothing's going to change that"
Yes the landscape is different now, but these are free apps and there are competitors out there. It takes only a few minutes to switch to Firefox. Google's hold on this market is not as ironclad as people may think.
It doesn't seem to be targeting ad-blockers in particular (or other page customizing extensions), although that may result eventually. What it does do is let webpages restrict what web browsers and operating systems you are allowed to use, just like how SafetyNet on Android lets apps restrict you to using an OS signed by Google. That could end up with web pages forcing you to use a web browser and OS the big players like Google, Microsoft and Apple, blocking any less restrictive or less used competors like Firefox and Linux, thus creating a cryptographically enforced oligopoly. And even if they signed e.g. Firefox, it would only be certain builds of it. That would make it impossible to make a truly open-source browser that can access pages using this API. Quite concerning.
This is super fucked up. I use Stylus extensively to customize the UI on so many sites. Not even for adblocking or that kind of thing, but for accessibility. I actually learned to code many years ago specifically so I could write my own userstyles so that popular websites would be more accessible for me. This is not just predatory on an ads and money level but on an accessibility level too.
Having thought about it for a bit, it's possible for this proposal to be abused by authoritarian governments.
Suppose a government—say, Wadiya—mandated that all websites allowed on the Wadiyan Internet must ensure that visitors are using a list of verified browsers. This list is provided by the Wadiyan government, and includes: Wadiya On-Line, Wadiya Explorer, and WadiyaScape Navigator. All three of those browsers are developed in cooperation with the Wadiyan government.
Each of those browsers also happen to send a list of visited URLs to a Wadiyan government agency, and routinely scan the hard drive for material deemed "anti-social."
Because the attestations are cryptographically verified, citizens would not be able to fake the browser environment. They couldn't just download Firefox and install an extension to pretend to be Wadiya Explorer; they would actually have to install the spyware browser to be able to browse websites available on the Wadiyan Internet.
I hate the fact that one of the biggest and richest corporations in the world, is just a massive ad spamming dumpster fire. Imagine the good a powerful company like this could do, if 90% of their effort wasn't put into cramming ever more ads into people's eyeballs.
I literally swapped to Librewolf before the Rossman video was done. I was on Brave Browser before, but it's based on Chromium. Fuck Chromium and fuck Google. Fuck this shitty amoeba that tries to spread into and control everything.
I will post stupid shit on my de federated forum and you will fucking live with it Google. Fuck you. Burn. It's time to break up the internet monopolies and do some trust busting. Someone pull FDR's rotten corpse out of the grave and put it back to work.
Big fan of the "how dare you don't use professional language" vibe coming from the folks clinically discussing how to ruin what little remains of the open web.
I hope Louis Rossmann catches wind of this - the more people know about this, the better chance we have at stopping this unnecessary "WEI" spec.
If an company wants a trusted environment for their code to execute in, they should be asking themselves why they're not running that code in an app, or better yet - on their own servers
Can someone give me an easy to understand example of what they are proposing? Assume that I don’t allow them to install any software/tool that helps them track me/my device.
I saw this comment and found it helpful but its still not clear to me
At its core, it establishes software components called "attesters" that decide whether your device and/or browser is "trustworthy" enough - as defined by the website you are trying to visit. Websites can enforce which "attesters" users must accept, simply by denying everybody access who refuses to bow down to this regime; or who uses attesters that are deemed "inappropriate"; or who is on a platform that does not provide any attesters the website finds "acceptable".
In short: it is specifically designed to destroy the open web by denying you the right to use whatever browser you want to use, on whatever operating system. It is next-level "DRM", introduced by affiliates of a company that already has monopolized the browser market. And the creators of this "proposal" absolutely know what they are attempting here.
Non-goals [...] Enforce or interfere with browser functionality, including plugins and extensions. [...]
But guys they gave their pinky promise it's totally fine
let's just allow them to irreversibly make this change so that there is nothing preventing them from applying this totally Non-Goals in the future what could happen
Challenges and threats to address [...] Tracking users’ browser history User agents will not provide any browsing information to attesters when requesting a token. We are researching an issuer-attester split that prevents the attester from tracking users at scale, while allowing for a limited number of attestations to be inspected for debugging—with transparency reporting and auditability [...]
Cross-site tracking While attestation tokens will not include information to identify unique users, the attestation tokens themselves could enable cross-site tracking if they are re-used between sites. For example, two colluding sites could work out that the same user visited their sites if a token contains any unique cryptographic keys and was shared between their sites.
Good to see where your priorities lie in terms of user protection when deciding to launch this into conversation. Dude idk we'll fix it later don't worry bro
If that’s the level of seriousness they treat user privacy with, these engineers deserve to be lambasted.
This is a conscious abrogation of engineering ethics, and as a software engineer myself, it offends me immensely. It makes me and my entire profession look bad.
Well I won't visit a site that is full of ads now without an ad blocker, so why would the fact that o can't block the ads change my mind. As soon as a site blocks content for having an ad blocker or immediately starts popping up tons of stuff that's nearly impossible to close, I leave.
Companies like google should really not have so much power. I have stopped using chrome 1 year ago, and i am thinking about switching to a browser that doesn´t use chromium.
why are they trying to restrict and control the internet? on the plus side I guess I'll go outside more, touch grass, forget this crap exists and enjoy other facets of life. It's just sad to see it be transformed into this pile of crap.
Before everyone starts complaining, remember:
This is for the ads. There are millions of starving ads on the internet right now. For just a click and load a day on every ad you see you too can help a billion dollar company survive.
In total, I've probably already spent weeks on completing captcha. It often takes me up to 5 minutes, "try again, try again, try again, wasn't able to verify try again later,..."
Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it. This trust is the backbone of the open internet, critical for the safety of user data and for the sustainability of the website’s business.
Jesus christ just the introduction paragraph is a load of horseshit. Actually bold faced lies. Users depend on websites trusting the client? In what fucking world are websites trusting the client??? Literally the only case is the media DRM that should have never been part of the web in the first place.
Exactly. The websites only need to trust that the client can receive the content, which the protocols define and we have protocols to exchange what other protocols the client can use. Just use a http://www.motherfuckingwebsite.com
Users depend on websites trusting the client? In what fucking world are websites trusting the client??? Literally the only case is the media DRM that should have never been part of the web in the first place.
Sometimes I see people with multiple toolbars in their browsers. These could sniff/leak data.
If you provide a service for your user, you may want to restrict access to your peticular customer.
I do not like it either.
But the explainer to me does not appear like DRM in the first place.
And I am wondering if the client could just encrypt some fake data. How should the web server know? They get one ID and the content binding, which does not appear to be anything new (fragment/data from URL). But I am not developing websites.
In case anyone thinks this is a fiction reference or something, it's not. Kinda interesting project tbh, came across someone with a Gemini link in their profile on Mastodon the other day and it got me curious.
Create a browser that creates a live 4K video stream of any visited page then uses AI to identify ads on the page and cover them with a solid matching the pages color.
This seems so ridiculous. I'm coming from a privacy perspective. I'm using a number of extensions that block as many trackers as possible. Now I may have to give that up just so someone can "attest" to my identity. I'll have to forgo my privacy, otherwise I can't use the web.
The Tor network won't help with this. The Tor browser, based on Firefox, will only be able to access these sites if it supports the same DRM. If that means sharing a key that identifies your browser uniquely, then the Tor browser is over unless it can serve up random keys each time. The next thing Google will try is to tie the DRM keys to your identity (and your Google account) through some central key-approving authority. Media companies will like that if it means they can block users from spoofing their country to get access to shows that aren't available in their own country. Governments will like it because they'll know the identity of every user of every website. And it will be sold as improving your safety or giving you content that suits your interests. And somehow protecting children.
I'm afraid that browsers supporting this DRM would also block attempts to break it and that browsers that do not support it get blocked by websites using it
I haven't thought this through, but if you had a headless browser acting as a proxy, couldn't that pass the un-drm HTML & other resources to your actual browser?
I guess the drm stuff would be embedded in the js so it would have to block all js, so this wouldn't work for the majority of the modern web.
However, while it does add a layer of annoyance that'll mess things up for most, like any DRM, it fundamentally is unsound and will get cracked. Us good people have a big incentive to do so here. Reading the spec, it still relies on a trusted party (expected to be the OS) and, unlike ie. games consoles, we already have admin access to that party from the get go.
Where it could be a problem is mobile phones. They could target browsers that support ad blocking and you'd probably need to root the phone to get past that.
That's how they do it. They send their "proposal" and immediately implement it in Chrome (with work on that being started long before "proposal" is made public obviously). Then they start using it on their own websites (with compatibility for now) and start propaganda campaign to push webdevs to use it too (which they do of course). Then they start complaining that other browsers' developers are slow to implement this new "standard" (at this stage they won't call it a "proposal" anymore) and are "stifling development of the web" or being actively malicious because they are jealous of Chrome or something. Then compatibility mode on their websites is first subtly broken so that users once again will witness how Chrome is superior browser and then removed outright. Boom, we have a new web standard!
I remember watching Chrome fill up long lists of ??? in the task manager, back when I still used Windows and Chrome on an old Laptop. Both CPU and RAM were working at their utmost and that shit blocked everything.
I find it hard to see how they could protect content from ad blockers without also crippling pages that self modify their own content. Perhaps they could put headers akin to content security policy that forbids external modification. Assuming a browser were to honour that header I could see bad publicity and a lot of people just moving to another browser which doesn't. Additionally, ad blockers aren't the only things that modify pages - breaking accessibility add ons could be more negative publicity (just like with Reddit).
I think browsers would be best off to let websites develop countermeasures if they're so sore about ad blockers. Perhaps they could use "self healing" Javascript libraries that put back content which is removed. Or they could just refuse to work if they detect an ad blocker, e.g. they stick some canaries in the DOM or along blocked paths to see if an ad blocker is present.
The engineers are writing up the spec, implementing the prototype, and will eventually be responsible for the rollout. The engineers are as much at fault as whoever thought up the idea. Without the engineers being complacent, the idea would be nothing more than an idea.
"Just following orders" has never been a good excuse for doing bad things.
I agree. I'm an engineer and have left companies for doing things I think are unethical. I understand its not always black and white, but at the end of the day, if you're doing something bad and you know its bad, "just doing my job" does not mean you're not complicit and at least partially responsible.
Especially if you work at a place like Google - its not like the only choices are either implementing this or starving. There are plenty of employment opportunities out there for people at the top of the industry that don't involve making the world a worse place for everyone to live in.
That's only true if the engineers following the order clearly know what they're doing is wrong, which is often not the case. Most software engineers are as ignorant about privacy as their customers. They do not give a damn about FOSS nor privacy and are often users of these products themselves.
Can someone explain how the server is going to know whether or not the client browser is showing the ad? A stealthy browser would say, "hey yeah send that ad so I can render it to the user" and the server says, "yeah ok" and then <doesntRenderAdOnClientDevice>. How is the server going to know whether the ad is displayed or not? Don't current gen adblockers not even retrieve the asset? If the asset was retrieved but not displayed, how (if even) can this be monitored?
I don't get how they want make those attesters trustworthy. Any attester is installed on a user device, so its "private" key used for verdict signing can be retrieved by a bot author and used to make fake verdicts. Disregarding ethics of the proposal, it just won't work in real world.
It’s all derived from hardware security modules like TPM. It’s not impossible to exfiltrate private keys from these devices, but it’s difficult and expensive, involving de-lidding the chip and carefully reading electric charge values from individual flash gates. Not out of reach for a sophisticated state-sponsored targeted attack, but certainly puts Evil Maid and other opportunistic attacks out of reach.
As for how original integrity is established, that’s done by saving the public key or equivalent while
the device is in the possession of the trusted entity.
lol as the "adblocking addicts" quality shitpost. Even bigger lol at Google's dipshittery for even thinking this was a remotely good idea in the first place.
I hate the fact that one of the biggest and richest corporations in the world, is just a massive ad spamming dumpster fire. Imagine the good a powerful company like this could do, if 90% of their effort wasn't put into cramming ever more ads into people's eyeballs.
There is unfortunately no code, the repo just contains a couple of Markdown files. Everything we have is a specification which "describes how this is being prototyped in Chromium".
If this is about blocking ads, how will this stop people using DNS based ad blocking? Been using control d for awhile and it's been great. Use their DNS on my router and every device in my house is ad free.
Won't work if ads are served on the same domain name as YouTube does. Also I think the website just wouldn't load if you block the domain checking the integrity (which will probably be done on the same domain as the website you attempt to access)
They aren't proposing a way for browsers to DRM page contents and prevent modifications from extensions. This proposal is for an API that allows for details of the browser environment to be shared and cryptographically verified. Think of it like how Android apps have a framework to check that a device is not rooted, except it will also tell you more details like what flavor of OS is being used.
Is it a pointless proposal that will hurt the open web more than it will help? Yes.
Could it be used to enforce DRM? Also, yes. A server could refuse to provide protected content to unverified browsers or browsers running under an environment they don't trust (e.g. Linux).
Does it aim to destroy extensions and adblockers? No.
Straight from the page itself:
Non-goals:
...
Enforce or interfere with browser functionality, including plugins and extensions.
Edit: To elaborate on the consequences of the proposal...
Could it be used to prevent ad blocking? Yes. There are two hypothetical ways this could hurt adblock extensions:
As part of the browser "environment" data, the browser could opt to send details about whether built-in ad-block is enabled, any ad-block extensions are enabled, or even if there are any extensions installed at all.
Knowing this data and trusting it's not fake, a website could choose to refuse to serve contents to browsers that have extensions or ad blocking software.
This could lead to a walled-garden web. Browsers that don't support the standard, or minority usage browsers could be prevented from accessing content.
Websites could then require that users visit from a browser that doesn't support adblock extensions.
I'm not saying the proposal is harmless and should be implemented. It has consequences that will hurt both users and adblockers, but it shouldn't be sensationalized to "Google wants to add DRM to web pages".
Edit 2: Most of the recent feedback on the GitHub issues seems to be lacking in feedback on the proposal itself, but here's some good ones that bring up excellent concerns:
Frankly, I don't trust that the end result won't hurt users. This kind of thing, allowing browser environments to be sent to websites, is ripe for abuse and is a slippery slope to a walled garden of "approved" browsers and devices.
That being said, the post title is misleading, and that was my whole reason to comment. It frames the proposal as a direct and intentional attack on users ability to locally modify the web pages served to them. I wouldn't have said anything if the post body made a reasonable attempt to objectively describe the proposal and explain why it would likely hurt users who install adblockers.
I mean, they said Manifest V3 wasn't supposed to interfere with ad blocking either. Yet here we are. Their power over how people access the web is too great to just trust what they say.
I don't disagree with you. If this gets implemented, the end result is going to be a walled garden web that only accepts "trusted" browsers. That's the concern here for ad blocking: every website demanding a popular browser that just so happens to not support extensions.
My issue is with how the OP framed the post. The title is misleading and suggests that this is a direct attempt to DRM the web, when it's not. I wouldn't have said anything if the post was less sensationalized, laying out the details of the proposal and its long-term consequences in an objective and informative way.
Is just the first step in a series of corporate decisions that inevitably leads to
"We know we said we wouldn't, but we didn't realize how much money we could make"
Google took "do no evil" out of their mission statement. Why would you trust them to stick to their word and not develop this tech in a way that helps their own ad platform make money?
In my other comments, I did say that I don't trust this proposal either. I even edited the comment you're replying to to explain how the proposal could be used in a way to hurt adblockers.
My issue is strictly with how the original post is framed. It's using a sensationalized title, doesn't attempt to describe the proposal, and doesn't explain how the conclusion of "Google [...] [wants] to introduce DRM for web pages" follows the premise (the linked proposal).
I wouldn't be here commenting if the post had used a better title such as "Google proposing web standard for web browser verification: a slippery slope that may hurt adblockers and the open web," summarized the proposal, and explained the potential consequences of it being implemented.
Did you read until the end, or was it more important to accuse me of either being stupid or a corporate shill? I have nothing against you, and I don't see how it's constructive to be hostile towards me.
I said that the proposal itself does not aim to be DRM or adblock repellent, and cited the text directly from the document. It's possible that something got lost in communication, but that wasn't me trying to suggest that we should just blindly trust that this proposal has the users' best interests at heart, or that motivations behind creating it could never, ever be disingenuous.
Hell, I even made sure to edit my post to clarify how the proposal—if implemented—could be used to prevent ad blockers. The paragraphs right after the one you quoted say:
To elaborate on the consequences of the proposal...
Could it be used to prevent ad blocking? Yes. There are two hypothetical ways this could hurt adblock extensions:
As part of the browser "environment" data, the browser could opt to send details about whether built-in ad-block is enabled, any ad-block extensions are enabled, or even if there are any extensions installed at all.
Knowing this data and trusting it's not fake, a website could choose to refuse to serve contents to browsers that have extensions or ad blocking software.
This could lead to a walled-garden web. Browsers that don't support the standard, or minority usage browsers could be prevented from accessing content.
Websites could then require that users visit from a browser that doesn't support adblock extensions.
web env. integrity is not as bad as people make it out to be.
yeah I absolutely agree that it's terrible and also a bad idea (we don't need MORE drm in our browsers, I'm looking at you, Widevine (although firefox worked around it by running drm in an isolated container)), but it's main purpose is to detect automated requests and effectively block web scraping with a drm system (it ensures two things: your useragent can be trusted and you're a real non-automated user), NOT detect ad blockers. It doesn't prevent web pages from being modified like some people are saying.
there's a lot of misleading information about the api as it doesn't "verify integrity" of the web page/DOM itself.
it works by creating a token that a server can verify, for example when a user creates a new post. If the token is invalid, server may reject your attempt to do an action you're trying to perform. (this will probably just lead to a forced captcha in browsers that don't support it...)
Also, here's a solution: Just don't use Chrome or any Chromium-based browsers.
Pi holes could still circumvent this, no? At a high level you'd need a computer to load a page, strip all the garbage, and forward the remaining page to the client. Any drm keys could be retained I would expect?
As long as they let you display the site onto your monitor you will be able to manipulate what you see. This is a pointless arms race that only wastes peoples time.
I hate the fact that one of the biggest and richest corporations in the world, is just a massive ad spamming dumpster fire. Imagine the good a powerful company like this could do, if 90% of their effort wasn't put into cramming ever more ads into people's eyeballs.
You know how nearly every browser is now based on chromium? And firefox when its not chromium, and even forefox adopted the extension limitations of chrome? Well I hear Duckduckgo's new browser something new finally instead of based off an existing browser.
It doesn't have extensions yet but those are coming and adblock is baked in.
Ed: my 1st downvotes of my time on the fediverse. <3 you to folks.
you misunderstood it tbh.
it's supposed to be used as a way to skip bot verification if the requests are signed by a drm system which includes your unique id (coming from google account or google play id), and one of the goals of the actual proposal is keeping existing extension working AND keeping web pages working without drm.
of course i don't want any drm in my browser, but it's kinda already there anyway...
it will likely make the experience worse for non-drm users because they will get hit by more advanced and sensitive bot verification systems or rate limits which is kinda bad but not the end of the world.
y'all are just overreacting and spreading pure bullshit.
it's not even supposed to be used to verify DOM elements, just that the user is using an official Chrome/Chromium browser, and is not automated.
basically it's just SafetyNet.
it will not kill js addons.
If you don't want to see ads, pay for the services or use services that do not force you to download unwanted data (ads) on your computer. It's that simple.
I'm amazed at how angry people are at ads. I agree that this change would be terrible purely because of the customization thing, but people at some point are going to have to realise that there is no such thing as free lunch.
You're using their service/web site, they say you have to pay by watching ads and thats the deal you have. If you don't like it, don't use it, because if ads weren't a thing, the whole internet would be paywalled (apart from the sites people host from their own cash/donations).
The internet and big tech has for so long taken the stance to grow fast make money later, but many never do. I feel like the time of reckoning is soon upon a large part of the internet, where if they don't make money, they'll vanish.
Edit: just so I clear it up before anybody starts yelling at me about it, I am very much against this change for multiple reasons, but it's just that it triggered me to see so many people attacking the wrong thing. We've just become spoiled by unsustainable startup practices and have lost touch with reality.