In recent news, Google has put forth a proposal known as the "Web Environment Integrity Explainer", authored by four of its engineers. On the surface, it
For a tech community there are a lot of uninformed and fear mongering posts in here. From the article:
What About Browser Modifications and Extensions?
Google's proposal remains ambiguous about its impact on browser modifications and extensions. It attests to the legitimacy of the underlying hardware and software stack without restricting the application’s functionality.
However, how this plays out with browsers that allow extensions or are modified remains a grey area. As the proposal vaguely mentions, "Web Environment Integrity attests the legitimacy of the underlying hardware and software stack, it does not restrict the indicated application’s functionality."
Basically it can be summed up as “nothing in the new thing actually says it will make blocking ads impossible or even harder, but who knows right? So just trust that it will based on nothing other than fear mongering”
Sites have been detecting ad blockers and refusing to show you content unless you disable them for years. Sites already have paywalls as drm to restrict what you can see. This really isn’t bringing the ability do any of these DRM things since those already exist.
Having said all that - is there much of a reason for this new thing to exist? Debatable at this stage. The only benefit I can see to users is it could eliminate captchas and other “are you human?” checks, as well as maybe reduce cheaters in browser based games (which tbh I don’t even know if that’s a thing).
I think the issue is that Google has both A) a track record of backdooring restrictions on adblocking, and B) an overwhelming motivation to do so seeing as how they generate their revenue from online advertising. They've forfeited the benefit of the doubt, especially when they've already disclosed that the whole point of the change is to enhance the profitability of online advertising:
Google's engineers elaborate, "Websites funded by ads require proof that their users are human and not bots...Social websites need to differentiate between real user engagement and fake engagement"
So given that once implemented, this hop and this skip would just require a teensy jump in order to further restrict adblocking, it is reasonable to assume that's within their desired goals.
Google has a track record of attack articles written against them, all talking up their intentions to tank adblocking, including this attack article. And yet, my adblocker still works and my ads are still blocked. Strange that we just assume this is what they intend to do, when there's no evidence they've pulled it off, we treat it as if they have.
Threatens, as in, hasn't happened and may not. Not all threats are true.
idk how well stuff works on Chrome Mobile. I use a different Chrome-based mobile browser that does allow extensions, and Ublock Origin works great on it. Turns out there's more than one way to skin a cat. Who knew?
I'm well read on Manifest v3. I'm also aware of a Ublock Origin version that is designed to work under it. I have it installed and ready to go, for if and when the old one stops working. But that has only been threatened, too, and not even by Google.
I'm not certain it is just an assumption, but I am also not certain it is a prophecy. Until I get more certain, I'm not going to bust my hump worrying about it. And I'm certainly not going to bellow to the hillsides that we're all doomed.
YouTube test threatens to block viewers if they continue using ad blockers
They can do this without this new API though. Many sites block users if they use ad blockers, have for years, and that's without this API.
How well is uBlock Origin working for you in Chrome Mobile?
Chrome isn't the only browser on mobiles. If Chrome doesn't let you block ads and you want to block ads, use a browser that does. Based on your logic, google would have eliminated ad blockers from Android overall already, yet they haven't.
The fact is that this new API doesn't block ad-blockers. Sites can already choose to block access if you have an ad blocker. There's no change.
In other posts, I've tried to point out how some of the articles and comments around WEI are more speculative than factual and received downvotes and accusations of boot-licking for it. Welcome to the club, I guess.
The speculation isn't baseless, but I'm concerned about the lack of accurate information about WEI in its current form. If the majority of people believe WEI is immediately capable of enforcing web page integrity, share that incorrect fact around, and incite others, it's going to create a very good excuse for dismissing all dissenting feedback of WEI as FUD. The first post linking to the GitHub repository brought in so many pissed off/uninformed people that the authors of the proposal actually locked the repo issues, preventing anyone else from voicing their concerns or providing examples of how implementing the specification could have unintended or negative consequences.
Furthermore, by highlighting the DRM and anti-adblock aspect of WEI, it's failing to give proper attention to many of the other valid concerns like:
Discrimination against older hardware/software that doesn't support system-level environment integrity enforcement (i.e. Secure Boot)
The ability for WEI to be used to discriminate between browsers and provide poor (or no) service to browsers not created by specific corporations.
The possibility of WEI being used in a way to force usage of browsers provided by hostile vendors
The ability for it to be used to lock out self-built browsers or forked browsers.
The potential for a lack in diversity of attesters allowing for a cartel of attesters to refuse validation for browsers they dislike.
I very well could be wrong, but I think our (the public) opinions would have held more weight if they were presented in a rational, informed, and objective manner. Talking to software engineers as people generally goes down better than treating them like emotionless cogs in the corporate machine, you know?
The only benefit I can see to users is it could eliminate captchas
#CAPTCHA elimination is not a benefit. The CAPTCHA motive of separating humans from bots is responsible for killing beneficial bots. The only good thing about it is humans get fed-up with CAPTCHAs and the captcha-pushers lose human traffic. That backlash is a good thing™. Remove that backlash and beneficial bots are defeated on a much larger scale.