Google has defended its Web Environment Integrity on the grounds that it aims to make web browsing more private and safe through tokens.
Attacks and doxing make me personally MORE likely to support stronger safety features in chromium, as such acts increase my suspicion that there is significant intimidation from criminals who are afraid this feature will disrupt their illegal and/or unethical businesses, and I don't give in to criminals or bullies
Kick a puppy
Get attacked for kicking a puppy
"These attacks make me MORE likely to keep kicking puppies, as I don't give in to intimidation from criminals and bullies that want healthy puppies for their nefarious ends."
Google gained control of the web by populating the world with Chrome/Chromium and wants to strong arm the web as a whole through it.
Climbing the ladder and pulling it up from underneath them, with their fisted approach to Manifest V3 the beginning salvo.
Quick correction: website scraping and ad blocking is not unlawful. It both is a means to make the web more accessible and the latter also reduces CO2 emission through reducing electricity usage from irrelevant ads. The same case could be made for web scraping as a user can make their own feed of news without having to sift through hundreds of pages. This as well can be done in a way that does not disrupt the pages‘ normal function.
That is where the two larger issues come in:
people can argue that you need to pay for viewing a page/getting information through apps
And
branding powerusers as criminals („unlawful“) is unfair and false
The „pay for information“ is largely a phylosophical problem. It is no problem to pay for someones book or online course but the blanket statement that one has to pay for it is false. As an open source developer I give my work freely to others and in turn receive theirs freely as well (if they use the appropriate license of course).
We really have two sides forming. The „open internet“ crowd that works together for free or maybe accepts donations and the proprietary crowd which is having a huge influence right now.
Google putting in web DRM will cement that situation and make it possible that you can only use vanilla stuff on your browser and ultimately even shutting down any access to open source things completely by making it impossible to run on ubuntu since google will only accept windows clients (this is a possible outcome, not a guaranteed one).
All in all, we are unable to perfectly anticipate the outcome of this but if we see great harming potential, it is fair to weigh it agains the potential benefits (which is the lofty goal of weeding out bots and scammers). I think the cost benefit relation is heavily tilted here.
TL;DR: Tinkering with your browser is not illegal and should be allowed to continue. The cost of (potentially) weeding out bots and scammers is not worth potentially ruining the open source community.
I work with cultural heritage and have the strong believe, that information should be open and easy accessible. Citizen have a right to access to knowledge and to educate themselves unter their circumstanses. But of course the Infrastructur cost money and this should always be a discurse between all parties. And not been dictated by major companies.
It is a really hard fight for museums, archives and libaries lately. What do you do when your electricity bill jumps up to 5 million during the war in the ukrain?
We need to unite and search for ways to keep the Internet accessible.
Plus adblocking should be basic security posture these days. Does no one remember pop up ads delivering spy/malware? Still happening today, why should I allow a site to display ads that are intended to cause harm to my person and property. Does the ad service or site using it have no responsibility to safeguard their users against these threats when removing their ability to defend themselves?
Yes, I remember the malicious popups from the past. In fact, some installers put non hazardous but still unwanted software of your pc while concealing it as just another page of things to accept (like avira for example). It’s all just harvesting that sacred attention and precious data. This is why it needs to stop. We don’t need to accept this. We can actually work together (open source) to advance and improve instead of letting someone use us for their gain while holding a carrot on a stick in our face.
Is it just me or are Twitter, Reddit, and now Google, scrambling to lock their doors to any entities trying to scrape the web for new AI datasets?
All these hugely unpopular decisions, taken on short notice, that may be fatal to their platforms, seem to be more like knee jerk reactions to protect their treasure hoards of possible AI input data.
From a consumer perspective, it seems like all the FANG conglomerates are trying to shut the stable door after the AI horse has bolted, but perhaps from an industry perspective, their just trying to pull up the ladder behind themselves to curb competition, or stall any emerging upstarts, just like most FANGs where themselves only decades ago.
You do know that FAANG is an acronym for Facebook, Amazon, Apple, Netflix, and Google, not a type of company. Saying "...like most FANGs [sic] where themselves only decades ago" makes no sense as far as I can read it.
I my experience the people running large companies are idiots who got their position by brown nosing the right people so it doesn't really surprise me. Google is pretty well known too for coming up with stupid ideas they scrap in a few years
The proposal is bad enough as it is, but it’s the duplicitous gaslighting BS that really pisses people off.
If they came out and said “We came up with this thing to prevent loss of revenue on ads and prevent LLMs from capturing data” then people would still be against it, but at least it would feel like an honest discussion.
Instead it’s just another page out of Google’s playbook we’ve seen many times already.
Make up some thinly veiled use cases that supposedly highlight how this would benefit users, while significantly stretching the definition of “users”
Gaslight every one by pretending that people simply misunderstand what you’re proposing and what you’re trying to achieve
Pretend that nobody provides reasonable feedback because everyone is telling you not to commit murder in the first place instead of giving you tips on how to hide the body
Latch onto the few, inevitable, cases of people going too far to paint everyone opposing it in a negative light
Use that premise to explain why you had to unilaterally shut down any and all avenues for people to provide comment
Make the announcement that you hear people and that you’re working on it and that all will be well
Just do what you want anyways with minimal concessions if any and rinse repeat
For what it’s worth I blame W3C as well.
Their relatively young “Anti-Fraud Community Group” has essentially green lit this thing during meetings as can be seen here:
I did not know this. I always likened them to the EFF, an organization that aimed to make things better. Never in a million years would I have thought they were just shills for Alphabet 🙁
WEI can potentially be used to impose restrictions on unlawful activities on the internet, such as downloading YouTube videos and other content, ad blocking, web scraping, etc.
Did the author of the article come from some dystopian parallel universe?
Yeah, violating TOS or EULA unlawful? Unbelievable bs. Imagine a world where users become criminals for routine and innocuous activities because of shifting TOS that no one reads and is intentionally impenetrable and user hostile.
You’re right that it won’t. I will say that I switched from Firefox to chrome when it was still in beta (nobody I talk to ever remembers the “goats teleported” metric). Chrome was way faster. It didn’t handle memory well, but it was the best for me for a long time. The extensions were great.
I just downloaded Firefox on all my devices and I’ve been happy so far. Not as fast as chrome or edge, but gets me closer to leaving google.
Yeah, I found the discussions on HN and the debates in the Google group mailing list ("Intent to Prototype: Web environment integrity API") much more interesting, but didn't hot link the latter in the OP post to limit brigading. Although that mail list archive is made publicly accessable.
That was for tying IE to Windows, and it was also done while there were paid web browsers competing with them. Then they forced OEM PC makers to bundle IE or get dropped as a customer for Windows licenses.
What exactly is the attestation checking? As far as I can tell it is a TPM assertion possibly that you have secure boot enables and that the browser has not been tampered with. Is there anything else? I looked in the Github page but alls that I saw was placeholders. Is this documented somewhere?
I think it's up to the attestor. So in theory it could check anything from what you described (most likely) to requiring that all users have a background image of Ronald McDonald (less likely).
It's TPM based on Android yes from the look of it, their article mentioned the Play Integrity API. So at least on phones it can potentially require a locked bootloader running the vendor's OS completely unmodified.
That makes a lot of sense. Not sure how that would work on Windows where users typically run with admin credentials. Yes, I cannot modify the boot loader, but with admin credentials I can do many malicious things to your traffic in between the browser and the OS, up to and including attaching a debugger to your browser process to see kernel memory.
I know it is possible for Linux to pass secure boot in some cases, so in theory it could be possible for there to attestation on Linux systems, but this suffers from the same flaw as Windows since users have root access.
In the end the only thing this will do is prevent someone from using curl or cli tools to access a site that requires attestation. Will this prevent bots? I am not certain. You could in effect guarantee a 1-1 relationship of users to TPM/Secure Enclaves. This would slow down bot farmers, but not stop them.
If you have to resort to false equivalences like these, you're not really making the anti-WEI crowd look good.
*Edit: *
There's some massive misunderstanding about my comment.
I called it a false equivalency because it's comparing both the measures ("stronger safety") and the thing is supposed to prevent (doxing and bullying) to puppy kicking.
That's just emotional manipulation done badly. We all call it out when politicians use pedophiles to warrant Internet surveillance, and now apply it ourselves? I don't know about you, but when I see bad reasoning, I'll call it out. Even if it's done by "my side".
Though, for the record, this is one of the few situations where humanity would have been better off if Google had simply paid their web engineers to go out into the world and kick animals all day long instead.
Both support stronger safety features in chromium and criminals and bullies got equated to kicking puppies. That's why it's a shoddy attempt at illustrating their reasoning.
I think the comment that the_lego is replying to also highlights the false equivalency of calling the anti-WEI crowd as criminals, as was not a good look for Google.
They have apologized for using the word criminals & bullies in a broader context and I appreciate that. However, the initial part of the comment is very telling of how they view those who oppose.
This is quite a bit worse than kicking a puppy. Of course, it's horrible when puppies get kicked but ultimately they will be on. This, on the other hand would be a major set back to humanity, potentially permanent as our rights and privacy are erroded day by day.