The result: there is now effectively one dominating web browser run by an ad company who nigh unto controls the spec for the web itself and who is finally putting its foot down to decide that we are all going to be forced to either used fully-locked down devices or to prove that we are using some locked-down component of our otherwise unlocked device to see anyone's content, and they get to frame it as fighting for the user in the spec draft as users have a "need" to prove their authenticity to websites to get their free stuff.
(BTW, Brave is in the same boat: they are also an ad company--despite building ad blocking stuff themselves--and their product managers routinely discuss and even quote Brendan Eich talking about this same kind of "run the browser inside of trusted computing" as their long-term solution for preventing people blocking their ads. The vicious irony: the very tech they want to use to protect them is what will be used to protect the status quo from them! The entire premise of monetizing with ads is eventually either self-defeating or the problem itself.)
The person who wrote the proposal[0] is from Google. All the authors of the proposal are from Google[1].
I've been thinking carefully about this comment, but I really don't know what to say. It's absolutely heartbreaking watching something I really care about die by a thousand cuts; how do we protest this? Google will just strong-arm their implementation through Chromium and, when banks, Netflix & co. start using it, they've effectively cornered other engines into implementing it.
This isn't new to them. They did it with FLoC, which most people were opposed to[2]. The most they did was FLoC was deprecate it and re-release it under a different name.
The saving grace here might be that Firefox won't implement the proposal.
[0]: https://github.com/RupertBenWiser [1]: https://github.com/RupertBenWiser/Web-Environment-Integrity/... [2]: https://news.ycombinator.com/item?id=26344013
You do not and you cannot. It was written in stone once Chrome dominated the browser market. What Chrome (Google) wants, Chrome (Google) gets. Despite all the good engineering Google wants to sell ads, that's all there is to it. And the result is this proposal.
> The saving grace here might be that Firefox won't implement the proposal.
It's irrelevant and we are an irrelevant minority. Unless people switch to FF in droves the web is Chrome. And they won't because at the end of the day people just want to get home from their shitty jobs and stream a show. As long as that works everything else is a non-issue.
1) You cannot all of a sudden provision content differently to a user who has an unapproved device with their preferred accessibility stack and/or hardware.
2) Even if attestation does not involve tracking, effectively forcing children into an ecosystem that tracks them can be deemed unlawful by the FTC. Providers cannot foreclose all means of access to content that are not in a tracking ecosystem, because it violates the rights of children.
The proposal is probably legally negligent because it does not exercise the ordinary standard of care expected of senior technologists. Providing a tool that affects hundreds of million of children and people with disabilities is not a joke.
It astounds me that people would actually associate their real identities with stuff like this publicly.
how do we protest this?
The same way we protest politicians doing things against our desires? We know exactly who the perpetrators are, so perhaps we should all give them a piece of our mind. I absolutely don't condone violence, but exercising our right to free speech is always a good idea.
https://awesomekling.github.io/Ladybird-a-new-cross-platform...
Probably the privacy angle is best. Given that this uses an "attester’s public key", this enables to uniquely identify a given device repeatedly over time with no margin for error. It's essentially "perfect fingerprinting".
There's also the option that devices don't use a per-device key. If all the devices from a vendor use the same keypair, then this would be broken by just extracting the key from a single device (AFAIK, in the US this would likely not be legal to use).
As others have said, FF doesn't have a lot of leverage left to influence those type of decisions, but Safari might. Not sure what their position is on this proposal.
The one pager has a section on stakeholder feedback [0], but doesn't name them for some reason.
[0] https://github.com/RupertBenWiser/Web-Environment-Integrity/...
The proposal for Chrome, you don't, because there's no stopping it. See DRM, Secure Boot, all the rest of the shitshow pursuing "trusted environment". It'll never happen, but CEOs won't accept reality.
You can, however, embrace the rest: eg. keep serving your own content on http (along with https), gopher for retro compatibility, and because they are less prone to break.
Keep using your current device for browsing, and whatever refuses to serve you either leave it for good or keep a spare chromebook for all the "services" you can't avoid to use, like banking.
I don't have a better route. It's a bit like streaming: if I want resolution above 480p, I use a Chromecast with Android TV.
Not technology related exactly, but until recent events I thought Reddit would survive and be untouchable. Now I'm wondering why I didn't join the fediverse sooner. There are rough spots but it will surpass centralized solutions.
We are at a turning point and should say no to all garbage. They need us more than we need them.
Death by a thousand cuts can also happen in the other direction. Even if we do not have a single decisive way to oppose this disastrous proposal, we can fight it in as many ways and on as many avenues as possible. Spreading the word about it widely is an important first step, so that those best placed to oppose it know that they should act.
Perhaps, make a web page with something like:
if(navigator.getEnvironmentIntegrity) window.location="[some URL with the protest]";Probably the only solution is to bring harsh legislation against the very existence of online advertising. I don't know what that legislation would actually look like and how it can be done ethically.. but the alternative is probably worse.
Brave is an advertising company, but we’re quite different from Google and others in this space. Brave's ad notifications are opt-in and engineered in such a way to protect and preserve user privacy. I'm not sure where you saw Brave engineers talking about ways to prevent users from blocking our ads—we don’t try to prevent users from blocking Brave Ads.
If you wish not to see Brave’s ad notifications, you can easily avoid them (by not opting-in in the first place, or by throttling/disabling-entirely). There are no special hoops to hop through, or technical incantations to utter. We believe digital advertising is better when it is built on user-first principles and consent.
If a user opts-in to Brave’s ad notifications, their device proceeds to routinely download-and-maintain a regional catalog of available inventory. The user's device then evaluates the catalog entries for relevance. User data is NOT sent off-device in Brave’s model. If a relevant ad entry is found, it is then displayed to the user in such a time and manner for minimal distraction. When an ad notification is shown, the user receives 70% of the associated ad revenue for their attention (no clicks required).
Again, if the user wishes to not see ad notifications, they can simply choose not to opt-in to viewing them. If the user wishes to not see the occasional sponsored image on the New Tab Page, they can turn those off from the New Tab Page itself with 2 clicks ( Customize › Show Sponsored Images). Importantly, the user is always in control. They decide whether ads will be displayed, and to what degree (e.g., the user can set a limit on ad notifications per hour).
Brave isn't interested in coercing users to view advertisements.
We are an open-source browser developer and these concerns deeply resonate with us. We understand the paradox Alphabet faces, yet we firmly believe the solution isn't about exerting "DRM" level control over a ubiquitous means of access.
We're committed to standing up for the future of the web. We don't just see ourselves as a browser company but as advocates for an open, fair, and free web. We invite you to join us in this endeavor. Visit https://github.com/dosyago/BrowserBoxPro today. Stand with us for an open, free, and fair web.
Interesting that fixing "how to center a div" is considered harmful, but WebSerialPort is actually very good?
> The result: there is now effectively one dominating web browser run by an ad company who nigh unto controls the spec for the web itself
I don't think this this reality. Google proposes a bunch of APIs that goes nowhere because the other browser vendors consider them harmful. Google's previous attempts at trying to drive more adtech into the browser have failed due to a lack of support from other browser vendors.
I think "who drives the web specs" is probably in the best situation possible. It's largely Google, Mozilla, and Apple who all have slightly different interests in what makes a good web platform, and the web ends up better for it.
It is certainly "interesting", but "true" nonetheless: one determined person--think Fabrice Ballard if you want an example--is in a great position to throw together a web browser and even implement ALL of the crazy API wrapper specs, but when if they aren't you simply don't need most of them to browse any given website.
But, as it stands, my only a-few-year-old copy of Safari can barely even browse the web anymore as it is missing some new corner case of CSS or web components or whatever and I just get blank screens a lot; the result: people have burned years of large teams into trying to maintain implementations of HTML/CSS and have given up.
The web should really just be a handful of really core specs for getting platform access--which of course have innovated over the years so you'd have all of canvas, WebGL 1/2, and WebGPU, which would take SOME effort but isn't like, INSANE--and then all of the layout should be done end-to-end in libraries.
The world NEEDED to be like this to prevent us from ending up with only a handful of web browsers that can only be maintained by giant companies: it needs to be sufficiently easy to build a web browser that we would end up with a ton of small implementations that would be difficult to move as a unit, forcing progressive enhancement as a permanent norm.
Hopefully this will not be implemented, but still it's a good wake up call for those who still think that Chrome is more than an ads-delivery app with some browser functionality.
Here's an exercise: try to draw a diagram of all parties required to display a video ad on your page. I suggest starting with the OpenRTB and VAST specs. It's creepy.
The biggest shame here is that most people are convinced that we need advertising because otherwise people would not pay for content.
"powerful-but-easy-to-code APIs for OS-level access" are actual hard-to-implement-right functionality that is often pushed to browsers with very little discussion or considerations.
It was critical for the web to be easy to implement the core of for a small team or even a single concerted god-tier developer--imagine Fabrice Ballard--and the current spec has failed so hard at this that even tech megacorps have thrown in the towel. People get upset about WebUSB... but that's not the API surface that is causing us issues. If I had to single-handedly implement all of canvas/WebGL/WebGPU and JavaScript/WebAssembly I could pull it off (noting I used to be a video game engine developer).
The entire premise of 'people want expensive to make websites, but don't want to pay for them' is already a bit flawed. I do pay for youtube to not see ads, I wish I could pay Google (and Meta) to not serve me ads on any site including Google search, they have ads on. That would make life a lot nicer. And I personally know no-one who would not sign up for that. But that doesn't happen, I guess because ads make more (not from me, but he)?
To begin with, pretty much every government employee in the world has some proprietary software developed within the country for security reasons. Old, even obsolete machines. Out of date software, unlicensed/unregistered software, etc, etc. Much of this is also true of banks.
This means if this is put in place as in the spec, it will affect banks and governments negatively. And as powerful as Google is, I don't think it will win over governments + banks.
But again, all the above could be nonsense, and Google will gatekeep the web. It found itself as the loser in the AI race, and it knows pursuing AI during the ongoing arguments on privacy and who owns the data AI is being trained on - the next best thing is to own the playground where the AI trains. That may not be an entirely bad thing either; sad, perhaps, but as this goes on, and browsing becomes a pain, maybe this will result in people just spending less time online? That's a good outcome in my books.
https://news.ycombinator.com/item?id=36823871
Got flagged and killed. :)
kinda abusing if you ask me
Yeah: it isn't shocking and can be quickly found using Google (as I just did now). (I have provided some extra links but am only quoting Brendan Eich as you seemed particularly interested in him saying the words himself rather than his team.)
https://www.reddit.com/r/BATProject/comments/bw6sek/
https://www.reddit.com/r/BATProject/comments/b7rwbx/
> 1/ native C++/Rust code, no JS tags on page that have zero integrity. That means ability to use SGX/TrustZone to check integrity and develop private user score from all sensor inputs in the enclave; ...
> We already have to deal w/ fraud. That is inherent in any system with users and revenue shares or grants. We do it better via C++ and (under way) SGX or TrustZone integrity checking + OS sensor APIs, vs today’s antifraud scripts that are routinely fooled.
> What Brave offers that's far better than today's joke of an antifraud system for ads is as follows: 1/ integrity-checked open source native code, which cannot be fooled by other JS on page; ... (1) requires SGX or ARM equivalent, widespread on mobile.
They are also building an SDK and talk about using this tech to ensure the ads presented by their SDK in someone else's app are legitimate.
https://www.reddit.com/r/BATProject/comments/9yys6b/
https://www.reddit.com/r/BATProject/comments/97trex/comment/...
> Part of the roadmap (details in update) is a BAT SDK. Obviously it would be open source, but more: we would require Secure Remote Attestation (Intel SGX broken but ARM TrustZone as used by Trustonic may be ok) to prove integrity of the SDK code in app.
Again: the very tech they are excited about to make their ad-based business model work against people cheating and blocking their ads is the same tech that Google is going to use to make their ad-based business model work against Brave cheating and blocking their ads ;P.
How can he reconciliate these views with this spec, which he is the main author of? Surely Ben sees the parallels?
He writes: "Apple’s strategy with this is obvious, and it clearly works, but it still greatly upsets me that I couldn’t just build an app with my linux laptop. If I want the app to persist for longer than a month, and to make it easy for friends to install, I had to pay $99 for a developer account. Come on Apple, I know you want people to use the app story but this is just a little cruel. I basically have to pay $99 a year now just to keep using my little app."
It's honestly comical and a little sad.
[1]: http://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-my-o...
It can be reconciled with love for money and total lack of moral fiber.
Aka « I don’t give a shit about my actions destroying every one, as long as I go get paid »
What this guy's doing is shameful, but I've seen dozens of otherwise lovely people, working for charities, spending much more time on socially-important and useful work than 90% of the crowd here... and the same people would push barely legal (if not illegal) targeting on masses of people, arguing to push cigarette ads in markets that still allow it. Advertising is cancer and the current model is not sustainable.
What I'm (poorly) trying to say is: be angry, let everyone know that you're angry, make more people angry, but remember that focusing on this guy is a distraction from a bigger systemic issue and it actually helps organisations like Alphabet.
as long as they get their $1280 bonus they don't care
even if they're destroying their future employment prospects
I can tell you that the machine is so big and the responsibilities diluted to such extent that no one really feels like they're making a morally dubious decision, it just sort of happens on its own, magically.
Even the ad example is about not charging advertisers for bot views, which is a huge problem right now.
The problem is that a tool can often be used for evil as easily as for good, and the more the standard was used to block ad blockers over simply filtering out User Agent spoofing bots, the more this tool ends up evil.
And even if the limited scope in the proposal was the true intent, there's nothing preventing scope creep.
Though reading over it all, I do think the assumption of motivations in most of the comments here are misaligned. This does seem to be primarily focused on the issue of growth in bot activity and making it harder on bots to act as if human to servers.
Still, the spirit of who controls the client is very much at stake, and the comments here are ostensibly right that this is a measure that should not happen.
(And frankly, given the bubbling attitudes about enshittification coupled with the coming lowered barrier of entry for competition against software firms and content production, I think this is very much the kind of thing that may backfire horribly if forced though.)
Now, I'm not opposed to having a locked down device when performing actions like using a bank app.
However, Google is abusing this, because they force their adware and spyware into that device, so I can't have a secure, locked down Android device without that.
It's easy: he works for Google. Every single public-ish web developer and/or devrel from Google will spend inordinate amounts of time lambasting Apple, writing eaassays on how Apple cripples the web etc.
While Google has broken the web so badly that Apple would need several decades to come anywhere close.
Note: the moment they leave Google, they may slightly change their tune and criticise Google a bit. For an example, see Alex Russel of web components when he went to work at Microsoft after spending a decade making sure that web browsers are turly unimplementable: https://infrequently.org/2021/07/hobsons-browser/
> Apple’s strategy with this is obvious, and it clearly works, but it still greatly upsets me that I couldn’t just build an app with my linux laptop.
Ben, you've thought about the impact your proposal would have on Linux laptop users, right? Surely you sometimes use your laptop for banking, right?
― Upton Sinclair
It's not a "threat to" the industry... It literally _comes from_ the industry... Unless the tech industry is willing to lose one of its biggest sources of revenue, this is exactly what the industry wants...
There are lots of other smaller players in the tech industry who are against monopoly-building hostilities like this.
It all started with "trusted computing", where "trusted" means "not under the owner's control". Then they tried to spin it as a "security" thing with TPMs, and created the impression that those speaking out against them were either malicious actors or insane conspiracy theorists.
Now it is actually happening. They want to control exactly what hardware and software you use, and they're doing it by ostracisation, which makes this even more sinister: you're still technically allowed to use software and hardware of your choosing, but you'll be blocked from participating.
I still remember when Intel was forced to revert adding a unique serial number to its processors because of widespread outrage, so it is possible for the public to make a difference; they just need to be educated about the coming dystopia and agitated enough to care and act upon it.
Perhaps we can start by spreading instructions on how to disable TPMs and "secure" boot along with all the advantages that come with doing so (custom drivers, running whatever OS you want, hardware you actually own, etc.) Of course the corporate-owned "security" lobby is going to start screaming that it's "insecure", but we need to make it clear that this is not the "security" we want because it is inherently hostile to freedom.
"Those who give up freedom for security deserve neither."
Second is more focus on nag screens, "nudges" and other deliberately degraded UX. I.e. with the Surface tablets, you're technically able to disable secure boot, however you'll then be greeted with an ugly bright red boot screen every time you turn the device on. This stuff can have significant psychological impact, especially for "casual" users.
It's completely and utterly irrelevant that Chromium is open source, because the web is a protocol, and having the source for an implementation of the protocol doesn't matter in the least when you don't control the protocol. You can't just fork Chromium and remove a feature, because websites expect the feature, and your browser won't work on them. You can't just fork Chromium and add a feature, because websites don't care about your tiny fork and won't use your feature. You can't fork Chromium, you have to fork the entire web.
That's exactly what we need to do. More specifically, we need to decouple the app web from the document web. Most of the value of the web to society lies in text, images, and video, in that order. We need a version of the web refocused around basic content with a spec simple enough for a small team to implement a browser for. A subset of HTML/CSS is probably the only way to succeed, since sites would need to work with current browsers. I think a few HTML tags + flexbox + fonts + colors would get you pretty far.
In some cases you can (although it may be difficult, because the code might be difficult too and maintaining with merging changes can make it difficult too).
You can remove features you don't want, possibly adding fake features in its place or those that access other features, e.g. the microphone access to instead access a file, etc.
You can add features that most people don't use even if you do use them. It can also be implemented in ways that are backward-compatible. Also, some features that are added are not features that the web pages will need to know anything about, because they are user features instead.
Nevertheless, some things cannot easily be forked in this way. For example, adding a "Interpreter" header to add support for additional file formats and make it compatible even with browsers that do not support it, cannot be made compatible unless you add a request header to specify its availability too I suppose, and then just complicates it.
Of course you can. Microsoft's Edge and Brave already add proprietary features like AI and reader mode, tab groups, video calling, crypto wallet etc.
Brave could add a custom CSS or HTML feature. Hell that was the status quo we came from ten years ago when each vendor had their own feature flags and implementation for WebRTC and proprietary video codecs, etc.
Brave already explicitly removes ads and blocks all kinds of things websites expect to work on Chrome.
But capitalism does what it does best, and will happily take advantage of (and try to prolong) a natural monopoly situation even if the origins were genuine.
In fact this is why there are regulations around "utilities". They are also an area where a natural monopoly is the optimal, so they shouldn't be treated as a free market.
(Food for thought: Perhaps the Internet infrastructure should be a utility too? Browser makers could be forced to be non-profit, which would mean companies need to divest themselves of the "Internet business" if they want to do "business _over_ the Internet")
I would say that the actual goal early Chrome was really trying to solve, was to prevent the browser monopoly of the day from being used against Google. It's similar to how Valve invested on Steam OS, as insurance in case Microsoft used its operating system monopoly to degrade the Steam experience relative to Microsoft's application store.
We could be here saying "Google was genius releasing Google Plus - that stopped Facebook etc. in their tracks and now they own social media"
They don't even try to masquerade it.
> Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they're human, sometimes through tasks like challenges or logins.
I find it quite cute that they start with "users" as if it's a user demand but in the next sentence switch to "advertisers" --- the real target population.
Some examples of scenarios where users depend on client trust include:
1. Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they're human, sometimes through tasks like challenges or logins.
2. Users want to know they are interacting with real people on social websites but bad actors often want to promote posts with fake engagement (for example, to promote products, or make a news story seem more important). Websites can only show users what content is popular with real people if websites are able to know the difference between a trusted and untrusted environment.
Not written in item two: And the people paying to promote the posts funding these sites want to know the promotions are landing on real consumers' screens.
Is... is the Verification Can actually going to happen? https://i.kym-cdn.com/photos/images/original/000/983/286/ea5...
As someone who lived in a city fully controlled by organized crime, I can tell you that eventually some people become fanboys of gang-law and start to unironically teach everyone how it’s better and more moral than actual law.
You don't berate a kitchen for serving food, why would you look at any Google contraption from HTTP/3 to Chrome as anything but a vehicle for selling ads and/or mining data?
"Sorry, you can only access this website using this specific device with a browser compiled by Big Tech, it's for your own good."
Not surprising that this is all coming from Google, the world's biggest adtech company.
If you call their support line to say something isn't working, they'll ask if you're using Chrome or Edge. If you aren't, they'll tell you to just use Chrome or Edge.
* The US would never kill its golden calf except as a last resort.
* The US standard for antitrust is consumer harm. Google implementing a thing that other companies have been asking for, any company can join and send their own attestation signals, and then those other companies in unrelated markets use the thing to maybe not support unapproved stacks which could reasonably include Android/Chrome won't fall on Google.
Google Cloud becomes a VC driven organization that slowly eats margin dirt against it's competitors until insolvency. There was no way for it to recover enough resources from the mothership before being split out.
Search trundles along ok, assuming it took search ads and a ton of core infra with it, but it never makes enough money to ship a decent product extension. It hopefully removes some products it can no longer afford margin on, which have long produced distorted results (albeit with good intention). It suffers slow brain drain, and users end up using multiple search engines for every search again because no one has good search quality. The monopoly breaks, but so does this part of the internet, bolstering apps and information sites ecosystems positions. Wikipedia is the only real winner we want in this space.
Display Ads goes like it just discovered faster than light travel, no longer held down by the ol ball and chain that is the entire rest of the company. They go much darker as they no longer have tons of goodwill organizing from the rest of the company, and increasingly join the bad actors. In 20 years they eventually join lexis level evil in terms of multi-directional user sharing.
YouTube heads off into the stratosphere along with Display Ads. They try to maintain a better public face, but having to spin up their own ad market solutions drops ad quality even further, margins suffer, but their position remains ossified and they slowly recover. They start to get a bit more agile, no longer disrupted every other year by some mandate from the mothership, they're better able to keep up with new markets and more rapidly crush new competition.
Workspace decays very slowly. All the AI stuff halts and gets ripped out as there's no one there to work on it. The drive product has to scramble to figure out how to rebuild without all the internal commodity infrastructure support. GMail gets unstable for a while due to the weight of the infrastructures sitting on many fewer shoulders. Global instability results of the rapid de-distribution of the system as the production infrastructure was sliced apart in a rush to meet forced division. The economy takes a big dive as a result, as half the world loses email access regularly, bills don't get paid, etc.
Photos spins out into its own thing, and dies rapidly, as selling the odd photo frame here and there just can't meet margin.
Chrome tries to get funding from Microsoft, eventually it gets purchased wholesale, but the core team gets ripped up and largely discarded. Who knows how the OSS products fare, it depends on the executives in Microsoft who win this purchase. Eventually the main product gets shuttered, with Edge being the only replacement.
The telco products all shutter immediately, with no recourse. Same with R&D.
AI tries to split out into it's own thing, but fails to find a business and suffers constant reputation problems. After 10y of trying it eventually shuts, the acquiring company however immediately spins up multiple successful products and makes a big dent in the now well established market.
Android spins out into its own organization. The first decade the heat of internal politics in new found vacuums crushes them, eventually they find footing and head back to their open core roots, get scrappy and do some new things. Along the way their size fluctuates as the market forks and fractures as it does, but Android manages to hold its position as the western center of its universe.
Chromecast, ChromeOS, Nest all suffer badly having no core ecosystem to ship anymore. They attempt to buddy up with Android which pushes them around trying to androidify everything, but resulting in poor UX and/or poor margins across the board. Eventually the all but ChromeOS shutter, and ChromeOS business also closes, but leaves behind an OSS gift that a core group of passionate individuals try to limp forward as best they can with the new Microsoft Edge overlords.
Users find their data fractures across a dozen companies, with poor SSO integrations. Security mistakes abound, lots of people are affected. Online crime goes through the roof, it feels like the 90s again, but on a much much larger scale. Lots of people lose their accounts, and are affected by service outages and the ongoing economic effects from those. ISPs jump at the chance to step in, and lots of users start trying to use alternative email services again. They experience poor discoverability, lots more security problems, and constant space pressure. Vultures make off like bandits, and amazon, apple, microsoft, and cloudflare are the biggest winners in the fallout.
Now you have me excited for this possibility. Doubly so if people stock up on ingredients for high explosives first. Take what you can while the taking is good: no room for repo men. Year 0 now.
> feels like the 90s again
I can't wait.
> amazon, apple, microsoft, and cloudflare are the biggest winners in the fallout
Sadly, that's true. Google's remains can only be cannibalized by companies that are already Google-sized.
Add some internet chaos to go along with all the climate, finance and real-world chaos we’ve got going on in our lives already. Who knows what kinds of interesting and innovative ideas and technologies would bloom in this environment!
In this world, Amazon et al get the same treatment. As for "vultures make off like bandits", welcome to market-based economics, these companies can compete if they don't want to die, and if they can't compete, then let them die.
i agree they should be broken up, but it might be the wrong time for it.
(And saying that actually "it would probably not escalate that far in a real war because... It just won't! " might be a common argument these days amongst war mongering lunatics to make war with China or Russia sound less batshit insane, but it's not an actual argument. It's just run of the mill "this time it's different!" cope that has been said before every blood bath. )
https://news.ycombinator.com/item?id=36800789
https://news.ycombinator.com/item?id=36785516
https://news.ycombinator.com/item?id=36800744
https://news.ycombinator.com/item?id=36808231
https://news.ycombinator.com/item?id=36791711
https://news.ycombinator.com/item?id=36789691
https://news.ycombinator.com/item?id=36816208
https://news.ycombinator.com/item?id=35862886
By the HN guidelines this is a repost, but it would be a mistake IMO to delete it. This would mark the end of the open web, but for whatever reason this issue has never really bubbled to the surface here before. It feels like something is different this time.
You'll have the cynically named "Privacy sandbox" that builds tracking directly into the browser. You curtail ad blockers by capping browser extensions. And then you allow access only to "attested" clients. Inescapable tracking and unblockable ads. And you'll get to see ever more of them over time.
If this isn't evil enough in itself, the way Google presents these initiatives in grossly misleading ways makes my blood boil.
Fuck "Be as evil as possible" Google. Absolutely pathetic company. I'm so done with them.
Google is absolutely in a position to implement this and I figure a good number of sites would immediately join. However, the image of "tech" is tarnished enough already and the general population is more aware of the importance of having control about their online experience.
So I'm kinda optimistic that more public awareness of this might lead to a larger backlash and might make Google think twice in continuing this, lest risking a PR disaster.
Ben Wiser (Google), Borbala Benko (Google), Philipp Pfeiffenberger (Google), and Sergey Kataev (Google) have got to be the most repugnant people on the planet for pretending this is anything but a scheme to destroy all privacy and freedom on the web all so fucking Google can sell more ads.
We need to promote alternative web engines like Servo and libweb and browsers based on them. Many of these engines need a major push to be competent enough for daily use. Gecko is also fine - but building a new browser with it is said to be hard.
[1] https://chromium.googlesource.com/chromium/src.git/+/refs/he...
Despite all that, I would recommend only FOSS browsers with good privacy policy - because they exist.
If Google wants a war, let’s give them one. Tell everyone who will listen. Give Google hell.
I already got caught by this kind of thing - a https://github.com/nativefier/nativefier app wrapping Youtube Music doesn't work, because Google detects somehow that you are not using a trusted browser and refuses to serve.
This is sort of moving in the "zero trust" (as in let's use ML etc. to detect if we trust something. username/password is not enough), which I fear because it will break a bunch of stuff for genuine users and make things less reliable.
> Users often depend on websites trusting the client environment they run in.
is already a lie. Users don't depend on websites trusting the client environment. Users expect the client to limit the way in which they have to trust websites.
Sure website owners would love to be able to trust user input, but that has little to do with the interest of the users.
If something starts with that kind of framing already you certainly know that this is not going to benefit the user.
In a field facing increasingly harder ethical questions every day, it’s important to start empowering our engineers to say “no” to ethically bankrupt things like this.
Strong cultural norms (e.g. hacker culture) might help for a while. But incentive structures eternally erode opposition.
It could make it easier for developers to band together and try to collectively veto things like this. But corporations with money can always buy the expertise of people, have them undermine the community, create their own parallel communities and influence public opinion and legislators.
FAANG salaries supercharge people's cognitive dissonance. They will find ways to excuse, minimize and ignore their contribution to the current situation.
Even HackerNews developed a sub-subculture of people that were constantly going on threads and calling remote attestation worries as "FUD".
It's unclear how to preserve cultural norms that stand in the way of market dominance. The only thing I can think of is having competing interests in the market. But whenever these align -- hell breaks loose.
Awful stuff like this wouldn't stand a chance if Google didn't have such a monopoly position.
For the sake of the open internet, please switch to a different browser. IMO, Firefox is best, but even something chromium based is probably fine. Just not Google Chrome.
There are so many powerful interests that stand to gain from preventing e.g. ad-blocking and content capture. Thanks to Windows 11 requiring TPM, it is just a matter of time until hardware support for remote attestation is ubiquitous even on desktop computers.
Meanwhile, our (including myself) attention is (perhaps justifiably to some extent) on the latest news about $EXISTENTIAL_THREAT and how $THE_OTHER_SIDE did $EVIL_THING fed to us by the algorithm. Organizations that used to effectively fight threats to freedom like this (FSF, pirate parties, CCC, EFF, etc) have lost a lot of their support/influence and clarity of purpose over the last decade.
In fact, their first example (!) outlines how this would be appealing to advertisers because they can attest a real human is viewing the content.
>The attestation is a low entropy description of the device the web page is running on.
>The attester will then sign a token containing the attestation and content binding (referred to as the payload) with a private key.
>The attester then returns the token and signature to the web page.
>The attester’s public key is available to everyone to request.
I don't understand how you can have public/private key crypto as the basis for attestation and also have privacy? The two seem mutually exclusive. Is the private key supposed to be shared among a large cohort? (Which seems rather unwise, as it would make the blast radius of a compromised key disastrously huge.)
From what I understood, the "attester" is a remote server, which signs the attestation with its own key, after somehow verifying that the browser and operating system and drivers and machine is not running any code that this remote server does not completely trust. That key can be used at most to identify the remote server, which is supposedly shared by a wide number of devices.
Yes, this means that your browser depends on having a working connection to that remote server for every attestation it makes, and that if that remote server colludes with the web page (or is compromised), it can leak your identity.
So you're at the complete mercy of the attester (and of whatever deals it made with the sites) but the sites technically can't use the token to track you. Privacy!!!
I feel this is the bit that's going to be hand waved away for the sake of convenience.
I also wonder what those certain baseline requirements are going to be? Weird that they're left ambiguous.
It's probably nothing to worry about. We have a ton of precedent with Widevine that "it's okay, we'll license to anyone who meets requirements" wouldn't ever be abused[0]. It's fine, you just meet the baseline requirements that aren't spelled out yet and that might be subject to change and that certainly won't include headless or highly scriptable or experimental browsers. Nothing to worry about.
[0]: https://blog.samuelmaddock.com/posts/google-widevine-blocked...
It’ll be cryptographic chain-of-trust based, with it sending a fingerprint, probably encrypted/signed with a per device key stored in something like a TPM, to the attestor, who will say if the fingerprint is valid or not.
They’ll inevitably only attest to the state of apps running under this full chain - so full secure boot, no unsigned drivers, only signed/approved apps - probably with a requirement to be installed via the platform’s App Store.
No one will be attesting for Linux because there’s no chain of trust and no control over what runs.
It’s a recipe for eliminating user choice and freedoms.
The current spec has a holdback mechanism. It actually gets implemented, I don’t expect that holdback mechanism to actually be part of the final implementation - because it makes the whole idea useless.
Governments will love this due to protection and security it provides among other things. I wish I could say I was surprised, but Google has continued to fail to deliver even when they try for a power-grab play like this.
Feature requests: - Add a distributed bad-actors list similar to DNS. - Start the process of introducing this functionality at the hardware level. - Require photo personal identification to prove humanity.
I’d have a field day grilling the CEOs of Big Tech companies over stuff like this that only serves to kneecap their current and future competitors.
The only way around the dystopia this will lead to is to constantly and relentlessly shame and harass all those involved in helping create it. The scolding in the issue tracker of that wretched "project" shall flow like a river, until the spirits of those pursuing it breaks and it is disbanded.
And once the corporate hydra has regrown its head, repeat. Hopefully, enough practise makes those fighting the dystopia effective enough to one day topple over sponsoring and enabling organisations as a whole, instead of only their little initiatives leading down that path.
Not a pretty thing, but necessary.
Also interesting that its implied in the explainer that attesters are just HTTP endpoint dealing with “billion-qps” traffic. Again, point above, but also how can we trust any attester to not use the (completely unobfuscated) information the user agent is sending them?
I guarantee that big websites will host their own attesters, only allow use of their attester, and require attestation for every request, allowing them to fingerprint every single user.
You can't run your own attester - these are implemented by the companies who provide the hardware, such as Microsoft or Apple.
> An owner of this repository has limited the ability to comment to users that have contributed to this repository in the past.
https://github.com/RupertBenWiser/Web-Environment-Integrity/...
I never thought I'd see a CoC being used as ammo against this, but it's excellent.
Even still, I think that it is wrong to give something a convenient name that espouses some virtue. They should have chosen something like Web Environment Verification API.
I think it's spyware, and I don't like it. It reminds me of the Stripe API, where you have to run some JavaScript on your site that snoops on your interactions and reports stuff to Stripe that it uses to detect fraud. https://news.ycombinator.com/item?id=22937303
Google will arguably kill legacy SafetyNet (which is circumventable, as it's not rooted in hardware) soon. Microsoft pushes extremly hard for remote attestation-ability by requiring TPMs. Very soon only an insignificant number of client devices will not be able to perform remote attestation by the major vendors based on hardware trust modules.
Hard to stay optimistic for the open web. :/
"Google to explore alternatives to robots.txt".
[1] https://blog.google/technology/ai/ai-web-publisher-controls-...
Giving more control to corporations and less control to individuals.
Google is heading in that direction and their velocity is accelerating.
And as far too often, the "conspiracy theorists" were right, but nobody cares about ever thinking about that, because nobody seems to be actually able to think about things anymore, unless the thoughts are breast-fed.
We're heading towards a reality, where copypasting from a website is going to cost you money if the license requires you to do so. Looking at it, considering the status quo of technology, almost everything required for a "trusted" environment is already present in consumer-hardware.
We have hypervisors, virtualization, containerization. Encryption/Decryption of data in RAM/CPU in real-time is coming eventually. Blockchain technology makes verification of digital ownership secure and easy. AI will make it stupidly easy for corporations to make sure that everyone complies and I will be everywhere within the next few years.
A glimpse of this reality can be seen in NovaQuark's "Dual Universe", where everything is behind DRM. A "metaverse" company for a reason, I guess.
Google needs to stop this bullshit start innovating again. First AMP, now this? Leave the web alone!
Where's the Google that makes great web applications with simple, great UX, like Maps, Gmail, Drive and Search (which has severely degraded)?
Or great tools like Go, Lighthouse and Devtools?
Disappointing!
It's like they're trying really hard to be the villain.
Is there any real alternative to the multimedia Web? Or do We need to make one now?
What we need:
- hypertext, links - raster and vector images - videos - responsive layout system of said hypertext (cassowary) - programs that can control the page content fully
As creators of a competing open-source browser, we're stirred by this. We're concerned about the future integrity of browsing - whether run remotely, headlessly, or semi-automated, we see all these threatened by such attestations. But we believe in the power of the collective, and the spirit of innovation that thrives in the open-source community.
The conundrum is real for Alphabet, but leveraging control over such a global, ubiquitous means of access cannot be the answer. However, we don't advocate a future where Google cannot derive value from its creations. The economic balance may be hard to find, but technically, solutions will emerge. We're committed to standing up for the future of the web, because we believe in its open, democratic potential.
Now, more than ever, we need you to join us in safeguarding the web's future. Come, contribute, and be part of the change. Visit https://github.com/dosyago/BrowserBoxPro today. Stand up for an open, fair, and free web.
No I do not? This sounds incredibly condescending as a user – I don't need to prove anything.
Their example of Play Integrity API is alarming because that essentially means either use this OS and this browser which has been verified only by us or we will not allow you to use the internet (SafetyNet vibes)
I’m hoping to get back to everyone as soon as possible. I hope you can all appreciate that I’m a human being and this has been a lot!
In the mean time, I wanted to repost my last comment on the GitHub issue thread [1]:
Hey all, we plan to respond to your feedback but I want to be thorough which will take time and it’s the end of a Friday for me. We wanted to give a quick TL;DR:
- This is an early proposal that is subject to change based on feedback.
- The primary goal is to combat user tracking by giving websites a way to maintain anti-abuse protections for their sites without resorting to invasive fingerprinting.
- It’s also an explicit goal to ensure that user agents can browse the web without this proposal [2]
- The proposal doesn’t involve detecting or blocking extensions, so ad-blockers and accessibility tools are out of scope.
- This is not DRM - WEI does not lock down content
- I’m giving everyone a heads up that I’m limiting comments to contributors over the weekend so that I can try to take a breath away from GitHub. I will reopen them after the weekend
[1] https://github.com/RupertBenWiser/Web-Environment-Integrity/...
[2] https://github.com/RupertBenWiser/Web-Environment-Integrity/...
Right, but there is a severe risk that you give the means to block non-mainstream clients, be it browsers, operating systems or devices, correct?
Yes, it's nice to know you may want to allow user agents to browse the web without WEI and I'm sure you have best intentions, but we are already in a world where banks and even stuff like Zoom just look at the user agent string and say "Ah, I don't know this browser, please install Chrome or Edge!". Why shouldn't they just similarly halt in the future if the WEI API does not exist? I (and the browser vendor) can spoof a user agent, but you can't spoof attestation, i.e. cannot fix it if websites don't allow my browser based on the (missing) WEI API. So, how will you prevent this?
How can you make sure that users of e.g. Asahi Linux will be able to use the web in the future? Who will attestate their browser based on what? How will e.g. Gentoo users use the web with their build-from-source browser and OS? Will e.g. Netflix continue to work reliably on a user agent without WEI (but with Widevine) - and will the holdback population (if holdback is implemented at all - no offense intended, but you didn't sound too confident about this on the blink-dev mailing list, tbh) be large and significant enough for them to not just say "eh, can't verify, use the app please or wait a bit"?
How, in an information theory sense, can you stop website operators from using this attestation information to block subsets of users? The "holdback" mentioned in your reference link seems like an optional thing, as if we're concerned about good faith actors rather than the opposite.
It would be nice if the spec included examples of how a hypothetical bad actor couldn't abuse the spec to block non-attestors. i.e. How do we stop "this website only works in Chrome on Windows" but for attestation? Right now, it's trivial to "fix" because we can lie about our environment (it's likely just reading our User-Agent) and it's unlikely that the website will actually not work in other OS/browser contexts.
Some websites really do only work in certain contexts, but I think critics' concern is what happens when the website would work perfectly fine, but it refuses to. I think this is largely the same concerns people have with mobile app permissions, but those can be gatekeeped by mobile app stores who can enforce political goals such as "You can't ask for permissions you don't need and refuse to work when you don't get them", websites have no such constraints.
What's to stop websites from blocking random users now? Nothing, really. But we don't have to bypass any cryptographic attestations in order to try to work around those blocks. This spec seeks to stop that.
I suspect you didn’t just forget. It would look good to at least explain why you’re not following through on this, as it’s now Thursday in parts of the world.
What prevents a website from using invasive fingerprinting _AND_ WEI together? I strongly suspect websites will end up using both WEI and invasive fingerprinting because:
1. Websites will want to use invasive fingerprinting on old browsers and it would work within browsers that deliberately don't implement WEI.
2. Websites will want to get as much invasive fingerprinting information as they can get their hands on.
3. It is another layer of fingerprinting in the likely event that WEI is ineffective due to TPM exploits[1], operating system/driver exploits, web browser exploits, determined actors using rooms of computer display recording devices and robotic arm mouse movers, etc. Invasive fingerprinting further increases the cost and complexity to actors the website is trying to block.
> This is not DRM - WEI does not lock down content
It is absolutely 100% DRM. Your proposal states that devices would need to attest their configuration to the website. The website can then block the user because it doesn't want to show the news article to a Linux device where the user can block annoying pop-up ad videos, copy and paste the text or save the web page. The website can instead only allow devices which are factory-configured to block copy+paste, block saving web pages, block screenshots, etc. It's still DRM even with the proposed holdback mechanism because in the best case, a user will still be blocked 9/10 times (or whatever the holdback mechanism is set to). The more likely scenario is a website owner will just refuse to serve content until the client has attested itself. "The requested page can not be provided due to an unexpected problem. Try again in a few minutes."
There are so many flaws with the scheme as currently proposed I feel I could write for days:
Will websites be expected to block and ban users of AMD-SP now that it is broken[1]? Or will whoever conducts ad fraud just buy all the AMD-SP devices they can get their hands on?
As another author replied, are Gentoo users that compile their web browsers and operating systems from scratch just ignored, and the proposal pretends it won't impact these users?
How does the proposal allow users with specialist accessibility software to browse the web without being blocked for being a minority group that is not economically worth website owner's time to support? What prevents abuse of said specialist accessibility software for other purposes?
How would a new start-up developing a competing browser or phone from scratch, and are very much unknown and in a minority position, be able to convince millions of website owners to unblock/allow their new browser or phone? Cloudflare's Friendly Bots program refuses to respond to open source projects, so why would Cloudflare as an implementer of WEI care about new start-ups or small open source software projects?
Step 2: "Secure" browsers change the behavior of their implementation of the Content Blocker API so an industry-accepted "secure" site lile Google Ads can opt-out of being blocked ("You wouldn't want a misconfigured content blocker to accidentally break a verified secure site right?")
Step 3: ??? (Force the users into a take it or leave it choice for whether they want to be part of the internet or not)
Step 4: Profit
But there's basically no real actual meat to this specification. It's abstract: it doesn't really say what Web Environment Integrity is, it's up to the browser to determine, and the rules could keep getting more and more and more specific at the browsers leisure.
The more bandwidth and OS features we use the more dependent we become on the cloud/ISP vendors and device/OS makers.
google watches everything I do because chrome, and has a good idea if I'm a bot or not.
through clever cryptography google tells each website I visit its assessment of me?
Does it also give them the same Id for me each time I visit? (But unique to them)
My understanding is that websites can essentially confirm whether the user is likely to be a human because he/she accesses the website from a certified device.
Won't this mean there is less need for Captchas, logins and pay walls? The doc also mentions that this will remove the need for some use-cases of fingerprinting.
I imagine from a user perspective this will be an improvement.
Disclaimer: Googler, but not working on Chrome
Time to free the web again. An we thought Web3 is nonsense :(
Cynical outlook because I guess its where my mind wanders I guess...
In the last year Puppeteer became a lot harder to detect, which creates a problem.
THIS would provide a solution, no?
Probably a coincidence, but a fortuitous one if creating demand for THIS feature was your goal.
/tinhat off
If we shoot this down and every bank requires me to download a mobile app, then fine. What this is proposing is basically to turn websites into mobile apps: device controlled, unmodifiable, broken on any non-approved hardware. If that's going to be the case regardless, I'd rather just download the app, at least that would be more honest about what's actually going on, and at least I'd still be able to use my adblocker when I browse the web.
Strikes me as very dangerous though on the web where there are so many paths for malware to get in and this could get in the way of plugging the holes.
Sure you can fake the results of an attestation in your fork, but your fork would be using your own key to sign the response, a key that the site can reject.
the TPM does the attestation of the entire running environment, starting with firmware, through the OS, through the browser all the way down to the website