A web browser is a user agent. Why is the browser deciding anything one way or another? Let the user decide by providing options one way or another. If the user wants DRM access, let them; why is it the browser's business?
Again, the two important words: User agent.
The freedom to decide and choose is what helped Firefox take out IE6 and led to most subsequent browsers featuring some form or another of extensibility (which incidentally is now regressing because web browsers are increasingly developer and publisher agents).
One person's user agent might be another person's "software I would never use".
As a text-only web user I am continually amazed, thirty years in, that web developers and now their CDN service providers are _still_ making incorrect assumptions about what user agent I am using. They are wrong every single time. There is almost zero focus on rate limits but hyperfocus on user agent string or other headers. For most sites I send no user-agent header and this works fine. But when sites want certain headers this tells me the purpose is not "protecting" servers from being overloaded, it is "protecting" servers from web users who will not involuntarily provide commercially useful data/information so that access to them as ad targets can be sold for profit.
Choice of user agent should make no difference. The JSON I'm getting is the same regardless of what device or software I am using. I decide what I want to do with the JSON after I retrieve it.
Imagining how things could be different, there could be "commercial" user agents that people use for accessing their bank acconts online and for other commercial transactions. There could also be "non-commercial" user agents that people use to read HN. Unfortunately, the way things are now people are using commercial browsers for non-commercial web use and exposing themselves 24/7 to unecessary tracking and advertising.
Personally, I only use a commercial user agent infrequently. I'm not doing many commercial tranasctions over the web. Most times, I am using non-commercial user agents. I see no ads and can focus on the text.
I don't think it comes down to that, I think it's more about the fact that your browser likely looks more like a bot than it does a human.
Also, rate limiting has a significant overhead and complexity at scale, where agent filtering is relatively cheap and easy to distribute. Though, this is largely a problem that has been resolved many, many times over and the additional overhead is not that bad. All said, I've met too many developers that don't conceptually understand public/private key encryption and would assume they'd mess up rate limiting.
Secondly, users don't really get a choice. Users are fucked because browsers implement features like DRM and websites hard-depend on them. So the user is no longer choosing whether or not to enable DRM, but whether or not they can watch Netflix on their laptop. User agents should not put users in predicaments like this where they are forced to make choices against their own interests. This is one of those situations where nuance is necessary.
No matter how much you opine the outcome is not going to change, the end users have spoken in what they want in their user agent.
Or maybe (hopefully) they download popcorn time instead
> Secondly, users don't really get a choice. Users are fucked because browsers implement features like DRM and websites hard-depend on them. So the user is no longer choosing whether or not to enable DRM, but whether or not they can watch Netflix on their laptop. User agents should not put users in predicaments like this where they are forced to make choices against their own interests. This is one of those situations where nuance is necessary.
That's why it shouldn't be a part of the web platform in the first place. Because we shouldn't force users to make choices against their own interests.
Here are some other examples of where we shouldn't force users to make choices against their own interests:
- Users should not have to give up their rights to be able to access legally-mandated warranty services or replacement parts.
- Users should not be forced to accept being tracked.
- Users should not be forced to forfeit their right to be a part of a class action lawsuit to use a product or service.
Try as you might, you're never going to convince anyone that the free market will just magically make all of the incentives align and make "the right choice", these are things that ultimately have to be solved with policy. The closest thing to "policy" on the web is standards, and W3C put EME in the standards despite widespread outcry, and that's why we're at where we're at.
Now the thing is, we have DRM in browsers, but we still don't have Web Environment Integrity, a complete and utter bastardization of the open web that would've made it cryptographically impossible for an open source browser to really meaningfully exist (since compiling it yourself would likely make it impossible for you to e.g. do banking or watch Twitch streams, since it would then fail attestation.) The reason we don't have WEI is because it was widely rejected by the community. Not because users made a choice.
It's nice to think that you can just leave it to the users to pick and they'll always do the right thing, but at the end of the day most people don't have time to care about DRM or WEI. Most people are not technical and just simply don't have the capacity in their day to be concerned about things like that. That's why it's literally the job of people who do have that capacity to fight for the user's best interests and try to avoid users being put into positions where they are basically guaranteed to be fucked.
And frankly, we're not winning the fight.
(This is no different from anything else. The vast majority of people can't be expected to fight for e.g. free speech rights either; it's always going to be a minority of people who hold the line.)
