- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
looks like rendering adblockers extensions obsolete with manifest-v3 was not enough so now they try to implement DRM into the browser giving the ability to any website to refuse traffic to you if you don’t run a complaint browser ( cough…firefox )
here is an article in hacker news since i’m sure they can explain this to you better than i.
and also some github docs
You must log in or register to comment.
They want to go back to the days of websites requiring internet explorer… just this time with their browser. Even though getting away from that culture is most of the reason people ever switched to chrome. I will say though, just using firefox for everything you can isn’t enough of a protest. If this goes the way Google (Alphabet I guess) wants it to, you bank will require you to use a browser with DRM. You will be forced to use a browser whose source code you can’t verify as secure, to access your bank. And that is where the protest lines need to be drawn. If your bank does that? Send your message. Close the account. Take back your money. Now I’d personally do this for everything possible, but that would be a looooot of time spent getting very little across to companies that don’t care if you visit their site. Taking money from banks though? Yeah it might be a whole process where you gotta request it, verify in person, wait a week to get the cash, and THEN close it, but so what? A couple hours of doing stuff and then a week of business as usual before a couple more hours opening a new bank account. That’s more than worth doing to send a REAL message.
Why would my bank care which browser I use? Their business model isn’t based on showing me ads.
Why do banks require "safety"net on their apps now? The safest roms specifically don’t have the security nightmare that is google play services, and banking apps are always the hardest to get working.
It is a symbiotic relationship. Regulators hear about the next wave of compromised online banking, add some law requiring whatever, banks are stuck having to comply and in comes google with “Hey this great webDRM/safetynet/playprotect totally complies with this”, which it doesn’t really but google has the capabilities to lock up any legal processes about it for years when they bring in the next thing and repeat. Banks in large part know it’s bullshit but don’t care, they’re off the hook (They are the ones doing 2 factor by making the banking app on your phone require a confirmation in your tan app on your phone to make a transaction, they don’t give a rats ass about the safety of their systems).
Banks get someone shielding them from regulations for cheap, google gets partners that can help them lock you in their proprietary system, and you get extra work on your rooted phone and can’t fully remove play services.
I notice the big American banks’ apps don’t care, as long as a compatible implementation of Google Play Services is available. Nor does my American bank seem to care that I do my desktop banking in Firefox on Linux. Is this an issue only in specific countries?
making the banking app on your phone require a confirmation in your tan app on your phone to make a transaction
I’m afraid I don’t know what you’re talking about here. I don’t have to give any kind of confirmation to make a transaction. What’s a “tan app”?
I’m using a SailfishOS (Linux) phone and on SFOS forums it’s one of the biggest complaints, they can’t use their bank through the Android compatibility layer because it doesn’t pass SafetyNet. I’m lucky enough that my bank doesn’t do this, but I had to fiddle with low level stuff for Revolut to work - they require you install the app from Play Store or the app doesn’t work.
Can you take your business elsewhere, to a company that doesn’t require you to compromise your security and privacy?
If I didn’t find a solution, I would, though it would be a great pain to migrate all my money spending flows.
I could go into the conspiratorial 4D chess I’m sure google is playing, but let me ask this instead: Does you bank not have any captchas, anywhere in the flow of accessing/using their website? Cause if they do, I hope you know google is absolutely going to advertise DRM requirements as the best tech for fighting bot traffic. Even if Google wasn’t doing anything like offering cheap training to their standards to influence the future of the cybersecurity space, that would be PLENTY to get a looooot of big corporations, including banks, to use it.
Criminals will crack the DRM in short order—they always do—so that idea won’t last long.
And no, the DRM can’t be updated to fix the vulnerability if it’s implemented in firmware. Not without shutting out absolutely everyone whose computer/phone is more than 3 years old, and there’s not a snowball’s chance in hell that banks will do that when half of their customers are old farts with decade-old computers and an “if it ain’t broke, don’t fix it” attitude.
Wait were they seriously looking to implement it at a FIRMWARE level? jesus that’s just stupid.
If they implement it in hardware, then fixing vulnerabilities is completely impossible instead of only mostly impossible.
I was just expecting it to be something built into chrome, similar to how drivers need to be signed to run in windows, they’d force you to use browsers Signed By Google to be verifiably compliant with the DRM. It seems like the easiest option for them and the most well understood since it’s been used for drivers for so long
If they implement it in pure software, then it’s easy to crack.
They’re not going to wrap Chrome in Denuvo because that would ruin its performance. The last thing they want is for Firefox to be not only faster but dramatically faster. Performance is a big part of how Internet Explorer lost its market share. And even if they do wrap it in Denuvo, Empress will no doubt show them the error of their ways.
So yes, I expect they will use firmware/hardware, presumably TPM or Microsoft Pluton, to implement this.
No captcha’s for any of my banking services. I don’t know how effective captcha’s are anyways. I suspect slow cooldowns are probably more secure.
Huh, neat. Regardless, I think google will find a way to sell it or they wouldn’t be invested in it so much, but point taken. I just saw a lot of people commenting on other places about how this is hopeless and there’s no way to protest and wanted to give a solid example of how it could be done effectively.
deleted by creator
From what I’ve read, the information they’re gathering already exists and can be gathered by the server (browser type, user, etc.) with an added layer of encryption to ensure that information isn’t tampered with which is easily spoofed today. Of course, this approach doesn’t stop folks from tampering with the web browser directly to inject whatever information (outside of maybe what browser they’re using since that’ll be tied to the key) they want into the payload but that makes closed-source web browsers substantially more trustworthy (aka not Firefox) to site owners.
If this does gain mass market adoption, then yeah, I suspect it will force users to use proprietary web browsers (google chrome, edge, etc.). Which is a step in the direction that Google wants.
I imagine that ad providers (Google) can also start throwing their weight to force mass adoption by de-monetizing non-compliant browsers, which may pressure site owners to not serve non-compliant browsers.
Correct me if I’m mistaken.
I know my uBO has saved me from some hostile shit. So yeah it’s a part of my browser security. I have it configured to a stricter blocking mode so it’s not just blocking ads for me, it gets other stuff that can be a problem.
Anyway I’m aware of the Manifest V3 business and being on Chrome I’m just waiting for the hammer to fall before going to Firefox. If they start adding DRM as well, I’m out of there quick.
Yeah, yeah, I know, just go to Firefox now, but I don’t really want to deal with a new browser and all my custom stuff until I have to. I’m old and that shit is super hard to motivate on for me. Not to say I’m inept, I mean I’ve spent my whole career in tech, but old dogs and all.
Which is worse, this or the C2PA specification?
Unless something changed isn’t every browser running on iOS essentially just Safari at it’s core? That’s a pretty big user base to punish.
Safari will be among the first to follow this.
Yes that’s correct. Same with the apple keyboard, which is why the keyboard and browsers on IOS are such shit
What do you mean for the keyboards? Isn’t there an API for third parties? I guess it’s too limited but I’m wondering in what ways exactly
They’re right about browsers, but jumped the shark on keyboards.
Custom keyboards come with some rules and limitations for obvious reasons, but they’re by no means the system keyboard in disguise like how browsers are all WebKit under the hood.
Here’s documentation on custom keyboards: https://developer.apple.com/library/archive/documentation/General/Conceptual/ExtensibilityPG/CustomKeyboard.html#//apple_ref/doc/uid/TP40014214-CH16
Yeah that’s what I thought, it’s not really comparable. Doesn’t explain why they all suck so bad compared to Android’s custom keyboard though
Most likely different incentives and platform culture.
Customization isn’t that big on iOS, other than the occasional viral fad, so there’s less interest for custom keyboards and in return less development spent on it.
Monetization of custom keyboards is also really hard and due to limitations on tracking and collecting data the incentives that Android has don’t really exists on iOS.
So what you end up with is a handful of custom keyboards often by big players that have bags of money to throw at it or as a companion to a regular app (e.g. Grammarly, GIF apps) to fulfill a specific function.
I think Apples philosophy is that for everything you normally do on your iPhone you use an app. The browser is only for exceptions, and that’s reflected in the care they put in it.
I don’t know why you hate the keyboard. It works just fine with a multitude of features for me, for which I’d install two or three different keyboards on my Android devices. Why on earth you would want to install a 3rd party keyboard of all things is beyond me. That’s the thing where you type in all your passwords.
Then you are doing it wrong. I have one keyboard, Gboard, and everything about it is superior to the Apple keyboard.
That’s but to say Gboard is good, is not… It’s crap. But Apple keyboard says “Hold my beer” and shows just how bad a keyboard can be when you really try.
The IOS keyboard is absolutely awful. The fact that you think it’s good tells me you’ve never used a different keyboard.
If you aren’t native English speaker and therefore use a different keyboard layout than US, pretty much all features disappear on iOS. The keyboard is garbage compared to Android’s native keyboard and for some reason even after 3 years of iPhone ownership I still write more typos on the iPhone than I ever did on Android phones.
I wish I could use some 3rd party keyboard, but because Jobs decided in the past that Apple’s keyboard is the only thing users ever really need, I can’t. There is a limited support for custom keyboards but in practice the user experience is garbage.
I haven’t used Chrome years, Firefox and Brave browser suit me fine. Since Brave uses the same engine and extensions. What’s the downside of Brave besides ppl not liking the creator? If I stopped using every device and product with an evil genius behind it I’d live in a cave somewhere with no technology at all.
refuse traffic to you if you don’t run a complaint browser ( cough…firefox )
Ah, so I’ll need a new extension that fakes my browser to say it’s chrome before I can use adblocker. I think this is a cat and mouse game with no end.
You would need an extension that could implement the drm, which would be no small feat and I’m not even sure how poss that would be with the extensions API. Not saying it won’t happen but i wouldn’t hold my breath.
I wouldn’t use it anyway, because DRM is cancer.
Ever since I switched to Firefox, I have not looked back and I am glad I did it.
I’m the exact same. Firefox has been great. Switched about three years ago.
Stop using Google products I don’t know how else to fucking say it.
Chrome -> Firefox Drive -> sync or Dropbox or any number of options Sheets and productivity tools > libre office or Apache open office YouTube -> Invidious or even better, odysse Google search -> duck duck go, SearXNG, StartPage, etc Gmail -> not a ton of great options. I’d probably recommend proton mail but the FOSS email world is definitely lacking, or gets blocked or goes down, harder to self host etc.
Proton mail for sure!! Great great great! Cant stop recomending
Yea i love Protonmail. I haven’t had one issue with it.
What’s the replacement for Android?
Linux, but that’s not a viable option. I would use degoogled Android OSs. GrapheneOS, CalyxOS, e/os, and LineageOS are some of the popular ones.
I use SailfishOS and while it’s more work, it’s viable.
Also correct here.
The 3 main have varying degrees of function vs security/privacy and should be researched.
Look, it’s an unpopular opinion and many will disagree with me, but while Apple does certain things to restrict you from customizing your experience, they’re doing far less to destroy the open Internet than Google. So if you need a fully featured OS (which degoogled custom Android ROMs might not be, if you need banking for an example), it’s still an alternative for now, until Linux mobile experience gets better.
On iOS, there’s no browser extensions (for e.g. ad blocking), no alternative browsers, and no FOSS apps of any kind. That platform is extremely hostile to the ideals of computing freedom.
Like I said, it’s a better (for privacy) alternative to stock Android when you need a fully functional operating system. If you can stand to lose the oppressive Google functionality, you can go degoogled Android or preferably Linux (if you don’t care about battery life or app availability).
Android, but the real one (AOSP, etc) that you can get with custom ROMs, not Google® Android©.
AOSP is a Google product.
That¿s why I said “the one you get from the custom ROMs”. Well, the ones that fork and maintain on their own anyway.
The other alternative honestly is Linux mobile, once it more properly launches.
deleted by creator
I like brave search because it uses its own index
Brave has done too many shady bullshit things and has thus completely lost my support and interest. I do not recommend them.
Question, I use Google docs a lot cause I like the sync and it’s convenient when I write something like a book on my computer and then can add more on my phone and it syncs. Does Apache open office do that? I would like to switch if all this chrome stuff is bad but I use all of it all the time
https://cryptpad.fr is a potential option. You can also host it yourself if you don’t want to pay them for extra storage space.
Oh that looks neat! I’ll have to look into it, thanks!
I generally would recommend Libreoffice over AOO but not sure about cloud sync options
Interesting. Well, I did find Gnumeric in my search for a simple spreadsheet app for making flashcards with, so TIL something new I guess my “cloudsync” can be using syncthing or just backing up to a flash drive lol
look into syncthing paired with local-first notes application (obsidian or similar), or simple text editor. work like a charm in my case.
Alright, thanks, I’ll try those out!
Ok I really like Obsidian! The interface is really clean! I might still need to look for a proper word processor (I guess I could use libreoffice) but I also use geany as a notepad++ substitute and it’s really nice too. I still gotta look into setting up syncthing though
Wait. Sync offers file storage? I thought it was just to sync up your Firefox sessions across multiple devices.
Or am I confusing services with similar names?
I think they’re referring to the storage service at sync.com, not Firefox Sync.
Correct
How do you like it? Would you prefer it over dropbox, or not really?
I’ve been migrating to sync from Dropbox after hearing too many reports of Dropbox scanning user content for things they deem objectionable. I like the end to end encryption, but I have found the mobile experience on iOS to be lacking. It seems to have trouble integrating with Files and uploading files directly via the iOS share menu. Annoying but not a dealbreaker.
I prefer it to drop box, it’s a better service and I believe not owned by Google like drop box it
Gawd damn, I didn’t know Google acquired Dropbox in 2010. Ok. Time to move.
But what makes Sync a better service? A better UI?
I really really want to move from google workspace, google photos and google drive. I used it all to backup a 16TB archive, sharing photos with family and friends and keeping my personal files in the cloud and synched across computers. I used a Synology to backup the archive from the computer locally to the Synology and offsite to google drive. But here’s the thing, I’m a somewhat PC and Mac-savvy technical guy, but purely GUI. Is moving to Nextcloud on my synology going to be as easy as moving to google drive? I’m a little scared TBH. There are so many ways of installing next cloud and doing 3-2-1 backups and I don’t have time to handle a little error on a Synology destroying my whole workflow for days… Someone give me hope.
FYI, you need two new lines (hit Enter twice) to actually get a new line in Lemmy.
Two new lines One new line.
Is there a reason behind this?
Markdown treats single newline breaks as being a line wrap in a long text flow
It’s standard markdown afaik. Two new lines creates a new paragraphs, two spaces and one new line creates just a new line.
Because Reddit does it? 🤷♀️
Nah its part of the markdown specification
That’s actually a bit of a relief to learn. I didn’t want to believe it was simply because Lemmy was trying to copy Reddit, but I just didn’t know enough to see any other reason.
Can also add two spaces at the end of line to force line break
deleted by creator
Immich is getting pretty darn close, close enough that you could genuinely have a think about what features really matter to you, vs the cost of privacy lost continuing to use Google Photos.
ty for this rec! i have been searching for something like this passively for a while.
Yeah, me too. I’ve been on Photoprism for a while, and that got me out of Google Photos, but not my wife.
What annoys me about Photoprism is the long-promised multi-user feature was put behind a paid subscription. I was a paid Github supporter, and would’ve been happy to continue with my annual donation (like I do for other tech projects), but then they went the greedy ongoing sub route.
helped with formatting:
Chrome -> Firefox
Drive -> sync or Dropbox or any number of options
Sheets and productivity tools > libre office or Apache open office
YouTube -> Invidious or even better, odysse
Google search -> duck duck go, SearXNG, StartPage, etc
Gmail -> not a ton of great options. I’d probably recommend proton mail but the FOSS email world is definitely lacking, or gets blocked or goes down, harder to self host etc.
And I agree for sure. In order I use firefox (and brave sometimes), Proton Drive, Apple Productivity suite (pages, numbers etc), and either startpage or qwant, and proton mail. I do still use use YouTube Premium, but the point is Google doesn’t need to have its fingers in every aspect of my digital life.
YouTube -> Invidious or even better, odysse -> or even, even better, PeerTube
Nextcloud technically does much of what Drive does, but my instance is buggy lol
Still, costing me nothing to run for now, AWS 12 month free tier. Will move to a VPS somewhere not-aws before that’s over.
I’m not sure LibreOffice is a drop-in replacement for Google Docs if you need sharing, collaboration and built-in version control.
Yes, something like collabora would be a better fit, although I never managed to get an actual instance of the thing running.
Works quite well through nextcloud IME :)
Well I tried this and… I just can’t get to run properly. Tried docker, AIO, separate installs :(
I found that quite easy, for once: I have a bare NC instance and I installed 2 add-ons (the integration bits and the CODE server that IIRC drops an appimage of the actual collabora server). Unless you have hundreds of users, that’s about as much admin as you need :)
I’ll give it another try then, thanks !
While I get your spirit… Dropbox belongs to google too 😂 they are everywhere! Worse than the plague.
i didn’t write the quoted list, just helped the OP with his formatting. I use proton drive, not dropbox.
I had no idea Proton Drive was a thing. I’ll switch to it, Dropbox is becoming incredibly obnoxious with the advertising popups and notifications.
For many people, Google controls the entire network stack from their ISP, router, OS, DNS, their browser, all the way down to the platform hosting the content they watch.
Google has captured such a wide part of the Internet that any changes they make will have at least a moderate effect on our lives. Even if we don’t use any Google services.
The only thing that can stop them is probably the EU at this point. And I’m sure Google has a plan for that.
They can’t have a plan for that. They have two options: conform or leave EU.
lol, just
become the governmentpay the EU.EU is widely adopting the policy of fining by a percentage of global revenue which is what hurts even the largest companies, precisely to avoid “just pay the EU”.
And what glorious percentage is that? 25% 30%? 35% And on what schedule? Weekly? Daily?
jokes on them
im going back to lynx
Remember when browsers just browsed…I really want to push the What’s Cool! button
Holy cow im getting nostalgia and I wasn’t even alive when Netscape was a thing, I think…
Fuck I’m old.
Sorry.
It’s funny how they think this is gonna do shit. The only thing this’ll do is make everyone switch browsers.
That’s the point, DRM would force everyone to use a “compliant” browser (Chrome, or extension-free Firefox etc), and the other browsers might not be able to show content; they may also lock the content from copying and editing without special tools, just like website video DRM works now
But we already see “sorry you’re running adblocker so no content for you” websites, so I’m not sure if that’s gonna change much
Firefox works around video drm by running it in an isolated container though.
How is the worlds biggest ad distributor also the worlds biggest browser maker without it being an anti-trust violation?
This code will only ever be installed on my machines by force against my will.
No benefit to any users at all, all benefit only to Google and their Advertisers.
