There’s a “we told you this would happen” going on here.
If chromium didn’t have a monopoly amongst browsers, they would have a much harder time pushing this through.
Imagine everyone using a browser built by an advertising company.
I moved to FF the same time I found out about the DRM shit. It takes literally 10 minutes and the only thing FF lacks is tab groups. Not a big loss compared to a stupid bigtech telling me what I can use.
The problem is that Mozilla dropped the ball so hard, by focusing on making their C-staff into millionaires instead of making a good product, that it no longer matters. Their market share is so small that Firefox compatibility no longer matters.
Soon websites will require that DRM and either Firefox will implement it or it will be unable to render those websites.
Firefox is awesome and I never switched to chrome because Google is the devil
The only use chrome gets on a fresh phone before deactivation is installing Firefox. Same for IE
I’ve used Firefox since it was Netscape and it’s been a fun ride
FF has tab containers which, while I haven’t used much myself, seem pretty similar to tab groups from a quick search. Edit: Also looks like there’s “Simple tab groups” extension which maybe even more similar to what you may want
Containers have nothing to do with tab groups. One is an organisation tool and the other is a privacy tool.
That’s not even the biggest level of “we told you this would happen.”
They pulled this shit previously with other standards (WebHID). Where they proposed a terrible standard, and then implemented it ignoring all feedback. Only last time it played out over months, and this time… weeks?
Sweet jesus.
I guess I’ll never use Chrome or Google products again then
The Internet in the last five or so years has just been less fun and interesting to use in general. Except for anywhere I can interact with friends, I just don’t really care for using corporate social media sites anymore. I’ve pretty much removed Google from my life except for YouTube and rarely Google Maps, and if Google tries to use this to force ads into YouTube (which I’m sure is going to be one of its uses) then I will just stop using YouTube. I will just stop patronizing any site or business that tries to implement this as a feature to stop my browser choice, OS choice, or my extension choice (which included adblock extensions). I miss the days when the Internet was less corporately controlled than it is now, and I think we need a renaissance of those days.
I wonder how many people will be ok with this, considering that there’s a large portion of folks who does not know what’s AdBlock
Yup. The vast majority of internet users NEVER:
-
Customizes their web experience
-
Uses apps almost exclusively
-
Navigates beyond the first page/screen
How will they react to this?
“Shut the hell up, fucking nerd and your fucking idiotic, stupid ass ‘privacy’ bullshit. God WHO THE FUCK CARES!? I was literally - LITERALLY - never inconvenienced by any of that stuff, so SHUT UP!”
That’s how.
We’re doomed. We were always doomed.
Would be kinda cool to go back to irc or usenet, because the average internet user does not and will not give a shit about privacy, and definitely won’t get a complicated chat thing setup.
We’re doomed. We were always doomed.
I’m afraid that’s always been the case because the mass majority just don’t a give a shit. They’ll happily conform to whatever the monopolies tell them to.
-
Fuck this is trash. DRM for the web. I wish people would understand websites like kbin are not free and that if you use a website you need to pay to keep it alive. But no one wants to pay for anything on the internet, and so we have ads. Ads will for sure kill the internet.
The fact that people feel entitled to free content online really activates my almonds. They’ll whine and moan about enshittification and how eg. news is just clickbait now, and then promptly shit their pants when someone suggests they actually pay for things since they clearly don’t want ads either
Surely you can reverse that and point out corporations whining and moaning about people expecting free content when they’re barely paying their employees enough to afford to pay their bills.
The problem starts with corporate greed, hoarding revenue by keeping employee’s salaries to the minimum acceptable, providing as little functionality as possible to reduce overheads, double dipping by selling a product/subscription and then selling their customer’s data, and then complaining they aren’t getting more money for what little they are doing.
Then inevitably a little guy like Kbin comes along and suffers because the internet is filled with soulless, ultra-capitalist corpo scumbags.
Surely you can reverse that and point out corporations whining and moaning about people expecting free content when they’re barely paying their employees enough to afford to pay their bills.
Those are separate issues
They are absolutely not separate issues. How can I be expected to shell out $15 per month for 10 different content subscriptions if I can only just afford to put food on my table?
Doesn’t mean that content producers and the people running services don’t need to eat too. Sure, many if not all big corporations are terrible, but not all online content is provided by them.
But a massive amount of them are. Small and solo creators on Youtube or Twitch need to conform to the rules of Google and Amazon, and even medium size creators are influenced and coerced by the precedents and market trends set by the much larger corporations.
And it doesn’t matter if not all content is provided by large corporations, those large corporations employ the most people, and dictate in a lot of ways, the rules of the employment market. It’s due to their habits and practices that wages are artificially low and expenses are inflated for record profits.
Until corporate greed is managed properly, consumers will always struggle to have enough expendable income to pay content creators, and therefore will always be searching for free content.
Oh yeah, no disagreement there; the source of all these problems is ultimately an economic system designed by and for sociopaths. But, be that as it may, the fact that even the people who could afford to pay for services simply don’t, and many run adblockers too and rarely turn them off for eg. news sites even if the ads they run aren’t extremely distracting. For example when ABP introduced a whitelist for “non-annoying” ads, it didn’t exactly go down well and people said they had “sold out.”
Big corporations can get fucked for all I care, but as I said, the ones not working for them and running services or news media or whatever also need to eat, and peoples’ reticience to pay for things in one way or another has directly led to those big companies taking over more and more of the field and WEI is an outgrowth of that.
Why is this bad? On first read, it seems like it could replace personally identifiable advertiser cookies with a trusted assertion that I am a human. Feels like a win
I don’t understand. Isn’t someone just going to fork Chromium, take out this stuff, put in something that spoofs the DRM to the sites so that adblocking still works?
Isn’t someone just going to fork Chromium, take out this stuff,
Yes, upstream Chromium forks will likely try to remove this functionality, but
put in something that spoofs the DRM to the sites so that adblocking still works?
This is the part that is not possible. The browser is not doing the attestation; it’s a third party who serves as Attestor. All the browser does is makes the request to the attestor, and passes the attestor’s results to the server you’re talking to. There is no way a change in the browser could thwart this if the server you’re talking to expects attestation.
This violates just about every single open web principal that allowed Google to gain so much power. When they changed their motto from Don’t Be Evil, to Do No Harm, they obviously chose deception. Their new motto should be Do Whatever is Profitable, or more succinctly Be Evil.
I don’t really understand how that’s possible. The browser gets a token from the third party, and passes that token to the server to “prove” it’s running the DRM. The server then passes code back to the browser. At that point, why can’t the browser just cut out the DOM elements which are ads?
I don’t understand how code I write on hardware I run locally can ever have it’s hands tied like this.
It won’t be your hardware in a few years if this goes through. The code will run in a secure enclave and you won’t be able to access your bank or log in to government websites if you control the hardware.
Android phones are starting to do this, and it’s a nightmare for people like me who actually want to own the device they purchased.
Needing root access on Android to regain basic functionality (such as the ability to backup installed apps) is a sad indicator of where we’re headed ☹️… As much as I dislike iOS’s walled garden, they make backups dirt easy for the end user - and they do complete backups too - app data, homescreen layout and all.
I see what you’re saying. I read it as implying the browser would fake the attestation token. I don’t know the answer, but if their (stated) goal is to stop bots and scrapers, I have to assume it wouldn’t be so simple. After all, a lot of bots and scrapers are literally running an instance of Chrome.
Part of the point is that you may not be able to spoof it.
On code I write on hardware I run locally, how is it ever possible to not be able to remove an element from the UI?
If you don’t use a client with certain signature, the web request will end in different response, i. E. an empty response, as if your client had a certain signature. Please correct me if I am wrong, though.
Why can’t my modded client just give it that signature?
Because you don’t have Google’s private key. Same reason you can’t watch Netflix episodes without Widevine.
Bro I’m watching a Netflix show right now and don’t have a subscription
Widevine has been hacked multiple times, it’s the usual arms race.
I watch Netflix shows in high definition without widevine every day.
🏴☠️🚢
Drink up, me hearties, yo ho!
A private key to do what?
I only have the most cursory understanding of what Widevine is, but a quick Google reveals github projects claiming to spoof it.
Where I fail to understand is this. Whatever authentication the open source browser I modify needs to do, I can let it keep doing, because at some point it has to provide my browser C++ code with a clear text DOM before it renders it to an image to be displayed by my window manager. I can write that browser to simply remove DOM elements it deems to be ads - just like ublock does - before it renders it graphically.
The only way around this would be to turn browsers in to a completely dumb terminal that accepts an octet stream of pixel data so it can display bitmaps, which is completely unfeasible (every webserver would become a graphics card for each of it’s users), and even if it did that, a simple neural net would identify the ads and remove them.
What am I missing?
The attester will then sign a token containing the attestation and content binding (referred to as the payload) with a private key. The attester then returns the token and signature to the web page. The attester’s public key is available to everyone to request.
— The explainer, section How it works.
Websites will ultimately decide if they trust the verdict returned from the attester. It is expected that the attesters will typically come from the operating system (platform) as a matter of practicality, however this explainer does not prescribe that. For example, multiple operating systems may choose to use the same attester. This explainer takes inspiration from existing native attestation signals such as App Attest and the Play Integrity API.
— The explainer, section Web environment integrity.
Now Julien Picalausa of Vivaldi browser theorizes as follows:
To make matters worse, the primary example given of an attester is Google Play on Android. This means Google decides which browser is trustworthy on its own platform. I do not see how they can be expected to be impartial.
On Windows, they would probably defer to Microsoft via the Windows Store, and on Mac, they would defer to Apple. So, we can expect that at least Edge and Safari are going to be trusted. Any other browser will be left to the good graces of those three companies.
Of course, you can note one glaring omission in the previous paragraph. What of Linux? Well, that is the big question. Will Linux be completely excluded from browsing the web? Or will Canonical become the decider by virtue of controlling the snaps package repositories? Who knows. But it’s not looking good for Linux.
So, AFAIU, if worst comes to worst you won’t be able to run an unsigned browser and browse the web.
So…I don’t use chrome anymore, but I use Vivaldi. Guess this’ll fuck that up too or will they remove it?
Edit: looks like they’re concerned about it but also are worried stripping it out will f up theye browser being accepted
Hey, fellow Vivaldi user👋 . Yep, one of the Vivaldi devs already said if it was added upstream, they’d strip it out of the Chromium code, but they acknowledge that this would cause problems if WEI became standard. Websites would start to expect it, and not having that functionality would be a death-sentence for any browser (Chromium or otherwise).
That’s great to hear. I like it and would like to continue
Google is actively trying to drive people like me away. I have been trying my hardest to keep using Android, if Google keeps this up I might have to unwillingly move to Apple. At least they do more than just pretend to care about their users’ privacy.
deleted by creator
They did, but hardly anyone uses safari, so it can’t be used by itself to enforce standards like the google thing will be able to do. It’s just an extra thing they have for now.
You, me, and everybody else commenting on this post are a miniscule, almost infintesimal percentage of Google’s global userbase. If each and every one of us statistical outliers stopped using Google everything right this second they wouldn’t even notice.
True, but might as well put up a good fight while we’re at it.
More and more, I wonder if we’re going to have to go back to Lynx or Links or something just to look at sites that aren’t corporate because they’ll be otherwise inaccessible from anything else.
I moved to Apple a few years ago, and recently I’ve stopped using Chrome for anything but work, where it’s required (web development, lol). Still married to gmail and google calendar but maybe it’s time I get away from those too…
I just don’t understand why they’re trying to solve this issue on the client side. It seems like a losing battle to me.
Instead, focus on the server side. If you want to push ads, then host on (or tunnel from) the content server. Get rid of all the <div\>s and tags and scripts and adserver links that the adblockers are using to identify ads. Just assemble the page on the host so that it looks indistinguisable from the content the user is looking for and push it out. EAT BACHELOR CHOW! NOW WITH FLAVOR! Google could even start an ad-friendly hosting service that does this - some sitebuilder tools, identify where you want Google Adsense, and host the damn thing.
Unless everybody fully customises the display and styling of the adverts for their own website, there’s going to be some sort of targetable, recognisable pattern in the way AdSense content looks. Most developers just want an easy drop-in solution.
Furthermore, Google don’t necessarily want to give you that level of control over the adverts, because that makes it easier to game the ads system with malicious, fake and misleading clicks or invisible adverts. They need their tracking tech attached to it.
So render to image? That sounds terribly inefficient. That means you’re drastically increasing the load on the server and sending way more data over the wire. And then on the client side, your page no longer changes to fit the huge variety of viewport sizes. And say goodbye to being able to copy-paste. Or any kind of user interaction. And anyone with visual disabilities can go fuck themselves, I guess.
No, they didn’t mean to render it all as an image, but that everything comes from the content server you’re getting the content you want from and thus the ads should be indistinguishable from content. I don’t understand how you could misunderstand it to such a degree as to think they meant to render it all as an image.
Because even if you host the ad content on the same server, it’s still possible to distinguish it, such as by URL or element xpath. To assemble the page to avoid this, you’d need to completely render the page.
so… PDF then?
/sThanks, BTW. It never occurred to me that someone could interpret my comment as “render-as-an-image”.
You explicitly state “render to image”.
deleted by creator
What does this mean?
The real two internets is happening
Feels so good to see Google getting called out for this in the GitHub comments
Does it? It’s making me depressed.
Because every last single thing said in those comments will be ignored. I sincerely doubt they’re even reading them.
They know what they’re doing. They know what people will say. They’re going to do it anyway.
Fuck you Google.