- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
I’m happy to see this being noticed more and more. Google wants to destroy the open web, so it’s a lot at stake.
Google basically says “Trust us”. What a joke.
You must log in or register to comment.
I’m glad the reaction all around seems to be “That’s sus as fuck”
Me too, there is hope!
I’m a bit less worried after reading this comment, which explains things like how they DON’T want it to be “DRM for the web” and the proposed measures to prevent it. https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/28#issuecomment-1651129388
WEI code is already being merged while Google is trying the “finding a suitable forum” tactics. If it’s truely for open web’s benefit, why the rush?
This is classic Google/corporate strategy - make it “digestable” to the most vocal public and address the concerns on the surface, then slowly erode, lock in and enshittify. Look at what’s happened to Gtalk/Hangouts for instance - everyone using other XMPP clients eventually switched to Gtalk since it was an open protocol and they could also continue using their existing clients, but after some time Google locked them in, then completely killed XMPP, then completely killed Hangouts.
It may subjectively look like Google is trying to address concerns around Web Integrity and sure, initial iterations may all be harmless and won’t break anything, but I’m 100% willing to bet that as people put their pitchforks down and Web Integrity all but fades away from public memory, they’ll start to lock you in with more and more DRM-like features, more and more websites will start to adopt it, until one day, you suddenly look back and realize you’ve been had, and how shitty the web has become - but by that point, it’s too late to change anything.
We need to nip this in the bud, before it even takes off. It goes grossly against the open web envisioned by Sir Tim Berners-Lee, regardless of its “good” intentions.
Google had said a lot of things during the years. Lying is second nature. As soon as there is a possibility to increase revenue, get on the good side of advertisers, or decrease competition, they will.
You have to understand that they are working under capitalism, where the only thing that matters is to grow your profits every year, or your stocks tank.
They are there for profits, and don’t care at all about the internets health or wellbeing. Maybe some employees do but it doesn’t matter. They don’t decide what to work on.
Google wants the internet sites to be like cable TV. You subscribe to them, you can’t block ads, and you have to run their allowed operating systems and devices. They make all the rules. You can do nothing.
I think we need to start being very realistic here.
Google has ad buying customers who want their ads served, and it’s those customers that would probably opt into the SDK and API in the first place. Scope matters.
Next there’s a plethora of freeloaders on the Internet who consume mountains of content but who scoff at paying for or contributing to the Internet.
Lastly I’m not seeing anything here that says it will block a site like Lemmy for example.the one thing I do find problematic is this potentially limiting competing browsers
I guess you missed the part about being able to “validate” plugins, entire operating systems, dns resolving etc.
I don’t care about Googles financial problems. I don’t use their services. They can close down YouTube if they don’t have enough paying customers. Same with Google search. Bye Google. And the internet is suddenly a much better place.
I’m going to guess half of the proposal is to waste time and distract from the minimum requirement they’re hoping to actually pass. We saw this a lot in general politics in the US: you make a bold overshooting statement while passing legislature on the side.
deleted by creator
leave some of that boot for others
Don’t mistake me for excusing their behavior. It’s the contrary. But I do think a grounded conversation starts with understanding what people’s motivations are.
grounded conversation is call user freeloaders? if you are consuming any content from google you are already contributing to their profit through information, and do not try to justify the actions of a multinational with the profit last year greater than the GDP of several small countries, corporations are not people and do not deserve compassion, the only objective is to make a profit at any cost, they do not care if someone needs it having a miserable life or even dying for it (corporations in general, I’m not talking exclusively about google).
I actually posted an article about their opening of a data center being detrimental to another countries water supply. Link should be in my profiles recent posts, worth a read.
I think there is a fair lot of people who think it’s absurd to pay for what they consume. And if you asked them what the alternative is to them paying they’d say nothing, it should be free.
Each service they run is binned and probably billed and generates revenue separate ways, but enough of that Im not trying to argue for pro google. The DRM they’re trying to push is bullshit.
You are completely deviating from the subject, the question here is simple, they are a multinational wanting to create a monopoly and control all the content that circulates on the internet to profit even more. “I actually posted an article about their opening of a data center being detrimental to another countries water supply” the problem is that you are assuming morals, corporations don’t have morals they have interests, if they did it wasn’t because it was the best for the local people, it was to make money and they will abandon it the next second it stops being profitable. And here is an example of how fantastic corporations are https://www.businessinsider.com/google-reported-dad-police-photos-sick-sons-penis-child-abuse-2022-8?op=1
They don’t care about a “safe web environment”. That is not making them any more money. Knowing much more about their users and being able to perfectly match everything a user does anywhere with Googles advertising business, though, will.
This is actually in correct. They do care about it because they are going to enforce a standard. Which means they will be able to force ads to be displayed. Ads is Google’s main revenue source.
So, how the hell is this supposed to prevent bots? Unless Google are planning to completely lock the browser down to prevent user scripting and all extensions then surely you can still automate the browser?
Unless Google are planning to completely lock the browser down to prevent user scripting and all extensions
Ding ding ding!
It doesn’t actually prevent anything because you can just use a different browser.
Remember those “Please use a supported browser” messages websites had?
With Web Environment Integrity they’ll be back, and worse.
Then how are Web Devs supposed to run automated tests?
Through the soon to be “Google WebTest, the WEI compliant test suite, powered by AI!”
Or something like that. Selling the antidote for the poison you created.
Or they just don’t enable it in their test env.
*its
Fixed - thank you.
The fraud-fighting project has fired up quite a controversy
fraud-fighting? Even Google’s initial pitch was explicitly describing it as a way to sell more ads.
I wish they’d have grown a pair and outright said “we’re forbidding ad blockers in Chrome, come at us”. I bet there’d be less controversy. This WEI thing just makes them look like sniveling weasels.
From their point of view, blocking ads probably equals fraud.
Would WEI stop Adblock by DNS? Like pihole or similar ?
All of that can be easily checked via JavaScript, but now if you world use extensions to disable those checks you would not pass the attestation.
So yeah, essentially you no longer have control over your computer, and need to bend over and accept everything the site owner wishes to do.
bend over and accept everything the site owner wishes to do.
Including a malicious site owner’s wishes.
From my very basic understanding of it yes. It in effect checks what’s loaded against what was served and if there’s a discrepancy it does its thing.
Note. If I have misunderstood please someone correct me.
Is there anything that would prevent some kind of proxy stripper? I’m thinking something that loads the page with a clean agent, strips out the shit and serves a nice clean page?
Definitely beyond pihole as it stands, but doable.
It would need something that would trick the checker into reporting an all good when local extensions fiddle with the rendered page. Not impossible IMHO but I’m wayyy to dumb for that shit. I was a sre not a developer.
Yes and no. They can freely enforce a specific DNS server and reject any browser with a custom one as “tampered with”. Just like they can freely enforce any part of your system being like they want it to be “or else”.
Basically it’s a way for a “third party” that’s chosen by the web server to verify the environment where the front end code is running meets its standards. Those standards would be up to the third party. So I’d imagine if an assessor said “hey, we can verify ads load properly” or even “we verify this extension isn’t running” then many sites would possibly choose those assessors. It also is blatantly deceitful because of all the issues it suggests it can fix, it doesn’t actually fix any of them. And many of them aren’t even that big of a problem.
Does blocking ads by DNS still work? Current ads are AFAIK more sophisticated
Yes, it works well. There are some ads, like those built in to apps and pages for self-promotion (Microsoft having an ad for office on their own website, for example), that cant be blocked without disabling the service itself because the ad dns is the same as the content dns, but otherwise it works well.
No that should still work. The server will send a page to your browser, and when the browser renders it, it will request the ad. And your pihole will block the request.
Unless WEI somehow changes how page rendering works but I don’t think so.
Not really. The environment could easily include resolution of an ad server. If a site uses two ad servers and neither resolves, the attestor could decide to fail the environment. The problem is the attestation is left open for the attestor to create. It could check web browser, extensions, operating system, etc. I fail to see how this is at all privacy protecting to begin with.
That’s absolutely horrible.
Stop WEI.
No, but that only works if the ads are being served by known ad hosts, so you should expect that adtech will get hip to that and proxy their traffic through the same hosts as the content.
That being said, it’s pretty easy to check if a user has network blackholing going on in clientside JavaScript, you just do a test request to a popular ad network and see if it resolves, no special browser support needed.
There is no defense of the move. It’s bad for the internet. Pure and simple!
“But it’ll make us lots of money…”
Well… in that case…
this reads like a script of a Pitch meeting.
and is it going to be hard for people to accept this WEI?
No, it’s gonna be super easy, barely an inconvenience .
Oh, really?
yea, you see, majority of people don’t give a fuck and have no idea what it is about.
Oh wow, wow wow wow
There’s an ongoing protest against this on GitHub, symbolically modifying the code that would implement this in Chromium. See this lemmy post by the person who had this idea, and this GitHub commit. Feel free to “Review changes” –> “Approve”. Around 300 people have joined so far.
That PR doesn’t appear to make any sense. It modifies an include rule, so at best it would make Android Webview fail to compile.
Yes, the purpose isn’t sabotaging.
Ootl… What is the purpose?
Raise awareness…
I don’t think filling Google repositories with complaints and well-intentioned, but garbage issues/pull requests. At best they’ll just delete them occasionally and at worst work less in the open, changing permissions on repositories, doing discussions more in internal tools.
What you can do is support alternative browsers, get other people to use them too and notify news as well as your local politicians about such problems. Maybe join organizations on protecting privacy or computer clubs (in Germany, support e.g. Netzpolitik.org and CCC).
Maybe acknowledge what the in-principle good things about WEI would be and support alternative means of achieving them. This proposal uses good things like less reliance on captchas and tracking, a simple to use API to enable a huge potential for abuse and power grab. Alternatives might be a privacy pass, as mentioned by WebKit https://github.com/WebKit/standards-positions/issues/234
(also @[email protected])
Maybe it is pointless, maybe it is a bad idea. Maybe not. It’s difficult to predict what this kind of small-scale actions will have on the big picture and future development. No matter what you choose or not choose to do, it’s always a gamble. My way of thinking is that it’s good if people say, through this kind of gestures, “I’m vigilant, I won’t allow just anything to be done to me. There’s a line that shouldn’t be crossed”.
Of course you’re right about supporting and choosing alternative browsers, and similar initiatives. There are many initiatives on that front as well. I’ve never used Chrome, to be honest; always Firefox. But now I’ve even uninstalled the Chromium that came pre-installed on my (Ubuntu) machines. Besides that I ditched gmail years ago, and I’ve also decided to flatly refuse to use Google tools (Google docs and whatnot) with collaborators, as a matter of principle. If that means I’m cut out of projects, so be it.
Regarding WEI, I see your point, but I see dangers in “acknowledging” too much. If you read the “explainer” by the Google engineers, or in general their replies to comments and criticisms, you see that they constantly use deceiving, manipulative, and evasive language. As an example, the “explainer” says a lot “the user needs this”, “the user desires that”, but when you unfold the real meaning of the sentences it’s clear it isn’t something done for the user.
This creates a need for human users to prove to websites that they’re human
Note the “need for human users”, but the sentence actually means “websites need that users prove…”. This is just an example. The whole explainer is written in such a deceiving manner.
The replies to criticisms are all evasive. They don’t reply the actual questions or issues, they start off a tangent and spout a lot of blah blah with “benefit”, “user”, and other soothing words – but the actual question or issue never gets addressed. (Well, if this isn’t done on purpose, then it means they are mentally impaired, with sub-normal comprehension skills).
I fuc*ing hate this kind of deceiving, politician talk – which is a red flag that they’re up to no good – and I know from personal experience that as soon as you “acknowledge” something, they’ll drag your into their circular, empty blabber while they do what they please.
More generally, I think we should do something against the current ad-based society and economy. So NO to WEI for me.
I think there’s some non-symbolic effort going on in ungoogled-chromium.
Here?: https://ungoogled-software.github.io/about/
Looks like a good project, I didn’t know about its existence.
Yeah :) This is the issue: https://github.com/ungoogled-software/ungoogled-chromium/issues/2432
Just like Trickle Down, “Don’t be evil” has aged well and deserves to be repackaged. /s
it says something about “spoofing identity” which raises a good question. If this does happen, how difficult would it be to just lie about your client environment with a spoofer of some sort?
It would be difficult. Your operating system, the browser, and the website’s code would have to be compliant to pass the WEI check
Let’s say you use a non-compliant OS (linux), or a non-chromium browser, or use userscripts, in all three cases you are locked out of the website.
That’s exactly what it is trying to prevent. Basically you, as an user is not to be trusted, so the website and your own computer work together to prevent you from doing anything the site deems inappropriate, like spoofing things, blocking ads etc.
If you are not using Firefox now is a good time to start.
Just switched yesterday, was way easier than I thought it would be. I’m converted on all my devices, all my stuff has been synced from Chrome in a few clicks. Just do it people.
I love Firefox so much. Specially the built in sync. I can browse something on my phone and open it on my computer later and continue where I left off.
If you haven’t already, check out Firefox Sync.
You can sync your stuff across Firefox instances (PC, mobile, different PC profiles etc.) You can choose to sync logins, open tabs, bookmarks, add-ons etc.
Each place you use Firefox can choose to sync different stuff, so for example you can sync logins everywhere but only sync open tabs on the PC.
In case you replace the phone or your PC HDD crashes etc. all you have to do is login back to Firefox Sync and you get all that stuff back.
deleted by creator
I’ve been using Firefox mobile for a few years now too, and the one thing I’ll point out is that the addon store is a lot more limited than on PC – unless you’re using Firefox nightly or beta, which lets you use any. But for the average user that only needs ublock or noscript, etc. it’s a perfect choice:)
Tampermonkey expands the functionality you can use to take control, I use the twitter control panel to transform the mobile experience of X. No need for the app with all the forced Elmo bollocks.
It’s kind of silly. I use nightly with custom add-ons and most of the add-ons work without issue. The UI might not be the best for the phone but they’re functional. I’m not sure why the mobile add-ons are so restricted, even enabling them in nightly is bizarre. You need to go in and tap on the FF icon in the version info page or something like that…
I recently switched and all’s good so far. Correct me if I’m wrong, wei would also be able to block certain browsers, including Firefox, right? I wish just switching browsers would be enough to avoid Wei though :/
If google gets their way websites will be able to block OS’s and browsers. But if enough people switch to Firefox they won’t be able to push this change as easily. Google Chrome has about an 80% marketshare in the browser market and most of the alternatives are forks of Chromium which google controls. If this doesn’t change Google will be able to do anything they want.
Firefox in the meanwhile but long term we need to move away from the unfathomably bloated web
protocolstandard/browsers.Web protocol? Which one?
I wouldn’t consider http or dns bloated, for instance. And tcp/ip isn’t web-specific enough for me to think that’s what you mean by “the web protocol”.
Are you just trying to say you don’t like websites in a way that sounds techy?
I’m referring to the totality of what is required to make a complete and secure web browser from scratch.
That’s a rant about the complexity of modern browser engines, not the protocols. The web worked just fine before CSS and JS. The protocols aren’t the problem. Lynx is still being maintained if you want the web without the bloat of features like js and inline images.
I believe the rant demonstrates there cannot be more competition for browsers and therefore justifies the idea that browsers will stagnate and come to an end. I think the solution will be to move away from one application doing many things to using separate software dedicated to narrow purposes.
Ah yes, I do the same in my kitchen. One machine that does one job and then sits around unused for the rest of the year.
No, obviously that is not the way. I don’t want to deal with 20 separate programs to do the job Firefox does.
When you want to use the scanner but can’t because the printer is broken.
What’s the “web protocol”? Are you talking about HTTP?
Seems from their response to me asking the same thing, they mean browser engines, not anything to do with any of the protocols involved.
I wish I’d said “web standards” instead.
You mean HTML, CSS, JavaScript, etc?
Including those but also all specifications defined by the W3C. I would post other examples here but I’m out of my depth.
Ok well, the modern web technology ecosystem is incredibly featureful and flexible, it allows a huge array of options for building rich interactive applications, all delivered to your browser on-demand in a few seconds.
Sure some of the technologies involved aren’t perfect (and I challenge you to find any system that feature-rich that doesn’t have a few dark corners), but there really no alternative option that comes close in terms of flexibility and maturity.
Adding features endlessly, heedless of danger of the inate security issue from the complexity, makes for an uncompetative and ultimatly unsustainable ecosystem.
The alternative I believe in is to use seperare apps for each segmented feature (the dedicated video player plays the video, the browser merely fetches it).
I have too use Edge at work. Is Edge also implementing this shit?
Im so sorry u should use it…
Google has turned into a corporate criminal which is abusing its trusted position in society.
The only solution is to break the company up before it can wreak more havoc on society.
Google does not have a trusted position.
From the point of web infrastructure and standards, they certainly do.
They used to have a motto like “Do no evil”, which was kinda sus to begin with (they were a search engine in a time when many didn’t even consider the evil possibilities of the internet). But if you start out with a motto like that, it’s even more sus if you suddenly drop it, which they did.
Usually when a company loudly proclaims that “we have this quality” they’re compensating for not in fact having it.
You get the same in people: “I’m so smart”, “I’m so beautiful”, “I’m so confident” and so on are usually said to others by people who don’t actually believe they have such (otherwise self-evident) qualities.
In that logic “Do no Evil” was a red flag.
Ah, so it is. Still hard to tell if it’s genuine or PR.
*waiting patiently for EU to catch on to this.
Google may not like the outcome…
