Post AYEnzD3LwNAHttFeng by kfogel@kfogel.org
(DIR) More posts by kfogel@kfogel.org
(DIR) Post #AYCSaAAj1pr2N6znRQ by kfogel@kfogel.org
2023-07-29T22:10:55.076754Z
7 likes, 11 repeats
If your computer can’t lie to other computers, then it’s not yours.This is a fundamental principle of free and open source software. The World Wide Web abides by this principle, although we don’t often think of it that way. The Web is just an agreed-on set of programmatic interfaces: if you send me this, I’ll send you that. Your computer can construct the “this” by whatever means it wants; it’s none of the other side’s business, because your computer is not their computer.Google’s so-called “Web Environment Integrity” plan would destroy this independence. “Integrity” is exactly the wrong word for it — a better name would be the “Browser Environment Control” plan.In the normal world, you show up at the store with a five dollar bill, pick up a newspaper, and the store sells you the newspaper (and maybe some change) in exchange for the bill. In Google’s proposed world, five dollar bills aren’t fungible anymore: the store can ask you about the provenance of that bill, and if they don’t like the answer, they don’t sell you the newspaper. No, they’re not worried about the bill being fake or counterfeit or anything like that. It’s a real five dollar bill, they agree, but you can’t prove that you got it from the right bank. Please feel free to come back with the right sort of five dollar bill.This is not the Open Web that made what’s best about the Internet accessible to the whole world. On that Web, if you send a valid request with the right data, you get a valid response. How you produced the request is your business and your business alone. That’s what software freedom is all about: you decide how your machinery works, just as other people decide how their machinery works. If your machine and their machine want to talk to each other, they just need an agreed-on language (in the case of the Web, that’s HTTP) in which to do so.Google’s plan, though, steps behind this standard language to demand something no free and open source software can ever deliver: a magical guarantee that the user has not privately configured their own computer in any way that Google disapproves of.The effrontery is shocking, to those with enough technical background to understand what is being proposed. It’s as though Google were demanding that when you’re talking to them you must somehow guarantee, in a provable way, that you’re not also thinking impure thoughts.How could anyone ever agree to this nonsense? Must all our computers become North Korea?The details of your own system’s configuration are irrelevant to — and unnecessary to accurately represent in — your communications with a server, just as your private thoughts are not required to be included, in some side-band channel, along with everything you say in regular language.If a web site wants to require that you have a username and password, that’s fine. Those are just a standard part of the HTTP request your browser sends. But if a web site wants your browser to promise that it stores that username and password locally in a file named “google-seekritz.txt”, that’s not only weird and creepy, it’s also something that a free software (as in libre) browser can never reliably attest to. Any browser maintenance team worth its salt will just ship the browser with a default configuration in which the software reports that to Google when asked while, behind the scenes, storing usernames and passwords however it damn well pleases.Indeed, the fundamental issue here is the freedom to have a “behind the scenes” at all. Environments in which people aren’t allowed to have a “behind the scenes” are totalitarian environments. That’s not an exaggeration; it’s simply the definition of the term. Whatever bad connotations the concept of totalitarianism may have for you, they come not from the fancy-sounding multi-syllabic word but from the actual, human-level badness of the scenario itself. That scenario is what Google is asking for.My web browser (currently Mozilla Firefox running on Debian GNU/Linux, thank you very much) will never cooperate with this bizarre and misguided proposal. And along with the rest of the free software community, I will continue working to ensure we all live in a world where your web browser doesn’t have to either.(Cross-posted at https://rants.org/2023/07/the-right-to-lie-and-google-wei/ .)
(DIR) Post #AYCk8OCh40vExOp3h2 by potatoxel@pleroma.potatoxel.org
2023-07-30T00:17:28.696544Z
0 likes, 0 repeats
@kfogel yeah treacherous computing o;
(DIR) Post #AYCk8PErDSFOAOqIhk by kfogel@kfogel.org
2023-07-30T01:27:33.853483Z
0 likes, 0 repeats
@potatoxel Good phrase!
(DIR) Post #AYE5jc7mYtTx2e4nzM by fgregg@mastodon.social
2023-07-30T01:44:20Z
0 likes, 0 repeats
@kfogel how much of your argument would apply to CORS?
(DIR) Post #AYE5jcfSXgQ8j5phTs by kfogel@kfogel.org
2023-07-30T17:04:17.722946Z
0 likes, 0 repeats
@fgregg None of it, that I know of? But maybe you're thinking of some aspect of CORS that I'm not aware of...?
(DIR) Post #AYE5rkAMXz0wIb9yz2 by RobertoArchimboldi@kolektiva.social
2023-07-30T10:54:17Z
0 likes, 0 repeats
@kfogel thank you. This was really helpful for non technical me
(DIR) Post #AYE5rkv9k0Rcdj3Lv6 by kfogel@kfogel.org
2023-07-30T17:05:48.328319Z
0 likes, 0 repeats
@RobertoArchimboldi I'm glad to hear it! Thanks for saying so.
(DIR) Post #AYE6AapXTvxMqXPMK8 by ioutora@floss.social
2023-07-30T11:07:59Z
0 likes, 0 repeats
@kfogel Very well written! I hope more people see it and understand how serious this is. This is NOT about being forced to watch ads.
(DIR) Post #AYE6AbWQuSGezZTcBM by kfogel@kfogel.org
2023-07-30T17:09:10.330521Z
0 likes, 0 repeats
@ioutora Thanks! Yeah, I agree it’s important. Despite the fact that there’s already been a whole spate of posts and articles recently about how bad this is, it’s still not as widely criticized as it should be. Each new voice helps a little bit.
(DIR) Post #AYE6JmTFZWoNYTMbia by riggbeck@mastodon.social
2023-07-30T11:36:29Z
0 likes, 0 repeats
@kfogel I'd like to dump Google entirely. I already use @runbox for email and Qwant for search, but extricating myself from the rest of it seems almost impossible. It's an invasive species, the internet version of Japanese knotweed.
(DIR) Post #AYE6JndDFyNJ9f24sy by kfogel@kfogel.org
2023-07-30T17:10:51.995182Z
0 likes, 0 repeats
@riggbeck It's tough, yeah -- I completely understand. But this proposal is in a separate category from merely using Google's services in a standard transactional manner. It's a direct threat to software freedom.
(DIR) Post #AYE6UHB0GQ1pgOpj9s by solidstate@mastodon.social
2023-07-30T12:20:39Z
0 likes, 0 repeats
@kfogel the Proposal section in the wiki article is a little thin. How would they attempt to achieve this "integrity" on a technical level?
(DIR) Post #AYE6UHsxczBrsjOpfs by kfogel@kfogel.org
2023-07-30T17:12:45.369169Z
0 likes, 0 repeats
@solidstate I just linked to the Wikipedia article because it's a convenient bundle of sources. Try going from there to the proposal itself -- I'm pretty sure it's in the "References" or "External links" section.
(DIR) Post #AYE6YDkuvLjkERVr0q by kfogel@kfogel.org
2023-07-30T17:13:32.719554Z
0 likes, 0 repeats
@joeyh Notice how careful I was to say "currently" when referring to the browser I'm using :-).
(DIR) Post #AYE6kMQOWDjwaqhb4C by gudenau@fosstodon.org
2023-07-30T15:09:52Z
0 likes, 0 repeats
@kfogel Apparently Safari already supports this or something like it...
(DIR) Post #AYE6kN6ZzNU4hgRHou by kfogel@kfogel.org
2023-07-30T17:15:40.955407Z
0 likes, 0 repeats
@gudenau I wouldn't be surprised. Proprietary browser on a proprietary OS from a company known for tightly locking down its hardware -- I mean, that's pretty much petri dish + agar for a freedom-destroying mold :-).
(DIR) Post #AYE8Sncyq7oleqLKM4 by fgregg@mastodon.social
2023-07-30T17:10:07Z
0 likes, 0 repeats
@kfogel i’m sure that i don’t understand the google proposal, but all the browsers enforce CORS, and don’t let you load data in many contexts.
(DIR) Post #AYE8SoO80pX214OyqO by kfogel@kfogel.org
2023-07-30T17:34:54.069372Z
0 likes, 0 repeats
@fgregg I think you’re misunderstanding Google’s proposal. This is not about the browser enforcing something by default for the purpose of being able to make security guarantees to its user. After all, if you wanted to modify and recompile your browser to not enforce same-origin policies, you could do so. (It would a bad idea, of course, but that’s not a software freedom issue :-) .)Rather, this is about the browser being able to pass back a partially-hardware-based, cryptographically secure token that attests, to a central service, that you (the owner of the computer) have not made certain system modifications that would otherwise be invisible to and undetectable by another computer that you’re interacting with over the network. The central service can then pass that attestation along to relying parties. Those relying parties would then use it for all the expected purposes. For example, if they’re considering sending you a stream of video, they’d only do so if they see a promise from your computer that it has no side-band ability to save the video stream to a file (from which you could view it again later without their knowledge). And this promise would be dependable! Under this proposal, your computer would only be able to say it if it were true.Of course, by definition the only way such a system can work is if it does not have software freedom on the client side. It requires a cooperative relationship between the hardware manufacturer and the supplier of the software – cross-signed blobs and such – whereby your computer loses the physical ability to make the requested attestation to a third party unless your computer is in fact fully cooperating.By analogy: right now, you can tell your browser to change its User-Agent string to anything you want. You might get weird effects from doing that, depending on what value you set it to (and it’s unfortunate that web developers let sites get so sensitized to User-Agent, but that’s another story, to be told along with a similar complaint about HTTP Referer – but I digress).Now imagine a world in which, if you change your User-Agent string, your browser suddenly starts always sending out an extra header: “User-Agent-String-Modified-By-User: True” – and you have no choice about this. You can’t stop your browser from doing it, because your computer won’t let you.Does this help clarify what the problem is?
(DIR) Post #AYE8VHxB3nTgI4ydDU by gudenau@fosstodon.org
2023-07-30T17:19:44Z
1 likes, 0 repeats
@kfogel It's worth talking about because Google can go "see people don't care!"
(DIR) Post #AYEDMvoI0Kll4Iebqq by fgregg@mastodon.social
2023-07-30T17:57:28Z
0 likes, 0 repeats
@kfogel yes, thank you. i thank you for expanding! seems bad!
(DIR) Post #AYEDMzxeZSdVwV490C by kfogel@kfogel.org
2023-07-30T18:29:51.904549Z
0 likes, 0 repeats
@fgregg Great! Thanks for taking the time to read the addendum -- much appreciated.
(DIR) Post #AYEE51TEJwQ1MhpObI by kfogel@kfogel.org
2023-07-30T18:37:50.849786Z
0 likes, 0 repeats
@fgregg (I wish I could just incorporate it into the original post, but I’m not really sure what effect editing the OP would have in the Fediverse at this point. On https://rants.org/2023/07/the-right-to-lie-and-google-wei/, where I cross-posted this, I did incorporate it, so at least there’s some place where all the thoughts are together, even if no one reads it :-) .)
(DIR) Post #AYEnzCL2b7ifgSWGjQ by frite@infosec.exchange
2023-07-30T20:12:30Z
0 likes, 0 repeats
@kfogel There’s another aspect. Implementing this effectively allows control over who develops software and what software they develop. Quite literally if they don’t like your software, they can break your attestation (or any device for that matter that installed your software) and be done with it
(DIR) Post #AYEnzD3LwNAHttFeng by kfogel@kfogel.org
2023-07-31T01:20:08.454825Z
0 likes, 0 repeats
@frite Yup. Well, that was the point I was trying to make, in fact. "Control over who develops software and what software they develop" == "lack of software freedom". Software freedom is exactly about *not* being subject to such controls.
(DIR) Post #AYEzDUkC3shKJmIvR2 by mrcopilot@mstdn.social
2023-07-31T03:19:35Z
0 likes, 0 repeats
@kfogel @fgregg AFAIK, editing a post notifies folks who previously favorited or responded (or answered a poll) that it was editted.Great thread.
(DIR) Post #AYEzDVYt1PFOr01PRw by kfogel@kfogel.org
2023-07-31T03:25:59.865195Z
0 likes, 0 repeats
@mrcopilot Thanks! That makes sense, and is useful to know. /CC @fgregg
(DIR) Post #AYFGQUS89dnYOqdbl2 by Steveg58@aus.social
2023-07-31T04:25:11Z
0 likes, 0 repeats
@kfogel From my PoV that ship already sailed with the arrival of HTML5 where random people could suddenly poke around at the innards of your computer.
(DIR) Post #AYFGQVPgaDR9NYVAaO by kfogel@kfogel.org
2023-07-31T06:38:49.439876Z
0 likes, 0 repeats
@Steveg58 They can? I didn't know about that -- would welcome pointers (though I can probably search it up if you don't want to encourage my laziness).
(DIR) Post #AYG4QqKHpCTLwnKYdM by Steveg58@aus.social
2023-07-31T06:44:35Z
0 likes, 0 repeats
@kfogel HTML5 was when they added all the provisions to query your machine about processor, graphics, battery charge and the arrival of downloading javascipt (mostly) code to run on your machine and before sandboxes were common it could inspect your file system and write files to temp storage.
(DIR) Post #AYG4Qr07Jfvu2Wtxpo by kfogel@kfogel.org
2023-07-31T15:59:06.547013Z
0 likes, 0 repeats
@Steveg58 Yeah, that's all bad (along with sites' use of "User-Agent" and "HTTP-Referer"). But ultimately it's still all under the client's control: if the client wants to lie about how much battery charge is left, about its CPU or GPU, etc, it is free to do so -- the server can't tell.So-called "Web Environment Integrity" is a whole different category, because tha freedom to lie is gone.
(DIR) Post #AYG5AqU9Z6yPlHshyC by kfogel@kfogel.org
2023-07-31T16:07:27.425168Z
0 likes, 0 repeats
@nicolas17 I don't have deep enough technical knowledge of how Private Access Tokens work to say for sure, but so far I haven't seen anything obviously problematic. In PAT, the client says things to a Mediator, which then passes along a condensed (and anonymized version) to an Issuer, right? So far that doesn't seem analogous to WEI. In PAT, the client is just communicating via normal APIs to the Mediator. The Mediator does not have the privilege of running its own code directly on the client without possibility of modification by the client -- if it did, that would be the giveaway and would make PAT similar to WEI.
(DIR) Post #AYG6j5k5RkCoseEBjU by kfogel@kfogel.org
2023-07-31T16:24:51.220843Z
0 likes, 0 repeats
@nicolas17 Thanks! Well, then yes, it has exactly the same problems. It's always been the case that there's ultimately no software freedom on an iPhone or on any locked-down device where the hardware and the OS are controlled by the manufacturer.
(DIR) Post #AYGA8S8zauINSaf6qO by kfogel@kfogel.org
2023-07-31T17:03:01.905506Z
0 likes, 0 repeats
@nicolas17 If you have time to write a post about it, I'd learn a lot and I'm sure others would too.I tentatively guess that the reason for the different levels of alarm is as follows: Since many people already don't run Apple hardware+software, the things Apple does on its devices aren't automatically a threat to freedom generally. A web-based service isn't going to decide it'll only work with attested Apple users, because that would mean giving up on a huge number of potential customers. But if Google implements WEI in Chrome (on all the major proprietary operating systems), then suddenly it becomes reasonable for a web service to just stop working for the tiny number of people left who aren't running one of the big, locked-down systems.And Apple products have always been understood to be a single, centrally-controlled environment anyway: there's one corporation behind all of it. Meanwhile, the Android / Chrome world has been much more diverse -- Google has not tried to keep nearly the same level of control there that Apple does in its environment. So a move like this by Google changes the amount and kind of freedom possible within the Google-ish ecosystem, while simultaneously threating to make the remaining freedom-preserving population enough of a minority that it can be ignored (i.e., overtime, more and more of the Web would just stop working for those people (as, some would argue, has already been the case with proprietary Javascript shipped on the fly to the browser, but at least that's just code and in the end you can control what your browser does with it)).
(DIR) Post #AYGWDAcYN2GhYJ8xRQ by Steveg58@aus.social
2023-07-31T21:09:28Z
0 likes, 0 repeats
@kfogel Like sandboxes the ability to lie is relatively new and requires the cooperation of the browser developers. WEI will eventually be worked around but in the mean time it is a cannon aimed directly at Firefox.
(DIR) Post #AYGWDBSJGbfW8pMI76 by kfogel@kfogel.org
2023-07-31T21:10:22.824412Z
0 likes, 0 repeats
@Steveg58 Is the ability to lie new? I assumed we've never not had it...
(DIR) Post #AYGaJOkh8wHkvyB1Rg by Steveg58@aus.social
2023-07-31T21:13:10Z
0 likes, 0 repeats
@kfogel It was only added to browsers after pervasive tracking via fingerprinting became a thing. And only on browsers that care about your privacy.
(DIR) Post #AYGaJPVUKxiRH64ONk by kfogel@kfogel.org
2023-07-31T21:56:20.474477Z
0 likes, 0 repeats
@Steveg58 But, at least in principle, anyone could have modified their browser (or had someone else do so for them), even before browsers started shipping controls for this by default. I think that mattered in practice too: people actually do play around with these things -- building Firefox is hard but it's not rocket-science hard -- and those experiments on the periphery eventually migrate inward to become feature requests and thence actual features (as I believe has happened with fingerprinting prevention measures, though I'd certainly welcome comments from anyone who knows the technical history of those features better).
(DIR) Post #AYMbfVuKUBcGOpYIIy by njoseph@social.masto.host
2023-08-03T05:30:08Z
0 likes, 0 repeats
@kfogel Google went from "Don't be evil" to seeking totalitarian control over the web.Also, from "ads are a bad business model for search engines" to making a browser where ads can't be blocked.
(DIR) Post #AYMbfWTQNhgm9fyK0W by kfogel@kfogel.org
2023-08-03T19:39:52.147988Z
0 likes, 0 repeats
@njoseph "Making the world safe for the kinds of people you want to be safe from."
(DIR) Post #AaViJOPzUnp556ldxI by Jonaschuzzlewit@nicecrew.digital
2023-10-07T00:35:22.432915Z
0 likes, 0 repeats
Just wow. So I am a tech retard blundering on fedi seeking the sound of free speech and people who understand how fuct it is. I may not know crap about tech but I see the walls closing in. Thanks for this excellent explanation that even a near luddite like myself can grasp. I dearly wish to see the day big tech gets destroyed along with big brother but I fear it is going to be quite the opposite... Either way eat sleep drink and be merry for if you are based tomorrow or soon we will surely die