[HN Gopher] Web Environment Integrity API Proposal
___________________________________________________________________
Web Environment Integrity API Proposal
Author : reactormonk
Score : 209 points
Date : 2023-07-21 18:09 UTC (4 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| 66fm472tjy7 wrote:
| I am not optimistic that the de-facto end of general computation
| can be prevented, or that there will even be noteworthy
| opposition.
|
| There are so many powerful interests that stand to gain from
| preventing e.g. ad-blocking and content capture. Thanks to
| Windows 11 requiring TPM, it is just a matter of time until
| hardware support for remote attestation is ubiquitous even on
| desktop computers.
|
| Meanwhile, our (including myself) attention is (perhaps
| justifiably to some extent) on the latest news about
| $EXISTENTIAL_THREAT and how $THE_OTHER_SIDE did $EVIL_THING fed
| to us by the algorithm. Organizations that used to effectively
| fight threats to freedom like this (FSF, pirate parties, CCC,
| EFF, etc) have lost a lot of their support/influence and clarity
| of purpose over the last decade.
| rpastuszak wrote:
| Just a reminder that AdTech is not paying for our access to
| content, or supporting publishers -- it's keeping them hostage.
| freeone3000 wrote:
| Fork chromium and have it return true. Problem, websites?
| progbits wrote:
| It doesn't return boolean but an attestation certificate that
| the server can validate before sending you any content.
| jabbany wrote:
| It's signed?
|
| Sure you can fake the results of an attestation in your fork,
| but your fork would be using your own key to sign the response,
| a key that the site can reject.
| freeone3000 wrote:
| Ah, we'll also have to extract the key from chrome. It's no
| worse than WideVine.
| gray_-_wolf wrote:
| There is no key in chrome, the signing is done via a 3rd
| party server.
| jabbany wrote:
| Has that been extracted already? I have to admit I'm behind
| on the current state of browser DRM...
|
| Also I wonder if in the future this would require
| attestation of the entire chain: secure UEFI validated by
| key burned in CPU, validates secure boot os that prevents
| "hacking tools", which validates secure Chrome, which
| attests secure websites...
|
| Truly royally screwed at that point...
| charcircuit wrote:
| The current state of DRM is that you have to find a
| hardware vulnerability in order to extract a certificate.
| With this you can now decrypt DRM content, but you have
| to be careful not to get that key blacklisted.
| kykeonaut wrote:
| I am not a hopeful romantic, but the EU has been investing on
| vendor neutral web-browsers like Nyxt [0] and the UR Browser [1]
| through the Horizon Europe program. I doubt that legislators (at
| least in the EU) will view this as a positive development,
| assuming EU legislators know what they are doing. On the other
| hand, lobbying by big tech is still very much a threat.
|
| [0] https://nyxt.atlas.engineer/
|
| [1] https://www.ur-browser.com/
| politelemon wrote:
| > Attesters will be required to offer their service under the
| same conditions to any browser who wishes to use it and meets
| certain baseline requirements. This leads to any browser running
| on the given OS platform having the same access to the
| technology, but we still have the risks that 1) some websites
| might exclude some operating systems, and 2) if the platform
| identity of the application that requested the attestation is
| included, some websites might exclude some browsers.
|
| I feel this is the bit that's going to be hand waved away for the
| sake of convenience.
| joelthelion wrote:
| Will people stop using Chrome now?
| TheAceOfHearts wrote:
| This seems like a step closer to killing the open web.
|
| "Sorry, you can only access this website using this specific
| device with a browser compiled by Big Tech, it's for your own
| good."
|
| Not surprising that this is all coming from Google, the world's
| biggest adtech company.
| Aeolun wrote:
| This is already happening. It's just mildly harder now. Try
| opening Teams in Firefox or Safari.
| akomtu wrote:
| It's the ad-tech sector of the web declaring a secession from
| the internet, for ads can't live under the law of the open web.
| The new AdWeb is going to look like appstores: websites will
| need to pay to the adweb owners, and users will need to use
| smartphones or locked down browsers. As for the open web, it
| will stay and continue evolving free from money making
| concerns.
| garganzol wrote:
| I see one more dangerous development imposed by this move:
| limiting access to web content for rival search engines. I'm sure
| that Google Robot will pass all "high security standards" and web
| integrity checks, while others won't be able to do so.
| eropple wrote:
| This is a level or two below where my knowledge of the browser
| trails off, so I'll ask generally: how would this interact with
| things like the WebKit Content Blocker API?
| wmf wrote:
| Most likely all extensions and content blockers would be
| disabled for DRMed sites. Or maybe they'd be enabled but the
| browser would tell the site you have a blocker enabled and the
| site would refuse to load.
| jabbany wrote:
| Step 1: Sites require a "secure" (read proprietary) browser
| like "Google Chrome", "Microsoft Edge", "Safari" or refuse to
| operate.
|
| Step 2: "Secure" browsers change the behavior of their
| implementation of the Content Blocker API so an industry-
| accepted "secure" site lile Google Ads can opt-out of being
| blocked ("You wouldn't want a misconfigured content blocker to
| accidentally break a verified secure site right?")
|
| Step 3: ??? (Force the users into a take it or leave it choice
| for whether they want to be part of the internet or not)
|
| Step 4: Profit
| madeofpalk wrote:
| I don't understand how the Apple that introduced their
| Content Blocker APIs would choose to invest into this API to
| kneecap their own content blockers?
| wmf wrote:
| I can imagine a situation where "low-quality" sites get ad
| blocked and "high-quality" sites get DRM.
| [deleted]
| jabbany wrote:
| They wouldn't have to. Unless you use an iDevice you're not
| using an Apple made browser. (The content blocker API is
| WebKit so it's used across multiple browsers)
|
| As for revenue from Apple users, they already want to have
| control over that and would be more than happy if Google
| and co voluntarily stopped serving their users so they can
| make ad money off of them on their own terms.
| josephcsible wrote:
| Either Apple will make their devices refuse to sign the
| attestation if you're using it, or Google will remove Apple
| from its list of trusted attesters.
| jabbany wrote:
| Or (most likely) they will negotiate how to split the money.
| Maybe through some kind of safe advertising consortium.
|
| Apple is just fine with collecting user data on platforms so
| long as they're the only ones doing it. Apple even runs its
| own ad network over its own app store.
| supriyo-biswas wrote:
| This is one of those times I hoped politicians were more
| competent in a technical field like computer science.
|
| I'd have a field day grilling the CEOs of Big Tech companies over
| stuff like this that only serves to kneecap their current and
| future competitors.
| dmantis wrote:
| The literal attempt to censor web usage of Linux and BSD
| desktops, other FOSS clients, custom Android ROMs, etc with an
| open reasoning "to sell you ads".
|
| They don't even try to masquerade it.
| intelVISA wrote:
| I mean, to be fair, that's their entire modus operandi.
|
| You don't berate a kitchen for serving food, why would you look
| at any Google contraption from HTTP/3 to Chrome as anything but
| a vehicle for selling ads and/or mining data?
| joshuamorton wrote:
| The largest subsection of the document is spent discussing how
| to prevent specifically this situation, and this is called out
| explicitly as a non-goal.
| jabbany wrote:
| Yeah I mean the first of their examples is literally:
|
| > Users like visiting websites that are expensive to create and
| maintain, but they often want or need to do it without paying
| directly. These websites fund themselves with ads, but the
| advertisers can only afford to pay for humans to see the ads,
| rather than robots. This creates a need for human users to
| prove to websites that they're human, sometimes through tasks
| like challenges or logins.
|
| I find it quite cute that they start with "users" as if it's a
| user demand but in the next sentence switch to "advertisers"
| --- the real target population.
| Buttons840 wrote:
| > This creates a need for human users to prove to websites
| that they're human, sometimes through tasks like challenges
| or logins.
|
| Is... is the Verification Can actually going to happen?
| https://i.kym-
| cdn.com/photos/images/original/000/983/286/ea5...
| Terretta wrote:
| Why stop there. Let's see who is behind the problem they're
| solving with item 2:
|
| _Some examples of scenarios where users depend on client
| trust include:_
|
| _1. Users like visiting websites that are expensive to
| create and maintain, but they often want or need to do it
| without paying directly. These websites fund themselves with
| ads, but the advertisers can only afford to pay for humans to
| see the ads, rather than robots. This creates a need for
| human users to prove to websites that they 're human,
| sometimes through tasks like challenges or logins._
|
| _2. Users want to know they are interacting with real people
| on social websites but bad actors often want to promote posts
| with fake engagement (for example, to promote products, or
| make a news story seem more important). Websites can only
| show users what content is popular with real people if
| websites are able to know the difference between a trusted
| and untrusted environment._
|
| Not written in item two: And the people paying to promote the
| posts funding these sites want to know the promotions are
| landing on real consumers' screens.
| kibwen wrote:
| It's time to break Google up. They're the AT&T and Standard Oil
| of our generation. Make Ads, YouTube, Search, Cloud, Chrome, etc.
| all independent companies. Demand that antitrust regulators do
| their damn jobs for a change.
| chrisco255 wrote:
| Only if you throw Apple, Microsoft and Meta into the grinder as
| well. Our regulators are fully captured and have been for some
| time.
| stainablesteel wrote:
| counterargument: let's say the us gets in a real war with
| china, a massive conglomerate like google would probably make
| massive contributions to cyber/technological warfare that the
| individual pieces would have a hard time doing
|
| i agree they should be broken up, but it might be the wrong
| time for it.
| [deleted]
| JBiserkov wrote:
| So what you are saying is we should break up the US so they
| don't get in a real war with China?!
| blibble wrote:
| what are Google going to do to China?
|
| throw ads at them?
| croes wrote:
| Related
|
| https://news.ycombinator.com/item?id=36785516
| garganzol wrote:
| The empire strikes again being driven by the insatiable greed.
| Just wait till its minions will fill up this thread with
| classical astroturfing and comments in vain of "We were waiting
| for this feature since forever!" and "It's for better security".
| I can also easily see how they massively downvote everyone who
| disagrees with the righteous direction of The Corporation. This
| is so Orwellian 1984.
| sergiomattei wrote:
| Proposals like this demonstrate the utter failure of our ethics
| education in computer science.
|
| In a field facing increasingly harder ethical questions every
| day, it's important to start empowering our engineers to say "no"
| to ethically bankrupt things like this.
| wmf wrote:
| You might be disappointed. Ethics training can't force people
| with different political viewpoints to conform to yours; in
| fact it gives them better tools to explain their views.
| dgb23 wrote:
| You mean rhetoric?
| Klonoar wrote:
| I would take being disappointed over our current situation,
| which is effectively little to no focus on teaching the
| ethics at all.
| enumjorge wrote:
| I don't understand why ethics in engineering has to be framed
| as a political discussion.
| wmf wrote:
| You can call it values if you want.
| benatkin wrote:
| It's an Orwellian name, but makes a certain amount of sense.
| That's the most effective kind of Orwellian name.
|
| Even still, I think that it is wrong to give something a
| convenient name that espouses some virtue. They should have
| chosen something like Web Environment Verification API.
|
| I think it's spyware, and I don't like it. It reminds me of the
| Stripe API, where you have to run some JavaScript on your site
| that snoops on your interactions and reports stuff to Stripe that
| it uses to detect fraud.
| https://news.ycombinator.com/item?id=22937303
| pmlnr wrote:
| Soon there will be a Plaza Web, for which you'll need an approved
| device for, like a Chromecast with Google TV, and the Old Web of
| communities, enthusiasts, and the like.
| teddyh wrote:
| Called it:
|
| <https://news.ycombinator.com/item?id=31835121>
|
| <https://news.ycombinator.com/item?id=33210846>
| reactormonk wrote:
| tl;dr: DRM for websites
| PaulHoule wrote:
| It looks very similar to the "secure boot" mechanisms in
| Windows and other commercial client OS.
|
| Strikes me as very dangerous though on the web where there are
| so many paths for malware to get in and this could get in the
| way of plugging the holes.
| fabrice_d wrote:
| No, it's similar to attestation APIs like android SafetyNet
| (now called Play Integrity API) that are used to check that
| "your ROM is valid according to Google".
|
| Secure boot can protect you eg. against malware gaining write
| access and modifying your system. I see it as user
| protection, as long as you can sign the trust chain. This is
| what GrapheneOS is doing as far as I know.
| wzdd wrote:
| A trust chain beginning at the bootloader is what will
| ultimately enable this API, though, because that's what
| SafetyNet/Play Integrity API relies on. If you don't have a
| locked bootloader, or you're not running stock Android, you
| won't pass SafetyNet/Play Integrity (at least the higher
| tiers of it).
|
| To take your GrapheneOS example, apps wishing to support it
| must add GrapheneOS keys:
| https://grapheneos.org/articles/attestation-compatibility-
| gu...
|
| If this proposal goes ahead, it's unlikely that you'll be
| able to convince site owners and/or ad networks to add the
| keys of your open source OS.
| saurik wrote:
| It was also dangerous for your PC: as soon as people ceded
| the ability to led their parties control what we run on _our_
| devices--such as by "only firmware signed by Apple can run
| on my phone"--we lost this war.
| cesarb wrote:
| > It was also dangerous for your PC: as soon as people
| ceded the ability to led their parties control what we run
| on our devices--such as by "only firmware signed by Apple
| can run on my phone"--we lost this war.
|
| If that's how "we lost this war", then it was lost before
| it even started. Even before Apple released their phones,
| it was already the case that phone firmware came only from
| the phone manufacturer. That is: phones come from a
| different lineage than PCs, and were never as open as
| general purpose computers ended up being.
| saurik wrote:
| I mean, those were by and large fixed function devices
| and while phone calls are certainly a form of
| communication they aren't really networked devices.
| And... while it was technically possible to update the
| software on them, most people never did.
|
| There were only a scant handful of years where there even
| existed phones where this could matter... but now this
| same mentality is being applied to every new category of
| device--all of which acting as general computing devices
| --based on these precedents.
| tshaddox wrote:
| It seems like a pretty clever way to propose extremely powerful
| DRM functionality, phrased as if it's about trust and security.
| jabbany wrote:
| It's not even phrased like that... If you read their examples
| it's very clear that they're not hiding the goal of using it as
| DRM for advertisiers.
|
| In fact, their first example (!) outlines how this would be
| appealing to advertisers because they can attest a real human
| is viewing the content.
| rpastuszak wrote:
| It's very likely that technical (or otherwise) decision
| makers at ad-tech adjacent businesses are the target audience
| of that documentation, not us.
| charcircuit wrote:
| L1 DRM for browsers already exists. This is about providing an
| extra layer of security to sites that may need it like banks.
| phpnode wrote:
| The underhanded way this is being proposed is really something
| else. It's hosted on a non-google github to provide distance,
| it's worded in a way that makes it seem like this is something
| that benefits users, when it's the absolute opposite of that. It
| subverts the whole concept of a _user_ agent. This is a huge
| threat to our industry and we cannot allow this to happen.
| jabbany wrote:
| I agree with everything except the last part...
|
| It's not a "threat to" the industry... It literally _comes
| from_ the industry... Unless the tech industry is willing to
| lose one of its biggest sources of revenue, this is exactly
| what the industry wants...
| xg15 wrote:
| This. As much as they'd like to pretend they're still free-
| spirited hippies, this _is_ the tech industry.
| Zamicol wrote:
| I can't help but see this as evil.
|
| Giving more control to corporations and less control to
| individuals.
| snowc0de wrote:
| This isn't extreme enough. If they're going to put out a very
| controversial proposal like this, they may as well go all in. The
| push back against this is going to fizzle out, and it will be
| shoved through regardless of anyones opinions.
|
| Governments will love this due to protection and security it
| provides among other things. I wish I could say I was surprised,
| but Google has continued to fail to deliver even when they try
| for a power-grab play like this.
|
| Feature requests: - Add a distributed bad-actors list similar to
| DNS. - Start the process of introducing this functionality at the
| hardware level. - Require photo personal identification to prove
| humanity.
| quenix wrote:
| What's strange to me is that the main author of the spec -- Ben
| Wiser -- seems to be against closed, wall-garden paradigms as he
| has written in a blog post "I just spent PS700 to have my own app
| on my iPhone" [1]. In the post, he laments the state of the App
| Store monopoly on iOS and ponders returning to Android for the
| app installation freedom.
|
| How can he reconciliate these views with this spec, which he is
| the main author of? Surely Ben sees the parallels?
|
| He writes: "Apple's strategy with this is obvious, and it clearly
| works, but it still greatly upsets me that I couldn't just build
| an app with my linux laptop. If I want the app to persist for
| longer than a month, and to make it easy for friends to install,
| I had to pay $99 for a developer account. Come on Apple, I know
| you want people to use the app story but this is just a little
| cruel. I basically have to pay $99 a year now just to keep using
| my little app."
|
| It's honestly comical and a little sad.
|
| [1]: http://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-
| my-o...
| M2Ys4U wrote:
| "It is difficult to get a man to understand something, when his
| salary depends on his not understanding it."
|
| -- Upton Sinclair
| rpastuszak wrote:
| Speaking as someone who worked in adtech and managed to spend
| almost a year getting paid to build an adblocker:
|
| I can tell you that the machine is so big and the
| responsibilities diluted to such extent that no one _really_
| feels like they 're making a morally dubious decision, it just
| sort of happens on its own, magically.
| troupo wrote:
| > How can he reconciliate these views with this spec, which he
| is the main author of? Surely Ben sees the parallels?
|
| It's easy: he works for Google. Every single public-ish web
| developer and/or devrel from Google will spend inordinate
| amounts of time lambasting Apple, writing eaassays on how Apple
| cripples the web etc.
|
| While Google has broken the web so badly that Apple would need
| several decades to come anywhere close.
|
| Note: the moment they leave Google, they may slightly change
| their tune and criticise Google a bit. For an example, see Alex
| Russel of web components when he went to work at Microsoft
| after spending a decade making sure that web browsers are turly
| unimplementable: https://infrequently.org/2021/07/hobsons-
| browser/
| jbk wrote:
| > How can this view be with this spec, which he is the main
| author of? Surely Ben sees the parallels?
|
| It can be reconciled with love for money and total lack of
| moral fiber.
|
| Aka << I don't give a shit about my actions destroying every
| one, as long as I go get paid >>
| blibble wrote:
| it's exactly the same as the AI bros
|
| as long as they get their $1280 bonus they don't care
|
| even if they're destroying their future employment prospects
| rpastuszak wrote:
| I think it's very easy to treat people in such a binary
| manner. I get it.
|
| What this guy's doing is shameful, but I've seen dozens of
| otherwise lovely people, working for charities, spending much
| more time on socially-important and useful work than 90% of
| the crowd here... and the same people would push barely legal
| (if not illegal) targeting on masses of people, arguing to
| push cigarette ads in markets that still allow it.
| Advertising is cancer and the current model is not
| sustainable.
|
| What I'm (poorly) trying to say is: be angry, let everyone
| know that you're angry, make more people angry, but remember
| that focusing on this guy is a distraction from a bigger
| systemic issue and it actually helps organisations like
| Alphabet.
| jbk wrote:
| > I think it's very easy to treat people in such a binary
| manner. I get it.
|
| It's not generally easy, but I think I'm in the position to
| say that.
|
| The guy has the choice of company to work with and has the
| choice in the company and what department to work in.
| traspler wrote:
| First I wanted to say client trust is one of the two things I'd
| really like to see improved from a security standpoint but I
| think it's the wrong way around. Browsers should establish if
| they feel they operate in a trustworthy enough environment and
| decide to not work at all if they don't. Having the website
| initiate this check is a bit strange to me. (The other thing
| being more MitM and DNS Hijacking protection)
| cwales95 wrote:
| Google is really trying to distance themselves from their "don't
| be evil" days I see.
| rpastuszak wrote:
| They grow up so quickly
| signed_keys wrote:
| Please drink a verification can to continue.
| caesil wrote:
| Whether you like it or not (and I certainly don't), you've gotta
| sort of admire the sheer vision of a fifteen-year project to
| build a browser so good it comes to monopolize the industry, all
| because you've had the foresight to realize that monopoly will be
| crucial to securing your position as the adtech hegemon. An
| underrated masterpiece of evil genius.
| jabbany wrote:
| I wouldn't necessarily view it as malice from the beginning.
| It's entirely likely that early Chrome was really trying to
| solve usability problems in hosting complex applications like
| GMail. A goal that was attempted throughout history, as seen
| from the days of ActiveX, Java Web Applets, Flash, etc.
|
| But capitalism does what it does best, and will happily take
| advantage of (and try to prolong) a natural monopoly situation
| even if the origins were genuine.
|
| In fact this is why there are regulations around "utilities".
| They are also an area where a natural monopoly is the optimal,
| so they shouldn't be treated as a free market.
|
| (Food for thought: Perhaps the Internet infrastructure should
| be a utility too? Browser makers could be forced to be non-
| profit, which would mean companies need to divest themselves of
| the "Internet business" if they want to do "business _over_ the
| Internet")
| cesarb wrote:
| > I wouldn't necessarily view it as malice from the
| beginning. It's entirely likely that early Chrome was really
| trying to solve usability problems in hosting complex
| applications like GMail. A goal that was attempted throughout
| history, as seen from the days of ActiveX, Java Web Applets,
| Flash, etc.
|
| I would say that the _actual_ goal early Chrome was really
| trying to solve, was to prevent the browser monopoly of the
| day from being used against Google. It 's similar to how
| Valve invested on Steam OS, as insurance in case Microsoft
| used its operating system monopoly to degrade the Steam
| experience relative to Microsoft's application store.
| danielvaughn wrote:
| It's like they had the same dream that IE had back in the 90's,
| except they actually had the patience and fortitude to see it
| through.
| kibwen wrote:
| And tech people fell for it hook, line, and sinker.
|
| It's completely and utterly irrelevant that Chromium is open
| source, because the web is a protocol, and having the source
| for an implementation of the protocol doesn't matter in the
| least when you don't control the protocol. You can't just fork
| Chromium and remove a feature, because websites expect the
| feature, and your browser won't work on them. You can't just
| fork Chromium and add a feature, because websites don't care
| about your tiny fork and won't use your feature. You can't fork
| Chromium, you have to fork _the entire web_.
| zzo38computer wrote:
| > You can't just fork Chromium and remove a feature, because
| websites expect the feature, and your browser won't work on
| them. You can't just fork Chromium and add a feature, because
| websites don't care about your tiny fork and won't use your
| feature. You can't fork Chromium, you have to fork the entire
| web.
|
| In some cases you can (although it may be difficult, because
| the code might be difficult too and maintaining with merging
| changes can make it difficult too).
|
| You can remove features you don't want, possibly adding fake
| features in its place or those that access other features,
| e.g. the microphone access to instead access a file, etc.
|
| You can add features that most people don't use even if you
| do use them. It can also be implemented in ways that are
| backward-compatible. Also, some features that are added are
| not features that the web pages will need to know anything
| about, because they are user features instead.
|
| Nevertheless, some things cannot easily be forked in this
| way. For example, adding a "Interpreter" header to add
| support for additional file formats and make it compatible
| even with browsers that do not support it, cannot be made
| compatible unless you add a request header to specify its
| availability too I suppose, and then just complicates it.
| chrisco255 wrote:
| > You can't just fork Chromium and add a feature
|
| Of course you can. Microsoft's Edge and Brave already add
| proprietary features like AI and reader mode, tab groups,
| video calling, crypto wallet etc.
|
| Brave could add a custom CSS or HTML feature. Hell that was
| the status quo we came from ten years ago when each vendor
| had their own feature flags and implementation for WebRTC and
| proprietary video codecs, etc.
|
| Brave already explicitly removes ads and blocks all kinds of
| things websites expect to work on Chrome.
| netvarun wrote:
| And I believe this strategy was how Sundar Pichai became CEO of
| Google. He oversaw the chrome project in the early days and its
| incredible success catapulted him up the management ladder at
| Google.
| xg15 wrote:
| I think "don't use Chrome" is really not the best way to fight
| this - instead, make it known. Get out to as many people as
| possible that this thing exists, spread awareness, explain the
| consequences, make a stink.
|
| Google is absolutely in a position to implement this and I figure
| a good number of sites would immediately join. However, the image
| of "tech" is tarnished enough already and the general population
| is more aware of the importance of having control about their
| online experience.
|
| So I'm kinda optimistic that more public awareness of this might
| lead to a larger backlash and might make Google think twice in
| continuing this, lest risking a PR disaster.
| ktosobcy wrote:
| I'm highly annoyed by this prospect (I do love tinkering with the
| websites and cannot imagine using web without UserCSS, UserJS and
| ad block...)
| mellosouls wrote:
| Related(?) to this recent blog by Google [1], discussed here [2]
| at the time as
|
| "Google to explore alternatives to robots.txt".
|
| [1] https://blog.google/technology/ai/ai-web-publisher-
| controls-...
|
| [2] https://news.ycombinator.com/item?id=36641607
| lucideer wrote:
| The issues tab is a fun read - never seen a response like this on
| a web spec.
| leodriesch wrote:
| They seem to have closed down comments on it, I'm seeing
|
| > An owner of this repository has limited the ability to
| comment to users that have contributed to this repository in
| the past.
| andrethegiant wrote:
| > I'm giving everyone a heads up that I'm limiting comments
| to contributors over the weekend so that I can try to take a
| breath away from GitHub. I will reopen them after the weekend
|
| https://github.com/RupertBenWiser/Web-Environment-
| Integrity/...
| lucideer wrote:
| Does it disturb anyone else that this is (a) in a personal
| namespace & (b) reason given for closing discourse being a
| single individual's need to disconnect from work at the
| weekend, when that person is employed by a large corp to
| maintain this spec which they are implementing in their
| product?
|
| Surely Google as an org, if they're behind this, or at
| least a standards bodies own org namespace should both own
| this project, and also decision making around discourse,
| with any individual employees being free to leave the
| project un-answered outside of working hours?
|
| This isn't some open source passion project someone's doing
| in their off time...
| Buttons840 wrote:
| The firestorm will be worse by then. I predict this RFC
| will not allow comments.
| josephcsible wrote:
| Has there ever been a case of someone locking GitHub issues
| while being in the right?
| ccheney wrote:
| Seems like a path to fingerprinting users for tracking purposes
| and a potential vector for data leaks
| wmf wrote:
| The one thing this proposal does right is trying to avoid
| fingerprinting.
| JeremyNT wrote:
| Previously:
|
| https://news.ycombinator.com/item?id=36800789
|
| https://news.ycombinator.com/item?id=36785516
|
| https://news.ycombinator.com/item?id=36800744
|
| https://news.ycombinator.com/item?id=36808231
|
| https://news.ycombinator.com/item?id=36791711
|
| https://news.ycombinator.com/item?id=36789691
|
| https://news.ycombinator.com/item?id=36816208
|
| https://news.ycombinator.com/item?id=35862886
|
| By the HN guidelines this is a repost, but it would be a mistake
| IMO to delete it. This would mark the end of the open web, but
| for whatever reason this issue has never really bubbled to the
| surface here before. It feels like something is different this
| time.
| GrinningFool wrote:
| This seems like a very believable parody. Particularly given the
| 'spec.bs' filename which looks like it's just markdown.
| zzo38computer wrote:
| I don't know what ".bs" denotes, and I cannot find anything
| relevant on Just Solve The File Format Problem.
| drbawb wrote:
| There is one thing I'm not quite clear on here:
| >The attestation is a low entropy description of the device the
| web page is running on. >The attester will then sign a
| token containing the attestation and content binding (referred to
| as the payload) with a private key. >The attester then
| returns the token and signature to the web page. >The
| attester's public key is available to everyone to request.
|
| I'm assuming "attester" here means "hardware authenticator." How
| is the attestation low entropy if it's presumably signed by a key
| that is unique & resident to my device? There is nothing higher
| entropy than a signature w/ "my" private key. That is literally
| saying "I [the single universal holder of the corresponding
| private key] signed this attestation." These days that key is
| realistically burned into my device at manufacturing time, and
| generally even _if_ I can enroll keys on "my" device (big if),
| there is a very limited number of keyslots on hardware
| authenticators. Certainly not enough slots to present a random
| throwaway identity to each webpage.
|
| I don't understand how you can have public/private key crypto as
| the basis for attestation and also have privacy? The two seem
| mutually exclusive. Is the private key supposed to be shared
| among a large cohort? (Which seems rather unwise, as it would
| make the blast radius of a compromised key disastrously huge.)
| wmf wrote:
| Maybe your device sends a signed attestation to the OS vendor
| and they generate a more generic attestation (basically "this
| is a legit Chrome browser running on Android but I won't tell
| you anything else").
| cesarb wrote:
| > I'm assuming "attester" here means "hardware authenticator."
| How is the attestation low entropy if it's presumably signed by
| a key that is unique & resident to my device?
|
| From what I understood, the "attester" is a remote server,
| which signs the attestation with its own key, after somehow
| verifying that the browser and operating system and drivers and
| machine is not running any code that this remote server does
| not completely trust. That key can be used at most to identify
| the remote server, which is supposedly shared by a wide number
| of devices.
|
| Yes, this means that your browser depends on having a working
| connection to that remote server for every attestation it
| makes, and that if that remote server colludes with the web
| page (or is compromised), it can leak your identity.
| xg15 wrote:
| Also, there probably _will_ be per-device keys, it 's just
| that they are only used in the communication between the
| attester and the device, and not exposed to the web page.
|
| So you're at the complete mercy of the attester (and of
| whatever deals it made with the sites) _but_ the sites
| technically can 't use the token to track you. Privacy!!!
| saurik wrote:
| This is pretty much the inevitable end-game of the web, in no
| small part funded by ad-based business models (as the analog gap
| pretty much destroys most attempts to use this stuff to do copy
| protection) and enabled by developers who have insisted we shove
| as much difficult-to-implement functionality (by which I am
| talking about CSS complex stuff, not powerful-but-easy-to-code
| APIs for OS-level access) into the browser as possible.
|
| The result: there is now effectively one dominating web browser
| run by an ad company who nigh unto controls the spec for the web
| itself and who is finally putting its foot down to decide that we
| are all going to be forced to either used fully-locked down
| devices or to prove that we are using some locked-down component
| of our otherwise unlocked device to see anyone's content, and
| they get to frame it as fighting for the user in the spec draft
| as users have a "need" to prove their authenticity to websites to
| get their free stuff.
|
| (BTW, Brave is in the same boat: they are _also_ an ad company--
| despite building ad blocking stuff themselves--and their product
| managers routinely discuss and even quote Brendan Eich talking
| about this same kind of "run the browser inside of trusted
| computing" as their long-term solution for preventing people
| blocking _their_ ads. The vicious irony: the very tech they want
| to use to protect them is what will be used to protect the status
| quo from them! The entire premise of monetizing with ads is
| eventually either self-defeating or the problem itself.)
| troupo wrote:
| > we shove as much difficult-to-implement functionality (by
| which I am talking about CSS complex stuff, not powerful-but-
| easy-to-code APIs for OS-level access) into the browser as
| possible.
|
| "powerful-but-easy-to-code APIs for OS-level access" are actual
| hard-to-implement-right functionality that is often pushed to
| browsers with very little discussion or considerations.
| saurik wrote:
| But the chance of a web page actually needing that
| functionality to render at all is rare for hopefully-obvious
| reasons. The status quo is that progressive enhancement is
| dead: a few-year old copy of Safari can now simply not browse
| much of the web anymore because it is missing some corner
| case of CSS or web components or whatever: I often am stuck
| at loading spinners or are simply thrown into a blank page...
| the best case is a client-side rendered 500 error on many
| pages.
|
| It was critical for the web to be easy to implement the core
| of for a small team or even a single concerted god-tier
| developer--imagine Fabrice Ballard--and the current spec has
| failed so hard at this that even tech megacorps have thrown
| in the towel. People get upset about WebUSB... but that's not
| the API surface that is causing us issues. If I had to
| single-handedly implement all of canvas/WebGL/WebGPU and
| JavaScript/WebAssembly I could pull it off (noting I used to
| be a video game engine developer).
| troupo wrote:
| > But the chance of a web page actually needing that
| functionality to render at all is rare for hopefully-
| obvious reasons.
|
| The chance of a page using something has no bearing on how
| dificault something is to implement.
|
| > People get upset about WebUSB... but that's not the API
| surface that is causing us issues.
|
| It's one of the _hundreds_ of APIs, and yes, it causes
| issues, too. Because it also needs to be implemented, and
| it also adds to the complexity of the web browser.
| chrisco255 wrote:
| Do you have a quote from Eich saying that because you've
| provided no source.
| saurik wrote:
| > you've provided no source.
|
| Yeah: it isn't shocking and can be quickly found using Google
| (as I just did now).
|
| https://www.reddit.com/r/BATProject/comments/b7rwbx/
|
| > 1/ native C++/Rust code, no JS tags on page that have zero
| integrity. That means ability to use SGX/TrustZone to check
| integrity and develop private user score from all sensor
| inputs in the enclave; ...
|
| > We already have to deal w/ fraud. That is inherent in any
| system with users and revenue shares or grants. We do it
| better via C++ and (under way) SGX or TrustZone integrity
| checking + OS sensor APIs, vs today's antifraud scripts that
| are routinely fooled.
|
| They are also building an SDK and talk about using this tech
| to ensure the ads presented by their SDK in someone else's
| app are legitimate.
|
| https://www.reddit.com/r/BATProject/comments/9yys6b/
|
| https://www.reddit.com/r/BATProject/comments/97trex/comment/.
| ..
| Aerbil313 wrote:
| Yeah this is really the endgame. I think the issue is systemic
| though, this is more than just ad money. Bots and
| automatability of the web was always an anomaly and a flaw, as
| the web was and is always designed for humans. Strict human
| verification was always a need. One can say we did achieve this
| with 2FA and such, but what is technology all about?
| Convenience. If it's more convenient, people will prefer remote
| assertion every day of the week:
| https://gabrielsieben.tech/2022/07/29/remote-assertion-is-co...
| rpastuszak wrote:
| It is systemic, but I think you underestimate how deeply the
| adtech money and everything surrounding it is embedded in our
| mindset. It's essentially the Goodhart's Law taken to the
| extreme, where every single new iteration of the system
| brings in new middlemen, new misaligned incentives, then
| putting those middlemen between the person providing a
| service and the person who'd like to pay for it.
|
| Here's an exercise: try to draw a diagram of all parties
| required to display a video ad on your page. I suggest
| starting with the OpenRTB and VAST specs. It's creepy.
|
| The biggest shame here is that most people are convinced that
| we need advertising because otherwise people would not pay
| for content.
| madeofpalk wrote:
| > and enabled by developers who have insisted we shove as much
| difficult-to-implement functionality (by which I am talking
| about CSS complex stuff, not powerful-but-easy-to-code APIs for
| OS-level access)
|
| Interesting that fixing "how to center a div" is considered
| harmful, but WebSerialPort is actually very good?
|
| > The result: there is now effectively one dominating web
| browser run by an ad company who nigh unto controls the spec
| for the web itself
|
| I don't think this this reality. Google proposes a bunch of
| APIs that goes nowhere because the other browser vendors
| consider them harmful. Google's previous attempts at trying to
| drive more adtech into the browser have failed due to a lack of
| support from other browser vendors.
|
| I think "who drives the web specs" is probably in the best
| situation possible. It's largely Google, Mozilla, and Apple who
| all have slightly different interests in what makes a good web
| platform, and the web ends up better for it.
| saurik wrote:
| > Interesting that fixing "how to center a div" is considered
| harmful, but WebSerialPort is actually very good?
|
| It is certainly "interesting", but "true" nonetheless: one
| determined person--think Fabrice Ballard if you want an
| example--is in a great position to throw together a web
| browser and even implement ALL of the crazy API wrapper
| specs, but when if they aren't you simply don't need most of
| them to browse any given website.
|
| But, as it stands, my only a-few-year-old copy of Safari can
| barely even browse the web anymore as it is missing some new
| corner case of CSS or web components or whatever and I just
| get blank screens a lot; the result: people have burned years
| of large teams into trying to maintain implementations of
| HTML/CSS and have given up.
|
| The web should really just be a handful of really core specs
| for getting platform access--which of course have innovated
| over the years so you'd have all of canvas, WebGL 1/2, and
| WebGPU, which would take SOME effort but isn't like, INSANE--
| and then all of the layout should be done end-to-end in
| libraries.
|
| The world NEEDED to be like this to prevent us from ending up
| with only a handful of web browsers that can only be
| maintained by giant companies: it needs to be sufficiently
| easy to build a web browser that we would end up with a ton
| of small implementations that would be difficult to move as a
| unit, forcing progressive enhancement as a permanent norm.
| tentacleuno wrote:
| > who is finally putting their foot down and deciding that we
| are all going to be forced to either used fully-locked down
| devices
|
| The person who wrote the proposal[0] is from Google. All the
| authors of the proposal are from Google[1].
|
| I've been thinking carefully about this comment, but I really
| don't know what to say. It's absolutely heartbreaking watching
| something I really care about die by a thousand cuts; how do we
| protest this? Google will just strong-arm their implementation
| through Chromium and, when banks, Netflix & co. start using it,
| they've effectively cornered other engines into implementing
| it.
|
| This isn't new to them. They did it with FLoC, which most
| people were opposed to[2]. The most they did was FLoC was
| deprecate it and re-release it under a different name.
|
| The saving grace here might be that Firefox won't implement the
| proposal.
|
| [0]: https://github.com/RupertBenWiser [1]:
| https://github.com/RupertBenWiser/Web-Environment-Integrity/...
| [2]: https://news.ycombinator.com/item?id=26344013
| tapoxi wrote:
| I mean Firefox caved to support EME. This isn't the early
| days of the web anymore either, the enthusiasts are a small
| minority of global web traffic that this will probably
| succeed even with a large scale boycott.
| tentacleuno wrote:
| I still remember the controversy surrounding EME, a LOT of
| people came out against it (including the EFF[0]); despite
| that, they still triumphed on[1].
|
| [0]: https://www.eff.org/press/releases/eff-makes-formal-
| objectio... [1]: https://github.com/w3c/encrypted-media
| ahahahahah wrote:
| And thank god for that, otherwise we'd still need to
| support flash to use most popular websites.
| apostacy wrote:
| Good. DRM should be external to the browser, not
| integrated into it.
|
| DRM is mostly security theater anyway. Until a few years
| ago, the Spotify client just left unencrypted mp3s cached
| locally. And they stopped DRMing music over a decade ago.
| People are willing to pay a reasonable price for first
| party content.
|
| If a company insist on DRM, then they should be on their
| own.
|
| If we make it too easy, then they will just use it
| everywhere.
| flangola7 wrote:
| Spotify will not load in a browser without a DRM plugin
| apostacy wrote:
| Yes, but that is fairly recent! Did anyone even notice?
| For years, you could siphon every song you listened to
| and save it locally. But did it affect anything? I did it
| for a little while, but then found it wasn't worth the
| trouble.
| tentacleuno wrote:
| EME is for DRM'ing media. I don't see how that pertains
| to Flash.
|
| WebAssembly exists as a replacement now, too.
| veave wrote:
| If browsers didn't natively support DRM then they would
| have to come up with external extensions (such as Flash)
| to support DRM.
|
| DRM isn't going away.
| apostacy wrote:
| DRM should be inconvenient and expensive. There have
| always been ways to implement DRM security theater for
| the comfort of content providers in board rooms.
|
| The media ecosystem is not going to be enhanced by making
| DRM more restrictive. Netflix could completely deactivate
| all DRM today, and it would change nothing.
|
| Apple completely abandoned their "FairPlay" iTunes music
| DRM because it became evident that it was not needed.
| wmf wrote:
| Back in the days before the <video> tag, Web sites were
| using Flash to play video. Flash was also the main way to
| play DRMed video before EME.
| riffraff wrote:
| I think in this case Firefox is in a different position: if
| it didn't support EME netflix wouldn't work.
|
| But in this case it could report "sure, this is a real user
| alright" by being its own attester, can't it?
| apostacy wrote:
| So what if Netflix doesn't work?? That is the choice of
| Netflix. Big content will always want more control.
| Firefox will never be able to keep up. They will just do
| a mediocre job of working against their users.
|
| Microsoft and Real Player pushed hard for an integrated
| ActiveX based DRM ecosystem over a decade ago. I'm so
| glad that Mozilla flatly refused to entertain such
| idiocy. I sure wish that Mozilla still existed.
|
| Mozilla is now just a "pick me" [1] organization to big
| content. They should own being a browser that caters to
| users, not platforms. Because they will end up with
| nothing.
|
| [1]:
| https://www.urbandictionary.com/define.php?term=Pick%20me
| mschuster91 wrote:
| The problem is, back then most people on the Internet
| were _techies_. They knew their shit.
|
| Today? Guess who Grandma's gonna call with "my Netflix
| isn't working"? And she won't care why, all she cares
| about is Netflix.
| gizmo686 wrote:
| That depends on how the attestation is done.
|
| If done correctly, TPMs on every computer would be
| preloaded with signing keys (probably microsoft). The web
| browerser would then ask the TPM to sign the Platform
| Configuration Registers, which are a hash of a challenge
| nonce, the system firmware/kernel/configuration/etc. This
| signature is then sent (along with a description of the
| system configuration) to an external attester. This
| external attester validates that:
|
| A) the claimed configuration is "secure" (trusted kernel,
| bootloader, browser, etc) and
|
| B) The TPM's signature attests to the configuration.
|
| The validator then generates its own signed message that
| can be sent to the server.
|
| In practice, I think this is logistically unworkable in
| todays computing environment. But with enough big players
| pushing for it, I don't see anything fundamentally
| impossible.
| wmf wrote:
| If Firefox lies, sites will refuse to load in Firefox.
| spystath wrote:
| > how do we protest this?
|
| You do not and you cannot. It was written in stone once
| Chrome dominated the browser market. What Chrome (Google)
| wants, Chrome (Google) gets. Despite all the good engineering
| Google wants to sell ads, that's all there is to it. And the
| result is this proposal.
|
| > The saving grace here might be that Firefox won't implement
| the proposal.
|
| It's irrelevant and we are an irrelevant minority. Unless
| people switch to FF in droves the web _is_ Chrome. And they
| won 't because at the end of the day people just want to get
| home from their shitty jobs and stream a show. As long as
| that works everything else is a non-issue.
| emilsedgh wrote:
| This is not the right attitude. Google wanted AMP. Google
| didn't get AMP. AMP is dead.
| troupo wrote:
| Before it died it crippled the web, the search,
| publishers' ad revenues etc.
| mschuster91 wrote:
| It was fun while it lasted though, finally news sites
| that could be read on an average German mobile data
| connection.
|
| For the uninitiated: Germany's mobile phone network has
| been ridiculously expensive and unreliable for decades.
| Everyone else in Europe has done it better, because no
| one else thought they could extort 60 billion euros from
| the providers for RF spectrum licenses - we're still
| paying for that blatant debt-shifting today.
| PaulDavisThe1st wrote:
| AMP is dead, but long live King AMP, now known to
| subjects as King WEI
| Aerbil313 wrote:
| This is not even just Google. Apple, Microsoft,
| Cloudflare, everyone's in.
| https://gabrielsieben.tech/2022/07/29/remote-assertion-
| is-co...
| motbus3 wrote:
| You can by not using Google products. Change the search for
| ddg or kagi. Change your email for proton. Use Dropbox
| instead. Remove Chrome, live with iceweasel or Firefox.
|
| It is not like you'll be loosing much. This is the time to
| change, while we still have other players in the market.
| xg15 wrote:
| No, you can't - not until you get a significant part of
| the world's population to join your protest.
|
| The point is that if chrome implements this, netflix,
| amazon, facebook etc might decide they'll use this
| feature and only permit browsers who implement this to
| use this site.
|
| Even if the only browser that does so is chrome, that's
| fine because chrome's market share is big enough that
| they can ignore the rest.
|
| Have fun using Firefox if half of the web locks you out
| or treats you like a second class citizen.
| 20after4 wrote:
| It might be time to abandon that half of the web. Radical
| software freedom ideology is looking less radical and
| more rational by the day.
| pmlnr wrote:
| > It's irrelevant and we are an irrelevant minority.
|
| Heh. I was there when it was IE6, and people said the same.
| mavrc wrote:
| I was there too. People always say this, but just because
| a thing changed once does not mean it will happen again.
| In this case, the population scale alone has changed by
| over an order of magnitude.
|
| Just doing some quick searching - the first numbers that
| come up when you search for "how many people used the
| internet in the year 2000" are on the order of 350
| million or so. Comparatively, now, in 2023, Reddit alone
| has some 450 million users. It would seem right now that
| Tiktok has about three times the number of active users
| than there were total Internet users 23 years ago.
|
| Additionally, there are literally hundreds of billions of
| dollars now resting on Chrome remaining the dominant
| browser.
|
| Short of government intervention (or absolutely
| monumental fuckup on Google's part somehow), Chrome is
| here to stay.
| ploum wrote:
| Yes. The solution is very simple: uninstall Chrome and
| Chromium.
|
| We are the people with the most influence on the tech. We
| are prescriptors. We are legion.
|
| - Yes but Chrome is a tad faster and I have my bookmarks
| and my favorites extension and blablablabla...
|
| -- Then you are the root cause of the problem. If you are
| not ready to sacrifice an ounce of comfort to save the
| web, then you are the one killing the web.
|
| Simple: install Firefox. Now.
|
| (oh, and, by the way, also removes google analytics and
| all google trackers from the websites under your control.
| That's surprizingly easy to do and a huge blow in Google
| monopoly. There are plenty of alternatives)
| pmlnr wrote:
| > There are plenty of alternatives
|
| Yeah, not for long. Go back and read the proposed
| changes.
| Buttons840 wrote:
| Please explain what you mean. It sounds like you have an
| important point that can only be found if people sit and
| carefully read several pages. Important points deserve to
| be stated more plainly.
| saurik wrote:
| The entire point of this spec is that your alternative
| browser wouldn't be able to attest to its "integrity"
| unless it was exactly as locked down as the other ones.
| If you have some kind of rebuttal to the shared context
| we all otherwise have, maybe you should be the one forced
| to state it more plainly.
| Buttons840 wrote:
| Okay, so you're _not_ saying that we 're going to lose
| the ability to use another browser, just that the other
| browsers might not be good for much.
|
| I think the comment you originally replied to is trying
| to say "use the other browsers, _even if_ they are not
| good for much ".
| pmlnr wrote:
| No, I get it. I can't see a blackout day happening (the
| one stopped SOPA/PIPA) again either.
|
| But it still happened, against M$, who was the behemoth
| of the time, so things are never impossible.
| spystath wrote:
| I was there too, in the 1.0 days, and still am. But these
| days are gone, Firefox is not coming back. Back then
| Firefox was _immensely_ better than IE. As long as the
| other alternatives are just as good, there is no reason
| for the mythical "average user" to change over. Why
| bother if you can do everything in Chrome? We may
| understand the differences, ideological or technical, but
| good luck explaining that out there. There's a massive
| disconnect between user and technology and as a result
| people will live in the perfectly curated technological
| bubble that's been served to them.
| ixfo wrote:
| "You can use adblock" is a pretty chunky benefit over
| Chrome
| h4x0rr wrote:
| What about Safari? It has significant market share. Seems
| like our best bet now
| saurik wrote:
| Yeah: the company that is all about locking down user
| devices and relishes in providing a DRM-ridden platform
| for developers to maintain complete control over their
| users is _totally_ going to be against implementing this
| specification : /. I mean... it's possible? but any hope
| there is fully predicated on their hatred of Google and
| their distaste for the web.
| drbawb wrote:
| I doubt Apple will be our savior here. Apple is in a
| great position to implement this spec: their secure
| enclave and the systems they've developed around it are
| practically the state of the art. Also Apple is in bed w/
| traditional media. (Apple News, Apple TV, iTunes, etc.)
| Microsoft has been doing the same[1] for years w/ Pluton
| on the Xbox to protect their IP. Google has been doing
| this on Android using, dm-verity, SafetyNet, et al.
| Nintendo employs similar protections on the Switch with
| moderate success. (After the bootrom of the initial
| HAC-001 was patched on the production floor the only real
| option to attack a modern Switch is physically glitching
| the console.)
|
| I suppose Apple may object on the grounds of being a
| "privacy focused" company, but I'll believe that when I
| see it. I'm not gonna sit here holding my breath for
| these megacorps to do the right thing.
|
| [1]: https://www.youtube.com/watch?v=U7VwtOrwceo
| enumjorge wrote:
| > The saving grace here might be that Firefox won't implement
| the proposal.
|
| As others have said, FF doesn't have a lot of leverage left
| to influence those type of decisions, but Safari might. Not
| sure what their position is on this proposal.
|
| The one pager has a section on stakeholder feedback [0], but
| doesn't name them for some reason.
|
| [0] https://github.com/RupertBenWiser/Web-Environment-
| Integrity/...
| apostacy wrote:
| Looking at it in terms of leverage and market-share is a
| huge mistake that Mozilla keeps making. Mozilla doesn't
| have a platform like Google does. What exactly is Mozilla
| even competing for? Popularity?
|
| They should hunker down and make the best browser they can,
| implementing their best web. It worked 20 years ago, and in
| many ways the circumstances are the same. We have tech
| monopolies proposing ludicrous "content security"
| mechanisms. Where would Mozilla have been if they tried
| making some sort of half baked "less evil" form of
| Microsoft Janus DRM[1]?
|
| People are going to get sick of how intrusive DRM is
| becoming, and there should be an alternative waiting for
| them.
|
| Every person who has content they thought they purchased
| "expire" and be erased from their device, or who can no
| longer use their expensive projector after the latest
| mandatory update.
|
| I evangelized heavily for Firefox in the 1.x days. People
| were sick of IE6, and were glad to have Firefox. I worked
| at a computer store and probably converted 100+ people.
|
| [1]: https://en.wikipedia.org/wiki/Janus_(DRM)
| wmf wrote:
| _What exactly is Mozilla even competing for? Popularity?_
|
| Mozilla's revenue is proportional to usage so they need
| enough users to cover their development costs.
| 20after4 wrote:
| If only the wikimedia foundation would fork firefox, then
| the open web might have a chance.
|
| Wikimedia is honestly the only organization with the
| right ideology, the right business model, and enough
| money to do something like this sustainably.
| pmlnr wrote:
| > how do we protest this
|
| The proposal for Chrome, you don't, because there's no
| stopping it. See DRM, Secure Boot, all the rest of the
| shitshow pursuing "trusted environment". It'll never happen,
| but CEOs won't accept reality.
|
| You can, however, embrace the rest: eg. keep serving your own
| content on http (along with https), gopher for retro
| compatibility, and because they are less prone to break.
|
| Keep using your current device for browsing, and whatever
| refuses to serve you either leave it for good or keep a spare
| chromebook for all the "services" you can't avoid to use,
| like banking.
|
| I don't have a better route. It's a bit like streaming: if I
| want resolution above 480p, I use a Chromecast with Android
| TV.
| zzo38computer wrote:
| > if I want resolution above 480p, I use a Chromecast with
| Android TV.
|
| I am one who specifically does not want a resolution above
| 480p. Unfortunately, some TV services had decided to remove
| that feature and now it wastes disk space due to the higher
| resolution. I also want to be able to use an external
| caption decoder and recorder (in my case, the same device
| does both), so will use the composite video and not HDMI
| (which doesn't have captions).
|
| Steven J. Searle wrote: "The sad fact of the matter is that
| people play politics with standards to gain commercial
| advantage, and the result is that end users suffer the
| consequences. This is the case with character encoding for
| computer systems, and it is even more the case with HDTV."
|
| > keep serving your own content on http (along with https),
| gopher for retro compatibility, and because they are less
| prone to break.
|
| Yes, it is reasonable. I think that "HTTPS only" is
| (mostly) no good, but having both is good. HSTS is no good.
| t0astbread wrote:
| Generally agree but I don't think Secure Boot falls in this
| category unless the keys are locked in firmware (and in
| that case the firmware is the problem). Root passwords
| aren't evil either just because they can be withdrawn from
| the user.
| gizmo686 wrote:
| Secure Boot is often conflated with Measured Boot.
|
| Measured Boot is essential for any attestation based
| scheme.
| WhyNotHugo wrote:
| > how do we protest this?
|
| Probably the privacy angle is best. Given that this uses an
| "attester's public key", this enables to uniquely identify a
| given device repeatedly over time with no margin for error.
| It's essentially "perfect fingerprinting".
|
| There's also the option that devices don't use a per-device
| key. If all the devices from a vendor use the same keypair,
| then this would be broken by just extracting the key from a
| single device (AFAIK, in the US this would likely not be
| legal to use).
| gjsman-1000 wrote:
| I'm doing this again, but here's my shameless plug for the
| article I wrote 1 year ago now, "Remote Attestation Is Coming
| Back," which warned that this was coming to the web and had
| quite a discussion about that idea at the time:
|
| https://news.ycombinator.com/item?id=32282305
| cesarb wrote:
| > It's absolutely heartbreaking watching something I really
| care about die by a thousand cuts; how do we protest this?
|
| Death by a thousand cuts can also happen in the other
| direction. Even if we do not have a single decisive way to
| oppose this disastrous proposal, we can fight it in as many
| ways and on as many avenues as possible. Spreading the word
| about it widely is an important first step, so that those
| best placed to oppose it know that they should act.
| wewxjfq wrote:
| Vote with your clicks. Google doesn't want me to install an
| ad-blocker on my phone, so I'm not browsing the ad-infested
| websites. And for the current integrity checks: If a site
| wants me to solve a captcha just to view it, I close the tab
| and never visit the domain again. In fact, I already close
| the tab when I see Cloudflare checking my browser. Let the
| corporate web die.
| qingcharles wrote:
| I'm holding out hope for Ladybird to save us all one day:
|
| https://awesomekling.github.io/Ladybird-a-new-cross-
| platform...
| zzo38computer wrote:
| > How do we protest this?
|
| Perhaps, make a web page with something like:
| if(navigator.getEnvironmentIntegrity) window.location="[some
| URL with the protest]";
| dahwolf wrote:
| The chess pieces for the end-to-end unblockable ad machine are in
| place.
|
| You'll have the cynically named "Privacy sandbox" that builds
| tracking directly into the browser. You curtail ad blockers by
| capping browser extensions. And then you allow access only to
| "attested" clients. Inescapable tracking and unblockable ads. And
| you'll get to see ever more of them over time.
|
| If this isn't evil enough in itself, the way Google presents
| these initiatives in grossly misleading ways makes my blood boil.
|
| Fuck "Be as evil as possible" Google. Absolutely pathetic
| company. I'm so done with them.
___________________________________________________________________
(page generated 2023-07-21 23:00 UTC)