[HN Gopher] Google's nightmare "Web Integrity API" wants a DRM g...
___________________________________________________________________
Google's nightmare "Web Integrity API" wants a DRM gatekeeper for
the web
Author : jakobdabo
Score : 202 points
Date : 2023-07-24 20:59 UTC (2 hours ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| BLKNSLVR wrote:
| Google seems to be escalating the speed of its efforts to
| restrict its user base to the completely non-technical, but Apple
| and Facebook already own that market.
|
| It also sounds like they're promoting yet another way to make
| "the internet" slower, more bloated, and have greater impediments
| to usage.
| treyd wrote:
| This proposal only impacts "the web", which has already been
| going downhill for years now due to unsustainable ad-reliant
| business models. The internet is fine.
| truevelvet wrote:
| That distinction made me feel better about the whole thing.
| Thank you.
| kelnos wrote:
| For the vast majority of people, the internet _is_ the web,
| as well as mobile apps. The latter are already out of the
| control of users. Today, we at least have browsers that we
| can mostly force to do what we want (like stop downloading
| and displaying ads), but WEI will end up restricting portions
| of the web to users running browsers that do what the web
| servers want, not what their users want.
|
| And for most people in the world, that _is_ "the internet".
| JohnFen wrote:
| > The internet is fine.
|
| I wish I could agree. The internet isn't in nearly as bad of
| shape as the web is, that's true. But it doesn't look nearly
| as healthy as it used to, as more and more services are
| moving to the web and abandoning the internet.
| doctor_eval wrote:
| I have never understood why Google has remained the esteemed
| vendor for a subset of technical users.
|
| They lost me more than a decade ago when they hoovered clear
| text passwords from their wifi scanning and blamed it on a
| single engineer.
| anderspitman wrote:
| Seems like this is going to get a lot of pushback. It might not
| go through. But remember whether it goes through or not isn't the
| important thing. The fact that Google wants it to is what
| matters.
| thesuperbigfrog wrote:
| >> Seems like this is going to get a lot of pushback.
|
| It is:
|
| https://github.com/RupertBenWiser/Web-Environment-Integrity/...
| rvnx wrote:
| The same was with Privacy Sandbox; Result: billions of device
| now happily adopted it (by force).
| JohnFen wrote:
| Correct. If the pushback is successful, rest assured that the
| reprieve will be temporary. At best, they'll come back around
| with some tweaks and changes to blunt the more egregious
| aspects, but it will come back.
|
| The "privacy sandbox" stuff is a perfect example of this
| process.
| calibas wrote:
| > Google's plan is that, during a webpage transaction, the web
| server could require you to pass an "environment attestation"
| test before you get any data. At this point your browser would
| contact a "third-party" attestation server, and you would need to
| pass some kind of test. If you passed, you would get a signed
| "IntegrityToken" that verifies your environment is unmodified and
| points to the content you wanted unlocked.
|
| Would you rather a capitalist dystopia, where large corporations
| get to approve everything you see & hear, or a socialist
| dystopia, where the government gets to determine what you're
| allowed to view?
|
| [Answer: Neither]
| [deleted]
| jqpabc123 wrote:
| Sounds crazy.
|
| But a possible way to defeat it is what I do now --- keep two
| devices. One that meets their requirements for cases where it is
| absolutely needed and another for everything else.
| teraflop wrote:
| All well and good, until the number of websites that refuse to
| work without attestation starts inexorably creeping upwards,
| year after year.
| tumult wrote:
| The cases where your locked device is absolutely necessary will
| approach 100%.
| rolph wrote:
| attested proxies, back n forthing between a user, and the
| chrome zone
| contravariant wrote:
| When it comes to a game of chicken it's better to not just seem
| like you won't move, but to throw out the wheel entirely.
|
| Of course it's dubious if it applies here, especially because
| the playing field doesn't feel quite equal, but I think the
| most effective thing we can do is simply refuse to use websites
| that require a custom built user agent to access.
|
| Heck maybe we've already mostly lost the battle to keep the
| internet usable with curl, let's at least try to keep some of
| the other options open.
| codedokode wrote:
| > Google's plan is that, during a webpage transaction, the web
| server could require you to pass an "environment attestation"
| test before you get any data.
|
| There is no value in this "attestation" for me as a user. I want
| to be able to do whatever I want with the browser (for example,
| remove ads or block access to canvas and webgl) and I want sites
| to be unable to know this. And probably this attestation will
| provide additional fingerprinting signals which is what I don't
| want.
| jeroenhd wrote:
| Attestation is a great concept for stuff you're in control of.
| Employee laptops, your own servers, your own phone, you name
| it. You want to be able to control and verify your devices are
| still under your control, preferably without manually entering
| the data center every week to check. The concept isn't
| inherently bad.
|
| That said, the concept is seemingly aimed at blocking ad
| blockers and preventing browsers like Brave from impersonating
| Chrome so it can block ads without the need for extensions and
| such.
|
| The only user-positive use case I can think of for this is for
| self-hosted software. Maybe it can be used to detect MitM
| attacks or malware messing with the browser? In practice this
| will just mean "no Firefox, no Linux, no adblockers".
| pepe234 wrote:
| But they told me that Google being the one of the largest
| advertising companies in the world, had no interest in
| handicapping ad-blockers. BTW its the same company spreading FUD
| over AGPL.
| fidotron wrote:
| The Chrome team have used "the Open Web" as a euphemism for what
| is to all intents and purposes Google's great ad supported walled
| garden. That so few people see this for what it is is amazing,
| and then they get all surprised when Google act to preserve it
| and close the capability gap with native platforms.
| ASalazarMX wrote:
| It's an incredible hubris to pretend to gatekeep the whole
| Internet. Google's being doing a pretty hansome profit, maybe
| not the meteoric rise they were used to before 2020, but still
| nothing to warrant such desperate measures to secure future
| profits.
| elforce002 wrote:
| Well, I think this move by google will divide the chromium
| project in 2 versions: one with and one without this "feature".
| meepmorp wrote:
| That doesn't make any difference. There will be websites that
| will only allow people using approved browsers to access them.
| Instead of whatever you expect, you'll get a link to download
| Chrome (or whatever), and possibly install $COMPANY's
| attestation software.
|
| Then, people will DDOS the attestation endpoints because why
| not.
| WirelessGigabit wrote:
| It doesn't matter. It's a DRM. If your version of the software
| doesn't contain the right keys none of this will work
| correctly.
|
| Kinda like how Widevine works. No keys means lower quality.
| pornel wrote:
| Google will degrade their services for non-DRM browsers. They
| have a long history of "oops" with UA sniffs and serving slow
| buggy alternatives to Chrome-only JS.
|
| You'll be filling in captchas 10 times a day, getting randomly
| locked out of your Google account in the name of security, and
| whatever new feature they add to their services, they'll find
| an excuse to require the DRM for it.
| codedokode wrote:
| Cloudflare will happily help Google with displaying captchas
| to everyone not using Chrome.
| danShumway wrote:
| I'll add to this, notably, issues are still closed after the
| weekend: https://github.com/RupertBenWiser/Web-Environment-
| Integrity/...
|
| If this proposal gets rejected it'll be because of feedback in
| the press that is impossible to ignore. My experience watching
| how Google has handled contentious issues in the past makes me
| personally feel that Google will not be receptive to concerns
| about whether this spec should exist. Google and the Chromium
| team are not willing to hear community feedback about the
| direction of the web or about what the web should be. They demand
| that feedback start from a position of assuming the best
| intentions of the spec, and start from a position of assuming
| that the spec is basically good and might just have additional
| concerns to address (https://blog.yoav.ws/posts/web_platform_chan
| ge_you_do_not_li...).
|
| This has been a longstanding issue with how Google approaches web
| standards; there's no such thing as harmful feature and Google's
| approach is never wrong; it just might need refining. The
| refining is the only thing that Google wants to talk about.
|
| There is a predictable arc to this narrative as well. If blowback
| gets out of control, Google will blame that blowback on
| misinformation and accuse the community of operating in bad faith
| or fearmongering. At best, you'll get a few people from the
| Chromium team saying "we hear you and we need to communicate
| better." Note the underlying implication behind that statement
| that the original proposal wasn't _bad_ , it just wasn't
| _communicated_ well. People just need to do a better job of
| "getting involved" in the web standards process so that the
| Chromium team knows to address their concerns.
|
| There will be no acknowledgement that the direction or intent was
| wrong, that's just overwhelmingly not how the Chromium team
| operates on any issue big or small.
|
| It's good for larger sites like Ars to cover this, and it's good
| for people to share thoughts on social media; the only way that
| users have a say over this is if the press runs with it and
| generates a metric ton of bad publicity for Google; and even then
| it's a toss-up. It comes down to what the company feels like it
| can ignore or dismiss with a couple of Twitter posts. And this is
| not just where issues like adblocking are concerned, the Chromium
| team has been hostile to user feedback even on more minor
| technical issues for a pretty long while. I was writing about
| this issue back in 2018 (https://danshumway.com/blog/chrome-
| autoplay) and it was a trend before that point as well.
|
| It stinks to go into a conversation not assuming good will from
| all of the parties, but the Chromium team has not earned an
| assumption of good will, and it's done quite a bit to squander
| that assumption. It's in many ways kind of a waste of time to try
| and engage on this stuff, it's better to just criticize on social
| media and hope that the press runs with it. Because that's the
| only thing that Google listens to.
| rezonant wrote:
| One thing from the blink-dev discussion caught my eye:
|
| > Anything we might decide would ultimately be influenced by the
| larger societal debate around privacy (regulations etc.) since
| perfect privacy means perfect immunity for criminals.
|
| Ensuring that your devices don't spy on you on behalf of a
| government or company does not imply "perfect immunity for
| criminals".
|
| Putting aside attestation for the moment, consider this: Modern
| enclave driven device encryption (and the self-destructive
| passcode limitations that often accompany it), for example, could
| be likened to designing a very good safe that can automatically
| destroy its contents if it is breached. Do we require governments
| to have their own keys to all such safes sold?
| wiseowise wrote:
| > The goal of the project is to learn more about the person on
| the other side of the web ... The intro says this data would be
| useful to advertisers to better count ad impressions, stop social
| network bots, enforce intellectual property rights, stop cheating
| in web games
|
| Go f yourself, Google. Browser's purpose is to serve me web
| pages, not to learn about me.
| LispSporks22 wrote:
| They're going to prevent me from running an adblocker in this
| "web integrity" environment, aren't they.
| CharlesW wrote:
| Stopping anything that modifies a page on behalf of the user
| (rather than the creator or Google) will be step 0.
| benterix wrote:
| Not until Mozilla gives in.
| kelnos wrote:
| And if they don't give in, Firefox users will stop being able
| to access Google properties, and then probably others like
| video and music streaming sites, and possibly even the larger
| news outlets. Banking sites might get in on the action, being
| led to believe that doing so will increase security.
| hdjdndhfbrb wrote:
| Where do you think Mozilla gets its funding from?
| hdjdndhfbrb wrote:
| Capitulation in 3,2,1
| LispSporks22 wrote:
| As I recall, Mozilla caved last time with EME so I would not
| count on it.
| JohnFen wrote:
| Yeah, that was when I realized that Mozilla wasn't really
| able to stand up to the bad guys as much as we'd hope.
| blibble wrote:
| no web attestation for them then
|
| youtube, prime video, netflix, banking, github
|
| none of that for firefox users
| exitheone wrote:
| The market share of firefox is so low and there are already a
| ton of popular websites that don't work on firefox. Mozilla
| will very much be forced to follow along here.
| gochi wrote:
| They run the largest ad company on the planet, affecting
| adblockers is always a primary goal for them.
| Fartmancer wrote:
| It honestly boggles the mind that the same company I used to
| respect twenty years ago has morphed into the evil monster that
| is modern Google. A tragic fall from grace.
| kibwen wrote:
| Such is the fate of all companies. Companies need to be allowed
| to die in order to facilitate competition, but because of a
| failure of antitrust regulators to do their jobs, giant
| companies have been allowed to leverage their war chests to
| perpetuate themselves by gobbling up competitors and prolonging
| their own demise, to the detriment of us all.
|
| Google needs to be broken up, and the other tech giants too.
| Bring back competition to the market or we'll continue marching
| towards Blade Runner corporate dystopia.
| wetpaws wrote:
| [dead]
| arciini wrote:
| While I don't love this API's idea, I understand why they're
| doing it, and the API it describes really just sounds like any
| Captcha API today.
|
| > Google's plan is that, during a webpage transaction, the web
| server could require you to pass an "environment attestation"
| test before you get any data. At this point your browser would
| contact a "third-party" attestation server, and you would need to
| pass some kind of test. If you passed, you would get a signed
| "IntegrityToken" that verifies your environment is unmodified and
| points to the content you wanted unlocked. You bring this back to
| the web server, and if the server trusts the attestation company,
| you get the content unlocked and finally get a response with the
| data you wanted.
|
| The problem with Captchas today is that there are a lot of
| services you can use to bypass them. You send the token to a
| human, human gives you the solution-token, and you pass that to
| Google.
|
| I can see why they want to make this more protected. As a user,
| if this lets me solve captchas less for certain sites, I'm OK
| with that. Of course, I don't think this API should be used for
| the entire web, but I definitely understand its use-case.
| rvnx wrote:
| If you liked that idea, you may love "Privacy Pass" by
| Cloudflare: https://chrome.google.com/webstore/detail/privacy-
| pass/ajhmf...
| mabbo wrote:
| > Exactly how the rest of the world feels about this is not
| necessarily relevant, though. Google owns the world's most
| popular web browser, the world's largest advertising network, the
| world's biggest search engine, the world's most popular operating
| system, and some of the world's most popular websites. So really,
| Google can do whatever it wants.
|
| This is the point that company breakups start to make a lot of
| sense.
|
| When Google can do something that every one of it's users hates
| and none of us can do anything about it, they _perhaps_ have too
| much market power.
| kelnos wrote:
| > _When Google can do something that every one of it 's users
| hates_
|
| I don't think this is remotely the case. Quite a few tech-savvy
| people I know (some of them software developers) use Chrome and
| mostly don't care about whatever Google does with it. I mention
| "manifest v3" and get a blank stare. I talk about advertising
| and ad blockers, and most people don't care, with some of them
| not even using ad blockers.
|
| We really live in a bubble, here on HN. Most people think of
| privacy as some abstract thing that they have little control
| over, and are mostly fine with that. And some are even also
| fine with government erosion of privacy, in the name of "save
| the children" style arguments, and of corporate erosion of
| privacy, in the name of getting free stuff in exchange for
| their personal information.
|
| It's a sad state of affairs. If most people really did care
| strongly about these sorts of issues, then I think it would be
| baffling why we haven't seen more change here -- after all,
| Firefox is a perfectly viable alternative to Chrome that very
| few people use. But the lack of change is no surprise: most
| people don't care.
| gochi wrote:
| But that's the catch, company breakups are extremely hard to
| perform especially when you're talking about such a giant
| company being tackled by an organization that only has ~400m in
| funding. Especially when they can point to the other giant
| companies as defense against claims of monopolist behavior. See
| Google using Microsoft, Apple, and Amazon as a reason for why
| their ad business should not be broken up in the January
| lawsuit.
|
| On top of all this, a lot of users _don 't care_, which is a
| problem itself, but also leads to an even harder time trying to
| navigate a company breakup. The convenience is too great for
| them, and it's too easy for the above noted companies
| (alongside other giants like Walmart) to shift public opinion.
| kibwen wrote:
| As hard as it may be, to paraphrase the ancient parable:
|
| The best time to break up Google was 10 years ago.
|
| The second-best time to break up Google is today.
| zimbatm wrote:
| Remember they already added DRM to browsers once. There was a big
| outcry at the time, and they still went ahead and implemented it.
| Now even Firefox supports Widevine.
|
| If they believe that it's in their best interest, I'm not really
| sure what we can do against this...
| karaterobot wrote:
| > Exactly how the rest of the world feels about this is not
| necessarily relevant, though. Google owns the world's most
| popular web browser, the world's largest advertising network, the
| world's biggest search engine, the world's most popular operating
| system, and some of the world's most popular websites. So really,
| Google can do whatever it wants.
|
| On one hand, I think this is wrong, because the world is full of
| tech companies who thought they could do whatever they want
| because they're big enough. "Nobody would dare switch away from
| Facebook! Err, I mean Twitter. No wait, I meant Chrome!" But
| that's a bet, not a fact. Sometimes it works out, and sometimes
| everyone leaves and goes somewhere else. You think you have a
| moat, and you do, it's just you don't always realize it's ankle
| deep.
|
| On the other hand, Google _can_ do what it wants with Chrome,
| because it 's their product. I use Firefox, and it won't affect
| me. All the people who don't care about this are free to use
| Chrome. Likewise, anyone who wants to listen to a man in his
| forties tell them about why some browsers are better than others
| can ask me about my thoughts. Nobody has done that yet, but the
| offer is on the table.
| PolCPP wrote:
| Isn't Mozilla's main source of revenue actually google?
| JohnFen wrote:
| > I use Firefox, and it won't affect me.
|
| It will affect you a lot if websites start refusing to serve to
| you because you're not using an approved browser.
| JohnFen wrote:
| This sounds like the final death blow to the web as a useful
| platform for anyone who isn't a corporation.
| gary_0 wrote:
| The Web will cease to be an open system, and will become a
| glorified fax machine and cable TV network. Those few who care
| will turn to more esoteric, incomplete, user-unfriendly but
| open systems. Eventually one of those systems will gain
| popularity with nerds, academics, and weirdos. They'll fill it
| with information and media they compile and create in their
| spare time, and it will interoperate in useful ways that for-
| profit corporate networks can't. Over time it will gain
| popularity and "normal" people will start using it too. Money
| will start to pour in, the network will fill up with garbage,
| and then corporations will come in and take it over and lock it
| down.
|
| Rinse repeat.
| thriftwy wrote:
| Except in the age of hyperinformation, you will see such
| fringe systems pump and dump on the time frame of a few
| months, not decades like it used to. You would pray that it
| would not happen and the thing that you are using right now
| will not gain that kind of attention.
| JohnFen wrote:
| > Those few who care will turn to more esoteric, incomplete,
| user-unfriendly but open systems.
|
| A lot of that has been happening for a long time now.
| gattilorenz wrote:
| Care to share some examples?
| JohnFen wrote:
| Just talking about subcultures/communities that I've been
| a part of. Several of them only have a minimal presence
| on the public web, having moved to a network of private
| sites. A couple of them have assembled what amounts to a
| "shadow internet" that uses the internet for an encrypted
| communications channel but provides its own mailservers,
| IM servers etc. that don't interact with the internet
| proper.
|
| And, locally, there have been two ISPs set up (one by me
| and my friends) that aren't meant for public use, but to
| supply service to smaller groups. The one I set up was to
| supply internet service to a remote neighborhood that
| isn't likely to get reasonable commercial internet in the
| near or medium future.
|
| Those two ISPs supply internet access, but they also
| operate an intranet that is mostly decoupled from the
| public internet.
|
| All baby steps, and nobody is 100% "off the grid", so to
| speak, but it's a trend that started long ago and seems
| to be gaining a bit of momentum.
|
| My prediction is that the web will ultimately be just for
| commercial use (it's already 90% there), and there will
| be a whole bunch of tiny networks -- that may or may not
| portal to the internet -- that will fill the needs that
| the internet is increasingly unable to fill.
| pmontra wrote:
| This is bad but how is it going to affect the usefulness of my
| personal web site, that will never use that API to check who's
| reading it, not or human? Same thing for a lot of sites,
| probably the vast majority of them.
| rpdillon wrote:
| Personal sites likely wouldn't be affected directly. What
| this will affect is the ecosystem of browsers that people are
| willing to use. My prediction is that it will slowly strangle
| independent browser development, which will turn the web into
| something akin to the Android/iPhone duopoly. This is kind of
| already the case with browser engines, but because this is
| DRM, it would extend that same effect to the actual
| distributed binary (e.g. you can't visit your bank with
| Chromium on a Debian box, since that wasn't compiled and
| signed by Google).
|
| > Same thing for a lot of sites, probably the vast majority
| of them.
|
| Once Google gets this in place, it can then perform these
| checks through their ads SDK and demonetize traffic from
| visitors that don't pass the check. This will create an
| incentive for any site owner that wants to make money through
| ads to enforce that visitors must use an approved browser.
| Basically the DRM equivalent of 'Please disable your ad
| blocker'.
| InexSquirrel wrote:
| > Basically the DRM equivalent of 'Please disable your ad
| blocker'. An interesting observation I've had in my own
| browsing behaviour is that the majority of sites I visit
| are time wasting visits. If any site presents the above
| message (or the equivalent - 'sign up to read' like Medium
| does), I find I just navigate away and do something else.
|
| The bigger concern for me like you call out - major
| institutions like banks enforcing a separate company's
| requirements on me in order to interface with them.
| afandian wrote:
| One day Google may well flag your sure as lower security,
| refuse to let you show ads, or disappear you from search
| results.
| CamperBob2 wrote:
| You already get flagged as hazardous and uncool for not
| using https, even on a perfectly-static site.
|
| Some of us called that out as a slippery slope leading to
| ubiquitous gatekeeping, but we were shouted down in the
| name of (as usual) "security."
| gardenhedge wrote:
| That is because without https, there is no guarantee that
| the site requested is bring delivered as the site
| intends. For example, an ISP could insert data or scripts
| into the page.
| CamperBob2 wrote:
| And monkeys could fly out of my butt. Not everyone has
| the same threat model.
| JohnFen wrote:
| It won't at all, of course, but personal websites are a
| vanishing breed.
| rolph wrote:
| HTTPS has a lot to do with that. let's encrypt is free, but
| requires things common users dont have, such as control of
| a domain, as it is if google can see your stored
| certificates it could exclude you from a site based on
| "sites you hang around with"
| JohnFen wrote:
| Yeah, HTTPS accelerated it quite a lot, but the trend was
| already in play before that push.
| marginalia_nu wrote:
| Why is that?
| JohnFen wrote:
| > Google's plan is that, during a webpage transaction, the
| web server could require you to pass an "environment
| attestation" test before you get any data. At this point your
| browser would contact a "third-party" attestation server, and
| you would need to pass some kind of test. If you passed, you
| would get a signed "IntegrityToken" that verifies your
| environment is unmodified and points to the content you
| wanted unlocked.
|
| Because of this. If we're at the point where you need to get
| permisssion and approval to verify that the platform you're
| using is acceptable, then the gates are up and the free web
| is no longer free at all.
| thesuperbigfrog wrote:
| The use cases for the WEI proposal are pretty clear from the
| explainer (https://github.com/RupertBenWiser/Web-Environment-
| Integrity/...):
|
| Google "will be able to request a token that attests key facts
| about the environment their client code is running in."
|
| Google "will ultimately decide if they trust the verdict returned
| from the attester."
|
| "Allow" Google "to evaluate the authenticity of the device and
| honest representation of the software stack and the traffic from
| the device."
|
| I have replaced "web sites" and "web servers" in the original
| explainer text with "Google" for clarity of intent.
|
| Why would Google want these capabilities in web browsers?
|
| What does Google plan to do with them?
|
| What follow-on actions is Google planning?
|
| Google marketing exec: "We need to lock down web browsers so we
| can make more money by showing ads."
|
| "Ad blockers need to be prevented. The new WEI APIs will ensure
| that ad blockers aren't running, that our ads are being seen, and
| that no DRM is being compromised."
|
| "We also want to prevent ad fraud. With WEI we can ensure that ad
| clicks are legit and that people are watching the ads we show. If
| we can't control the operating system like we can on Chromebooks
| and Android phones, then we need to control the web browser with
| cryptographic certainty."
|
| Getting browsers to adopt and implement Web Environment Integrity
| is Step 1.
|
| Step 2 is where all Google web sites start requiring Web
| Environment Integrity to be used or they lock you out of the
| site.
|
| Step 3 is where all websites serving Google ads require Web
| Environment Integrity to be used.
|
| Step 4 Profit!
|
| Web Environment Integrity is the beginning of the further DRM-
| ification and enshittification of the Web.
| gary_0 wrote:
| Be Evil(tm)
| danShumway wrote:
| See also previous discussion on
| https://news.ycombinator.com/item?id=36817305 (the same link
| mentioned in the article)
|
| It's honestly good for this to get a lot of attention though, I'm
| happy to see additional commentary on it getting shared.
| jauntywundrkind wrote:
| It's good that it's happening strong & still semi-early-ish.
|
| I'd be curious to know how or if Chrome actually manages the PR
| around their work. Chrome lead fired off a blog post _So you
| don 't like a web proposal_ which effectively says it's purely
| a technical decision, and that only constructive technical
| criticism is regarded at all.
| https://news.ycombinator.com/item?id=36818409
| https://blog.yoav.ws/posts/web_platform_change_you_do_not_li...
|
| But I don't feel like Google has the luxury of letting it's
| image burn like this. TURTLEDOVE is already a huge semi-sound
| but immensely scary change, MV3 is a disaster of high order and
| hasn't responded with anything but a stream of bandaids to
| challenges like Mozilla's far more capable Background Pages
| proposals. But I think the reputation damage here is vastly
| higher, as there's basically nothing being offered here to most
| users, or, if this spec goes through, ex-Web users. This effort
| is just an abominable horror show, and at some point, it feels
| like Google/Chrome have to stop being so blinders-on as to
| treat this as a merely technical discussion.
|
| The last time these debates went down, where there was an
| incredibly contentious spec that got shipped, it basically took
| the Web creator Tim Berners-Lee using his w3c authority to
| stamp "ship it" on the spec.
| https://www.techdirt.com/2017/03/01/tim-berners-lee-endorses...
| keepamovin wrote:
| More importantly, a company of the size, scope and
| sophistication of Google trying to hide its fundamental
| redefinition of how people access the web, behind "it's only
| a technical change" is unacceptable.
|
| As if something with multiple downstream non-technical
| effects, _is only a technical change_
|
| As if you can minimize and dismiss everyone's fears and
| concerns as hollow, invalid and irrelevant by waving the
| magic wand of _tis only a wee technical change, to be sure,
| to be sure_
|
| As if everyone's protests and arguments against can be
| instantly hosed down, because _aye, you guessed it laddie,
| it's only a technical change_
|
| It's almost as if the folks at Google think people are so
| stupid that not only do people not know what they're talking
| about, but they'll actually believe the lie and fall for that
| deception...
|
| It's almost as if Google was trying to gaslight the public
| about this...
|
| If they end up groveling about this, I don't think "in
| retrospect, we could have communicated this better" is going
| to cut it. This is a company the size, scope and
| sophistication of Google. This is _not_ their first rodeo.
| They know exactly what they're doing, and they mean to do
| it...
| warning26 wrote:
| I already hate SafetyNet(tm) on Android, which punishes people
| for rooting their phones. This basically appears to be trying to
| bring that to the web.
|
| Want to go to an online banking site? Then we'll need to make
| sure your computer is _unmodified_ and contains no _unapproved
| software_.
| klipklop wrote:
| Hopefully Apple/Safari refuses to implement this. Apple loves DRM
| though...
___________________________________________________________________
(page generated 2023-07-24 23:00 UTC)