looks like rendering adblockers extensions obsolete with manifest-v3 was not enough so now they try to implement DRM into the browser giving the ability to any website to refuse traffic to you if you don’t run a complaint browser ( cough…firefox )

here is an article in hacker news since i’m sure they can explain this to you better than i.

and also some github docs

Pixlbabble
link
fedilink
English
26
edit-2
1Y

Dude if they make youtube accessible only through Chrome we gonna have some problems.

@Pulp@lemmy.dbzer0.com
link
fedilink
English
4
edit-2
1Y

Better archive videos now. Save your favourites and some more.

Pixlbabble
link
fedilink
English
21Y

Oh man you’re not wrong. hiyaah

I’d have to stop using it. I’d even go to another service like Nebula, at that point, and pay for it.

But I am not going to start running Chrome on my home computer as a daily driver.

@gunnm@monero.town
link
fedilink
English
51Y

If they go after NewPipe and SmartTube I’m going to shill hard the alternatives.

mitch
link
fedilink
English
11Y

There are alternatives for YouTube? PeerTube is great tech and all, but content is really rare there.

@gunnm@monero.town
link
fedilink
English
11Y

Yeah is the only good alternative.

Ever since I switched to Firefox, I have not looked back and I am glad I did it.

I’m the exact same. Firefox has been great. Switched about three years ago.

@frog@programming.dev
link
fedilink
English
401Y

They want to go back to the days of websites requiring internet explorer… just this time with their browser. Even though getting away from that culture is most of the reason people ever switched to chrome. I will say though, just using firefox for everything you can isn’t enough of a protest. If this goes the way Google (Alphabet I guess) wants it to, you bank will require you to use a browser with DRM. You will be forced to use a browser whose source code you can’t verify as secure, to access your bank. And that is where the protest lines need to be drawn. If your bank does that? Send your message. Close the account. Take back your money. Now I’d personally do this for everything possible, but that would be a looooot of time spent getting very little across to companies that don’t care if you visit their site. Taking money from banks though? Yeah it might be a whole process where you gotta request it, verify in person, wait a week to get the cash, and THEN close it, but so what? A couple hours of doing stuff and then a week of business as usual before a couple more hours opening a new bank account. That’s more than worth doing to send a REAL message.

Why would my bank care which browser I use? Their business model isn’t based on showing me ads.

Redjard
link
fedilink
English
91Y

Why do banks require "safety"net on their apps now? The safest roms specifically don’t have the security nightmare that is google play services, and banking apps are always the hardest to get working.

It is a symbiotic relationship. Regulators hear about the next wave of compromised online banking, add some law requiring whatever, banks are stuck having to comply and in comes google with “Hey this great webDRM/safetynet/playprotect totally complies with this”, which it doesn’t really but google has the capabilities to lock up any legal processes about it for years when they bring in the next thing and repeat. Banks in large part know it’s bullshit but don’t care, they’re off the hook (They are the ones doing 2 factor by making the banking app on your phone require a confirmation in your tan app on your phone to make a transaction, they don’t give a rats ass about the safety of their systems).

Banks get someone shielding them from regulations for cheap, google gets partners that can help them lock you in their proprietary system, and you get extra work on your rooted phone and can’t fully remove play services.

I notice the big American banks’ apps don’t care, as long as a compatible implementation of Google Play Services is available. Nor does my American bank seem to care that I do my desktop banking in Firefox on Linux. Is this an issue only in specific countries?

making the banking app on your phone require a confirmation in your tan app on your phone to make a transaction

I’m afraid I don’t know what you’re talking about here. I don’t have to give any kind of confirmation to make a transaction. What’s a “tan app”?

Rikudou_Sage
link
fedilink
English
31Y

I’m using a SailfishOS (Linux) phone and on SFOS forums it’s one of the biggest complaints, they can’t use their bank through the Android compatibility layer because it doesn’t pass SafetyNet. I’m lucky enough that my bank doesn’t do this, but I had to fiddle with low level stuff for Revolut to work - they require you install the app from Play Store or the app doesn’t work.

Can you take your business elsewhere, to a company that doesn’t require you to compromise your security and privacy?

@frog@programming.dev
link
fedilink
English
51Y

I could go into the conspiratorial 4D chess I’m sure google is playing, but let me ask this instead: Does you bank not have any captchas, anywhere in the flow of accessing/using their website? Cause if they do, I hope you know google is absolutely going to advertise DRM requirements as the best tech for fighting bot traffic. Even if Google wasn’t doing anything like offering cheap training to their standards to influence the future of the cybersecurity space, that would be PLENTY to get a looooot of big corporations, including banks, to use it.

@Grimpen@lemmy.ca
link
fedilink
English
21Y

No captcha’s for any of my banking services. I don’t know how effective captcha’s are anyways. I suspect slow cooldowns are probably more secure.

@frog@programming.dev
link
fedilink
English
31Y

Huh, neat. Regardless, I think google will find a way to sell it or they wouldn’t be invested in it so much, but point taken. I just saw a lot of people commenting on other places about how this is hopeless and there’s no way to protest and wanted to give a solid example of how it could be done effectively.

Criminals will crack the DRM in short order—they always do—so that idea won’t last long.

And no, the DRM can’t be updated to fix the vulnerability if it’s implemented in firmware. Not without shutting out absolutely everyone whose computer/phone is more than 3 years old, and there’s not a snowball’s chance in hell that banks will do that when half of their customers are old farts with decade-old computers and an “if it ain’t broke, don’t fix it” attitude.

@frog@programming.dev
link
fedilink
English
21Y

Wait were they seriously looking to implement it at a FIRMWARE level? jesus that’s just stupid.

If they implement it in hardware, then fixing vulnerabilities is completely impossible instead of only mostly impossible.

@frog@programming.dev
link
fedilink
English
21Y

I was just expecting it to be something built into chrome, similar to how drivers need to be signed to run in windows, they’d force you to use browsers Signed By Google to be verifiably compliant with the DRM. It seems like the easiest option for them and the most well understood since it’s been used for drivers for so long

@argv_minus_one@beehaw.org
link
fedilink
English
1
edit-2
1Y

If they implement it in pure software, then it’s easy to crack.

They’re not going to wrap Chrome in Denuvo because that would ruin its performance. The last thing they want is for Firefox to be not only faster but dramatically faster. Performance is a big part of how Internet Explorer lost its market share. And even if they do wrap it in Denuvo, Empress will no doubt show them the error of their ways.

So yes, I expect they will use firmware/hardware, presumably TPM or Microsoft Pluton, to implement this.

Televise
link
fedilink
English
-6
edit-2
1Y

Using two different browsers should be the norm imo. One for comfort, performance and compatibility, like Chrome, Edge or Opera, and the other one for privacy, like Firefox, UGC, Tor, DDG, etc.

@Mothra@mander.xyz
link
fedilink
English
171Y

Can someone please ELI5 this?

First they established a new standard for extensions that makes it harder for adblockers to work in chrome, that’s manifest v3.

And now they want establish cryptographic verification of the environment so that you can’t have a custom environment in your browser, like having adblockers. Similar to how DRM works.

As long as average Joe uses chrome, we’re doomed.

@Mothra@mander.xyz
link
fedilink
English
51Y

Also thanks for your comment, now I fully get the meme

@PlasmaK@lemmy.ml
link
fedilink
English
31Y

Is it possible to circumvent by running two environments and reporting only one?

It’s still a proposal. Nothing concrete yet. But from the looks of it, you can’t play such games since it’s cryptographically verified.

@Mothra@mander.xyz
link
fedilink
English
271Y

Why can’t we have nice things? I switch to Lemmy, about a month after that, Meta joins the fediverse.

I switch to Firefox ( thanks to the hype in this community, because I am average Joe after all) and yeah, it feels nicer. But wait- now these news…

Sorry everyone it’s my fault. I switched to Firefox and Lemmy recently so Google and Facebook felt pressured to bring me back.

@Mothra@mander.xyz
link
fedilink
English
81Y

We forgive you. Don’t give in

@Sharan@lemmy.world
link
fedilink
English
91Y

All fine. We’ll tell them you’re not here.

Rikudou_Sage
link
fedilink
English
271Y

DRM is the thing in games, movies etc. that ensures only legitimate users can use the content. Now Google wants to do the same for webpages. It means that only approved browsers will have access and no extensions can interract with the page. So you won’t be able to view some pages from unapproved browsers, forcing you to switch to Chrome if you really want to see it. And no adblocker can interract with the page and block the ads there.

Norah - She/They
link
fedilink
English
111Y

Feels like a great way of close sourcing chromium without actually doing it.

@Mothra@mander.xyz
link
fedilink
English
121Y

That’s screwed up. Thanks for explaining

Confetti
link
fedilink
English
6
edit-2
1Y

Not really a piracy question but I was doing some research and I kept getting the statement “firefox and other gecko based browsers are not as secure as chromium based ones on mobile” is that still the case? I know the lack of per site process isolation was something that everyone was using as evidence and whatnot a couple of years ago but I couldnt find any other info thats more modern

Rikudou_Sage
link
fedilink
English
81Y

It was always more of a marketing statement than a security one. And then it was copied over and over because most sites don’t write original articles, they just remix other articles. Firefox is as safe as any software - there will be bugs and security issues but so will in Chrome and I wouldn’t say the rate of new bugs and security issues will be much different between the two projects.

@mr_right@lemmy.dbzer0.com
creator
link
fedilink
English
150
edit-2
1Y

–>since everyone is confused about this i’m gonna try to explain as best as i could and also clearing some misconceptions:

1# why this is such a big deal ?

if this gets implemented AND it gets widely adopted websites now can refuse to give you content if you are running a non complied browser, remember those website that say “oh you are using an ad blocker so disable it to access our site” they can detect this by various methods but ultimately all of them rely on running a JavaScript into your browser. which you guessed it, its easy to modify and tamper with manually or using extensions

now what WEI-API does is that it can verify the integrity of the web page ( JavaScript/HTML/CSS has not been modified ) and even tell the website what extensions - ad blocker detected no content for you - you are using and what browser you are using - firefox or brave detected no content for you - and do not be fooled into thinking that this can be spoofed. and website owners who think that they are running a business not a charity will implement this.

2#will using firefox save me?

if this gets widely adopted and you inevitably encounter a website that require this ( for your job ,school or your bank ) you have no choice but to use chrome just like when your banking apps refuse to work because your phone is rooted which means that SAFETY-NET is broken

3#why this is a threat to begin with?

this is only viable if the web adopt it so why bother?, well guess what google is famous for making its services very easy to integrate and well documented just look on how easy it is to integrate google analytics and google adsense* into websites and how many of them use it in the internet.

4#what can we do to prevent this?

this is my personal opinion but i think we simply can’t, this not like the reddit incident were very large portion of the user base was upset most people don’t know/care/give-a-fuck about web technologies and how they work.

#and Finally “but google said they don’t plan to use this to fingerprint you (Device ID) or track your browser history or interfere with the work of extensions”

do you really believe that a company like google whose bread and butter is advertising would not make it easier for themselves, a company who has been exposed time and time again for lying and having ulterior motives ( you don’t need to look far just look into what manifest-v3 did )

@GnuLinuxDude@lemmy.ml
link
fedilink
English
151Y

remember those website that say “oh you are using an ad blocker so disable it to access our site”

I can easily imagine this not being a necessary, anymore. Just let the website using this WEI API automatically disable all browser extensions on a WEI-enabled site. Why not, after all? Why should you dictate the traffic you receive on your computer? Why should you own anything?

@Scarecrow59@lemmy.one
link
fedilink
English
371Y

This is scary

Unfortunately they will also have to adapt to this. Or some popular websites will stop working and most common users won’t care and leave firefox.

Grant_M
link
fedilink
English
71Y

Giving into this billionaire blackmail won’t help. We have to come together and crush google.

KRed
link
fedilink
English
381Y

That’s why I’m not using chromium based browser.

Vivaldi is pretty great about scraping all this crap out of their chromium based browser.

@Bookmeat@lemmy.world
link
fedilink
English
11Y

I predict this standard will die the way of Flash and Silverlight. If it makes the web more fragile and less accessible it will fail.

@bad_alloc@feddit.de
link
fedilink
English
41Y

Will this fly with GDPR?

@pre@feddit.uk
link
fedilink
English
221Y

This code will only ever be installed on my machines by force against my will.

No benefit to any users at all, all benefit only to Google and their Advertisers.

@Im28xwa@lemdro.id
link
fedilink
English
-21Y

There is already a manifest v3 compatible version of ublock origin so can someone explain to me how it gonna end ad blockers?

redcalcium
link
fedilink
English
1
edit-2
1Y

uBlock Origin is already less effective when running in Chrome than in Firefox. For example, it can’t detect CNAME cloaking on Chrome, while it can do that in Firefox. When Chrome finally enforce manifest V3, uBlock Origin will be even more neutered in chrome due to limited number of blocking rules.

@Im28xwa@lemdro.id
link
fedilink
English
11Y

That’s a pretty interesting thing to know! Thanks

Fubber Nuckin'
link
fedilink
English
31Y

Because that version of ublock is already less effective. The long play is ending ad blockers and this is another step to achieve those ends. If you can’t see that then I’m sorry but it can’t be much more obvious than it already is.

@Im28xwa@lemdro.id
link
fedilink
English
11Y

Hmm I think I need to read more about Manifest v3 as it appears my knowledge of the topic is pretty limited to literally just “v3 will kill ad blockers”, basing my understanding on a couple of comments and 2 news report videos is a bad thing to do, don’t you agree

@ReversalHatchery@beehaw.org
link
fedilink
English
5
edit-2
1Y

That version can do much, much less.

Edit: see my other comment here: https://beehaw.org/comment/727017

@Im28xwa@lemdro.id
link
fedilink
English
11Y

Thanks will look into it

Also it’s not kinda drm, it is drm. Like fr

@mr_right@lemmy.dbzer0.com
creator
link
fedilink
English
41Y

yeah i used “kinda” to avoid the infamous :

well AcutUaLly…

Lightor
link
fedilink
English
21Y

Then you got “well actually’d” for it.

The internet is an unforgiving place.

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
!piracy@lemmy.dbzer0.com
Create a post
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don’t request invites, trade, sell, or self-promote

3. Don’t request or link to specific pirated titles, including DMs

4. Don’t submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

  • 1 user online
  • 106 users / day
  • 270 users / week
  • 1K users / month
  • 3.5K users / 6 months
  • 1 subscriber
  • 3.4K Posts
  • 82.2K Comments
  • Modlog