@floofloof@lemmy.ca
link
fedilink
English
40
edit-2
1Y

Microsoft are staying suspiciously quiet then. And what about Apple?

Edge is a Chromium browser isn’t it? Then again, so is Brave and the article indicates they are making a point of removing this stuff from their build. Safari is it’s own thing though afaik.

TheEntity
link
fedilink
101Y

Safari is its own thing, but so is Mozilla. It affects everyone, it affects the very landscape of the web.

Brave is a chromium fork with custom stuff, they can just not implement it if they want.

@floofloof@lemmy.ca
link
fedilink
English
17
edit-2
1Y

There needs to be a unified fight against this, that involves not only browser companies but also the businesses running major websites. If it goes through and Google manages to persuade websites to use it, all the other browsers will be forced to implement it if they want to continue existing. And then no more freedom for web users.

𝕸𝖔𝖘𝖘
link
fedilink
English
211Y

You’re right. But it’s so much worse than that.

Imagine, for a minute, that this passes. If a website exists that a specific entity disagrees with (say… a whistleblower forum, or accounts of how Google is abusing its powers, or accounts of a Government is abusing it’s citizens), all that would need to happen, is for the “integrity authority” to deny access to that site, and it will be censored. Whereas now, a website has to be taken offline (in most cases) to be effectively censored, if this passes, the “integrity authority” would just need to say nay.

Imagine never hearing of the Snowden files, or George Floyd, or the Russian-Ukraine war. Not because they didn’t exist or didn’t happen, but because you ‘weren’t allowed’ to see them by an entity who benefits from you not seeing them or knowing about them.

If this passes, we would be -officially- entering a dystopia.

@floofloof@lemmy.ca
link
fedilink
English
31Y

Won’t there need to be backwards compatibility with sites that don’t implement this? The default would have to be that the browser is allowed to see a site that doesn’t require attestation. So if the whistleblower or political site just didn’t implement this, would that be a way around it?

𝕸𝖔𝖘𝖘
link
fedilink
English
41Y

At first, maybe. But not ultimately. If you compare it to TLS, for example, if the site use TLS 1.0, your browser will simply not load the site. This web integrity thing is similar.

Another, maybe more relevant, example, is Flash. Once Google decided Flash will no longer be supported on their browser, Flash died. I actually don’t disagree with the killing of Flash, but the idea is similar.

@dan@upvote.au
link
fedilink
English
21Y

I actually don’t disagree with the killing of Flash

I miss it sometimes. There’s still no good way to have lightweight vector animations that wen designers or animators can work on (no code required), that work the same cross-browser. There’s some JS libraries but they often need developer involvement (a designer can’t always set everything up themselves) and tend to be quite heavy libraries (which slows down the page, which reduces your ranking in search engines)…

Paradox
link
fedilink
English
31Y

Google can already do that. It’s called “safe browsing” and if your site ever gets on the wrong side of it good luck. It’s easier to get off a spamhaus registry than it

Scrubbles
link
fedilink
English
151Y

It’s kind of the opposite of this though, it’s not censorship. It’s not that you aren’t allowed to visit other sites, it’s that sites can choose to let you in or not.

The scary part is we don’t know what makes that decision, and from Google’s proposal is that it could just be anything they decide. So it’s not censorship, but it is saying “You aren’t playing by our rules (like by using an ad blocker, or you visited too many whistleblower forums, or we just plain decided we don’t like you) so you don’t get to use gmail/your bank/whoever decides to implement this”

𝕸𝖔𝖘𝖘
link
fedilink
English
11Y

That’s true. But the “integrity authority” has the power to censor. Maybe that’s not how it will be used now, but the infrastructure will be there and ready to use.

When I see these things come about, I’m always reminded of that quote, “Your scientists were so preoccupied with whether they could, they didn’t stop to think if they should”

The businesses running major websites want this more than Google does.

Apple already added basically the same thing about a year ago: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/

@floofloof@lemmy.ca
link
fedilink
English
111Y

Is this technically equivalent to Google’s proposal? Apple say that their version was developed in collaboration with Google, so it would be surprising for Google to go and deploy a second version of the same thing, were it not for the fact that Google always has two competing versions of everything.

And I guess the main reason people are more concerned about Google’s version is that they are so dominant in the browser market.

The details are a bit different. PATs use HTTP headers during a request while WEI is a JS browser API. But otherwise the general structure and end result are the same. A website requests an integrity check, an attester checks your device, and if the attester doesn’t like your device then you’re SOL.

meseek #2982
link
fedilink
61Y

Apple won’t do anything of the sort. They were in support of net neutrality and are committed to an open, free web. One of their chief complaints against Adobe back when Flash was at its all time peak as just that: it gave Adobe control of the web. They pushed for HTML5 and other alternatives.

Google is alone in this. However, I feel they can’t do it without Microsoft. At least not to the effect they are hoping so I totally see MS jumping on this as they have been firing on all cylinders with regards to “Windows as a service”. All they care about is building their own monopoly.

Apple already added attestation into Safari.

NaN
link
fedilink
21Y

Yes, they added a standard written by Cloudflare that is currently used to avoid captchas.

Skull giver
link
fedilink
71Y

deleted by creator

Vinnyboiler
link
fedilink
English
49
edit-2
1Y

I can’t honestly see how any other company can single-handedly stop Google if they go though with this. Google has the ability to strong arm this proposal by having Youtube and Google search dependent on Web Environment Integrity. There are enough alternative to web search but I can’t see how anyone can fight Google’s dominance in video hosting to stop them.

You would almost have to have every other major website intentionally break on Chrome to even the playing field, and if Google still don’t back down you are left with a divided internet.

EU commission, really. That’s the only way

Cause I for sure know us Americans will do jack shit about it

The FTC has been trying to flex its muscles more recently, the problem is going to be getting through the courts

What I’m getting from this is that some monopoly busting is sorely needed.

@takeda@beehaw.org
link
fedilink
English
121Y

LOL, sorry but if it is control over my computer vs youtube going away my reasponse is “bye bye, YouTube, don’t let the door hit you on the way out”

@Jdreben@beehaw.org
link
fedilink
English
91Y

I agree with you personally, but it’s the second most used platform after Facebook I think so it does have an insanely massive userbase.

Yeah, I made the same argument and had a bunch of morons talking about how inconvenienced they would be if they couldn’t visit a website.

@shrugal@lemm.ee
link
fedilink
2
edit-2
1Y

You know, most major web servers are open source projects (Apache, nginx, …). They could in theory decide to check for the browser that’s accessing a website and just return an error If it’s a variant that supports WEI. Ofc people could fork them and remove the check, but many might just use them as is.

Just a thought though, this would be a very radical and hugely controversial step.

@Blackmist@feddit.uk
link
fedilink
English
121Y

I think YouTube and Google Search are the least of our worries. There will be companies who would have a field day picking up the pieces if that happened.

It’s everyone else using it that suddenly means you can’t run an ad/script blocker on the ickier parts of the web that really need it. The modern internet is an unusable mess, and only ad blockers make it tolerable again.

Hell yeah. Top of the line comment right here. Thank you

@LemmyLurker@beehaw.org
link
fedilink
English
21Y

Thanks for the nudge, I wrote to the EU registry.

Echo Dot
link
fedilink
101Y

The UK government won’t do anything, they’re probably all for this, assuming they understand it.

Thank you. Took the words out of my mouth.

If all browsers and standards organizations oppose this idea, but Google does it anyway and it succeeds and takes over, can you imagine how easy the anti-trust case will be?

Brave and Vivaldi (and edge) have no say in the matter, they are practically in the business of rebranding chrome for what it is and contributed to reinforcing goggle’s monopoly. I have absolutely no sympathy for them.

Nils
creator
link
fedilink
English
41Y

At least Brave forks Chromium and they have a bunch of patches they apply to the codebase. I mean yeah, they still contribute to the Chromium monopoly but calling them just a rebrand is a bit unfair in my opinion

YⓄ乙
link
fedilink
471Y

Good fucking riddance

@floofloof@lemmy.ca
link
fedilink
English
691Y

It’s “dismissed” as in “they say it’s rubbish”. It doesn’t mean they won’t ultimately be forced to use it.

Just imagine how easy the anti-trust case will be. “The entire industry opposed Google, Google won anyway. I rest my case.”

YⓄ乙
link
fedilink
151Y

😪

Looking on the bright side here, this will be good for applications that depend heavily on Chromium such as Steam. It won’t be much good, but it’s something.

stravanasu
link
fedilink
English
163
edit-2
1Y

I don’t understand why so many opinion pieces and news keep on saying that Web Environment Integrity could be abused and that’s why we should oppose it. This misses the point a great deal.

Implementation of Web Environment Integrity in browsers IS ITSELF AN ABUSE, because I have the right to go around the web without continually proving who I am, even less against a 3rd party.

It’s as if someone said that some officer (and not even a government one) should always be by your side when you go out, ready to certify who you are, whenever you speak with people on the street – and even with friends. Would you accept that?

Are we totally out of our minds??

Imagine if you had to leave your phone’s GPS on and keep it with you at all times so that it could verify your identity every time you went into a store.

@Buttons@programming.dev
link
fedilink
English
4
edit-2
1Y

How would WEI work? What signals does my computer send to convince the other computers that my computer is doing what they want? Is it based on some “trusted computer” hardware level bullshit that’s already there? (I just want my computer to do what I want.)

@shrugal@lemm.ee
link
fedilink
3
edit-2
1Y

That’s not part of this spec, all it says is that the attester produces a cryptographic proof. What it checks and what that proof means is for the attester to decide.

Google and Apple say they would “just” check if the user is logged into their Google/Apple account, as a way to proof that they are human and not a bot. That would be bad enough, because you should not have to have an account with these companies to browse the web. But they could easily make it even worse, by requiring you to install a kind of anti-cheat software that scans your device, and only provide the proof if they like the results. Heck they could just exclude everyone who visited a certain website in the past or who’s name starts with an F if they wanted to, because that’s how broad and dangerous this proposal is!

Big companies should not be able to decide if people are allowed to visit certain websites or not, even if they say they have the best intentions.

Baut [she/her] auf.
link
fedilink
English
21Y

Without having read anything about WEI at all: Microsoft already supports something similar by using Windows Hello (Edge). It’s using your TPM to make sure the hardware/OS wasn’t tampered with. On Android, this is comparable to safetynet/Play Integrity.

I can only assume these opinion pieces are written by people who use Google for everything they do and trust them.

Dumb fucks, to quote Zuckerberg…

Skull giver
link
fedilink
8
edit-2
1Y

[This comment has been deleted by an automated system]

Sure. Trust them to keep that button around… :)

@Joph@programming.dev
link
fedilink
English
481Y

That works until you are forced to interact with a website that only works with it, either by work or school.

Skull giver
link
fedilink
7
edit-2
1Y

deleted by creator

but that doesn’t scale as well so I am unlikeley to run into that most of the time

There was a lawsuit regarding this just recently, where a student successfully sued over a room scan for an exam. It’s absolutely ridiculous and shouldn’t be tolerated by any student.

Barry Zuckerkorn
link
fedilink
English
91Y

That’s already the case with most corporate managed BYO device policies. The typical scenario is that an employer gives you the choice:

  1. Use the company-owned and company-managed device. No root/admin access, no privileges to install unauthorized software, sometimes policies against personal accounts or files or use.
  2. Bring your own device, but consent to the company’s IT department managing your security and potentially monitoring your use. If you’re going to connect this device to the company’s LAN (through wifi or VPN or otherwise), you’re going to let us lock it down.

It’s a legitimate concern that these types of things would normalize corporate-managed devices in our personal lives as consumers, and worth resisting in that space, but I don’t think it would actually change the status quo in the corporate world to go from proprietary device management lockdowns to some kind of public standard for lockdowns.

Which is exactly why I will never do 2. Provide a device if you want control. I will not give you the ability to wipe my personal phone remotely just to check my work email on it.

Exactly. If you’re going to lock down and control a device I’m going to need that device provided to me.

At this point, why don’t the companies who run Chrome derivatives work together to build a fork that evolves separately from Chrome? Edge, Vivaldi, Opera, etc. will never get the marketshare on their own to rival Chrome, but together, they could make a dent with a unified browser engine.

Because it’s very expensive to do so, unfortunately.

Alternative plan: why not use gecko? I know it’s more work to do so, but I would call that the lesser of two evils at this point.

Gecko (Firefox engine) already is worked on, why not contribute there instead of losing community? If anything why those browsers use engine that is controlled by a single company?

As it very well should be. Fuck Google.

VCTRN
link
fedilink
English
241Y

Brave can suck it too.

nik0
link
fedilink
131Y

I believe I remember they had a crypto thing going on

they will show you their own ads through operating system notifications, but without collecting your personal data to do so. the program is also entirely opt-in and is thus disabled by default, so the user has to knowingly and willingly enable it.

without collecting your personal data to do so.

Meaning the ads will be significantly lower quality. I doubt they have anywhere near as good performance as regular ads, meaning they’ll likely have sketchier ads that are willing to pay more to reach a less specific audience.

They also “pay” an absolute pittance if you have them enabled — something like 2 cents per ad, if I remember my calculations correctly. Literally nobody should be considering that trade worth it.

Yeah but who cares about that

kate
link
fedilink
English
91Y

They guy that founded brave only did so after getting fired from Mozilla for homophobia

@AfterAll@beehaw.org
link
fedilink
English
51Y

WHAT!? That’s wild, and the first I’m hearing of this.

fsniper
link
fedilink
41Y

Did Opera announced any intent?

Will have to wait and see how Apple reacts with Safari. Mozilla dismissing the proposal is big, but Apple has the second largest mobile OS marketshare with iOS, and so Safari is very relevant for websites to support it.

Doesn’t Safari already have their own version of this?

not to my knowledge

meseek #2982
link
fedilink
48
edit-2
1Y

Lmao, no. Google is out of their minds. Apple has zero interest in controlling browsers or ads.

https://money.cnn.com/2017/08/31/technology/business/apple-net-neutrality/index.html

meseek #2982
link
fedilink
91Y

A part of Apple’s long term, multi-stage deployment to phase out passwords entirely. They announced it last year during WWDC and said it will be messy and not without hurdles, but they’re committed to having strong cryptography without need for password at all.

Related: https://www.wired.com/story/apple-passkeys-password-iphone-mac-ios16-ventura/

A far cry from what Google is trying to do or their long term plans (we all know Google is trying to siphon more ad revenue).

Google’s proposition is as bad for Apple as it is for the rest of us.

Passkeys (which are broader than just Apple) and this are not related at all. Regardless, Apple absolutely has interest in controlling browsers. Hell, they already do it on iOS, where you can’t use any rendering engine other than theirs.

The only reason they might be against this is because they feel they can’t control it the way they want.

Curious how this push comes after fairly set standards that passwords can’t be compelled

Honest to god doublethink right here.

It’s crazy when I see it. And I see it far too often these days.

@dan@upvote.au
link
fedilink
1
edit-2
1Y

I don’t think it’s related at all. You can implement passwordless technologies like FIDO2 and Webauthn without browser attestation.

A far cry from what Google is trying to do or their long term plans

It’s literally very similar technology though, and none of us know Apple’s long-term plans for it. It’s well-known in the digital ad industry that Apple are trying to increase the size of their ad network. Locking down tracking (app tracking transparency) is also advantageous to them as it only applies to third parties - Apple can still track users.

I’m sorry to disappoint you, but this is basically the same thing: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/

𝕸𝖔𝖘𝖘
link
fedilink
English
1001Y

From the article:

“We work hard to build great products, and what consumers do with those tools is up to them — not Apple, and not broadband providers,” Cynthia Hogan, VP of public policy at Apple

Prove it, then. Unlock the bootloader. Allow us to install our own apps. Let us install our own OS on the hardware. I get they don’t want to open source their iOS, that’s fine. They say “what consumers do with those tools is up to them”, but then they lock those tools down TIGHT. Actions speak much louder than words. They say those tools are ours? They need to show us that this is true.

They do indeed: https://httptoolkit.com/blog/apple-private-access-tokens-attestation/

From the article:

The focus here is primarily on removing captchas, and as such it’s been integrated into Cloudflare (discussed here) and Fastly (here) as a mechanism for recognizing ‘real’ clients without needing other captcha mechanisms.

Fundamentally though, it’s exactly the same concept: a way that web servers can demand your device prove it is a sufficiently ‘legitimate’ device before browsing the web.

So basically boiling frog slowly.

SloganLessons
link
fedilink
58
edit-2
1Y

Google: “How cute, anyway as I was saying…”

whoareu
link
fedilink
91Y

Google doesn’t care 🙁

Good.

azron
link
fedilink
1271Y

So like 8% of the market, mostly from Mozilla?

Soon to increase if they put this in chromium

Skull giver
link
fedilink
201Y

deleted by creator

I don’t care about Manifest V3. I care about ublock origin.
When that stops working, then I’ll swap.

Skull giver
link
fedilink
3
edit-2
1Y

deleted by creator

uBlock had been castrated by Chrome

No, not yet. Existing extensions that use manifest V2 are still supported.

@roon@lemmy.ml
link
fedilink
English
101Y

Aren’t Vivaldi and Brave downstream of chromium though 🤔

@laxe@lemmy.ml
link
fedilink
English
271Y

Vivaldi and Brave can modify Chromium to disable this feature. Chromium is open source after all.

Brave calls itself a fork, which I suppose if its truly a fork, they are cherrypicking patches they can use from the chromium base, rather than recompiling with their own patch set on top

Captain Beyond
link
fedilink
6
edit-2
1Y

They can, but their very existence increases the Chromium engine’s market share and therefore Google’s control of the web, allowing them to do stuff like this. Once this is implemented in Chrome then these browsers will just become “Chrome but it can’t play netflix/access bank websites/etc” or whatever.

Scrubbles
link
fedilink
English
81Y

are they forks? That’s what I don’t get, who controls the merge controls into Chromium’s main branch? It’s open source, but who actually says yay or nay on PRs getting in? I assume it’s Google, and the others are all forks off, but if it makes it into the main branch or not will really decide if it gets adopted

You can have your own set of patches (and/or config) and still stay up to date with upstream.

You don’t need to do a hard fork to modify it for your needs.

@takeda@beehaw.org
link
fedilink
English
11Y

Goggle standard approach to it, is to integrate it so much with other components that it will be a lot of work to disable it, eventually making it impractical.

The right way would be for those clients to switch to gecko engine.

Most people don’t give a shit about these things. It might actually decrease if Netflix just tells people to install Chrome to watch Stranger Things

sadreality
link
fedilink
301Y

Well… Normie stream love their 69 chrome versions so that’s where we are at… Competition

Create a post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

  • 1 user online
  • 56 users / day
  • 167 users / week
  • 618 users / month
  • 2.31K users / 6 months
  • 1 subscriber
  • 3.28K Posts
  • 67K Comments
  • Modlog