this post was submitted on 10 Aug 2023
999 points (99.1% liked)

Firefox

17301 readers
63 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Anemervi 45 points 1 year ago (4 children)

Write to your country’s anti-trust body if you feel Google is unilaterally going after the open web with WEI (content below taken from HN thread https://news.ycombinator.com/item?id=36880390).

US:

https://www.ftc.gov/enforcement/report-antitrust-violation
[email protected]

EU:

https://competition-policy.ec.europa.eu/antitrust/contact_en
[email protected]

UK:

https://www.gov.uk/guidance/tell-the-cma-about-a-competition…
[email protected]

India:

https://www.cci.gov.in/antitrust/
https://www.cci.gov.in/filing/atd

Example email:

Google has proposed a new Web Environment Integrity standard, outlined here: https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

This standard would allow Google applications to block users who are not using Google products like Chrome or Android, and encourages other web developers to do the same, with the goal of eliminating ad blockers and competing web browsers.

Google has already begun implementing this in their browser here: https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd

Basic facts:

    Google is a developer of popular websites such as google.com and youtube.com (currently the two most popular websites in the world according to SimilarWeb)
    Google is the developer of the most popular browser in the world, Chrome, with around 65% of market share. Most other popular browsers are based on Chromium, also developed primarily by Google.
    Google is the developer of the most popular mobile operating system in the world, Android, with around 70% of market share.

Currently, Google’s websites can be viewed on any web-standards-compliant browser on a device made by any manufacturer. This WEI proposal would allow Google websites to reject users that are not running a Google-approved browser on a Google-approved device. For example, Google could require that Youtube or Google Search can only be viewed using an official Android app or the Chrome browser, thereby noncompetitively locking consumers into using Google products while providing no benefit to those consumers.

Google is also primarily an ad company, with the majority of its revenue coming from ads. Google’s business model is challenged by browsers that do not show ads the way Google intends. This proposal would encourage any web developer using Google’s ad services to reject users that are not running a verified Google-approved version of Chrome, to ensure ads are viewed the way the advertiser wishes. This is not a hypothetical hidden agenda, it is explicitly stated in the proposal:

“Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they’re human, sometimes through tasks like challenges or logins.”

The proposed solution here is to allow web developers to reject any user that cannot prove they have viewed Google-served ads with their own human eyes.

It is essential to combat this proposal now, while it is still in an early stage. Once this is rolled out into Chrome and deployed around the world, it will be extremely difficult to rollback. It may be impossible to prevent this proposal if Google is allowed to continue owning the entire stack of website, browser, operating system, and hardware.

Thank you for your consideration of this important issue.
[–] Smokeless7048 5 points 1 year ago (1 children)

do you have a link for canada?

[–] Anemervi 6 points 1 year ago (1 children)
[–] Smokeless7048 5 points 1 year ago

Thanks, just filed a complaint.

[–] [email protected] 2 points 1 year ago

Done for Switzerland 👍🏻

[–] [email protected] 1 points 1 year ago (1 children)

Don't know about others, but it seems you need to pay money to file antitrust complaints in India. From the link you mentioned:

What are the fees to be paid? [Regulation 49 of the Competition Commission of India (General) Regulations, 2009]

(1) Each information received under clause (a) of sub-section (1) of section 19 of the Act from any person shall be accompanied by proof of having paid the fee as under- (a) rupees 5,000 (five thousand) in case of individual or Hindu Undivided Family (HUF), or (b) rupees 10,000 (ten thousand) in case of Non-Government Organisation (NGO), or Consumer Association, or a Co-operative Society, or Trust, or (c) rupees 40,000 (forty thousand) in case of firm (including proprietorship, partnership or Limited Liability Partnership) or company (including one person company) having turnover in the preceding year upto rupees two crore, or (d) rupees 1,00,000 (one lac) in case of firm (including proprietorship, partnership or Limited Liability Partnership) or company (including one person company) having turnover in the preceding year exceeding rupees two crore and upto rupees 50 crore (e) rupees 5,00,000 (five lacs) in the cases not covered under clause (a) or (b) or (c) or (d).]

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Woah, those go from expensive to absurd.

I could see charging like 1000 rupees to deter frivolous complaints, but up to $500,000 is absurd.

Seems like the system is only meant for B2B complaints. B2B antitrust complaints where the offended party still has enough money to drop half a million USD on an antitrust complaint.

[–] [email protected] 0 points 1 year ago

Half a million rupees, not USD. It comes up to be over ~6000USD, which is still too high. That's the price of a brand-new small car in India.

[–] droans 1 points 1 year ago

This standard doesn't affect ad blockers.

###Goals

  • Allow web servers to evaluate the authenticity of the device and honest representation of the software stack and the traffic from the device.
  • Offer an adversarially robust and long-term sustainable anti-abuse solution.
  • Don't enable new cross-site user tracking capabilities through attestation.
  • Continue to allow web browsers to browse the Web without attestation.

###Non-goals

  • Enable reliable client-side validation of verdicts: Signatures must be validated server-side, as client javascript may be modified to alter the validation result.
  • Enforce or interfere with browser functionality, including plugins and extensions.
  • Access to this functionality from non-Secure Contexts.

The workflow does not involve checking or blocking extensions. It operates closer to SSL certs. The webpage asks the browser to prove its identity. The browser generates a token. A trusted third party (attester) signs the token. It sends that back to the webpage. The webpage decides if the token is legitimate and if they trust the third party.

The ability to use extensions which alter the contents of the webpage is still allowed if the browser allows it. This standard just verifies the identity of the browser.

It still will cause issues for the Internet, though. Small browsers would likely be unable to afford paying for the attesters. Fingerprinting would be much easier and WEI doesn't have a method to prevent high entropy. Attesters would be able to track each user and the sites they are visiting.