this post was submitted on 09 Aug 2023
918 points (96.9% liked)

Technology

60074 readers
4110 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

This video as a text article: https://blog.nicco.love/google-drms-the-web/

top 50 comments
sorted by: hot top controversial new old
[–] krzschlss 186 points 1 year ago (4 children)

All this.. all this multi billion dollar development, all those 'brains', all the time and space a tech company occupies in it's lifetime... just to force you to watch ads?

What a shitty society and what a shitty communication system we have, just because some morons want to earn some billions more...

There is no endgame when it comes to greed, those pricks will always want more.

[–] [email protected] 59 points 1 year ago (4 children)

I feel it's worse than this. Imagine being the brightest mind in college, have a ton of experience, just to invent new algorithms to get people to click on more ads.

[–] aesthelete 36 points 1 year ago* (last edited 1 year ago)

I consider it close to going to school for engineering or design and winding up being the guy in charge of making airplane seats ever smaller and more uncomfortable.

[–] [email protected] 28 points 1 year ago (2 children)

Yeah, the brightest minds of recent generations are figuring out how to get people to watch ads. We probably could have had fusion energy by now, but instead have ads.

[–] [email protected] 14 points 1 year ago (1 children)

But think of the investors! How can we give them month-after-month gains without forcing ad's down our user's throats? /s

load more comments (1 replies)
load more comments (1 replies)
load more comments (2 replies)
[–] AngryCommieKender 40 points 1 year ago (2 children)

Multiple billionaires have answerd the question, "when is it enough?" With the reply: "when I own everything."

[–] motor_spirit 21 points 1 year ago (1 children)

We should treat these cocksuckers like addicts and start looking at reform and rehabilitation! Think of the children!

load more comments (1 replies)
load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 120 points 1 year ago (3 children)

Long ago, we praised Chrome for helping destroy Internet Explorer. Now it has become the same. No for-profit corporation is your friend.

[–] just_another_person 80 points 1 year ago (8 children)

Mozilla really did that with Firefox and Thunderbird to help kill IE and Outlook Express. Chrome came quite a bit later, but was instrumental in bringing about a performance reckoning, and a push for universal standards, sort of creating that movement. Really shocking now when you think of Google doing that.

load more comments (8 replies)
load more comments (1 replies)
[–] Anemervi 92 points 1 year ago* (last edited 1 year ago) (10 children)

Write to your country’s anti-trust body if you feel Google is unilaterally going after the open web with WEI (content below taken from HN thread https://news.ycombinator.com/item?id=36880390).

US:

https://www.ftc.gov/enforcement/report-antitrust-violation
[email protected]

EU:

https://competition-policy.ec.europa.eu/antitrust/contact_en
[email protected]

UK:

https://www.gov.uk/guidance/tell-the-cma-about-a-competition…
[email protected]

India:

https://www.cci.gov.in/antitrust/
https://www.cci.gov.in/filing/atd

Example email:

Google has proposed a new Web Environment Integrity standard, outlined here: https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

This standard would allow Google applications to block users who are not using Google products like Chrome or Android, and encourages other web developers to do the same, with the goal of eliminating ad blockers and competing web browsers.

Google has already begun implementing this in their browser here: https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd

Basic facts:

    Google is a developer of popular websites such as google.com and youtube.com (currently the two most popular websites in the world according to SimilarWeb)
    Google is the developer of the most popular browser in the world, Chrome, with around 65% of market share. Most other popular browsers are based on Chromium, also developed primarily by Google.
    Google is the developer of the most popular mobile operating system in the world, Android, with around 70% of market share.

Currently, Google’s websites can be viewed on any web-standards-compliant browser on a device made by any manufacturer. This WEI proposal would allow Google websites to reject users that are not running a Google-approved browser on a Google-approved device. For example, Google could require that Youtube or Google Search can only be viewed using an official Android app or the Chrome browser, thereby noncompetitively locking consumers into using Google products while providing no benefit to those consumers.

Google is also primarily an ad company, with the majority of its revenue coming from ads. Google’s business model is challenged by browsers that do not show ads the way Google intends. This proposal would encourage any web developer using Google’s ad services to reject users that are not running a verified Google-approved version of Chrome, to ensure ads are viewed the way the advertiser wishes. This is not a hypothetical hidden agenda, it is explicitly stated in the proposal:

“Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they’re human, sometimes through tasks like challenges or logins.”

The proposed solution here is to allow web developers to reject any user that cannot prove they have viewed Google-served ads with their own human eyes.

It is essential to combat this proposal now, while it is still in an early stage. Once this is rolled out into Chrome and deployed around the world, it will be extremely difficult to rollback. It may be impossible to prevent this proposal if Google is allowed to continue owning the entire stack of website, browser, operating system, and hardware.

Thank you for your consideration of this important issue.
[–] [email protected] 17 points 1 year ago

Thanks! Here's the message without all the BBC quotes to make it easier to copy for app users:

Dear FTC,

Google has proposed a new Web Environment Integrity standard, outlined here: https://github.com/RupertBenWiser/Web-Environment-Integrity/

This standard would allow Google applications to block users who are not using Google products like Chrome or Android, and encourages other web developers to do the same, with the goal of eliminating ad blockers and competing web browsers.

Google has already begun implementing this in their browser here: https://github.com/chromium/chromium/commit/6f47a22906b28994

Basic facts:

Google is a developer of popular websites such as google.com and youtube.com (currently the two most popular websites in the world according to SimilarWeb) Google is the developer of the most popular browser in the world, Chrome, with around 65% of market share. Most other popular browsers are based on Chromium, also developed primarily by Google. Google is the developer of the most popular mobile operating system in the world, Android, with around 70% of market share.

Currently, Google’s websites can be viewed on any web-standards-compliant browser on a device made by any manufacturer. This WEI proposal would allow Google websites to reject users that are not running a Google-approved browser on a Google-approved device. For example, Google could require that Youtube or Google Search can only be viewed using an official Android app or the Chrome browser, thereby noncompetitively locking consumers into using Google products while providing no benefit to those consumers.

Google is also primarily an ad company, with the majority of its revenue coming from ads. Google’s business model is challenged by browsers that do not show ads the way Google intends. This proposal would encourage any web developer using Google’s ad services to reject users that are not running a verified Google-approved version of Chrome, to ensure ads are viewed the way the advertiser wishes. This is not a hypothetical hidden agenda, it is explicitly stated in the proposal:

“Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they’re human, sometimes through tasks like challenges or logins.”

The proposed solution here is to allow web developers to reject any user that cannot prove they have viewed Google-served ads with their own human eyes.

It is essential to combat this proposal now, while it is still in an early stage. Once this is rolled out into Chrome and deployed around the world, it will be extremely difficult to rollback. It may be impossible to prevent this proposal if Google is allowed to continue owning the entire stack of website, browser, operating system, and hardware.

Thank you for your consideration of this important issue.

load more comments (9 replies)
[–] benwubbleyou 86 points 1 year ago (8 children)

How is this not anti competitive behaviour?

[–] [email protected] 84 points 1 year ago (2 children)

because the us govt doesn't give a shit about monopolies.

EU might get up in their shit though.

[–] [email protected] 40 points 1 year ago (2 children)

I sure hope so.

This is way worse than what Microsoft did back in the day with Internet Explorer. They were forced to build a browser selection popup into their operating system because of that.

load more comments (2 replies)
[–] fugepe 25 points 1 year ago (1 children)

Canada doesnt either. We are run by oligopolies

load more comments (1 replies)
[–] [email protected] 18 points 1 year ago

It is. Anyone who cares is powerless to change it. Anyone with the power to change it doesn't care. That goes for a lot of things.

load more comments (6 replies)
[–] TwoGems 71 points 1 year ago (1 children)

Google execs can rot in hell honestly

[–] AVengefulAxolotl 40 points 1 year ago (8 children)

I really cant put it into words how much I hate google right now... Capitalism at its finest

load more comments (8 replies)
[–] [email protected] 59 points 1 year ago (1 children)

Here it is on PeerTube, since we're on the Fediverse and probably wanting to avoid Google.

https://spectra.video/w/2SRf76FVKRfLuaaSMvbJR7

load more comments (1 replies)
[–] [email protected] 57 points 1 year ago (1 children)

Here is an alternative Piped link(s): https://piped.video/watch?v=NLaePqv5Sec

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

load more comments (1 replies)
[–] [email protected] 45 points 1 year ago (11 children)
[–] [email protected] 115 points 1 year ago* (last edited 1 year ago) (3 children)

It's basically all the bad things that tech writers have already warned about, except shit just got real. Google is actually shipping WEI in Chrome and large important sites and services are no longer working except in Chrome and with Goggle's blessing.

The author makes a very good comparison with Android, where you need a locked-down device and Google Services installed to be able to use Netflix, or your bank's services.

The rest of the article dives into what WEI claims to achieve vs what it's actually doing, and who it really benefits. Good read if you're still unclear about that.

[–] [email protected] 34 points 1 year ago* (last edited 1 year ago) (6 children)

Who’s already using this thing? I know Google ships it, but is anyone checking it yet

[–] [email protected] 22 points 1 year ago (7 children)

It's good odds that banks and streaming services are scrambling to implement it as we speak. You know they are. DRM is the perpetual wet dream for the music & film industry and for streaming services. And banks are paranoid as a matter of course.

It's going to be very hard to say no, especially since they can say "but Chrome is working on all platforms, nobody's pushing you out of anything". Will you drop stream subscriptions? Everybody loves to say they'll drop Netflix "as soon as they push me one more time", but what about a service you actually like? And what about banks, are those as easy to switch?

I've been through this for years now with Android and SafetyNet and it's a lot of hoops to have to jump through to stop being considered a second class user on your own device. It's going to suck extra bad when it comes to PC.

As for Google services themselves, I'm very curious to see in what order and how they choose to make WEI mandatory. Maybe not for Search and Gmail, at first, but what about accessing your Google Account, surely that must be secured? And YouTube of course, that's got DRM written all over it.

load more comments (7 replies)
load more comments (5 replies)
[–] [email protected] 17 points 1 year ago (2 children)

Google is actually shipping WEI in Chrome

Is this confirmed? Last I saw, it was still a proposal on github.

[–] [email protected] 36 points 1 year ago (3 children)

They ignored the objections to the proposal, pushed it directly into their tree and it's already live. I've had the prompt to enable it just today.

[–] [email protected] 18 points 1 year ago (4 children)
load more comments (4 replies)
load more comments (2 replies)
load more comments (1 replies)
load more comments (1 replies)
[–] BrianTheeBiscuiteer 44 points 1 year ago (1 children)

I was multitasking while watching but I'm pretty sure this is the idea.

Googles "web DRM" makes it impossible (or extremely difficult) to lie to a website about your browser, operating system, and whether or not you're human (or a bot). Websites can then use this info to deny access if they decide not to trust any of the info given.

This could easily be used to suppress the use of open source software which is probably why so many FOSS projects and foundations oppose it.

[–] [email protected] 27 points 1 year ago* (last edited 1 year ago) (4 children)

It doesn’t prove you’re not a bot though, only that the request is coming from a ‘genuine device’. You just need to pipe your malicious requests through a ‘real browser’ to get them approved and you’re set.

load more comments (4 replies)
[–] [email protected] 32 points 1 year ago

DRM in your web browser to forcibly require you to be running an "approved" browser (ie.: Chrome) in an "approved" configuration (ie.: no ad blockers) to load certain websites, and probably all major websites.

load more comments (8 replies)
[–] ieightpi 44 points 1 year ago* (last edited 1 year ago)

If this isn't a reason to trust bust Google, I don't know what is.

[–] [email protected] 35 points 1 year ago (2 children)

So the old Internet we knew is dead, time for Internet 2.0?

[–] [email protected] 22 points 1 year ago* (last edited 1 year ago) (1 children)

Technically, this is web ~~3 or 3.5~~ 4 or 4.5

This has happened before.

[–] goldfishmotorcycle 18 points 1 year ago* (last edited 1 year ago) (1 children)

Web3 must be around ten years ago by now. I had laptop stickers.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 27 points 1 year ago* (last edited 1 year ago) (14 children)

That was quick (Google integrating it). But of course it was...

About time I finally switch (back) to Firefox then. Have been using Vivaldi, but the only real solution is to move to a non-Chromium browser.

load more comments (14 replies)
[–] Zarxrax 25 points 1 year ago

This video is a really good explanation of why this is a horrible thing for the web.

Based on the post title, I was expecting some new revelation here, but it basically just explains everything that we already knew.

[–] flop_leash_973 25 points 1 year ago* (last edited 1 year ago) (1 children)

Sadly the only real move the average person has to play in all of this is if they do this, refuse to use any site that blocks access or extensions based on it.

Go back to paying your property tax with checks, etc if you have to. But the only way to deal with these companies is being willing to go to whatever lengths are required to avoid using their products and services.

Which is of course way easier to say than do.

[–] nomadjoanne 14 points 1 year ago

Abandon Chrome and Chromium en masse and this will go away. But normies suck.

[–] SparkyLight 22 points 1 year ago (3 children)

i don't quite get why can't the attester just.. lie.. about who he is like if I'm using firefox on linux, why cant my linux attester claim to be actually windows attester and say I'm using chrome?

[–] [email protected] 22 points 1 year ago (4 children)

I am not an expert, but it's likely signed and cryptographically secured. Change a single byte in the be Browser executable and your browser goes on the naughty list. This is total lockdown of the browser, and in principle you can extend certification of both software and hardware all the way down through the OS into the hardware.

load more comments (4 replies)
[–] chaospatterns 19 points 1 year ago

Attestation depends on a few things:

  1. The website has to choose to trust a given attestation provider. If Open Source Browser Attestation Provider X is known for freely handing out attestations then websites will just ignore them
  2. The browser's self-attestation. This is tricky part to implement. I haven't looked at the WEI spec to see how this works, but ultimately it depends on code running on your machine identifying when it's been modified. In theory, you can modify the browser however you want, but it's likely that this code will be thoroughly obfuscated and regularly changing to make it hard to reverse engineer. In addition, there are CPU level systems like Intel SGX that provide secure enclaves to run code and a remote entity can verify that the code that ran in SGX was the same code that the remote entity intended to run.

If you're on iOS or Android, there's already strong OS level protections that a browser attestation can plugin to (like SafetyNet.)

[–] Dark_Arc 15 points 1 year ago* (last edited 1 year ago) (2 children)

~~Web~~Chain of trust, the site only trusts certain attesters (yes this would be really bad for Linux).

EDIT: Used the wrong "of trust"

load more comments (2 replies)
[–] [email protected] 20 points 1 year ago (3 children)
load more comments (3 replies)
[–] [email protected] 18 points 1 year ago

We had the dominance of Microsoft with IE back in the day. They made sure that the web was being kept back. Google is doing the same now, even though people have been shouting that they'd never do that. Here we are..

load more comments
view more: next ›