Google proposes turning browsers into DRM software for the web | Ending AD Blocking for all browsers

[WolframaticAlpha]

17 hours ago, Donut417 said:

No. Time to dust off the Sherman Anti Trust Laws and pull out the fucking hammer they used on the Ma Bell and break Alphabet up. Along with all the cable and phone providers. 

At this point, I wouldn't be against a law that autobreaks up companies when their market cap exceeds 200 billion dollars. google meta ms apple amazon etc are all cancerous growths at this point, actively fighting to erode the few rights customers have left.

16 hours ago, Kisai said:

Gee, if only there was a competing web browser that wasn't developed by an ad company.

I have actively stopped using chrome, and am trying to swear off chromium based ones as well since the manifest v3 garbage. Firefox, librewolf and safari are all pretty good.

 

[Beerzerker]

27 minutes ago, Kisai said:

That is how *most* websites would prefer it to work, but advertisers do not want it to work this way because they don't get tracking data.

 

Like there is at least 20+ years of data on how people like/hate ads and countermeasures taken against them.

 

Remember popups? Remember why web browsers started implementing popup blockers? Because sites would spawn countless popups chained together. And this still happens, now only they are pop-unders and "clone and close" (where it spawns your current page in a new tab, spawns an ad in the old tab and then closes it so your history is unable to figure out what to block.)

 

At any rate, I hate what ads have become. When ads were just single 468x60 banners on 1024x768 screens they were non-intrusive, and an individual could earn $100 a week just from leaving banners on their computer running when they do other stuff. (That's how "free computer" things worked late 90's/early 2000's)

 

Now, you're lucky if you even get 1$. 

 

Like if it were possible to regulate ads, it would be "one ad, self-served, self-curated, per page, no exceptions."

You have to be kidding yourself that someone is willing to open more than one site linked from an ad. Dilution of the value of ads by providing so much low quality inventory.

 

As I've told my clients. If you are offered less than 0.50CPM, refuse and fill it with your own stuff, cause it ain't ever worth the effort, because that's the threshold where advertisers dump the lowest quality ads on your site.

 

Facebook is just as bad and even lie about it when you see the message "You'll never see this ad again" because it will appear once again at some point.

And the thing about "Ad Choices" is from a really shitty standup comedy routine... Has to be.
They already know what our choice would be so that choice isn't there to choose, they made damned sure of it. 

We get bombarded everyday with ads on the radio, TV, the web and everywhere else they can stick an ad or a sign, poster or whatever else they come up with.
I get it that ads CAN help a business but it's also gone waaaay "Beyond overboard" these days in how they do it, this along with all the rest being proof of it.

Does anyone recall the opening of the very first "SAO Abridged" video?
That summed it up quite well.

[Quackers101]

have we not heard this since 5 years ago or so?

Think there was an old thread here too, around google's push for their "Manifest V3".
That mozilla kinda had their own "solution" if one could call it that, although stuff would break if everything would go under that new system, I guess.

[RejZoR]

Totally no one has seen this one coming. It's not like whole purpose of Chrome's existence is for Google to tailor web according to THEM. It's not because they are such good fellas, it's because this is their long end game. Hook everyone on their browser, set their own standards, destroy competition and then fuck everyone over with their BS.

[divito]

5 hours ago, Sauron said:

It's called enshittification

 

[Donut417]

3 hours ago, WolframaticAlpha said:

safari

I wish Apple would offer it on WIndows. Because I use it on my Mac. 

[AlTech]

2 hours ago, Quackers101 said:

have we not heard this since 5 years ago or so?

Think there was an old thread here too, around google's push for their "Manifest V3".
That mozilla kinda had their own "solution" if one could call it that, although stuff would break if everything would go under that new system, I guess.

This is separate and is in addition to Manifest V3.

 

Manifest V3 has no effect on Firefox (ignores the limits in V3) and Brave (has AD blocking built in to the browser).

 

This content has the potential to affect all browsers.

[grg994]

18 hours ago, divito said:

 

Here you go: https://12ft.io/proxy?q=https%3A%2F%2Fwww.wired.com%2Fstory%2Ftiktok-platforms-cory-doctorow%2F

 

(Save this site: https://12ft.io/ )

[divito]

5 hours ago, grg994 said:

Here you go: https://12ft.io/proxy?q=https%3A%2F%2Fwww.wired.com%2Fstory%2Ftiktok-platforms-cory-doctorow%2F

 

(Save this site: https://12ft.io/ )

No big deal, I just turned off Javascript and read it. But will keep that site in mind.

[Senzelian]

On 7/23/2023 at 2:07 AM, AlTech said:

If you continue to use Chrome despite all of these monstrous and truly heinous and cruel things google has plans for: then you deserve the future of the internet Google has in store for you.

But things sync so nicely with Chrome and Android 

[williamcll]

On 7/23/2023 at 8:07 AM, AlTech said:

For Android, running a rooted device will provide a value indicating it is not verified.

This sounds like a skill issue on your end for not setting up root hiding. I have all my bank apps running alongside magisk and LSPosed

[jagdtigger]

2 hours ago, williamcll said:

This sounds like a skill issue on your end for not setting up root hiding. I have all my bank apps running alongside magisk and LSPosed

Also the whole " rooted devices are insecure" smear campaign is just pure BS.....

Edited July 25, 2023 by jagdtigger

[StDragon]

8 hours ago, jagdtigger said:

Also the whole " rooted devices are insecure" smear campaign is just pure BS.....

From the preview of hardware attestation, a rooted phone is not trust-worthy; hence "insecure".

So while you may know your rooted device is secure, you as the end-user isn't qualified to certify as being hygienic.

[Kisai]

9 hours ago, jagdtigger said:

Also the whole " rooted devices are insecure" smear campaign is just pure BS.....

This is the same line of reasoning people don't get vaccines. "I know better"

 

Nonsense.

 

I get what Google wants to do, but "the web" was not built for trust, and was undermined from the very beginning when export controls on encryption were intentionally poor. Google has undermined us all with every feature they add to chrome that doesn't actually do anything but protect them. SSL everywhere? That was to "protect us" but really it was to protect "them", and resulted in the loss of being able to use the "secure" connection as a point of trust, because now every malware site could get a free SSL cert too. Whoopsie. Didn't think that through did you google?

 

So what makes google think device DRM in the web browser is going to not do the same thing? A rooted device is still an insecure device, and people are going to undermine it anyway, so now it will just be Apple devices that can be trusted. Whoopsiedoodle. Android, completely untrustworthy, even if the device is stock, because we can't rely on Google or Samsung, or any Chinese-market vendor to not have insecure tools on the device.

 

The irony is that the web is dead, and has been dead since 2014. Either you use the "app" or you get the crappy version of the service delivered through the website, full of ads and other internet detritus.

 

Facebook would rather you not visit anything outside their walled garden, and the same is true of all social media. "You come here, you're safe with us, let us feed off your personal data and viewing habits while we offer you this free experience."

 

[jagdtigger]

7 hours ago, StDragon said:

From the preview of hardware attestation, a rooted phone is not trust-worthy; hence "insecure".

 

6 hours ago, Kisai said:

This is the same line of reasoning people don't get vaccines. "I know better"

So according to your flawed reasoning no server/desktop os is trustworty because every single one of them offers admin/root access...............

[Kisai]

28 minutes ago, jagdtigger said:

 

So according to your flawed reasoning no server/desktop os is trustworty because every single one of them offers admin/root access...............

Your end-users do not use the admin access, and it's also considered bad security practice to login as root, AND even worse security practice to run software with elevated credentials.

 

The only stupid software that ever asks for elevated credentials is DRM software. Somehow, allowing chrome root access to your device so it can ensure your device isn't JB seems like a bad idea doesn't it?

[jagdtigger]

1 hour ago, Kisai said:

Your end-users do not use the admin access

Put that goalpost back where you found it, by default every single normal OS creates the first user to have access to admin rights (elevate privileges) if need be. And subsequently created users can also be configured to have it as well. But for some reason those arent considered as insecure. Even though there is 0 difference between those and an android image having the sudo(in androids case its an app but basically the same functionality) access, in other words the option to elevate restored.....

/EDIT
Oh yeah, did i mention that without root access you cant even check for things like malware for example?

[thevictor390]

7 hours ago, Kisai said:

Your end-users do not use the admin access, and it's also considered bad security practice to login as root, AND even worse security practice to run software with elevated credentials.

 

The only stupid software that ever asks for elevated credentials is DRM software. Somehow, allowing chrome root access to your device so it can ensure your device isn't JB seems like a bad idea doesn't it?

That's not what a phone being "rooted" means. It's not that the current logged in user has root access. It's that root access is available to the owner of the device at all.

Every computer you buy is "rooted" out of the box, in this sense. 

[grg994]

15 hours ago, Kisai said:

SSL everywhere? That was to "protect us" but really it was to protect "them", and resulted in the loss of being able to use the "secure" connection as a point of trust, because now every malware site could get a free SSL cert too. Whoopsie. Didn't think that through did you google?

You are sooooo mistaken here by saying ill things of SSL/TLS or HTTPS.

 

If let's say a client visits https://example.org, then SSL/TLS was never meant to provide any form of trust about whether example.org website is controlled by good or bad people. TLS by design "only" provides the trust that the end-to-end encrypted connection that the client established has example.org on the other end. This has always been the one and only design goal: https://datatracker.ietf.org/doc/html/rfc8446#section-1

 

With other words when a certificate authority signs the SSL/TLS certificate of example.org it only validates that the owner of the certificate has the ownership and control over the example.org origin ("domain"). Certificate authorities do not assess if the owner is up to good or bad with the domain. That was never a design goal.

 

Google and big tech in general has little the do with the mass shift of websites form HTTP to HTTPS in the middle of 2010s ("SSL everywhere"). The biggest motive for that were the Edward Snowden documents, along with problems with public WIFIs and sometimes ISPs spying on and modifying plain HTTP traffic.

 

The largest free SSL/TLS certificate authority: Let's Encrypt (https://en.wikipedia.org/wiki/Let's_Encrypt#History) was a project by Mozilla and the Electronic Frontier Foundation, big tech firms only join later when users started panicking due to the NSA mass surveillance scandal.

 

You are right that some users (and maybe you too?) have a misconceptions that browser saying "secure by SSL/TLS or HTTPS" means that the website is certified to have no bad intentions. This is false.

 

Browser vendors could do better explaining this to people, but browsers pushing HTTPS ("SSL everywhere"), and the founding of free SSL/TLS certificate authorities were not born of ill intentions at all.

[Jerakl]

On 7/23/2023 at 11:44 AM, Sauron said:

It's called enshittification

The principle of making something cool and then letting business bros muscle their way in to ruin it via monetization lmao

I didn't really know someone else had coined a term for it

[grg994]

I finally read the full source of this scandalous idea by Google: https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

 

It only talks about the Webclient - Browser and the Attester - Webserver interactions. There is nothing about the planned Attester - Browser interaction which would be the most important and concerning. We gonna have to come back to this if there is something published about that side of this unholy machinery.

 

(EDIT: others have no idea either. There is a issue dedicated to speculating about the Attesters way of working here: https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/44)

 

Nevertheless I am very disturbed because I cannot imagine this whole idea achieving its goals, unless the attester is allowed to read and scan the memory address space of the browser processes (anti-cheat-style), but that is just completely and absolutely nuts. It gives me shivers just thinking about it.

[Alkaid]

Doesn't Google know why people using AD blocker? People just don't like ads. I think Google should explore alternative ways of making money instead of making more ads.

[CarlBar]

On 7/26/2023 at 6:59 PM, grg994 said:

Nevertheless I am very disturbed because I cannot imagine this whole idea achieving its goals, unless the attester is allowed to read and scan the memory address space of the browser processes (anti-cheat-style), but that is just completely and absolutely nuts. It gives me shivers just thinking about it.

 

I don't pretend to understand all the technical details your talking about here, but the memory scan stood out as somthing i got that was a big red flag on this going anywhere. it sounds even less likely for the idea to fly as i can't see corporate networks giving their humble browsers that level of access, and if MS feels threatened in any way by google due to this they could just go "nope windows won't allow this lol" and completely kill it dead. 

[Erebuxy]

On 7/23/2023 at 2:14 AM, Kisai said:

Gee, if only there was a competing web browser that wasn't developed by an ad company.

This is exactly what happens, when a significant portion of the web is paid by ad companies.

 

On 7/28/2023 at 9:22 AM, Alkaid said:

Doesn't Google know why people using AD blocker? People just don't like ads. I think Google should explore alternative ways of making money instead of making more ads.

You know what average people hate more than ads? Subscription service! That is why Luke believes a lot of web services are just not sustainable. 

If Google implement this as a browser feature, open source the standard and it is up for the website admin to opt in, I don't see a good anti-competitive case out of this.

[Kisai]

9 hours ago, Erebuxy said:

This is exactly what happens, when a significant portion of the web is paid by ad companies.

 

Because people don't pay for stuff if they don't have to? Like look at what torrents are.

 

9 hours ago, Erebuxy said:

You know what average people hate more than ads? Subscription service! That is why Luke believes a lot of web services are just not sustainable. 

If Google implement this as a browser feature, open source the standard and it is up for the website admin to opt in, I don't see a good anti-competitive case out of this.

 

Nah, what's going to happen is "big media" is going to pull the linux rug out from under everyone again. No more websites working on Linux, No GPL-compliant DRM.

 

Like that is half the up-hill battle to begin with. Linux is not only playing second fiddle to MacOS in everything but low-end server hardware, it's also politically motivated to not support DRM by not supporting firmware blobs. That means that many vendors are just gonna do what they've always done and lockout people, spitefully, because they know end users are going to spitefully steal content.

 

Does anyone see the big picture here? No. Here's the truth. DRM is a sham. If you want people to pay for things, then make it good, and crowdfund the production. No funding? Then it's bad, or you simply suck at it. Hollywood, the music industry and so forth, want to make boatloads of cash while they pay as few talents as possible. How to do that? Make it obscenely difficult for you to enjoy the content you have, as well as everyone elses's content because they have to pay into the DRM scheme they control. Apple got it right the first time with iTunes, and should simply have stuck to their guns.