Google’s plan is that, during a webpage transaction, the web server could require you to pass an “environment attestation” test before you get any data. At this point your browser would contact a “third-party” attestation server, and you would need to pass some kind of test. If you passed, you would get a signed “IntegrityToken” that verifies your environment is unmodified and points to the content you wanted unlocked. You bring this back to the web server, and if the server trusts the attestation company, you get the content unlocked and finally get a response with the data you wanted.
The web mercilessly mocked this idiotic proposal over the weekend, and rightfully so. This is an unadulterated, transparent attempt at locking down the web with DRM-like nonsense just to serve more targeted ads that you can’t block. This must not make its way into any browser or onto any server in any way, shape, or form. The less attention we give to this drivel, the better.
This is what Tiviization looks like when applied to open web technologies. 🙁
Are you sure? If nobody’s paying attention and actively protesting it, it may make it’s way into the dominant browser. Once the majority of the user base are running it, google will start cranking the knobs to force more users to be authenticated by the DRM to use sites like youtube and maybe even encourage adsense websites to enable DRM as well.
Who knows how far this would go, but it opens up a lot of concerning possibilities for increased google control IMHO.
This is why it’s a bad idea to have a company like Google have such a large market share in the browser market: They can implement unofficial extensions to the official W3C standards that serve their interests (while being detrimental to the interests of users) and then every other browser vendor faces pressure to play along or be locked out.
This is why it’s sad to see Firefox have such a low browser market share: It’s a fine browser (even if you think pre-Quantum Firefox sucked, that was years ago, the current versions are good), but it doesn’t matter, people will choose Chrome because it comes pre-installed in Android and they want to sync bookmarks, history, and the like between desktop and smartphone.
Ironically, Safari (Apple) is our only hope to keep Google’s EEE strategy for W3C standards in check, since it’s the only browser that brings enough critical mass of users not having the latest unofficial Google extension to the table.
Even Firefox can sync bookmarks and such. I like my browsers fresh though.
If adblockers become btoken, I will be freed from being addicted to being online finally, as the internet is full on unusable with so many ads.
Firefox can sync bookmarks and such and in fact does it better than Chrome (Chrome forces you to use a Google account and makes it the default for every Google property you visit, Firefox just needs an email address).
Problem is, average users use Chrome because their Android phone already has it and want the same on the desktop. The other big browser is… Safari, which is the pre-installed browser on iOS and MacOS.
One of the committer’s responses can be found here
https://blog.yoav.ws/posts/web_platform_change_you_do_not_like/
The best part I think is
“… it’s not uncommon to see issues with dozens or even hundreds of comments from presumably well-intentioned folks, trying to influence the team working on the feature to change their minds.
In the many years I’ve been working on the web platform, I’ve yet to see this work. Not even once.”
Doesn’t inspire much confidence that things will change.
Step 1: Gain critical market share. Absorb former competitors (Opera, Edge) by getting them to use your engine.
Step 2: Castrate adblockers and extensions (dropping Manifest v2)
Step 3: Create DRM for the web (so that ads can’t be blocked anymore)
Step 4: Create a warning when websites don’t require DRM (similar to the warning you get today for a plain HTTP site).
The long game: only approved browsers (Chrome, Edge) on approved devices (unrooted Android with Play Services, iOS, macOS, Windows 11 with TPM and Secure Boot) are allowed to go online where they can view approved websites (ad-friendly content, mandatory DRM, all content and opinions approved by Google & Government).
Maybe add a mandatory online ID secured by something like Worldcoin to the mix.
…in a nutshell
The intention is to have a web like the TV screen on that Idiocracy movie… just to start with.
AAAAAAAAAaaaaaand…
…it’s already implemented in chromium:
https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd
Yeah. Naturally someone will fork it and create a browser without those patches. The issue there is that browsers lacking this API will automatically fail attestation. And browsers that fail attestation could face new content and/or feature restrictions in the future.
Assuming major websites actually start using this API to block modified browsers (not a given, but technically possible given the scope of google’s monopoly), then all browsers will feel the pressure to implement the API or else face inferior treatment online.
At this point once the API itself is normalized, the fight will have shifted from whether to have the API or not to trying to generate fake attestations. This leads us to the cat and mouse fights that we see with DRM in games and software. Unlike most of those developers though, google have god access in the kernel, which they could exploit to make their browser DRM extremely robust against userspace hacks/mods. On windows they could do the same with windows kernel drivers.
This assumes google are determined to back browser integrity to it’s natural conclusion, but then again, maybe google will have a change of heart and none of this will happen.
“google have god access in the kernel”. I meant to say on android devices.
We tend to get to something like the movie Idiocracy, where we will be inundated with advertisements, paywalls, subscription plans, rampant data collection, and more ads to access the most mundane content, be it a video or even email.
What will once and for all put an end to the fun of using the web, will be the end of organic things, from content to interactions.
Aggressive dominance by advertisers and data miners, lack of effective regulation, and planned DRM in the form of a “protocol or distorted implementation of some W3C standard” is what will prevent us from using “independent browsers” on most websites because we “it’s not not certified or supported anymore”, due to not-standard anti track features, adblocks, maybe even VPNs.
And all of that will be on account of four or five media and technology conglomerates.