And since you won't be able to modify web pages, it will also mean the end of customization, either for looks (ie. DarkReader, Stylus), conveniance (ie. Tampermonkey) or accessibility.
One comment mentions possible incompability with article 22 of the GDPR, and I sure hope the EU will stand their ground on this.
I can only imagine noyb letting all hell break loose. We need more people like him, dissecting corporations legal bs to find every last little thing we can possibly hold against them.
This is the result of the world blindly using Chrome and other Chromium based browsers. Now with effectively full control over the browser that more than 90% of the world uses Google can force its will on the internet
I would stop visiting any website that implements this. Simple as that. I will step away (will try at least) from any system that doesn't respect my privacy or myself.
Like I ditched Facebook, Reddit and others.
Ben Wiser (Google)
Borbala Benko (Google)
Philipp Pfeiffenberger (Google)
Sergey Kataev (Google)
Congratulations, guys. You are now internet pariahs. Your unrepentantly mercenary lack of engineering ethics is now recorded for all eternity. You have nobody but yourselves to blame.
That's a good way for me to never visit your website again. Honestly, this kinda sounds like the death of the internet if I'm being honest. This would transform it from a free medium into a full blown corporate dystopia. It's really scary to see the digital (corporate) development over the past couple decades. Would be really cool if we don't move further towards some cyberpunk like future where megacorps control everything.
And they went ahead and blocked comments now - "An owner of this repository has limited the ability to comment to users that have contributed to this repository in the past."
Fucking cowards
EDIT: I went ahead and reported the distro as malware. Also, it feels like the internet is about to split in a open internet (basically just like tor) and a corporate internet where if you don't pay the big tech you can't access anything.
I quit playing games because of all the greed and hype, I went back to piracy when streaming started to fracture and greed set in, I left non-federated social media because of the enshittifaction and invasiveness, and I go to fairly extensive lengths to block ads and protect my privacy as much as possible...
And instead of moving to any number of fair, non-exploitive business models, they're just going to force ads down my throat like that episode of black mirror.
If this goes through I'll be sorely tempted to wipe everything I can and start over as best I can. Only interact with the Internet when I need to.
You'll find me paying cash at the local used bookstore, at least until all the major publishers make that illegal.
EDIT: It's honestly depressing, I genuinely enjoy technology and the internet, but when companies like Google are able to force garbage like this it just sucks all the joy out of it for me.
It's like everying is becoming a shitty mobile game. Do the toolsheds that develop Candy Crush clones not think we can understand why in app currencies are sold in bundles of 100 but every thing we purchase with them requires amounts that end with a five? Does Google not think we know the real motivation behind a system that strives to prove ads were delivered to your browser either?
I know a lot of people may not see the real driver here, but I'm tired of being underestimated and infantalized by a bunch of dorks trapped in a corporate echo chamber. I think I'd prefer it if they just straight up said they're going to sacrifice our privacy and user experience for a quick bump in stock value.
Just this week or was it last week, I made a comment on some post that putting privacy aside, we should still be encouraging people to use Firefox instead of any chromium browsers to break control. It is good to see that right now I am just given a very good example why Chromium being a monopoly allows Google to control the spec (even if other companies are on board)
This is exactly the kind of thing that demostrates why DRM shouldn't be part of the web standards. It's very existence is abuse and this use even more so.
It doesn't seem to be targeting ad-blockers in particular (or other page customizing extensions), although that may result eventually. What it does do is let webpages restrict what web browsers and operating systems you are allowed to use, just like how SafetyNet on Android lets apps restrict you to using an OS signed by Google. That could end up with web pages forcing you to use a web browser and OS the big players like Google, Microsoft and Apple, blocking any less restrictive or less used competors like Firefox and Linux, thus creating a cryptographically enforced oligopoly. And even if they signed e.g. Firefox, it would only be certain builds of it. That would make it impossible to make a truly open-source browser that can access pages using this API. Quite concerning.
This is super fucked up. I use Stylus extensively to customize the UI on so many sites. Not even for adblocking or that kind of thing, but for accessibility. I actually learned to code many years ago specifically so I could write my own userstyles so that popular websites would be more accessible for me. This is not just predatory on an ads and money level but on an accessibility level too.
Having thought about it for a bit, it's possible for this proposal to be abused by authoritarian governments.
Suppose a government—say, Wadiya—mandated that all websites allowed on the Wadiyan Internet must ensure that visitors are using a list of verified browsers. This list is provided by the Wadiyan government, and includes: Wadiya On-Line, Wadiya Explorer, and WadiyaScape Navigator. All three of those browsers are developed in cooperation with the Wadiyan government.
Each of those browsers also happen to send a list of visited URLs to a Wadiyan government agency, and routinely scan the hard drive for material deemed "anti-social."
Because the attestations are cryptographically verified, citizens would not be able to fake the browser environment. They couldn't just download Firefox and install an extension to pretend to be Wadiya Explorer; they would actually have to install the spyware browser to be able to browse websites available on the Wadiyan Internet.
I hate the fact that one of the biggest and richest corporations in the world, is just a massive ad spamming dumpster fire. Imagine the good a powerful company like this could do, if 90% of their effort wasn't put into cramming ever more ads into people's eyeballs.
I literally swapped to Librewolf before the Rossman video was done. I was on Brave Browser before, but it's based on Chromium. Fuck Chromium and fuck Google. Fuck this shitty amoeba that tries to spread into and control everything.
I will post stupid shit on my de federated forum and you will fucking live with it Google. Fuck you. Burn. It's time to break up the internet monopolies and do some trust busting. Someone pull FDR's rotten corpse out of the grave and put it back to work.
Big fan of the "how dare you don't use professional language" vibe coming from the folks clinically discussing how to ruin what little remains of the open web.
I hope Louis Rossmann catches wind of this - the more people know about this, the better chance we have at stopping this unnecessary "WEI" spec.
If an company wants a trusted environment for their code to execute in, they should be asking themselves why they're not running that code in an app, or better yet - on their own servers
Can someone give me an easy to understand example of what they are proposing? Assume that I don’t allow them to install any software/tool that helps them track me/my device.
I saw this comment and found it helpful but its still not clear to me
At its core, it establishes software components called "attesters" that decide whether your device and/or browser is "trustworthy" enough - as defined by the website you are trying to visit. Websites can enforce which "attesters" users must accept, simply by denying everybody access who refuses to bow down to this regime; or who uses attesters that are deemed "inappropriate"; or who is on a platform that does not provide any attesters the website finds "acceptable".
In short: it is specifically designed to destroy the open web by denying you the right to use whatever browser you want to use, on whatever operating system. It is next-level "DRM", introduced by affiliates of a company that already has monopolized the browser market. And the creators of this "proposal" absolutely know what they are attempting here.
Non-goals [...] Enforce or interfere with browser functionality, including plugins and extensions. [...]
But guys they gave their pinky promise it's totally fine
let's just allow them to irreversibly make this change so that there is nothing preventing them from applying this totally Non-Goals in the future what could happen
Well I won't visit a site that is full of ads now without an ad blocker, so why would the fact that o can't block the ads change my mind. As soon as a site blocks content for having an ad blocker or immediately starts popping up tons of stuff that's nearly impossible to close, I leave.
Companies like google should really not have so much power. I have stopped using chrome 1 year ago, and i am thinking about switching to a browser that doesn´t use chromium.
why are they trying to restrict and control the internet? on the plus side I guess I'll go outside more, touch grass, forget this crap exists and enjoy other facets of life. It's just sad to see it be transformed into this pile of crap.
Before everyone starts complaining, remember:
This is for the ads. There are millions of starving ads on the internet right now. For just a click and load a day on every ad you see you too can help a billion dollar company survive.
Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it. This trust is the backbone of the open internet, critical for the safety of user data and for the sustainability of the website’s business.
Jesus christ just the introduction paragraph is a load of horseshit. Actually bold faced lies. Users depend on websites trusting the client? In what fucking world are websites trusting the client??? Literally the only case is the media DRM that should have never been part of the web in the first place.
Create a browser that creates a live 4K video stream of any visited page then uses AI to identify ads on the page and cover them with a solid matching the pages color.
This seems so ridiculous. I'm coming from a privacy perspective. I'm using a number of extensions that block as many trackers as possible. Now I may have to give that up just so someone can "attest" to my identity. I'll have to forgo my privacy, otherwise I can't use the web.
However, while it does add a layer of annoyance that'll mess things up for most, like any DRM, it fundamentally is unsound and will get cracked. Us good people have a big incentive to do so here. Reading the spec, it still relies on a trusted party (expected to be the OS) and, unlike ie. games consoles, we already have admin access to that party from the get go.
Where it could be a problem is mobile phones. They could target browsers that support ad blocking and you'd probably need to root the phone to get past that.
I remember watching Chrome fill up long lists of ??? in the task manager, back when I still used Windows and Chrome on an old Laptop. Both CPU and RAM were working at their utmost and that shit blocked everything.
I find it hard to see how they could protect content from ad blockers without also crippling pages that self modify their own content. Perhaps they could put headers akin to content security policy that forbids external modification. Assuming a browser were to honour that header I could see bad publicity and a lot of people just moving to another browser which doesn't. Additionally, ad blockers aren't the only things that modify pages - breaking accessibility add ons could be more negative publicity (just like with Reddit).
I think browsers would be best off to let websites develop countermeasures if they're so sore about ad blockers. Perhaps they could use "self healing" Javascript libraries that put back content which is removed. Or they could just refuse to work if they detect an ad blocker, e.g. they stick some canaries in the DOM or along blocked paths to see if an ad blocker is present.
Can someone explain how the server is going to know whether or not the client browser is showing the ad? A stealthy browser would say, "hey yeah send that ad so I can render it to the user" and the server says, "yeah ok" and then <doesntRenderAdOnClientDevice>. How is the server going to know whether the ad is displayed or not? Don't current gen adblockers not even retrieve the asset? If the asset was retrieved but not displayed, how (if even) can this be monitored?
I don't get how they want make those attesters trustworthy. Any attester is installed on a user device, so its "private" key used for verdict signing can be retrieved by a bot author and used to make fake verdicts. Disregarding ethics of the proposal, it just won't work in real world.
lol as the "adblocking addicts" quality shitpost. Even bigger lol at Google's dipshittery for even thinking this was a remotely good idea in the first place.
I hate the fact that one of the biggest and richest corporations in the world, is just a massive ad spamming dumpster fire. Imagine the good a powerful company like this could do, if 90% of their effort wasn't put into cramming ever more ads into people's eyeballs.
They aren't proposing a way for browsers to DRM page contents and prevent modifications from extensions. This proposal is for an API that allows for details of the browser environment to be shared and cryptographically verified. Think of it like how Android apps have a framework to check that a device is not rooted, except it will also tell you more details like what flavor of OS is being used.
Is it a pointless proposal that will hurt the open web more than it will help? Yes.
Could it be used to enforce DRM? Also, yes. A server could refuse to provide protected content to unverified browsers or browsers running under an environment they don't trust (e.g. Linux).
Does it aim to destroy extensions and adblockers? No.
Straight from the page itself:
Non-goals:
...
Enforce or interfere with browser functionality, including plugins and extensions.
Edit: To elaborate on the consequences of the proposal...
Could it be used to prevent ad blocking? Yes. There are two hypothetical ways this could hurt adblock extensions:
As part of the browser "environment" data, the browser could opt to send details about whether built-in ad-block is enabled, any ad-block extensions are enabled, or even if there are any extensions installed at all.
Knowing this data and trusting it's not fake, a website could choose to refuse to serve contents to browsers that have extensions or ad blocking software.
This could lead to a walled-garden web. Browsers that don't support the standard, or minority usage browsers could be prevented from accessing content.
Websites could then require that users visit from a browser that doesn't support adblock extensions.
I'm not saying the proposal is harmless and should be implemented. It has consequences that will hurt both users and adblockers, but it shouldn't be sensationalized to "Google wants to add DRM to web pages".
Edit 2: Most of the recent feedback on the GitHub issues seems to be lacking in feedback on the proposal itself, but here's some good ones that bring up excellent concerns:
If this is about blocking ads, how will this stop people using DNS based ad blocking? Been using control d for awhile and it's been great. Use their DNS on my router and every device in my house is ad free.
Pi holes could still circumvent this, no? At a high level you'd need a computer to load a page, strip all the garbage, and forward the remaining page to the client. Any drm keys could be retained I would expect?
web env. integrity is not as bad as people make it out to be.
yeah I absolutely agree that it's terrible and also a bad idea (we don't need MORE drm in our browsers, I'm looking at you, Widevine (although firefox worked around it by running drm in an isolated container)), but it's main purpose is to detect automated requests and effectively block web scraping with a drm system (it ensures two things: your useragent can be trusted and you're a real non-automated user), NOT detect ad blockers. It doesn't prevent web pages from being modified like some people are saying.
there's a lot of misleading information about the api as it doesn't "verify integrity" of the web page/DOM itself.
it works by creating a token that a server can verify, for example when a user creates a new post. If the token is invalid, server may reject your attempt to do an action you're trying to perform. (this will probably just lead to a forced captcha in browsers that don't support it...)
Also, here's a solution: Just don't use Chrome or any Chromium-based browsers.
I hate the fact that one of the biggest and richest corporations in the world, is just a massive ad spamming dumpster fire. Imagine the good a powerful company like this could do, if 90% of their effort wasn't put into cramming ever more ads into people's eyeballs.
You know how nearly every browser is now based on chromium? And firefox when its not chromium, and even forefox adopted the extension limitations of chrome? Well I hear Duckduckgo's new browser something new finally instead of based off an existing browser.
It doesn't have extensions yet but those are coming and adblock is baked in.
Ed: my 1st downvotes of my time on the fediverse. <3 you to folks.
you misunderstood it tbh.
it's supposed to be used as a way to skip bot verification if the requests are signed by a drm system which includes your unique id (coming from google account or google play id), and one of the goals of the actual proposal is keeping existing extension working AND keeping web pages working without drm.
of course i don't want any drm in my browser, but it's kinda already there anyway...
it will likely make the experience worse for non-drm users because they will get hit by more advanced and sensitive bot verification systems or rate limits which is kinda bad but not the end of the world.
y'all are just overreacting and spreading pure bullshit.
it's not even supposed to be used to verify DOM elements, just that the user is using an official Chrome/Chromium browser, and is not automated.
basically it's just SafetyNet.
it will not kill js addons.
If you don't want to see ads, pay for the services or use services that do not force you to download unwanted data (ads) on your computer. It's that simple.
I'm amazed at how angry people are at ads. I agree that this change would be terrible purely because of the customization thing, but people at some point are going to have to realise that there is no such thing as free lunch.
You're using their service/web site, they say you have to pay by watching ads and thats the deal you have. If you don't like it, don't use it, because if ads weren't a thing, the whole internet would be paywalled (apart from the sites people host from their own cash/donations).
The internet and big tech has for so long taken the stance to grow fast make money later, but many never do. I feel like the time of reckoning is soon upon a large part of the internet, where if they don't make money, they'll vanish.
Edit: just so I clear it up before anybody starts yelling at me about it, I am very much against this change for multiple reasons, but it's just that it triggered me to see so many people attacking the wrong thing. We've just become spoiled by unsustainable startup practices and have lost touch with reality.