this post was submitted on 21 Jul 2023
1416 points (100.0% liked)

Privacy

789 readers
55 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
1416
Google engineers want to introduce DRMs for web pages, making ad-blocking near-impossible in the browser (github.com)
submitted 1 year ago by BlackEco@lemmy.blackeco.com to c/privacy@lemmy.ml
262 comments fedilink hide all child comments
 

And since you won't be able to modify web pages, it will also mean the end of customization, either for looks (ie. DarkReader, Stylus), conveniance (ie. Tampermonkey) or accessibility.

The community feedback is... interesting to say the least.

(page 4) 50 comments
sorted by: hot top controversial new old
[–] vox@sopuli.xyz 5 points 1 year ago (2 children)

web env. integrity is not as bad as people make it out to be.
yeah I absolutely agree that it's terrible and also a bad idea (we don't need MORE drm in our browsers, I'm looking at you, Widevine (although firefox worked around it by running drm in an isolated container)), but it's main purpose is to detect automated requests and effectively block web scraping with a drm system (it ensures two things: your useragent can be trusted and you're a real non-automated user), NOT detect ad blockers. It doesn't prevent web pages from being modified like some people are saying.
there's a lot of misleading information about the api as it doesn't "verify integrity" of the web page/DOM itself.

it works by creating a token that a server can verify, for example when a user creates a new post. If the token is invalid, server may reject your attempt to do an action you're trying to perform. (this will probably just lead to a forced captcha in browsers that don't support it...)

Also, here's a solution: Just don't use Chrome or any Chromium-based browsers.

[–] A1kmm@lemmy.amxl.com 5 points 1 year ago

The proposal doesn't say what the interface between the browser and the OS / hardware is. They mention (but don't elaborate on) modified browsers. Google's track record includes:

  1. Creating SafetyNet software and the Play Integrity API that create 'attestations' that the device is running manufacturer supplied software. They can pass for now (at a lower 'integrity level') with software like LineageOS combined with software like Magisk (Magisk by itself used to be enough, but then Google hired the Magisk developer and soon after that was dropped) and Universal SafetyNet Fix, but those work by making the device pretend to be an earlier device that doesn't have ARM TrustZone configured, and one day the net is going to close - so these actively take control away from users over what OS they can run on their phone if they want to use Google and third party services (Google Pay, many apps).
  2. Requiring Android Apps be signed, and creating a separate tier of 'trusted' Android apps needed to create a browser. For example, to implement WebAuthn with hardware support (as Chrome does) on Android, you need to call com.google.android.gms.fido.fido2.Fido2PrivilegedApiClient, and Google doesn't even provide a way to apply to get allowlisted for (Mozilla and Google are, for example, allowed to build software that uses that API but want to run your own modified browser and call that API on hardware you own? Good luck convincing Google to add you to the allowlist).
  3. Locking down extension APIs in Chrome to make it unsuitable for things they don't like, like Adblocking, as in: https://www.xda-developers.com/google-chrome-manifest-v3-ad-blocker-extension-api/.

So if Google can make it so you can't run your own OS, and their OS won't let you run your own browser (and BTW Microsoft and Apple are on a similar journey), and their browser won't let you run an adblocker, where does that leave us?

It creates a ratchet effect where Google, Apple, and Microsoft can compete with each other, and the Internet is usable from their browsers running unmodified systems sold by them or their favoured vendors, but any other option becomes impractical as a daily driver, and they can effectively stack things against there ever being a new operating system / distro to compete with them, by making their web properties unusable and promoting that as the standard. This is a massive distortion of the open web from where it is now.

A regulation that if hardware has private or secret keys embedded into it, hardware manufacturers must provide the end user with those keys; and that if they have unchangeable public keys embedded and require that software be signed with that to boot or access some hardware, manufacturers must provide the private keys to end users. If that was the law in a few states that are big enough that manufacturers won't just ignore them, it would shut down this sort of scheme.

load more comments (1 replies)
[–] argv_minus_one 5 points 1 year ago

And there it is: the Halloween Documents, 2nd Edition. Here we go again.

[–] A10@kerala.party 5 points 1 year ago

STOP INVENTING THINGS .... Saniz Silverstone 22

[–] RagingNerdoholic@lemmy.ca 4 points 1 year ago

lol as the "adblocking addicts" quality shitpost. Even bigger lol at Google's dipshittery for even thinking this was a remotely good idea in the first place.

[–] Vexz@kbin.social 4 points 1 year ago

This makes me so damn angry! This would even make all forks of Firefox unusable.

[–] Mikina@programming.dev 3 points 1 year ago (2 children)

Is that something that would be solved by Pihole? Or would that just break the webpages?

load more comments (2 replies)
load more comments
view more: ‹ prev next ›