this post was submitted on 21 Jul 2023
935 points (100.0% liked)

Technology

37735 readers
45 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

The much maligned "Trusted Computing" idea requires that the party you are supposed to trust deserves to be trusted, and Google is DEFINITELY NOT worthy of being trusted, this is a naked power grab to destroy the open web for Google's ad profits no matter the consequences, this would put heavy surveillance in Google's hands, this would eliminate ad-blocking, this would break any and all accessibility features, this would obliterate any competing platform, this is very much opposed to what the web is.

top 50 comments
sorted by: hot top controversial new old
[–] jherazob 193 points 1 year ago* (last edited 1 year ago) (4 children)

Note of amusement: The GitHub issues tracker for that proposal got swamped with tickets either mocking this crap or denouncing it for what it is, this morning the person who seems to be the head of the project closed all those tickets and published this blog post, in essence saying "Shut up with your ethical considerations, give us a hand in putting up this electric fence around the web". Of course that didn't stop it.

Also somebody pointed out this gem in the proposal, quoted here:

6.2. Privacy considerations

Todo

Quick edit: This comment on one of the closed tickets points out the contact information of the Antitrust authorities of both US and EU, i think i'm gonna drop the EU folks a note

Edit: And they disabled commenting on the issues tracker

[–] TheOakTree 92 points 1 year ago* (last edited 1 year ago) (4 children)

My favorite part is when they ask you to give them the benefit of the doubt, but also anyone who disagrees with them in a way that doesn't fit their expectations is "noise."

[–] Norgur@kbin.social 44 points 1 year ago* (last edited 1 year ago)

And if you have issues with the "use case" itself, you're shit out of luck, shut it, shithead!

If you raise legal issues with the 'use case' of their 'web platform' thing, ppl will just not respond to you!

Meaning: we don't care if the shot we plan might be illegal, and we won't be stopped by you fucks telling us if it is or not "

[–] conciselyverbose@kbin.social 40 points 1 year ago

What benefit of the doubt?

The absolute best possible case is repulsive.

load more comments (2 replies)
[–] BumpingFuglies@lemmy.zip 59 points 1 year ago (1 children)

Wow, that blog post is truly nauseating and infuriating to read, knowing the context.

Fuck Google. They're the Nestlé of tech.

[–] Bishma@discuss.tchncs.de 31 points 1 year ago (2 children)

I don't think Google has recently insisted that child slavery is just a thing we all have to be OK with if we want chocolate, or starved millions of babies by convincing their mothers that their breast milk is dangerous. But I also wouldn't be shocked to learn that they had...

[–] BumpingFuglies@lemmy.zip 18 points 1 year ago

Ha! Fair point. I guess the Internet is ultimately peanuts compared to the real world.

But as far as relative negative effect on its sphere of influence, I'd say they're comparable.

load more comments (1 replies)
[–] Nepenthe@kbin.social 36 points 1 year ago (3 children)

[Don't assume consensus nor finished state]

Often a proposal is just that - someone trying to solve a problem by proposing technical means to address it. Having a proposal sent out to public forums doesn't necessarily imply that the sender's employer is determined on pushing that proposal as is.

It also doesn't mean that the proposal is "done" and the proposal authors won't appreciate constructive suggestions for improvement.

[Be the signal, not the noise]

In cases where controversial browser proposals (or lack of adoption for features folks want, which is a related, but different, subject), it's not uncommon to see issues with dozens or even hundreds of comments from presumably well-intentioned folks, trying to influence the team working on the feature to change their minds.

In the many years I've been working on the web platform, I've yet to see this work. Not even once.

.....?
What is this, "Good vibes only?"

[–] tojikomori@kbin.social 24 points 1 year ago (2 children)

"Good vibes only" seems to be embedded in the culture of web development today. Influential devs' Twitter accounts have strong Instagram vibes: constantly promoting and congratulating each other, never sharing substantive criticisms. Hustle hustle.

People with deep, valid criticisms of popular frameworks like React seem to be ostracized as cranks.

It's all very vapid and depressing.

load more comments (2 replies)
load more comments (2 replies)
load more comments (1 replies)
[–] TheYang@lemmy.ml 172 points 1 year ago (6 children)

This is why we need Firefox.

And Firefox needs to be a market that can't be ignored.

[–] Mnmalst@kbin.social 58 points 1 year ago (3 children)

@TheYang Exactly! Came here to say this. Everybody actively using chromium based browsers is a part of the problem.

load more comments (3 replies)
[–] troyunrau@lemmy.ca 23 points 1 year ago (4 children)

Firefox depends on google for funding though. Google could probably deal a killing blow quite easily.

[–] juliebean@lemm.ee 30 points 1 year ago (5 children)

i think they probably donate so much to make sure they have at least one competitor so they don't get busted up like Standard Oil

load more comments (5 replies)
[–] wim@lemmy.sdf.org 17 points 1 year ago (2 children)

Vote with your wallet. I recently increased my monthly donation to Mozilla.

load more comments (2 replies)
load more comments (2 replies)
[–] at_an_angle@lemmy.one 17 points 1 year ago (1 children)

I've never donated to Mozilla before, but will now.

load more comments (1 replies)
load more comments (3 replies)
[–] jarfil 114 points 1 year ago (15 children)

THIS IS NOT (just) ABOUT GOOGLE

Currently, attestation and "trusted computing" are already a thing, the main "sources of trust" are:

  • Microsoft
  • Apple
  • Smartphone manufacturers
  • Google
  • Third party attestators

This is already going on, you need a Microsoft signed stub to boot anything other than Windows on a PC, you need Apple's blessing to boot anything on a Mac, your smartphone manufacturer decides whether you can unlock it and lose attestation, all of Microsoft, Apple and Google run app attestation through their app stores, several governments and companies run attestation software on their company hardware, and so on.

This is the next logical step, to add "web app" attestation, since the previous ones had barely any pushback, and even fanboys of walled gardens cheering them up.

PS: Somewhat ironically, Google's Play Store attestation is one of the weaker ones, just look at Apple's and the list of stuff they collect from the user's device to "attest" it for any app.

[–] beefcat 62 points 1 year ago* (last edited 1 year ago) (28 children)

you need a Microsoft signed stub to boot anything other than Windows on a PC

Not necessarily, most motherboards and laptops (at least every single one I've ever owned) allow users to enroll their own Secure Boot keys and maintain an entirely non-Microsoft chain of trust. You can also disable secure boot entirely.

Major distros like Ubuntu and Fedora started shipping with Microsoft-signed boot shims as a matter of convenience, not necessity.

Secure Boot itself is not some nefarious mechanism, it is a component of the open UEFI standard. Where Microsoft comes in to play is the fact that most PC vendors are going to pre-enroll Microsoft keys because they are all shipping computers with Windows, and Microsoft wants Secure Boot enabled by default on machines shipping with with their operating system.

[–] buckykat@lemmy.blahaj.zone 23 points 1 year ago (1 children)

For now. They're boiling the frog slow.

[–] beefcat 23 points 1 year ago* (last edited 1 year ago) (4 children)

Microsoft doesn't control the standard, and the entire rest of the industry has no reason to ban non-Windows operating systems.

Widnows doesn't have the stranglehold over the market that it once did.

load more comments (4 replies)
load more comments (27 replies)
[–] ModdedPhones@lemmy.ml 43 points 1 year ago

I started looking at Mac's for my next computer. Due to this amazing project. https://asahilinux.org/

[–] argv_minus_one 18 points 1 year ago (6 children)

you need a Microsoft signed stub to boot anything other than Windows on a PC

False. Every PC I've had has allowed Secure Boot to be turned off, and some of them allow me to add another trusted certificate as well.

you need Apple’s blessing to boot anything on a Mac

False. The Mac boot process is completely unlocked, at least on Intel Macs.

your smartphone manufacturer decides whether you can unlock it and lose attestation

My Pixel 6 allows me to unlock the boot loader at any time.

Attestation exists, unfortunately, but it's not nearly as pervasive as you seem to think.

This is the next logical step, to add “web app” attestation, since the previous ones had barely any pushback

Uh, there was huge pushback. That's why even a Microsoft Surface won't stop you from installing Linux.

load more comments (6 replies)
load more comments (12 replies)
[–] 001100010010@lemmy.dbzer0.com 114 points 1 year ago (9 children)

Unsupported browser, please install Chrome.

You are logged out, please log in or sign up for an account.

To verify your identity, please enter your phone number, a text message will be sent, please enter verification code.

Error, your account has been flagged for further review, please submit 3 different government IDs, with at least 2 containing your photo, and 2 containing your address.

Error, name doesn't match, if you have changed you name, please submit proof of name change.

Error, no citizenship status detected, please submit birth certificate or naturalization certificate

Please wait 7-14 bussiness days. A phone call will be made to the number you've submitted.

Error, missed call. Please wait 30 days for another call.

Error, unsupported operating system, please use Chrome OS, Android, or Google Smart TV OS

Error, Google Smart Home assistant not installed, please purchase one within the next 3 days to avoid losing signup process.

Error, could not confirm identity, please purchase Google 360 cameras to verify identity.

Error, server maintenance in progress, please retry signup at a later time.

Thank you for using Google!

[–] TwilightVulpine@kbin.social 44 points 1 year ago

Please drink verification can

[–] henfredemars@infosec.pub 34 points 1 year ago* (last edited 1 year ago) (1 children)

Or they just ban you without recourse and poof all your data and accounts are dead.

Edit: consider using Google Takeout to download your data periodically as a hedge against trouble with your account. This will help prevent data loss in the event your account suddenly goes poof. It won't help you with the apps you bought though.

[–] 001100010010@lemmy.dbzer0.com 17 points 1 year ago (3 children)

Don't forget you also lose all the android apps you purchased. Oh wait, isn't there a community that helps you avoid that?

!piracy@lemmy.dbzer0.com

load more comments (3 replies)
load more comments (7 replies)
[–] Jaysyn@kbin.social 91 points 1 year ago (2 children)

It's time for Alphabet to be broken up into separate letters.

[–] Master 33 points 1 year ago

Or have some letters removed all together.

Pretty much the entire US needs a healthy dose of monopoly busting.

Hell, just look at the Ma Bell breakup and the path all of those companies took to where they are now. We're basically back to step 1.

[–] pglpm@lemmy.ca 64 points 1 year ago* (last edited 1 year ago) (1 children)

The number of people protesting against them in their "Issues" page is amazing. The devs have now blocked the creation of new issue tickets or of comments in existing ones.

It's funny how in the "explainer" they present this as something done for the "user", when it's clearly not developed for the "user". I wouldn't accept something like this even if it was developed by some government – even less by Google.

I have just reported their repository to GitHub as malware, as an act of protest, since they closed the possibility of submitting issues or commenting.

[–] ilmagico 18 points 1 year ago

Yeah, as if github aka Microsoft is going to do anything about it ... but hey, anything to keep the pressure up and not letting this go through.

[–] dingus@lemmy.ml 42 points 1 year ago

Give me Firefox or give me death.

[–] emma 40 points 1 year ago

Ad blockers are my best disability accommodation. The things they do with ads to capture attention f with my brain. I'm really going to struggle if this happens. And I'm dependent on the internet for so many things, from groceries to prescriptions to people.

[–] Osayidan@social.vmdk.ca 35 points 1 year ago

That's one way to kill the WWW.

[–] heliodorh 34 points 1 year ago (2 children)

I'm a non-techie and don't understand half of this, but from what I do understand, this is a goddamn nightmare. The world is seriously going to shit.

[–] JVT038@feddit.nl 54 points 1 year ago (4 children)

My ELI5 version:

Basically, the 'Web Environment Integrity' proposal is a new technique that verifies whether a visitor of a website is actually a human or a bot.

Currently, there are captchas where you need to select all the crosswalks, cars, bicycles, etc. which checks whether you're a bot, but this can sometimes be bypassed by the bots themselves.

This new 'Web Environment Integrity' thing goes as follows:

  1. You visit a website
  2. Website wants to know whether you're a human or a bot.
  3. Your browser (or the 'client') will send request an 'environment attestation' from an 'attester'. This means that your browser (such as Firefox or Chrome) will request approval from some third-party (like Google or something) and the third-party (which is referred to as 'attester') will send your browser a message, which basically says 'This user is a bot' or 'This user is a human being'.
  4. Your browser receives this message and will then send it to the website, together with the 'attester public key'. The 'attester public key' can be used by the website to verify whether the attester (a.k.a. the third-party checking whether you're a human or not) is trustworthy and will then check whether the attester says that you're a human or not.

I hope this clears things up and if I misinterpreted the GitHub explainer, please correct me.

The reason people (rightfully) worry about this, is because it gives attesters A LOT of power. If Google decides they don't like you, they won't tell the website that you're a human. Or maybe, if Google doesn't like the website you're trying to visit, they won't even cooperate with attesting. Lots of things can go wrong here.

[–] arthur@lemmy.zip 38 points 1 year ago* (last edited 1 year ago) (1 children)

And the attester will know where you're navigating, always.

[–] Lowbird 19 points 1 year ago (1 children)

It sounds like VPN's would also get flagged as bots? Or could easily be treated as such.

[–] floofloof@lemmy.ca 25 points 1 year ago* (last edited 1 year ago) (2 children)

They could get rid of ad blockers, anonymity, Tor, VPNs, Firefox, torrenting sites, independently hosted websites, open-source servers and non-Google Linux clients all in one go. It would be a corporate dream come true.

Or we could stop using their tools and services and fork off the internet run for people from the internet run for profit. It doesn't need to be big or slick; it just needs to be there.

load more comments (2 replies)
[–] HarkMahlberg@kbin.social 19 points 1 year ago (2 children)

Your final paragraph is the real kicker. Google would love nothing more than to be the ONLY trusted Attester and for Chrome to be the ONLY browser that receives the "Human" flag.

load more comments (2 replies)
load more comments (2 replies)
load more comments (1 replies)
[–] kbity@kbin.social 31 points 1 year ago (1 children)

This is a total affront to the ethos of the web and everyone involved in drafting this awful proposal should be publicly shamed. Stick sandwich boards on each of them saying "I tried to build the Torment Nexus", chain them together and march them through the streets while ringing a bell and chanting "shame".

[–] jherazob 25 points 1 year ago (2 children)
load more comments (2 replies)
[–] sapient_cogbag@infosec.pub 26 points 1 year ago

This is nothing less than a brazen attempt at total control of the primary large-scale communication mechanism of humanity.

[–] spark947@lemm.ee 25 points 1 year ago (2 children)

This is so silly. There is no technical solution to trust. What if Russia or China want to run a bit farm? Or the US goverbment? Are you not going to trust their signatures, and face legal action i their markets? This stuff is so stupid, just be honest that you want people to watch your ads. Than we can all refuse and move on with our lives.

load more comments (2 replies)
[–] Catsrules@lemmy.ml 19 points 1 year ago

Well good thing they have a company slogan of do no evil...... Oh wait.

load more comments
view more: next ›