Email or username:

Password:

Forgot your password?
Ridley @ WATCH LYCORECO's posts Post Back to profile
Top-level
Andrew Scott

@blakeyrat @chiraag @rcombs
You would cede control of your browser and the hardware that runs it. Under this scheme clients would be verified similar to how smartphones are - apps (or websites, in this case) will just refuse to work without device certification by Google. It's why banking apps, Netflix, Snapchat, and others often can't be used with 3rd party android ROMs. Google is talking about extending the authority they exert over android users to the internet more broadly.

19 Jul 2023 at 21:18 | Wall-to-wall | Open on fosstodon.org
4 comments
Andrew Scott

@blakeyrat @chiraag @rcombs
And I agree it's vague, but there's no specific implementation I can point to at this time and say "look at this, this is the code they want to force us to run on our own damn machines." We can make comparisons to traditional DRM or frameworks like the Play Store which interfere with our hardware, but I can only speak to the contents of that repo which are also highly speculative about how such a scheme would be achieved.

19 Jul 2023 at 21:24 | Open on fosstodon.org
Professor Emeritus Blake Y Rat

@ascott @chiraag @rcombs If computer security folks are really concerned about this thing, a good first step would be to figure out how the fuck to explain it to people using brief, concrete examples that don't rely on guesswork or conspiracy theories. I'll hold off on panicking over it now. I just wanted to point out it's dumb to say "Google is adding DRM to the web!" when it's had DRM for decades, that was the main thing I had to say, haha.

19 Jul 2023 at 21:30 | Open on mastodon.social
Andrew Scott

@blakeyrat @chiraag @rcombs
That's fair, I had typed my other reply about the reference spec before I saw this. I think it would be more accurate to say that this would massively extend existing bullshit, it's not necessarily new bullshit. And I wouldn't advise panic at this point, but I'm sure it's obvious that I'm not in favor either.

19 Jul 2023 at 22:35 | Open on fosstodon.org
Andrew Scott

@blakeyrat @chiraag @rcombs
There is a prototype implementation for chromium (rupertbenwiser.github.io/Web-E), but it is largely incomplete with a lot of info marked as TODO. However it does at least confirm much of what I've said - client side code communicates with a centralized attester that verifies the validity of the client. If the attester (Google) doesn't like the client or it's settings you must change them, thus Google now decides what you can and cannot do with your hardware.

@blakeyrat @chiraag @rcombs
There is a prototype implementation for chromium (rupertbenwiser.github.io/Web-E), but it is largely incomplete with a lot of info marked as TODO. However it does at least confirm much of what I've said - client side code communicates with a centralized attester that verifies the validity of the client. If the attester (Google) doesn't like the client or it's settings you must change them, thus Google now decides what you can and cannot do...

19 Jul 2023 at 21:34 | Open on fosstodon.org
Go Up