@lina@vt.social i love the issue tracker on this

@lina drm should never be trusted.

@lina Is this victim blaming? It's claiming that users abuse websites but it's users coping with the abuse of websites...

Also on my rooted phone with Xposed modules I pass SafteyNet...

Edit: The DRM crap was bad enough....

@lina This is a pretty serious issue, yeah... The web needs to be open, and this effectively would close it off.

@lina Attestation and DRM is one of the biggest roadblocks to implementing Apple server protocols (eg. iCloud) in free software clients. Some have DRM-grade obfuscated code (literally the same code obfuscation as FairPlay!), but there are already some services using strong cryptographic attestation instead, and those feel frustratingly "game over" to me.

...now Google wants that kind of crap on the *web*?!

@lina i’ve heard that at least there are voices within google who are against this (probably recognising it would get the FTC on their ass for monopolistic behaviour)

@lina as i said, they are criminal

@lina@vt.social
Haha, the "issues" tab on the Microsoft GitHub page is hilarious:

https://github.com/RupertBenWiser/Web-Environment-Integrity/issues

@lina Google is not anticompetitive I swear we’re really good company I swear it please keep giving us money for the information we collect from innocent civilians.

@lina Is there anyway to voice my disapproval of this? In any way that would actually have meaningful impact?

@lina Wow, their Github issue tracker is full of people who are not happy. Wonder what they thought would happen? 🤔​

@lina back door my ass, they state as much in slightly less clear terms. They know.

@lina "This trust is the backbone of the open internet"

IS IT THOUGH?

@lina Most recent blog post by the author of that repo: "I just spent £700 to have my own app on my iPhone"

Complaining about how expensive it is to make an app for his own phone, because of how closed the iOS ecosystem is.

I may die of irony overload.

http://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-my-own-app-on-my-iPhone.html

@lina inb4 second internet forms in response and the 'deep web' expands to include completely normal websites that otherwise don't want to use a tyrannical anti-ad blocker standard.

@lina that’s a solid “hell no” right there

@lina Sounds like response will be some "fediweb" and apps and browsers for it, where websites intentionally do not use that web-drm, WEI, and "Privacy Sandbox" which is seems to be part of WEI.

@lina they basically want you to have to run an anticheat to... Access a website? For more security? Why?

Why do they even need this information about my device? Isn't it good enough to just get a https request?

@lina disgusting

@lina@vt.social You can now only contribute to the issue tracker if you've contributed to the repo before lol.

@lina DRM for websites is an absolute nightmare.

@lina "Detect non-human traffic in advertising to improve user experience and access to web content" - there's the motivation, Google are their advertisers are losing HUGE amounts of money due to this, see https://malicious.life/episode/episode-216/ and https://malicious.life/episode/episode-217/

@lina strong checks? Stronger spoofing.

Safetynet is long obsolete, the new thing is called play integrity.

Displax on github has tried to solve it(strong integrity) already for many phones!

I assume someone will come up and tackle this browser thing.

@lina@vt.social
All because they were ticked off by ad blockers, if they never allowed intrusive ads in the first place people wouldn't have made them.

@lina more Google research that no one asked for great

@lina Got a link for contact info here- set your boundaries at https://groups.google.com/a/chromium.org/g/blink-dev/c/Ux5h_kGO22g

@lina sometimes, i think: techbros should have been left in the supply closet

@lina "and the risk of websites using this functionality to exclude specific attesters or non-attestable browsers. "
A risk the proposers seem willing to take.

@lina On the other hand: Only questionable Sites will use this.

@lina yeah that's true It will kill a whole bunch of stuff, but it's not like they will listen to us. They're continuing to push blocking ad blockers on YouTube. Look at Twitter and reddit they're not even budging on the community either. I hate how we're not listened to

@lina@vt.social gaaah. kill it with fire!

@lina Authors: google, google, google, google. All is said.

@lina
https://fosstodon.org/@Naich/110752121542542294

I collected a few choice samples of the feedback here.

@lina not good

@lina soon there will be safetynet fix for web browsers. Or magisk alpha/delta for Chrome and all chromium-based browsers. Time to switch to Firefox.

@lina HELL NO.

@lina Begging isn't going to stop anything, they've gone full "mind virus" ideology about this.

We need to break Chromium for as many web services as possible. Make it hurt to be on anything Chromium.

And where the heck is the anti-trust lawsuit? This is exactly the same as Microsoft and the Javascript stuff that caused the 1997 anti-trust lawsuit.

@lina My initial reaction is that this is another "you will own nothing" trick. But after a bit of reading.. yes it's a "you will own nothing" trick. Requiring a third party to judge if you're trustworthy is subject to all kinds of risks (for the regular user).

@lina it's also incompatible with their own Goal 4: "Continue to allow web browsers to browse the Web without attestation."...
Major websites (and banking sites) will SURELY start to use it to block "unsafe" web browsers...
Also, a lot of Antitrust issues are present (and this path will SURELY be tried!).
Hopefully @mozilla is by our side here... 🤞

@lina@vt.social of course it's google again. let's hope this gets shot down the same way FLOC did

@lina

The issue tracker shows that nobody is fooled by the aim of this shit...

@lina

Oh dear. For websites now!

This is why I will not run Google pay/wallet. I updated my old phone to lineageos due to Nokias late and then ended security patches. A totally rootable phone beforehand yet it could run google wallet and LineageOS was blocked due to an amber bootloader alert. Netflix was blocked too!

@lina On the plus side: if this is implemented and millions of users find they can't access certain web sites, what will happen? I imagine a lot of them will switch to Firefox.

@lina it’s time for Rache Bartmoss to finally nuke the net.

@lina I hate the modern web so much

@lina drm the web 🤦‍♂️

@lina "Users often depend on websites trusting the client environment they run in."

What a bizarre idea. Surely everybody knows that you have to code the back end on the assumption that the client can't be trusted, and might even have been replaced by something malicious?

@lina@vt.social

> Now they want to start doing that for websites.

@lina I wonder if this can be blocked on our websites. With a message about the browser not being trusted with the future of the web, and a few links to install another one.

If enough websites implement, the tech can't move forward.

@lina they should realy alaborate more into the "how can this be misused" part ... oh my.
Thanks for posting

@lina banking and financial apps don't care but god forbid I top up my own electric/gas!

@lina @stevelord google has been pushing these sorts of things via the WHATWG and what not as well; it’s truly awful. I was just reading this via email this morning; the juxtaposition of these two paragraphs is wild:

@lina the ongoing war against general-purpose computing.

@lina
Fuck Google.

@lina also, is this me or everything about this proposal is (suspiciously) super vague and unclear. what is an attester in practice? a non-free binary like for DRMs?

@lina

Let's reframe that opening bullet list:

- Companies make expensive products with a business model that's being eroded as Users realise their data has real-world value.

- Companies want to know that the clients using their site have personal data worth selling

- Companies want to force trust to the client side rather than spend money writing secure code.

- This bullet point is nonsense. Malicious apps mimic the interface to steal passwords, then log in with the original software

@lina open web vs closed web. Not a step forward for users.

@lina can't wait for internet 2: the hopefully better one!
Ok, but seriously, i recently switched to Linux Mint, because Windows was slow, i will NOT switch back to using Chrome and Windows just because some crackheads decided it would be funny to lockdown websites. I prefer looking at a basic html using Netscape than put up with this nonsense.

@lina anyone website dumb enough to enable better be ready for users to leave, I don’t care if it’s YouTube, or some other site I like, I’m not giving up more privacy and control of my own personal computer just because some CEO’s got a hair up their ass over Adblock

@lina That's pretty much broken by design.

They say: We need to assure that client devices are trustworthy enough to run our code.

I say: No way, stupid. Always assume that your bloated code runs in an untrusted environment and design it accordingly. And get your hands off my client browser. My device - my rules.

@lina I definitely think killing those things is the main point. The days of "Don't be evil" being a selling point are long past (and outgrown)...

@lina Besides the myriad technical issues, the developer of the monopoly web browser seeking to develop technology that would shut out any alternatives, specifically to benefit their ad department, should smell to antitrust authorities what frying bacon smells like to famished dog.

@lina This goes even further, it kills wget, it kills curl, it kills aria2, it kills the Internet Archives scripts, it kills Archive Teams entire ability to save sites in hours, and most importantly of all it practically kills the end users ownership of their device.

@lina bruh what?

@lina "This trust is the backbone of the open internet..."

Yeah... Ok 😒

@lina everyone root your phone's, delete Google and all be happy. Google = Evil.

@lina their way of describing it is awful, why do they keep saying the "web page" is doing things, and that the "web page" sends stuff to the web server??
The web server is hosting the web page. Just say it's the client that's doing it, what are they trying to obscure, it becomes confusing to read.

@lina I simply won't use websites that block me on this, and that's fine. But I will use other websites that don’t.

@lina Adblocers. Privacy. Competition. Literally anything that Google doesn't like. And don't believe for a SECOND that all the other ad- and spy-companies like Facebook and whatnot won't follow. The free and open Internet dies here.

@lina It's probably about making sure that everyone submits to the "central scrutinizer".

@lina 💯 Here's a relevant article that covers the potential consequences~

https://gabrielsieben.tech/2022/07/29/remote-assertion-is-coming-back-how-much-freedom-will-it-take/

@lina exactly - this is dangerous stuff for people who want to build or make any of their own stuff. Their goal is and always has been to homogenize the whole web

@lina And we are already late, it is merged into Chromium already.

https://bugs.chromium.org/p/chromium/issues/detail?id=1439945

It's about time to kick all Chromium based browsers off our devices!

@lina

I miss Linux, suspect the same people smothering android are doing the hardest to throttle or end linux. Google?

@lina
hold on does this mean if I use a browser like Firefox a website can decline my access to the site because I use Firefox?

@lina Best web browser ever https://linux.die.net/man/1/lynx

😭

Seriously though I feel like moving back to lynx and irc. Web2.0 is a failure lets go back to 1.0

@lina reject corposlop.
reject fedware.

@lina This. Must. Burn.

'nuff said.

@lina i like that this hasn't happened to me on my pixel 6 pro and CalyxOS but it only isn't detected because it uses microG and a re-locked bootloader which passes safetynet if you enable it

@lina@vt.social this has to be an antitrust case waiting to happen right? I don't see how this could possibly be implemented without many countries in Europe fighting it. The US on the otherhand I'm sure will just let it happen.

@lina I see the GitHub repo already got flooded with complaints. Where else should I go to oppose this? Is there some way to get involved with the W3C or something?

@lina wait what? i understand why they trying to do this, but it really sounds bad

@lina Another problem is demonizing VPNs. I had to call my bank because "my IP address changed." LOL. At least with browsers you can change the user agent, sometimes. I wish browsers would include a mode for connecting to picky financial institutions. For certain services I have to turn off the VPN or install Firefox.

@lina Wonder how long it'll take the EFF and FSF to get on this.

@lina just an notice, but i have already noticed for years how stuff moved away from beeing a "Website" into calling it an "online App", and of course also companies really nagging you to download the real App instead of using the web

@lina that is the very intention, cuz #AllGafamsAreEvil and they won't stop unless they get forcibly disbanded through #ShermanAntitrustAct or similar #Antitrust laws OR they've consumed everything there is!

#GAFAMs are like the #Flood - they can only be stopped by starving them!
https://www.youtube.com/watch?v=uzhJWMv_BNw&t=115s

@lina This proposal is literally death to the open internet as we know it, effectively you would no longer be allowed to have an online presence unless google decides it's ok. Make a product that competes with google? oops, sorry, that's "unsafe", can't show that to end users!

Lets not forget that microsoft tried this in the 90s, it's what they LOST an antitrust suit over, banks/etc using activex to require websites authenticate that users are on windows using IE for "safety" was awful.