Email or username:

Password:

Forgot your password?
Ars's posts Post Back to profile
Ars Technica

Google kills “Web Integrity” DRM for the web, still wants an Android version

Web Integrity pivots to Android, could permanently kill YouTube Vanced-style apps.

arstechnica.com/google/2023/11
6 Nov 2023 at 21:13 | Open on mastodon.social
10 comments
Bob

@arstechnica I think this is a small victory for an open internet. Much work remains to be done.

6 Nov 2023 at 21:14 | Open on mastodon.social
DELETED

@arstechnica Google 2003 "Don't be evil"
Google 2023 "We evil AF now, fooled ya with the first motto"

6 Nov 2023 at 21:28 | Open on masto.ai
StaringAtClouds

@arstechnica Google can stuff their Android version too

I'm sticking with Firefox

6 Nov 2023 at 21:31 | Open on mastodon.social
ZetaZetan

@arstechnica I think the takeaway here is that YouTube Vanced was always the real target of this and that everything else was secondary.

6 Nov 2023 at 21:32 | Open on infosec.exchange
dugite-code

@arstechnica The modern obsession with #DRM and locking down all the General purpose computing devices in our lives from bootloaders to web-browsers is disturbing. It's always a similar argument about this is for "security". #Security doesn't mean striping the owners ability to control their devices, it should be about stopping people OTHER than the owner from doing so. Of course it looks like Google and other large corporations view themselves as the device owners, which is not great.

7 Nov 2023 at 1:23 | Open on mastodon.social
AmbularD
DELETED

@AmbularD They have, and they're betting they have you by the short and curlies.

7 Nov 2023 at 17:34 | Open on mastodon.online
AmbularD

@weilawei Bad bet. I'm completely unaffected by anything they do on phones.

7 Nov 2023 at 20:32 | Open on fanglitch.space
Meowki

@arstechnica I don’t get it. How exactly will they stop android users from accessing youtube without their DRM when dekstop browsers can? Let me guess, by suing people for ‘breaching effective copyright’ lol?

7 Nov 2023 at 4:39 | Open on mastodon.world
awooo :autism:​🏴‍☠️🐾⎇

@arstechnica I think the description of how the scanning occurs is a bit too vague, and puts too much emphasis on rooting. Play integrity is an implementation of trusted computing, an old demon from the early 2000s.

The problem goes down to the silicon and firmware level, those are used to attest to the boot state of the device and whether you're running the official OS, which means apps (or rather app servers) can require you to cryptographically prove you're running unmodified android to be allowed to connect.

Unless we get rid of TC or neuter it by adding user override as was proposed back in the day and rejected, there won't be any software freedom. It's only a matter of time until a proposal like WEI succeeds on the web, as it already has on mobile devices more generally because of the overwhelming power of Apple and Google. The only path I see forward is legislative, but the tech is too hidden for most to even notice and take action before it's too late.

@arstechnica I think the description of how the scanning occurs is a bit too vague, and puts too much emphasis on rooting. Play integrity is an implementation of trusted computing, an old demon from the early 2000s.

The problem goes down to the silicon and firmware level, those are used to attest to the boot state of the device and whether you're running the official OS, which means apps (or rather app servers) can require you to cryptographically prove you're running unmodified android to be allowed to connect.

7 Nov 2023 at 5:31 | Open on floofy.tech
Go Up