this post was submitted on 29 Jul 2023
1257 points (98.2% liked)

Technology

60116 readers
2665 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

I'm happy to see this being noticed more and more. Google wants to destroy the open web, so it's a lot at stake.

Google basically says "Trust us". What a joke.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 1 year ago (7 children)

Would WEI stop Adblock by DNS? Like pihole or similar ?

[–] [email protected] 38 points 1 year ago

Basically it's a way for a "third party" that's chosen by the web server to verify the environment where the front end code is running meets its standards. Those standards would be up to the third party. So I'd imagine if an assessor said "hey, we can verify ads load properly" or even "we verify this extension isn't running" then many sites would possibly choose those assessors. It also is blatantly deceitful because of all the issues it suggests it can fix, it doesn't actually fix any of them. And many of them aren't even that big of a problem.

[–] [email protected] 20 points 1 year ago (1 children)

From my very basic understanding of it yes. It in effect checks what's loaded against what was served and if there's a discrepancy it does its thing.

Note. If I have misunderstood please someone correct me.

[–] [email protected] 2 points 1 year ago (1 children)

Is there anything that would prevent some kind of proxy stripper? I'm thinking something that loads the page with a clean agent, strips out the shit and serves a nice clean page?

Definitely beyond pihole as it stands, but doable.

[–] [email protected] 1 points 1 year ago

It would need something that would trick the checker into reporting an all good when local extensions fiddle with the rendered page. Not impossible IMHO but I'm wayyy to dumb for that shit. I was a sre not a developer.

[–] [email protected] 12 points 1 year ago

Yes and no. They can freely enforce a specific DNS server and reject any browser with a custom one as "tampered with". Just like they can freely enforce any part of your system being like they want it to be "or else".

[–] [email protected] 11 points 1 year ago (1 children)

All of that can be easily checked via JavaScript, but now if you world use extensions to disable those checks you would not pass the attestation.

So yeah, essentially you no longer have control over your computer, and need to bend over and accept everything the site owner wishes to do.

[–] [email protected] 11 points 1 year ago

bend over and accept everything the site owner wishes to do.

Including a malicious site owner's wishes.

[–] [email protected] 9 points 1 year ago

No, but that only works if the ads are being served by known ad hosts, so you should expect that adtech will get hip to that and proxy their traffic through the same hosts as the content.

That being said, it’s pretty easy to check if a user has network blackholing going on in clientside JavaScript, you just do a test request to a popular ad network and see if it resolves, no special browser support needed.

[–] [email protected] 2 points 1 year ago (1 children)

No that should still work. The server will send a page to your browser, and when the browser renders it, it will request the ad. And your pihole will block the request.

Unless WEI somehow changes how page rendering works but I don't think so.

[–] [email protected] 17 points 1 year ago (1 children)

Not really. The environment could easily include resolution of an ad server. If a site uses two ad servers and neither resolves, the attestor could decide to fail the environment. The problem is the attestation is left open for the attestor to create. It could check web browser, extensions, operating system, etc. I fail to see how this is at all privacy protecting to begin with.

[–] [email protected] 10 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago
[–] [email protected] 1 points 1 year ago (1 children)

Does blocking ads by DNS still work? Current ads are AFAIK more sophisticated

[–] [email protected] 3 points 1 year ago

Yes, it works well. There are some ads, like those built in to apps and pages for self-promotion (Microsoft having an ad for office on their own website, for example), that cant be blocked without disabling the service itself because the ad dns is the same as the content dns, but otherwise it works well.