this post was submitted on 22 Jul 2023
230 points (98.3% liked)

Google

1127 readers
156 users here now

Welcome to the Google community! This is a place to discuss everything related to Google products, services, features, and discussions.

ChromeOS discussions are welcome!

General discussions about Google products, updates, tips, and related topics are welcome. However, for specific technical support, account-related inquiries, advertising questions, and other issues, please direct them to official Google support channels.

Rules
  1. Stay on topic: All posts should be related to Google products, services, or the Google ecosystem.
  2. Respectful discussions: Treat fellow community members with respect and engage in constructive discussions. Avoid personal attacks, harassment, or offensive language.
  3. No support inquiries: Please refrain from posting individual support inquiries or account-related issues. Use official Google support channels for assistance.
  4. No spam or self-promotion: Do not post spam or self-promotional content. This includes links to personal websites, blogs, or products/services.
  5. No illegal content: Do not share or discuss illegal content, including piracy, hacking, or copyright infringement.
  6. No misleading information: Avoid spreading false or misleading information about Google or its products.
  7. No inappropriate content: Do not post or link to any inappropriate or NSFW (Not Safe for Work) content.
  8. No off-topic discussions: Keep the discussions focused on Google products, services, and related topics. Avoid unrelated or off-topic discussions.
  9. No excessive advertising: Do not excessively promote products, services, or websites.
  10. Follow community guidelines: Adhere to the overall community guidelines and terms of service.

founded 1 year ago
MODERATORS
 

cross-posted from: https://beehaw.org/post/6738148

The much maligned "Trusted Computing" idea requires that the party you are supposed to trust deserves to be trusted, and Google is DEFINITELY NOT worthy of being trusted, this is a naked power grab to destroy the open web for Google's ad profits no matter the consequences, this would put heavy surveillance in Google's hands, this would eliminate ad-blocking, this would break any and all accessibility features, this would obliterate any competing platform, this is very much opposed to what the web is.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (1 children)
How does this affect browser modifications and extensions?
Web Environment Integrity attests the legitimacy of the underlying hardware and software stack, it does not restrict the indicated application’s functionality: E.g. if the browser allows extensions, the user may use extensions; if a browser is modified, the modified browser can still request Web Environment Integrity attestation.

In other words, you don't have to worry about the removal of ad blockers. At least, not through this Google proposal.

[–] [email protected] 8 points 1 year ago (1 children)

You do have to worry, because that part is essentially bullshit designed to soothe you while ignoring the actual problem. The attester (in practice the platform holder, so Google/Apple/Microsoft) is allowed to pick which apps can use the API. The criteria they are supposed to use (as well as the entire privacy section) is a "todo" in the actual spec, but even then, there is literally nothing stopping them from deviating from those criteria as the spec isn't legally binding. It is entirely plausible for Google to deny attestation capability to Firefox and other browsers capable of ad blocking.

Sure, they can request it. It doesn't mean that they will receive it, or that websites will be okay with the result. The "risk of websites using this functionality to exclude specific attesters or non-attestable browsers" is something not excluded by either the spec or the explainer; all it says is they "look forward to discussion on this topic". Google, Apple and Microsoft will be the ones in charge of deciding which browsers are non-attestable.

More importantly, if they allow modified web browsers, it is completely pointless for their very own stated goals. Doubly so because the attestation can't be meaningfully bound to the device (ie you can build a modified Chromium that does nothing but request attestation results and forward them to a bot running on a desktop and the website would be none the wiser).

[–] [email protected] 2 points 1 year ago (1 children)

So in order to accomplish what you're saying, all attesters would have to reject all browsers with extension functionality then, right? And if they really wanted to eliminate ad blocking, those browsers would not even be allowed to run debugging scripts.

I don't see a lot of buy in from users to such a system. The proposal requires the site, the user, and the attestor to comply. I don't see any plans for an overhaul of the entire tech infrastructure.

The worst that can happen as I understand it is a handful of websites will start blocking users who aren't validated per the spec, they'll display a message like "this website only works in BrowserEveryoneHates", and then a competitor will swoop in that works in every browser.

The best that can happen is users will have a little more security from tampered software, advertisers won't lose as much money from bots, among other things as they describe in the spec.

I'm open to changing my mind, but this is just how I understand it so far.

[–] [email protected] 1 points 1 year ago

There is little to no competition for a lot of services. Just a reminder, the IRS just got caught selling data to Facebook. Imagine you can only do your taxes in ad-ridden Chrome.