this post was submitted on 20 Jul 2023
13 points (100.0% liked)

TechTakes

1432 readers
109 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS
 

the API is called Web Environment Integrity, and it’s a way to kill ad blockers first and a Google ecosystem lock-in mechanism second, with no other practical use case I can find

top 16 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 1 year ago* (last edited 1 year ago) (2 children)

if anyone hasn’t read it yet, the goals and non-goals sections of the “explainer” are a joke that mostly contradict the rest of the document, and seem like a late addition to muddy the waters in online discussions when they realized how unpopular this idea would be. the entire thing gives me crypto whitepaper vibes in that it’s an intentionally dishonest representation of a technology nobody but google wants

also, the actual spec isn’t even a first draft, almost like other browser vendors supporting or even understanding this thing is an unlisted non-goal. it’s much worse if they do though: implementing this thing requires your browser to keep a connection to a google-approved attester, which will receive a live feed of the requests leaving your browser; ie, it’ll have your live browsing history. for some reason (by design), when the explainer talks about cross-site tracking, it only talks about methods to prevent the web server from doing it, other than this paragraph of nonsense:

User agents will not provide any browsing information to attesters when requesting a token. We are researching an issuer-attester split that prevents the attester from tracking users at scale, while allowing for a limited number of attestations to be inspected for debugging—with transparency reporting and auditability.

only a couple of paragraphs before this, the doc describes what the attester receives and signs as a “content binding”, which… seems to be a set of browsing information for the page you’re on

e: oh yeah, that’s one of the only places they mention the concept of a token issuer at all. they don’t actually describe what it is, and I can’t figure out the value of splitting it from the attester if the token has to contain your browsing data — either way, both systems get a copy of it

[–] [email protected] 8 points 1 year ago

They are doing their best to make Chrome actual malware.

[–] [email protected] 5 points 1 year ago

I couldn’t read past the example scenarios in the introduction. I read “bad actors” and it’s enough to know that they are avoiding thinking, or at least talking, about the realities of what they are making.

[–] [email protected] 7 points 1 year ago (1 children)

This is why every full-stack engineer who celebrates the chromium browser dominance because they don’t have to worry about css and js browser compatibility should be slapped. The I/O conference is the biggest ad disguised as a “we care about the web” community event of them all.

[–] [email protected] 6 points 1 year ago (1 children)

Google meet is the only product on the web I’ve seen in the last 5 years that still says “these features don’t work in your browser”

[–] [email protected] 6 points 1 year ago (1 children)

Gecko and WebKit are open-source. If google cared about the web they’d contribute to the other engines as well.

[–] [email protected] 6 points 1 year ago (1 children)

I see you have also been forced to use google tech and consume google’s awful developer docs and deal with their laughable UIs (how does anyone use google analytics for any purpose?) because the only thing corporations are comfortable with is garbage as far as the eye can see

[–] [email protected] 4 points 1 year ago (1 children)

I'm a firm believer that GTM is one of the worst things to happen to the web

[–] [email protected] 4 points 1 year ago

it’s a terrible day when you realize the stack for a new project was chosen based only on google’s unearned reputation for making good software

[–] [email protected] 5 points 1 year ago (1 children)

the authors of this paper need never to work in tech ever again

[–] [email protected] 5 points 1 year ago (1 children)

all four of the authors are software engineers

[–] [email protected] 8 points 1 year ago

to paraphrase many of the issues on this repo, they need to not

[–] [email protected] 2 points 1 year ago (1 children)

Are they just copying the stuff Microsoft did back in the 90s to kill Netscape navigator? Someone should set up a website called Chrome is Evil à la Internet Explorer Is Evil.

[–] [email protected] 2 points 1 year ago (2 children)

Did setting up that website actually help?

[–] [email protected] 3 points 1 year ago

so I was pretty young at the time, but that site was one of my motivating factors in trying pre-Firefox Mozilla for the first time

[–] [email protected] 1 points 1 year ago

No idea. But it was funny.

load more comments
view more: next ›