I see what you're saying. I read it as implying the browser would fake the attestation token. I don't know the answer, but if their (stated) goal is to stop bots and scrapers, I have to assume it wouldn't be so simple. After all, a lot of bots and scrapers are literally running an instance of Chrome.
133arc585
joined 2 years ago
Search engines like DDG should really begin maintaining their own index, and they should exclude sites that use the tech from the index.
If this gets implemented, it would ruin the ability for competitor search engines (such as DDG) to exist. If Google convinces site operators to require attestation, then suddenly automated crawlers and indexers will not function. Google could say to site operators that if they wish to run ads via Google's ad network they must require attestation; then, any third-party search indexer or crawler would be blocked from those sites. Google's ad network is used on about 98.8% of all sites which have advertising, and about 49.5% of all websites.
Isn’t someone just going to fork Chromium, take out this stuff,
Yes, upstream Chromium forks will likely try to remove this functionality, but
put in something that spoofs the DRM to the sites so that adblocking still works?
This is the part that is not possible. The browser is not doing the attestation; it's a third party who serves as Attestor. All the browser does is makes the request to the attestor, and passes the attestor's results to the server you're talking to. There is no way a change in the browser could thwart this if the server you're talking to expects attestation.
It depends on how Google wants to play this. If they require website operators to use WEI in order to serve ads from Google's ad network (a real possibility), then suddenly 98.8% of websites that have advertising, and 49.5% of all websites would be unusable unless you're using Chrome. It's probably safe to assume they'd also apply this to their own products, which means YouTube, Gmail, Drive/Docs, all of which have large userbases. The spec allows denying attestation if they don't like your browser, but also if they don't like your OS. They could effectively disallow LineageOS and all Android derivatives, not just browser alternatives.
It may be dead to its users anyway depending on how forceful Google is with this. If Brave doesn't work on 98.8% of all websites with advertising or indeed on 49.5% of all websites (approximately Google's ad network's reach), it becomes as niche as lynx.
A fork like Vivaldi, Brave or Opera could opt not to implement these changes
It doesn't quite work like that. They wouldn't choose to not implement the change, because the change comes from upstream via Chromium. They would have to choose to remove the feature which, depending on how it's integrated, could be just as much work as implementing it (or more, if Google wants to be difficult on purpose). Not implementing the change is zero effort; removing the upstream code is a lot of effort.
Brave is built on Chromium. So, by default, no they are not safe from this. Without extra effort, Brave will have this feature. I don't know if its feasible but there's a chance the Brave devs can remove the code from their distribution, but that's the best case scenario and just puts them in the same position as Firefox: they get locked out because they refuse to implement the spec.
Within the context of Chrome and other Chromium based web browsers, this means that Google will be able to monitor your web browsing in a new way any time you’re using a browser based on Chrome/Chromium.
With only slight hyperbole, we can say that Google can do this monitoring already.
What's worse, is now they can:
- Refuse you access to information by refusing to attest your environment.
- Restrict your browser, extensions, and operating system setup by refusing attestation.
- Potentially bring litigation against you for attempting to circumvent DRM (in the USA it's illegal to bypass DRM).
- Leverage their ad network to require web site operators to use attestation if they wish to serve ads via Google. AKA force you to use Chrome to use big websites.
- Derank search results for sites that are not using attestation.
In my opinion, the least harmful part of this is the ability to monitor page access, because they can more or less do this for Chrome users anyway. What's really harmful here is the potential to restrict access to and destroy practically the entirety of the internet.
So far, the USA alone has spent more on this war than Russia has. And the USA is not the only one sending money and resources to Ukraine.
I don’t have to read into it because it is bs anyway.
"Thankfully, I'm prescient, so I know something is bs without having read it."
In case there was any doubt that you weren't actually willing to have a reasonable discussion, you cleared it up.
Why did I expect anything different?
Instead of reading the points made and perhaps agreeing or disagreeing, you get to shortcut the whole thing by just saying "I didn't read it, and yet I disagree!". Why even pretend to participate?
You'll notice I actually wrote a comment and made points of my own, and linked to a secondary comment going into more detail. You didn't bother to address either. Must be nice to be proud of being ignorant.
"When the facts are against me, shut the whole thing down with namecalling and dismissiveness!". Again, I guess I really shouldn't expect any different. Only one side is even trying to have a conversation; the other is just playing a game of yelling loudly with no substance and shutting down anyone with contrary views.
You're a blight on society.
I have tried linking to write-ups on lemmygrad (perhaps even one by you the other day), and instead I'm met with:
Plenty of people just refuse to read a source. It's just a continuation of the "this news source is biased therefore it's wrong therefore nothing it says can be trusted therefore you're a propagandist" game that they play. You can make valid points that can be independently verified and are themselves sourced, but if it's posted on lemmygrad, or some non-Western media outlet, it automatically gets dismissed.
The number of people who honestly want to engage is seemingly very small. Most people want to shout the things they hear from their chosen news source at any unwilling victim. It's hegemony of ideas, and they'll happily use any underhanded tactic to enforce it instead of engaging honestly.