Google's New Web Environment Integrity Proposal Dismissed by Brave, Mozilla, and Vivaldi
Google's New Web Environment Integrity Proposal Dismissed by Brave, Mozilla, and Vivaldi
106 comments
-
I don't understand why so many opinion pieces and news keep on saying that Web Environment Integrity could be abused and that's why we should oppose it. This misses the point a great deal.
Implementation of Web Environment Integrity in browsers IS ITSELF AN ABUSE, because I have the right to go around the web without continually proving who I am, even less against a 3rd party.
It's as if someone said that some officer (and not even a government one) should always be by your side when you go out, ready to certify who you are, whenever you speak with people on the street – and even with friends. Would you accept that?
Are we totally out of our minds??
-
I can only assume these opinion pieces are written by people who use Google for everything they do and trust them.
Dumb fucks, to quote Zuckerberg...
-
How would WEI work? What signals does my computer send to convince the other computers that my computer is doing what they want? Is it based on some "trusted computer" hardware level bullshit that's already there? (I just want my computer to do what I want.)
-
That's not part of this spec, all it says is that the attester produces a cryptographic proof. What it checks and what that proof means is for the attester to decide.
Google and Apple say they would "just" check if the user is logged into their Google/Apple account, as a way to proof that they are human and not a bot. That would be bad enough, because you should not have to have an account with these companies to browse the web. But they could easily make it even worse, by requiring you to install a kind of anti-cheat software that scans your device, and only provide the proof if they like the results. Heck they could just exclude everyone who visited a certain website in the past or who's name starts with an F if they wanted to, because that's how broad and dangerous this proposal is!
Big companies should not be able to decide if people are allowed to visit certain websites or not, even if they say they have the best intentions.
-
Without having read anything about WEI at all: Microsoft already supports something similar by using Windows Hello (Edge). It's using your TPM to make sure the hardware/OS wasn't tampered with. On Android, this is comparable to safetynet/Play Integrity.
-
-
-
So like 8% of the market, mostly from Mozilla?
-
Well... Normie stream love their 69 chrome versions so that's where we are at... Competition
-
-
Will have to wait and see how Apple reacts with Safari. Mozilla dismissing the proposal is big, but Apple has the second largest mobile OS marketshare with iOS, and so Safari is very relevant for websites to support it.
-
Doesn't Safari already have their own version of this?
-
Lmao, no. Google is out of their minds. Apple has zero interest in controlling browsers or ads.
https://money.cnn.com/2017/08/31/technology/business/apple-net-neutrality/index.html
-
They do indeed: https://httptoolkit.com/blog/apple-private-access-tokens-attestation/
From the article:
The focus here is primarily on removing captchas, and as such it's been integrated into Cloudflare (discussed here) and Fastly (here) as a mechanism for recognizing 'real' clients without needing other captcha mechanisms.
Fundamentally though, it's exactly the same concept: a way that web servers can demand your device prove it is a sufficiently 'legitimate' device before browsing the web.
-
not to my knowledge
-
-
-
Google: "How cute, anyway as I was saying..."
-
Google doesn't care 🙁
-
-
Good.
-
I can't honestly see how any other company can single-handedly stop Google if they go though with this. Google has the ability to strong arm this proposal by having Youtube and Google search dependent on Web Environment Integrity. There are enough alternative to web search but I can't see how anyone can fight Google's dominance in video hosting to stop them.
You would almost have to have every other major website intentionally break on Chrome to even the playing field, and if Google still don't back down you are left with a divided internet.
-
If you oppose this, don’t just comment and complain, contact your antitrust authority today:
US:
https://www.ftc.gov/enforcement/report-antitrust-violation
EU:
https://competition-policy.ec.europa.eu/antitrust/contact_en
comp-greffe-antitrust@ec.europa.eu
UK:
https://www.gov.uk/guidance/tell-the-cma-about-a-competition-or-market-problem
France:
https://signal.conso.gouv.fr/fr/tel-internet-media/faire-un-signalement
Germany: @kartellamt@social.bund.de (anti-cartel bureau) of @BMWK https://www.bundeskartellamt.de/DE/Kartellverbot/Anonyme_Hinweise/anonymehinweise_node.html https://www.bundeskartellamt.de/DE/Missbrauchsaufsicht/missbrauchsaufsicht_node.html
Philippines:
https://www.phcc.gov.ph/file-a-complaint/
India:
https://www.cci.gov.in/antitrust/
https://www.cci.gov.in/filing/atd
Canada:
https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/frm-eng/GHÉT-7TDNA5
-
The UK government won't do anything, they're probably all for this, assuming they understand it.
-
Thank you. Took the words out of my mouth.
If all browsers and standards organizations oppose this idea, but Google does it anyway and it succeeds and takes over, can you imagine how easy the anti-trust case will be?
-
Hell yeah. Top of the line comment right here. Thank you
-
Thanks for the nudge, I wrote to the EU registry.
-
-
What I'm getting from this is that some monopoly busting is sorely needed.
-
I think YouTube and Google Search are the least of our worries. There will be companies who would have a field day picking up the pieces if that happened.
It's everyone else using it that suddenly means you can't run an ad/script blocker on the ickier parts of the web that really need it. The modern internet is an unusable mess, and only ad blockers make it tolerable again.
-
LOL, sorry but if it is control over my computer vs youtube going away my reasponse is "bye bye, YouTube, don't let the door hit you on the way out"
-
I agree with you personally, but it’s the second most used platform after Facebook I think so it does have an insanely massive userbase.
-
Yeah, I made the same argument and had a bunch of morons talking about how inconvenienced they would be if they couldn't visit a website.
-
-
You know, most major web servers are open source projects (Apache, nginx, ...). They could in theory decide to check for the browser that's accessing a website and just return an error If it's a variant that supports WEI. Ofc people could fork them and remove the check, but many might just use them as is.
Just a thought though, this would be a very radical and hugely controversial step.
-
-
Good fucking riddance
-
It's "dismissed" as in "they say it's rubbish". It doesn't mean they won't ultimately be forced to use it.
-
😪
-
Just imagine how easy the anti-trust case will be. "The entire industry opposed Google, Google won anyway. I rest my case."
-
-
-
Microsoft are staying suspiciously quiet then. And what about Apple?
-
Apple already added basically the same thing about a year ago: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/
-
Is this technically equivalent to Google's proposal? Apple say that their version was developed in collaboration with Google, so it would be surprising for Google to go and deploy a second version of the same thing, were it not for the fact that Google always has two competing versions of everything.
And I guess the main reason people are more concerned about Google's version is that they are so dominant in the browser market.
-
-
Edge is a Chromium browser isn't it? Then again, so is Brave and the article indicates they are making a point of removing this stuff from their build. Safari is it's own thing though afaik.
-
Apple won’t do anything of the sort. They were in support of net neutrality and are committed to an open, free web. One of their chief complaints against Adobe back when Flash was at its all time peak as just that: it gave Adobe control of the web. They pushed for HTML5 and other alternatives.
Google is alone in this. However, I feel they can’t do it without Microsoft. At least not to the effect they are hoping so I totally see MS jumping on this as they have been firing on all cylinders with regards to “Windows as a service”. All they care about is building their own monopoly.
-
-
At this point, why don't the companies who run Chrome derivatives work together to build a fork that evolves separately from Chrome? Edge, Vivaldi, Opera, etc. will never get the marketshare on their own to rival Chrome, but together, they could make a dent with a unified browser engine.
-
Gecko (Firefox engine) already is worked on, why not contribute there instead of losing community? If anything why those browsers use engine that is controlled by a single company?
-
Alternative plan: why not use gecko? I know it's more work to do so, but I would call that the lesser of two evils at this point.
-
Because it's very expensive to do so, unfortunately.
-
-
As it very well should be. Fuck Google.
-
Looking on the bright side here, this will be good for applications that depend heavily on Chromium such as Steam. It won’t be much good, but it’s something.
-
Did Opera announced any intent?
-
Brave and Vivaldi (and edge) have no say in the matter, they are practically in the business of rebranding chrome for what it is and contributed to reinforcing goggle's monopoly. I have absolutely no sympathy for them.
-
At least Brave forks Chromium and they have a bunch of patches they apply to the codebase. I mean yeah, they still contribute to the Chromium monopoly but calling them just a rebrand is a bit unfair in my opinion
-
106 comments