Mozilla should call for Google's removal from the W3C over this implementation of Web Environment Integrity. "But Chrome has 65% market share, what good is the W3C without them?” If Google can take unilateral action to fundamentally change the basic principles of the web, then the W3C is already useless. This will give Google a clear choice: if they want to maintain the idea that the W3C matters, they should withdraw this implementation.
It is unbelievable that over the course of 3 days, the potential future of the web has been put in such dire straits. There's already an existing, far less troubling (while still bad), proposal in the form of Private Access Tokens going through a standards committee that Google chose to ignore. They presented this proposal in the shadiest way possible through a personal GitHub account. They immediately shut down outside contribution and comments. And despite the blowback they are already shoving a full implementation into Chromium.
What we need is real action, and this is the role Mozilla has always presented itself as serving. A "true" disinterested defender of the ideals of the web. Now is the time to prove it. Simply opposing this proposal isn't enough. This is about as clear and basic an attack on what fundamentally differentiates the web from every walled garden as possible. If someone drafted a proposal to the W3C that stated that only existing browsers should be allowed to render web pages, the correct response would not be to "take the stance that you oppose that proposal," it would be to seriously question whether the submitting party should even participate in the group. Make no mistake, that is what is happening now.
2. Open Bing Chat sidebar (top right corner); it auto-summarizes the article.
3: My prompt:
Using the that webpage summary, please write a letter reporting Alphabet for antitrust violation. Please include the following [this language is from the ftc.gov site]:
Q: What companies or organizations are engaging in conduct you believe violates the antitrust laws? A: Alphabet
Q: Why do you believe this conduct may have harmed competition in violation of the antitrust laws? A: [use the article]
Q:What is your role in the situation? A: I'm a user of the Firefox browser
Thanks, just emailed the FTC. It was a bit cathartic and now I don't have to be angry about this for the rest of the day, I'd encourage everyone else to do the same.
This proposal is just so throughly user-hostile that it's impossible to criticise it based on technical grounds. It's not a bad proposal, it's a dangerous, evil and malicious one, so criticising it in details is futile. The whole thing in itself is evil, and it needs to be thrown out.
Quietly protesting won't work this time, the goal is to kick up a huge fuss which gets the attention of governments, regulatory bodies and start antitrust proceedings.
Excuse my french but Google can fuck off with their censorship and "reminder to be civil". They have truly gone mask off, with the Code of Conducts not reinforcing good practice and a welcoming environment, but just a tool used to suppress dissent.
I've switched to Firefox and I'd recommend everyone else to do so.
There are many arguments against this but not many brought the implications for search engines.
If websites implement this, it will effectively make building a web search engine impossible for new entrants. The current players can whitelist/attest their own clients while categorizing every other scraping clients as bots.
If not for other reasons, I can't see how Google a search company can be allowed to push something that can kill competition using its market dominance in other areas like browsers.
> If not for other reasons, I can't see how Google a search company can be allowed to push something that can kill competition using its market dominance in other areas like browsers.
Because antitrust has been dead for a while. Chrome is a tool to drive people to Google and Google ads and nothing more.
I will say, I did appreciate Microsoft having a browser engine with IE and Edge, even if the former was notoriously a pain, it gave competition in the space. Unfortunately, that's not the case anymore and everything is either Chrome (Blink), Firefox (Gecko), or Safari (WebKit). And it's pretty clear what Chrome has done once that have amassed a dominant market share.
I'm sure there are Googlers who think they're legitimately making the web a safer place, but I think the real reason is pretty clear if you take a birds eye view.
Is it possible for them to implement this API in such a way that it will fail 5% of the time or so, making it impossible for websites to deny individuals based on failing attestation?
> The current players can whitelist/attest their own clients while categorizing every other scraping clients as bots.
Can't they already do this by having scrapers send plain-old client certificates? Or even just a request header that contains an HMAC of the URL with a shared secret?
Actually, taking a step further back: why does anyone need to scrape their own properties? They can make up an arbitrary backchannel to access that data — just like the one Google uses to populate YouTube results into SERPs. No need to provide a usefully-scrapeable website at all.
Despite the spec's half-baked state, the blowback last week was swift – in the form of a flood of largely critical comments posted to the WEI GitHub repository, and abuse directed at the authors of the proposal. The Google devs' response was to limit comment posting to those who had previously contributed to the repo and to post a Code of Conduct document as a reminder to be civil.
Also worth noting that this locks reactions (thumbs up, hearts, etc.) - providing plausible deniability that "only a small number of people raised concerns about specificTopicX." Journalists should be more aware of this!
On a separate note, for journalists and others who wish to communicate with the spec's author directly, his public website (which lists a personal email) is one of the other repos on the Github profile under which the specification was published. It's painfully absurd that he wrote this sentence in 2022 [0]:
> I decided to make this an app in the end. This is where my costs started wracking up. I had to pay for a second hand macbook pro to build an iOS app. Apple’s strategy with this is obvious, and it clearly works, but it still greatly upsets me that I couldn’t just build an app with my linux laptop. If I want the app to persist for longer than a month, and to make it easy for friends to install, I had to pay $99 for a developer account. Come on Apple, I know you want people to use the app story but this is just a little cruel. I basically have to pay $99 a year now just to keep using my little app.
It's small, but here's a real actionable item that you can do to help:
Put a gentle "Use Firefox" (or any other non-Chromium-based browser) message on your website. It doesn't have to be in-your-face, just something small.
For people who want to put something like this, here is the code snippet:
<span id='browser' class='hidden'>
This website is designed for <a target="_blank" rel="noopener noreferrer" href="https://firefox.com/">Firefox</a>, a web browser that respects your privacy.
</span>
<script>
if (window.chrome) {
document.getElementById('browser').className = '';
}
</script>
Class .hidden must hide the element somehow, in this case I do:
I like this idea, but has Mozilla said anything about their position in all of this? I'm a Firefox user, but I haven't felt great about Mozilla in quite a while. I'd love to know they are on the right side of this issue before I start promoting them like this.
I don't think most people know the difference between Chrome or Firefox and if they can still use websites they use with that change, they just won't bother.
Even if you explain what is the difference, 99% they'll forget the next day.
It's just pointless. With this kind of overreach, only government intervention and regulation can help. Google is not something you can go against with your proverbial wallet - they are too big.
Small anecdote: I am not sure how you're detecting the browser, but this note still appears in Orion (webkit-based browser) while it does not in Safari. Persists even when I change user agent explicitly to Firefox or Safari.
The issue with that is that most people here will only have their own website or product, which is already aimed at more tech-savvy people, who will already have made a conscious decision to use Firefox, Chrome, or whichever browser they prefer.
But we / this site only represents a small percentage. 85% market share means there are hundreds of millions, if not billions of users that would have to switch to make any kind of impact.
And you can't do that without being a very large company with an operating system or the most popular search engine or other ways to constantly tell people to use your browser, no matter how good or privacy conscious or whatever your own is.
In the end, I feel like there is a silver lining to all this. As the world wide web becomes more sanitised with their codes of conduct, corporate censorship, ads, witch hunts, all these limitations - more and more, I hope, would the valuable, interesting bits of it drift to alternative locations.
The internets of old were just that - a place where nerds, freaks, outcasts, and other antisocial personalities congregated. Everything was permitted and everything was possible. Many, myself included, hoped that it would change the world. It didn't - the world is winning again, as everyone can clearly see. Still, I hope that the normalisation of the web might as well create a critical mass of those who just want something more than just a corporate safe space.
I sincerely wish that there is a future where protocols like gemini - stripped from all the visual noise and 'dynamic' features - get a critical mass of useres. If that doesn't happen - as someone who doesn't use any mainstream social media, google and microsoft services, llms and other modern (and some might add - dystopian) stuff - I don't really loose much. There are enough great books for a hundred lifetimes, enough hikes to walk and friends to get blasted with. Maybe it'd even be for the better.
Get the Wikipedia Foundation on board and make sure the wikipedia or other big mediawiki hosts refuse to show any kind of content if such feature is detected in the browser.
Also, if you're a distro mantainer, configure apache and nginx defaults to make this is the default behaviour.
Even better: instead of redirecting to any wall of text with a long explanation of the political and technical reasons of this choice, just display a big, loud "ERROR" message stating that their browser is unsupported due to the presence of this module, and a small tutorial on how to deactivate it from the about:config page, if available.
I do, and I keep having those tiring conversations, but it's really hard to get the point across in layman's terms. I have enough friends in tech who stick with Chrome out of convenience instead of just falling back on it in case something actually doesn't work in Firefox. how do I convince tech illiterate people of doing this?
There’s a saying, on the internet nobody knows you’re a dog.
WEI is part of a broader movement to make this false - more generally to make an internet where we know you are a human staring at a screen
It turns out having dogs (or more commonly programs and scripts) on the internet is not profitable and not good for business, so corporations want to take dogs off their websites by finding clever ways to attest that a real human with eyeballs is clicking with hands and staring at ads.
Support dog rights. Don’t allow for a WEI-dominated web.
The whole narrative about WEI "proving" you're a human is completely false (and I'd argue a ruse). It only proves you're using a sanctioned OS and browser binary. It does nothing to stop robots being wired-up to devices w/ emulated inputs.
In fact, WEI will make it easier to use a robot w/ a sanctioned software stack since, hey, it's a "human" per WEI.
It looks like they do not care if they have consensus or approval for WEI, they are implementing it regardless.
Wherever you live, you should contact your government representatives and regulators and put a spotlight on this issue for what it is--monopoly abuse of power.
Grassroots efforts are great and it is good to let your friends, family, and associates know what they are doing and why it is wrong. However, government regulation of this abuse is needed to stop it by force of law.
I've been holding on to my Firefox installation after switching back around ~2016 or so. I was on the Chrome bandwagon when they were the upstart (still have the comic from the launch!) but it didn't take long to see how dangerous things were getting with monoculture.
If you want to help, push back on all the anti-Firefox rhetoric that amplifies every little misstep that they take. Firefox is so much better from a user-respect perspective and the vitriol over little things (a couple of anonymous, tracking-free sponsored links on a new tab page?) are losing the plot.
Since Google controls the implementation and the featureset of this API, they are effectively controlling the entire chain of access.
Having open source implementions does not make a difference, because a Google, or implementing website, server will control whether the content is served. Having the mechanism of access open sourced makes no difference in this situation.
It is the same situation with the "latent" passkey attestation mechanism. Apple and Google have general guidelines that the feature will not be used, but that only true currently. This should not be part of the browser for the same as with passkeys, it gives corporations final say in what you are allowed to use.
I predict that hardware attestation will in 10-30 years become a requirement to maintain an internet connection.
Given Microsoft's push to make their OS support hardware attestation as well as Google's push for technologies which use hardware attestation in broader and broader scopes (Android and iOS has supported this for apps for a long time), the technology to make this possible is increasingly becoming widespread.
Hardware which supports hardware attestation is expensive and some people who can't afford it would therefore be excluded. But I don't think this matters.
If Google forces you to see all their ads then they can sell the ad space for more money. This can make it increasingly profitable to sell devices at an ever increasing loss. Likewise for Microsoft.
As a side note, this will make it incredibly difficult for anyone to compete in the hardware space. Why would someone spend even £500 on a phone or computer from a non adtech company when the adtech company can sell the same device for £100 or £50 or maybe even give it away for free?
By making hardware attestation more mainstream, it will become increasingly difficult to argue that enabling it for things would cut off customers.
I think it's easy to argue in favor of requiring hardware attestation for internet connections from the point of view of a government or an ISP. After all, if your customers can only use a limited set of hardware which is known and tested for security, it decreases the chance of security problems. For a police state like the UK it also seems even easier to justify too.
Even if things don't go that far, in a few years you will become a second class citizen for refusing to allow this on your devices. I can easily imagine banks requiring WEI for their online banking portals (they already do it for all their apps). Likewise I can also imagine my water, gas and electricity companies, or really any company which handles payments, considering this technology.
The worst part is, I don't think most people will care as long as it keeps working seamlessly on their devices. Likewise I don't think governments or the EU will do anything about it. I am not even sure what I can do about it.
> I predict that hardware attestation will in 10-30 years become a requirement to maintain an internet connection.
What you fail to take into account, is that geeks like being able to freely goof around with stuff; and that new disruptive tech evolves precisely in the ecosystems where geeks are goofing around with stuff.
Consider the dichotomy between iPadOS and macOS. macOS still exists — and still has things like the ability to disable Gatekeeper, enable arbitrary kernel-extension installation, etc. — because the geeks inside Apple could never be productive developing an OS on a workstation that is itself a sealed appliance. They need freely-modifiable systems to hack on. And they may as well sell other people those free systems they've developed — with defaults that make the tool appliance-esque, sure, but also with clear paths to turning those safeties off.
The same thing was true in the 90s with the rise of walled-garden ISPs. The average consumer might be happy with just having access to e.g. AOL, but the people who work with computers (including the programmers at AOL!) won't be happy unless they can write a program that opens a raw IP socket and speaks to another copy of that program on their friend's computer halfway around the world. And so, despite not really mentioning as a feature, every walled-garden ISP did implicitly connect you to the "raw" Internet over PPP, rather than just speaking to the walled-garden backend BBS-style — because that's what the engineers at each ISP wanted to happen when they used their own ISP, and they weren't going to tolerate anything less.
And then, gradually, all the most interesting stuff for consumers on the Internet — all the "killer apps" — started being things you could only find the "raw" web, rather than in these walled gardens — precisely because the geeks that knew how to build this stuff, had enthusiasm for building it as part of the open web, and no enthusiasm for building it as part of a walled-garden experience. (I would bet money that many a walled-garden developer had ideas for Internet services that they wrote down at work, but then implemented at home — maybe under a pseudonym, to get out from under noncompetes.)
Even if there comes about an "attested Internet", and big companies shift over to using it, all the cool new stuff will always be occurring off to the side, on the "non-attested Internet." You can't eliminate the "non-attested Internet" for the same reason that you can't develop an Operating System purely using kiosk computing appliances.
The next big killer app, after the "attested Internet" becomes a thing, will be built on the "non-attested Internet." And then what'll happen? Everyone will demand an Internet plan that includes access to the "non-attested Internet", if that had been something eliminated in the interrim. (Which it wouldn't have been, since all the engineers at the ISPs would never have stood for having their own Internet connections broken like that.)
I vote that this happens, but happens completely, definitely, and thoroughly to its logical conclusion.
If you want a penny from Google adtech, you're subject to their stringently filtered portal, you're inaccessible from non-WEI enabled browsing, and circumventing WEI policies gets you demonetized. It'll be the Great Firewall of Adtech, gated access via an app to a filtered corporate paradise - a bit like Facebook tried in India, unsuccessfully.
If you want to be part of the free, non-commercial web, WEI doesn't apply, access is open. You are able to be indexed as such. The healing can begin.
This will provide a true choice: commercial xor non-commercial. Confine all the SEO garbage to ghettos that think they're kibbutzim, forcing the big commercial entities to either fight over the noise or exert their influence, and leaving the rest of us out.
Google depends on Adwords. Other revenue streams are minor in comparison. Chromium is the main moat. Android too, of course. ~$15 billion to Apple is another, so protecting all on mobile. With the demise of AICOA, we cannot hope or expect the EU to deliver. In a sense it's simple; folks have to stop using Google search in order to preserve the web, and support those who are trying to preserve it. But I would say that. We are doing what we can.
As someone who is a somewhat new to web technologies, can someone really explain why this is bad? I saw the techical discussions in the PRs made to the WEI repo but it was all super technical that I was not able to understand the arguments made for and against it.
[+] [-] ricardo81|2 years ago|reply
https://vivaldi.com/blog/googles-new-dangerous-web-environme...
[+] [-] tolmasky|2 years ago|reply
It is unbelievable that over the course of 3 days, the potential future of the web has been put in such dire straits. There's already an existing, far less troubling (while still bad), proposal in the form of Private Access Tokens going through a standards committee that Google chose to ignore. They presented this proposal in the shadiest way possible through a personal GitHub account. They immediately shut down outside contribution and comments. And despite the blowback they are already shoving a full implementation into Chromium.
What we need is real action, and this is the role Mozilla has always presented itself as serving. A "true" disinterested defender of the ideals of the web. Now is the time to prove it. Simply opposing this proposal isn't enough. This is about as clear and basic an attack on what fundamentally differentiates the web from every walled garden as possible. If someone drafted a proposal to the W3C that stated that only existing browsers should be allowed to render web pages, the correct response would not be to "take the stance that you oppose that proposal," it would be to seriously question whether the submitting party should even participate in the group. Make no mistake, that is what is happening now.
[+] [-] 4oo4|2 years ago|reply
US:
- https://www.ftc.gov/enforcement/report-antitrust-violation
- [email protected]
EU:
- https://competition-policy.ec.europa.eu/antitrust/contact_en
- [email protected]
UK:
- https://www.gov.uk/guidance/tell-the-cma-about-a-competition...
- [email protected]
India:
- https://www.cci.gov.in/antitrust/
- https://www.cci.gov.in/filing/atd
[+] [-] ethanjstark|2 years ago|reply
For any experiencing barriers for writing the email, my method is below; Bing Chat generated an excellent email that only needed a bit of editing.
1. Open https://vivaldi.com/blog/googles-new-dangerous-web-environme... page in (ugh) Edge.
2. Open Bing Chat sidebar (top right corner); it auto-summarizes the article.
3: My prompt: Using the that webpage summary, please write a letter reporting Alphabet for antitrust violation. Please include the following [this language is from the ftc.gov site]:
Q: What companies or organizations are engaging in conduct you believe violates the antitrust laws? A: Alphabet
Q: Why do you believe this conduct may have harmed competition in violation of the antitrust laws? A: [use the article]
Q:What is your role in the situation? A: I'm a user of the Firefox browser
[edit: line breaks for readability]
[+] [-] burkaman|2 years ago|reply
[+] [-] DanHulton|2 years ago|reply
[+] [-] bfelbo|2 years ago|reply
Here you can specifically create new antitrust complaints.
[+] [-] varispeed|2 years ago|reply
[+] [-] hooverd|2 years ago|reply
[+] [-] Theory42|2 years ago|reply
[+] [-] Pannoniae|2 years ago|reply
Excuse my french but Google can fuck off with their censorship and "reminder to be civil". They have truly gone mask off, with the Code of Conducts not reinforcing good practice and a welcoming environment, but just a tool used to suppress dissent.
I've switched to Firefox and I'd recommend everyone else to do so.
[+] [-] devsda|2 years ago|reply
If websites implement this, it will effectively make building a web search engine impossible for new entrants. The current players can whitelist/attest their own clients while categorizing every other scraping clients as bots.
If not for other reasons, I can't see how Google a search company can be allowed to push something that can kill competition using its market dominance in other areas like browsers.
[+] [-] justcool393|2 years ago|reply
Because antitrust has been dead for a while. Chrome is a tool to drive people to Google and Google ads and nothing more.
I will say, I did appreciate Microsoft having a browser engine with IE and Edge, even if the former was notoriously a pain, it gave competition in the space. Unfortunately, that's not the case anymore and everything is either Chrome (Blink), Firefox (Gecko), or Safari (WebKit). And it's pretty clear what Chrome has done once that have amassed a dominant market share.
I'm sure there are Googlers who think they're legitimately making the web a safer place, but I think the real reason is pretty clear if you take a birds eye view.
[+] [-] bilekas|2 years ago|reply
I hadn't really considered this. In a roundabout way, is there a process for this to be rejected on grounds of "fair use" limitations?
[+] [-] dontreact|2 years ago|reply
https://github.com/RupertBenWiser/Web-Environment-Integrity/...
[+] [-] derefr|2 years ago|reply
Can't they already do this by having scrapers send plain-old client certificates? Or even just a request header that contains an HMAC of the URL with a shared secret?
Actually, taking a step further back: why does anyone need to scrape their own properties? They can make up an arbitrary backchannel to access that data — just like the one Google uses to populate YouTube results into SERPs. No need to provide a usefully-scrapeable website at all.
[+] [-] ivanstojic|2 years ago|reply
[+] [-] wasmy|2 years ago|reply
https://www.theregister.com/2023/07/25/google_web_environmen...
Despite the spec's half-baked state, the blowback last week was swift – in the form of a flood of largely critical comments posted to the WEI GitHub repository, and abuse directed at the authors of the proposal. The Google devs' response was to limit comment posting to those who had previously contributed to the repo and to post a Code of Conduct document as a reminder to be civil.
The usual way to deal with opposition these days.
[+] [-] btown|2 years ago|reply
On a separate note, for journalists and others who wish to communicate with the spec's author directly, his public website (which lists a personal email) is one of the other repos on the Github profile under which the specification was published. It's painfully absurd that he wrote this sentence in 2022 [0]:
> I decided to make this an app in the end. This is where my costs started wracking up. I had to pay for a second hand macbook pro to build an iOS app. Apple’s strategy with this is obvious, and it clearly works, but it still greatly upsets me that I couldn’t just build an app with my linux laptop. If I want the app to persist for longer than a month, and to make it easy for friends to install, I had to pay $99 for a developer account. Come on Apple, I know you want people to use the app story but this is just a little cruel. I basically have to pay $99 a year now just to keep using my little app.
[0] https://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-my-...
[+] [-] prox|2 years ago|reply
[+] [-] encody|2 years ago|reply
Put a gentle "Use Firefox" (or any other non-Chromium-based browser) message on your website. It doesn't have to be in-your-face, just something small.
I've taken my own advice and added it to my own website: https://geeklaunch.io/
(It only appears on Chromium-based browsers.)
We can slowly turn the tide, little by little.
[+] [-] mdibaiee|2 years ago|reply
[+] [-] freedomben|2 years ago|reply
[+] [-] idlewords|2 years ago|reply
[+] [-] varispeed|2 years ago|reply
Even if you explain what is the difference, 99% they'll forget the next day.
It's just pointless. With this kind of overreach, only government intervention and regulation can help. Google is not something you can go against with your proverbial wallet - they are too big.
[+] [-] dcchambers|2 years ago|reply
Small anecdote: I am not sure how you're detecting the browser, but this note still appears in Orion (webkit-based browser) while it does not in Safari. Persists even when I change user agent explicitly to Firefox or Safari.
[+] [-] gdtfmaster|2 years ago|reply
[+] [-] 0JzW|2 years ago|reply
[+] [-] Cthulhu_|2 years ago|reply
But we / this site only represents a small percentage. 85% market share means there are hundreds of millions, if not billions of users that would have to switch to make any kind of impact.
And you can't do that without being a very large company with an operating system or the most popular search engine or other ways to constantly tell people to use your browser, no matter how good or privacy conscious or whatever your own is.
[+] [-] suslik|2 years ago|reply
The internets of old were just that - a place where nerds, freaks, outcasts, and other antisocial personalities congregated. Everything was permitted and everything was possible. Many, myself included, hoped that it would change the world. It didn't - the world is winning again, as everyone can clearly see. Still, I hope that the normalisation of the web might as well create a critical mass of those who just want something more than just a corporate safe space.
I sincerely wish that there is a future where protocols like gemini - stripped from all the visual noise and 'dynamic' features - get a critical mass of useres. If that doesn't happen - as someone who doesn't use any mainstream social media, google and microsoft services, llms and other modern (and some might add - dystopian) stuff - I don't really loose much. There are enough great books for a hundred lifetimes, enough hikes to walk and friends to get blasted with. Maybe it'd even be for the better.
[+] [-] easyThrowaway|2 years ago|reply
Also, if you're a distro mantainer, configure apache and nginx defaults to make this is the default behaviour.
Even better: instead of redirecting to any wall of text with a long explanation of the political and technical reasons of this choice, just display a big, loud "ERROR" message stating that their browser is unsupported due to the presence of this module, and a small tutorial on how to deactivate it from the about:config page, if available.
[+] [-] topshelf|2 years ago|reply
I'm recommending Mozilla Firefox to all friends and family.
[+] [-] fps_doug|2 years ago|reply
[+] [-] slowmovintarget|2 years ago|reply
She's now happily using Firefox with a non-hobbled version of uBlock Origin.
[+] [-] maxloh|2 years ago|reply
The last time I checked, multiple profiles support is somehow half-baked.
[+] [-] baybal2|2 years ago|reply
[deleted]
[+] [-] helen___keller|2 years ago|reply
WEI is part of a broader movement to make this false - more generally to make an internet where we know you are a human staring at a screen
It turns out having dogs (or more commonly programs and scripts) on the internet is not profitable and not good for business, so corporations want to take dogs off their websites by finding clever ways to attest that a real human with eyeballs is clicking with hands and staring at ads.
Support dog rights. Don’t allow for a WEI-dominated web.
[+] [-] EvanAnderson|2 years ago|reply
In fact, WEI will make it easier to use a robot w/ a sanctioned software stack since, hey, it's a "human" per WEI.
[+] [-] thesuperbigfrog|2 years ago|reply
Wherever you live, you should contact your government representatives and regulators and put a spotlight on this issue for what it is--monopoly abuse of power.
Grassroots efforts are great and it is good to let your friends, family, and associates know what they are doing and why it is wrong. However, government regulation of this abuse is needed to stop it by force of law.
[+] [-] mmastrac|2 years ago|reply
If you want to help, push back on all the anti-Firefox rhetoric that amplifies every little misstep that they take. Firefox is so much better from a user-respect perspective and the vitriol over little things (a couple of anonymous, tracking-free sponsored links on a new tab page?) are losing the plot.
[+] [-] knaik94|2 years ago|reply
Having open source implementions does not make a difference, because a Google, or implementing website, server will control whether the content is served. Having the mechanism of access open sourced makes no difference in this situation.
It is the same situation with the "latent" passkey attestation mechanism. Apple and Google have general guidelines that the feature will not be used, but that only true currently. This should not be part of the browser for the same as with passkeys, it gives corporations final say in what you are allowed to use.
[+] [-] ep103|2 years ago|reply
[+] [-] Arch-TK|2 years ago|reply
Given Microsoft's push to make their OS support hardware attestation as well as Google's push for technologies which use hardware attestation in broader and broader scopes (Android and iOS has supported this for apps for a long time), the technology to make this possible is increasingly becoming widespread.
Hardware which supports hardware attestation is expensive and some people who can't afford it would therefore be excluded. But I don't think this matters.
If Google forces you to see all their ads then they can sell the ad space for more money. This can make it increasingly profitable to sell devices at an ever increasing loss. Likewise for Microsoft.
As a side note, this will make it incredibly difficult for anyone to compete in the hardware space. Why would someone spend even £500 on a phone or computer from a non adtech company when the adtech company can sell the same device for £100 or £50 or maybe even give it away for free?
By making hardware attestation more mainstream, it will become increasingly difficult to argue that enabling it for things would cut off customers.
I think it's easy to argue in favor of requiring hardware attestation for internet connections from the point of view of a government or an ISP. After all, if your customers can only use a limited set of hardware which is known and tested for security, it decreases the chance of security problems. For a police state like the UK it also seems even easier to justify too.
Even if things don't go that far, in a few years you will become a second class citizen for refusing to allow this on your devices. I can easily imagine banks requiring WEI for their online banking portals (they already do it for all their apps). Likewise I can also imagine my water, gas and electricity companies, or really any company which handles payments, considering this technology.
The worst part is, I don't think most people will care as long as it keeps working seamlessly on their devices. Likewise I don't think governments or the EU will do anything about it. I am not even sure what I can do about it.
[+] [-] JohnFen|2 years ago|reply
I fear you're right. But if the current trends keep up, I'll have abandoned the internet entirely before that happens.
I mourn for what we have already lost, and we are poised to lose even more.
[+] [-] derefr|2 years ago|reply
What you fail to take into account, is that geeks like being able to freely goof around with stuff; and that new disruptive tech evolves precisely in the ecosystems where geeks are goofing around with stuff.
Consider the dichotomy between iPadOS and macOS. macOS still exists — and still has things like the ability to disable Gatekeeper, enable arbitrary kernel-extension installation, etc. — because the geeks inside Apple could never be productive developing an OS on a workstation that is itself a sealed appliance. They need freely-modifiable systems to hack on. And they may as well sell other people those free systems they've developed — with defaults that make the tool appliance-esque, sure, but also with clear paths to turning those safeties off.
The same thing was true in the 90s with the rise of walled-garden ISPs. The average consumer might be happy with just having access to e.g. AOL, but the people who work with computers (including the programmers at AOL!) won't be happy unless they can write a program that opens a raw IP socket and speaks to another copy of that program on their friend's computer halfway around the world. And so, despite not really mentioning as a feature, every walled-garden ISP did implicitly connect you to the "raw" Internet over PPP, rather than just speaking to the walled-garden backend BBS-style — because that's what the engineers at each ISP wanted to happen when they used their own ISP, and they weren't going to tolerate anything less.
And then, gradually, all the most interesting stuff for consumers on the Internet — all the "killer apps" — started being things you could only find the "raw" web, rather than in these walled gardens — precisely because the geeks that knew how to build this stuff, had enthusiasm for building it as part of the open web, and no enthusiasm for building it as part of a walled-garden experience. (I would bet money that many a walled-garden developer had ideas for Internet services that they wrote down at work, but then implemented at home — maybe under a pseudonym, to get out from under noncompetes.)
Even if there comes about an "attested Internet", and big companies shift over to using it, all the cool new stuff will always be occurring off to the side, on the "non-attested Internet." You can't eliminate the "non-attested Internet" for the same reason that you can't develop an Operating System purely using kiosk computing appliances.
The next big killer app, after the "attested Internet" becomes a thing, will be built on the "non-attested Internet." And then what'll happen? Everyone will demand an Internet plan that includes access to the "non-attested Internet", if that had been something eliminated in the interrim. (Which it wouldn't have been, since all the engineers at the ISPs would never have stood for having their own Internet connections broken like that.)
[+] [-] washadjeffmad|2 years ago|reply
If you want a penny from Google adtech, you're subject to their stringently filtered portal, you're inaccessible from non-WEI enabled browsing, and circumventing WEI policies gets you demonetized. It'll be the Great Firewall of Adtech, gated access via an app to a filtered corporate paradise - a bit like Facebook tried in India, unsuccessfully.
If you want to be part of the free, non-commercial web, WEI doesn't apply, access is open. You are able to be indexed as such. The healing can begin.
This will provide a true choice: commercial xor non-commercial. Confine all the SEO garbage to ghettos that think they're kibbutzim, forcing the big commercial entities to either fight over the noise or exert their influence, and leaving the rest of us out.
[+] [-] ColinHayhurst|2 years ago|reply
[+] [-] jonnycomputer|2 years ago|reply
[+] [-] andy99|2 years ago|reply
Edit: the Register article linked elsewhere looks as good as it gets for now https://www.theregister.com/2023/07/25/google_web_environmen...
[+] [-] anshumankmr|2 years ago|reply