You must log in or register to comment.
Gj mozilla
If this DRM can force you to use Chromium to display a webpage or content, that would be the most anticompetitive thing in recent times, and would absolutely not fly.
That’s why they want to make it a web standard, so they can just blame Firefox and others for not following the standard and avoid EU fines.
That’s what Microsoft did with their office document standard.
Good thing Google is not a recognized standards body
I doubt the EU would buy that.
If it’s an actual official web standard, they might have to.
“Official” web standards huh?
I am afraid EU can be too dumb to not buy that!
Yeah, the sad thing here is that if Apple comply, it will basically become a standard and there’s nothing that Firefox or anything else can do about it. If they can get it on iPhone, it’s game over. Half the web will be blocked unless you agree to see adverts.
If they can get it on iPhone, it’s game over.
While this is true, I struggle to understand how Apple would stand to gain from implementing this unless it had already become a widespread standard. It’s also an opportunity for more privacy focused marketing if they oppose it, just like they do with government attempts to force them to implement backdoors into iOS.
Yeah, they already dont bother implementing a bunch of actual standards. I don’t see what they would get out of this since their ad network is very limited
I doubt they will.
Apple already has the Private Access Tokens that Cloudflare has been working on making into a standard, primarily for skipping captchas. Google doesn’t like those because they are too private.
I have limited understanding of the technical side of this issue, but based on this comment, this sounds like a brilliant move by Google - Don’t like the rules of the game, change the game…
Edit: for clarification, this comment was very tongue in cheek - I don’t support Google, this was just an acknowledgement of a smart business play.
an acknowledgement of a smart business play.
When politicians do it, it’s “corruption.” When normal people do it, it’s “crime.” When capitalist parasites do it, it’s “smart business.”
Double standards for yay! Smart business doesn’t preclude moral/ethical cesspools
While I have issues with the rules of “the game”, the current rules are better than the changes that Google are proposing, but since they are infinitely more powerful than me, I can only hope whatever body (W3C?) does not make it an official standard. As long as it’s just an extra thing that Chrome/Chromium does, there’s still hope for Google to get into legal trouble.
Fingers crossed that you’re right. Definitely don’t want to see them repositioning into an (even more) advantageous policy position. I imagine that a standards body such as the one you mentioned would be fairly careful about adopting anything proposed by a company without significant caution. At least that’s how it works with some international standards agencies haha
We need to stop this capitalist brainrot. It’s not a smart business move; a smart business move would be one where everyone wins. This is a lazy and evil move designed for pure extraction of value and coercion of compliance.
Live the way we want you to (and we take 30% off the top!)
`I mean, yes, agreed. But this is literally how businesses operate - stay ahead of governments, or change the game so govts are onboard (as regulation regularly trails behind business). A genuinely smart business move would obviously be preferable, but the modern history of megacorps is not exactly a shining beacon of benevolence to the ppl. It should be, but gestures wildly at everything
Edit: exchanged “always” for “regularly”
the modern history of megacorps is not exactly a shining beacon of benevolence to the ppl
I mean, yes, agreed. But why does anyone think that that’s ok?
People ask me why I use Firefox when other products hace better features. This is the reason. This is the only feature I want: A fundation that helps and understands the user Thanks for all Mozilla.
I still don’t get where this proposal originated. It looks like a random user, what’s their connection to Google and why do we believe it’s even under consideration by the organisation?
Also, <3 ff
Def not a random user, it came from a committee. There’s an attendees list and meeting notes attached to it if you click around a bit
You get to Google pretty quickly by following links. If you look at the top of the linked issue, it links to a few things owned by Rupert Ben Wiser. If you follow the explainer link, you get this list of authors:
Authors: Ben Wiser (Google) Borbala Benko (Google) Philipp Pfeiffenberger (Google) Sergey Kataev (Google)
And in the repo, he says it’s being prototyped in Chromium.
That’s all written by him though, so I guess he could just be lying and making up names. So I tried looking up his name, to see if he’s listed anywhere as a Google employee, but the best I could find is he’s listed as a Google employee since 2022 on Facebook and LinkedIn. And he doesn’t have much on his Github. (I kinda feel a little stalkery now… Don’t harass anyone please). So either this is an elaborate, very late, April fool’s or he’s probably the fall guy for whatever exec actually thought this up.
I wasn’t really doubting that he was a Google employee, rather more questioning whether the corporation (bare in mind it’s huge) is aware of his efforts and this is on their immediate roadmap. It could just be a bunch of employees trying something about/proposing it internally and it might get shot down.
But I take the other commenter’s point that this is how it begins
No organisations put things through in giant blazing neon letters. One employee quietly pushes a bit, another a different bit and ten bits later we’re all like, WTF?
Google has been trying to ensure they can serve everyone ads for a while. There’s a reason the author of uBlock clearly states that the Chrome version isn’t as good.
deleted by creator
Extremely common Firefox W
That’s as true as it is irrelevant. I don’t think I’ve heard anyone say chrome isn’t a great browser or chromium isn’t good - it’s the control Google has over it that everyone has a problem with
People definitely do say those things. They are terrible memory hogs compared to other WebKit alternatives
Can someone explain to me the google API and DRM situation in stupid people terms? I’m stupidly tech illiterate but I know that this is a big deal and I would like to understand
deleted by creator
I bet you heard about safetynet on android devices. It is a service that checks if you run a genuine licensed not-modified version of android. If not - app developer can just restrict you access to the app. It is mostly used by banking apps, but there’re many examples of not security critical apps utilize this.
Google wants to do the same but for browsers and websites. If you run firefox or modified chrome or use adblocks: youtube, twitter, etc. would be able to detect it and can restrict access to the website.SafetyNet is fairly easy to defeat.
Only because nobody is actually enforcing key-backed attestation.
If you root your device correctly. Can’t expect most mobile users to do that. Can’t expect users with locked bootloaders to do that. Can’t even expect many power users to do that. A lot of very tech literate people I know that customise their computer OS heavily still don’t want to root their phone.
Sure thing. With this current proposal, when you visit a website, the site asks your browser if you’re willing to display it as intended, basically with all and any adverts. If the answer is no, then you can’t see the content, if the answer is yes, then you’re likely using Chrome or a Chromium based browser and Google can guarantee more ad impressions, because they’re first and foremost an advert selling company.
Why can’t your browser lie and say “yes of course I’m displaying everything my fingers definitely aren’t crossed behind my back”?
Because it’s not just going to say yes. It’s going to say yes, and then present an unique key that browser made for themselves. Other browsers might be able to spoof the key, but the proposal might have cryptographically expensive to even try.
Thanks so much, I understand now. God, is that a shitty move for Google to pull
That’s not true - you can still use ad blockers etc as normal.
It’s also not a browser check, it’s a device check. It’s to check that the device can be trusted, like android itself hasn’t been tampered with.
It’s literallly impossible for there to be a valid reason for a website to be entitled to know that under any circumstances.
That’s equally stupid though… why shouldn’t I be able to tamper with my phone’s operating system? And how is it any of a website’s business if I do?
You can tamper all you want, but apps can already block access to devices that have been tampered with. This just gives that same power to websites.
… yes, and I am obviously very against giving that same power to websites lol. An app is built from the ground up as a UX created by the company, and that is what you are signing up for when you use an app. A browser should be a contained way of rendering data from some webserver according to a user’s preferences. Google is apparently trying to “app-ify” web protocols in order to give themselves more power over a user’s experience to the detriment of the user.
So people with custom roms or on various Linux distros would be fucked?
Well with custom roms they already are for many apps.
True, but that’s within their own ecosystem. The internet is not owned by Google. But I guess a certain part of the majority wants it that way with how popular Chromium based browsers are.
How could it not be a browser check if the website relies on the browser to be a middle man? The WebDRM that was pushed by a terrorist organization W3C, currently requires per-browser licensing.
Per wikipedia:
EME has been highly controversial because it places a necessarily proprietary, closed decryption component which requires per-browser licensing fees into what might otherwise be an entirely open and free software ecosystem.
What about replying yes, then blocking ads?
Your device would return a signature to say that there’s no adblocking software on the device.
And that signature can’t be spoofed? Or the browser can’t be sandboxed and quarantined so it is made unaware of such software, and the software applied retroactively?
People will always find a workaround, look at rooting of phones for example. But they shouldn’t have to. I mean look at how banking apps refuse to work on rooted phones but work in a browser on your desktop without any issues. It will be the same with this. Your device is rooted, we can’t show you this webpage.
I may not be 100% right, as I haven’t looked at it in detail, but I think it’s even a bit more than that. Since the way that’s proven is by the browser vendor signing the request (I assume with an HTTP header or something), you could also verify it’s from a specific vendor. So even if Mozilla says, yes, we’ll display your ads, a website could still lock down to Chrome. It would probably also significantly hamper new browsers, and browsers with a security/anti-ad focus, as they won’t be recognised by major websites that use the new protocol until they have market share, which they won’t get if they don’t have access to major websites.
I don’t think there is a website in existence that I want to see bad enough to put up with that. If it doesn’t work in Firefox, I’ve got better things to do than change browsers to see whatever BS in on a site that would do that.
A) Maybe not you, maybe not me or anyone else here, but 99.99% of the rest of the world? And when the rest leave, is Mozilla really going to be able to justify maintaining a browser for those that remain? B) There might not be a website that would do it, but what about if practically all websites with any corporate backing did it?
This is the fundamental point that so many techies fail to get. Saying “I’ll be fine, I’ll do X” is irrelevant. If nobody’s doing what you want to do, then eventually you won’t be able to do it either.
I mean, they already do that by filtering out user agents. But this is certainly a step beyond.
Which is why all browsers cross identify as other browsers. This would make it easier for sites to block and harder for browsers to work around.
if they dont like your browser you cant view the site , ultimately its gonna be google who will be deciding what conditions your browser has to fulfill to be approved and the big one they wont say outright is adblockers , if you have an adblocker they will not allow you to veiw the site
It can’t just be for the server - it also needs to be per-community or you still get a very homogeneous feed
And you need an algorithm that can balance that not just for 1 site, but do it dynamically for each site
We’ll get there, but it’s one of those issues that keeps getting more and more complex the longer you work on it
If I’m still using degoogled chromium… Am I still supporting Google? :(
Yes. You’re still giving a Chromium based browser market share. Pretty much the only non Chromium browser is Firefox
Well yes: it’s essentially Chromium, which the majority of code comes from Google
What about brave? Yes its Chromium based as every browser except firefox, but modified
Yes, it is still chromium.
In statistics, Brave counts as chromium.
@fatalicus @disconnectikacio I use ungoogled-chromium.
Which is still chromium, just removed any dependencies on google.
Google makes Chromium, and enev “ungoogled-chromium” will register as chromium in statistics.
That is what this thread of comments started with…
@fatalicus but isn’t the ungoogled version better ?
One just has to wonder… how evil can Google become?!
Yes!
Yes-ier!
I feel like I’ve been forced to switch a lot of my default applications lately based on shitty decisions from tone deaf companies. I guess I’m going to move from Brave to Firefox finally.
Brave is just windowdressing. You cant really get any real privacy in Chromium.
Never heard anything bad about brave privacy, you got sources?
I think this is what has recently turned people against them: https://www.searchenginejournal.com/brave-browser-under-fire-for-alleged-sale-of-copyrighted-data/491854/#:~:text=Brave is alleged to sell,transparency in the tech industry.
They also in the past got caught using affiliate links with crypto URLs which gave brave kickbacks. Scumbag shit. If you want actual hardened browsing forget brave or anything chromium based. Use librewolf which is a forked version of Firefox. Mull if you’re on F-Droid.
Sauce: https://www.theverge.com/2020/6/8/21283769/brave-browser-affiliate-links-crypto-privacy-ceo-apology
^^^ absolutely.
Brave is also associated with Peter Thiel and if there is one person to get the title of Evil Tech Bro, it’s him.
Moving browsers used to be moved the webpages now…it’s a massive deal now.
Made the switch recently myself and can never look back. Being able to install custom add-ons on mobile is a huge plus to me
Why did you chose Brave to begin with? Serious question, not being snarky. I tried it for a day and it just didn’t compete with Firefox + uBlock Origin in any meaningful way. I don’t see the appeal of bundling advanced security and filtering tools with the browser, it’s better if they’re separate entities, keeps everyone honest.
I’ve taught multiple people in my life to use brave. The vast majority of end users simply can’t be bothered to install a plugin or understand how to manage it when a site breaks. Brave makes it just a little more intuitive for them and means less IT calls for me. Firefox with ublock is what I personally use. Brave is what my family uses.
Brave is just as likely to “break” a site as uBO, what do they do then?
Brave has a button right next the task bar they can use to toggle off controls. I know ublock is stupid simple to do that too but the extra step of going to plugins then settings has lost people in my experience.
uBlock has a button next to the search bar, you can hide it, but I’m pretty sure it’s shown by default. It’s 2 clicks, but it’s just the shield icon (which I’m just realizing has uO on it instead of uBO, is that the official abbreviation?) then a big ass Power button. Either way, in my experience, anyone I try to set up with anything other than Edge, ends up back on it within a month because the dark patterns work and they get tricked into it :(
Huh… That’s an interesting idea. Best argument for brave I’ve heard too
Have slowly been switching to Firefox for a couple of months, but the DRM proposal has gotten me to fully switch.
Thank you. You’re only one person, but the world is just particles. If enough of us come together, we will be something tangible.
deleted by creator
Edge’s left sidebar vertical tabs has ruined me. Plz add this Mozilla, and I’m all in on Foxy Fox
Sidebery is a saviour for me and very likely you too. I’ve got 1500 tabs just lying there in my sidebar, inactive and neatly grouped together!
Ooooo neat thanks for the tip!
I just can’t stand the sidebar. Would be nice if they would get native grouping (again, they had grouping for years and removed it) and vertical tabs like pretty much every browser has been integrating now.
If this goes through. Will Google become a browser monopoly and (hopefully) get sued
Apple already implemented something similar on safari that flew under the radar, so the browser/mobile duopoly cartel is still working.
Do you have any more details on this?
Worth noting Cloudflare hasn’t just integrated it as mentioned in the blog, they are the primary ones working on the standard.
https://www.snellman.net/blog/archive/2023-07-25-web-integrity-api-vs-private-access-tokens/ explains it better than I could in a comment.
deleted by creator
cool, now we need a voice that hasnt lost all its weight years ag
Mozilla is only as strong as the community. In recent years it’s been like a red Panda backed in a corner and tried everything to get offset the contribution of Google. But rather than focus on money, it should’ve focused on community. No matter how many bucks Mozilla chases, it will never match what Google contributes. But no matter how much Google pays Mozilla, it should pale in comparison to the value of community contributions. Sadly Mozilla only value code contributions, not realising that pull requests come thicker and faster with real community engagement. They hired a bunch of people that don’t care for the community and as such community engagement dwindled.
while i must agree on community portion (i personally dont partake) even the money contribution is but a wet fart
What google pays mozilla for their search engine deal: 450 million
What google pays apple for the same deal: 15 billion by the time google made this deal mozilla had lost their voice
as much as i hate anything google (i use firefox myself), mozilla lost most of its power to make a compelling argument and the community or rather the people who jumped on the google wagon are very much just as much t blame as google itself
