cross-posted from: https://beehaw.org/post/6738148

The much maligned “Trusted Computing” idea requires that the party you are supposed to trust deserves to be trusted, and Google is DEFINITELY NOT worthy of being trusted, this is a naked power grab to destroy the open web for Google’s ad profits no matter the consequences, this would put heavy surveillance in Google’s hands, this would eliminate ad-blocking, this would break any and all accessibility features, this would obliterate any competing platform, this is very much opposed to what the web is.

  • RagingNerdoholic@lemmy.ca
    link
    fedilink
    English
    arrow-up
    46
    ·
    1 year ago

    It’s like everything is named ironically these days. There is nothing “trusted” about a device whose sole purpose is secure things against the person who ostensibly owns it.

  • ArugulaZ@kbin.social
    link
    fedilink
    arrow-up
    30
    arrow-down
    1
    ·
    1 year ago

    What’s that, Google? You say you want me to switch to DuckDuckGo and Firefox? And you’re insistent that I do it? Okay, sure.

    • Eufalconimorph@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      42
      arrow-down
      2
      ·
      1 year ago

      Yeah, DRM has always scared away all the users. That’s why nobody adopted DVDs, that “Netflix” company failed to create a video streaming service, Steam never became a dominant game distributor, etc.

      Most people won’t notice or care. Most companies’ customers will buy what’s advertized to them. It’s very dangerous to assume consumers want freedom, we need to fight for it, not ignore the threat due to naïve idealism.

        • herrvogel@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          I once worked at a software company where it took the frontend guys like a month to finally notice that common adblockers broke one of their sites (which didn’t actually have ads on it, funnily enough). None of them noticed because none of them used adblockers on any of their machines. When people like that don’t run adblockers, it’s not realistic at all to expect the average user to do it.

          • 8bitguy@kbin.social
            link
            fedilink
            arrow-up
            6
            ·
            1 year ago

            As a full stack guy that has done his fair share of front end work, I use an adblocker on the devices that I use in my personal realm. I don’t have them in my development area because most people don’t use them. I want what I test on to be as stock as possible. I’ve observed that most people go with what “comes out of the box.” That said, I get to look at my efforts on my personal devices. If something is off, I’ll see it. If I had to code to every popular extension, it would be hard to get anything done.

        • Eufalconimorph@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Sadly most people don’t have an ad blocker installed. Per this site <50% use ad blockers. Most users are using mobile devices, and the majority of those don’t have any ad blockers available in their default browsers/webViews. They won’t notice.

      • AlexWIWA@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        People didn’t have access to non-drm versions of those for 20 years first though. If we started with drm web then I’d be less optimistic, but people are going to notice when their sites don’t work.

    • 001100 010010@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      Except Google actually has the power to do that. Do you think Youtube content creators are going to use Peertube? No I don’t think so.

  • monobot@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    This will be great, just filter me out from all ad content. I will not even need ad blocker.

    • maynarkh@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Your doctor, tax office and other public services or your employer or job seeking webite says hi.

      Very few of us can truly live without the internet.

  • tillary@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    1 year ago
    How does this affect browser modifications and extensions?
    Web Environment Integrity attests the legitimacy of the underlying hardware and software stack, it does not restrict the indicated application’s functionality: E.g. if the browser allows extensions, the user may use extensions; if a browser is modified, the modified browser can still request Web Environment Integrity attestation.
    

    In other words, you don’t have to worry about the removal of ad blockers. At least, not through this Google proposal.

    • chameleon@kbin.social
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      You do have to worry, because that part is essentially bullshit designed to soothe you while ignoring the actual problem. The attester (in practice the platform holder, so Google/Apple/Microsoft) is allowed to pick which apps can use the API. The criteria they are supposed to use (as well as the entire privacy section) is a “todo” in the actual spec, but even then, there is literally nothing stopping them from deviating from those criteria as the spec isn’t legally binding. It is entirely plausible for Google to deny attestation capability to Firefox and other browsers capable of ad blocking.

      Sure, they can request it. It doesn’t mean that they will receive it, or that websites will be okay with the result. The “risk of websites using this functionality to exclude specific attesters or non-attestable browsers” is something not excluded by either the spec or the explainer; all it says is they “look forward to discussion on this topic”. Google, Apple and Microsoft will be the ones in charge of deciding which browsers are non-attestable.

      More importantly, if they allow modified web browsers, it is completely pointless for their very own stated goals. Doubly so because the attestation can’t be meaningfully bound to the device (ie you can build a modified Chromium that does nothing but request attestation results and forward them to a bot running on a desktop and the website would be none the wiser).

      • tillary@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        So in order to accomplish what you’re saying, all attesters would have to reject all browsers with extension functionality then, right? And if they really wanted to eliminate ad blocking, those browsers would not even be allowed to run debugging scripts.

        I don’t see a lot of buy in from users to such a system. The proposal requires the site, the user, and the attestor to comply. I don’t see any plans for an overhaul of the entire tech infrastructure.

        The worst that can happen as I understand it is a handful of websites will start blocking users who aren’t validated per the spec, they’ll display a message like “this website only works in BrowserEveryoneHates”, and then a competitor will swoop in that works in every browser.

        The best that can happen is users will have a little more security from tampered software, advertisers won’t lose as much money from bots, among other things as they describe in the spec.

        I’m open to changing my mind, but this is just how I understand it so far.

        • maynarkh@feddit.nl
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          There is little to no competition for a lot of services. Just a reminder, the IRS just got caught selling data to Facebook. Imagine you can only do your taxes in ad-ridden Chrome.