1942
submitted 1 year ago by Spudwart@lemmy.world to c/memes@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] Sonotsugipaa@lemmy.dbzer0.com 17 points 1 year ago

You've already got some answers, but the recent drama is specifically about a Chromium-centered API, called Web Environment Integrity.

It has been found on a Google engineer's Github account, and iirc it's being tested on Chrome.

It's basically web DRM.

The idea is that the API allows websites to require browsers to guarantee they are unmodified through a "third-party" attester, like Google SafetyNet (or whatever the fuck it got rebranded as) does.

Imagine if you were trying to access a mobile-only website on your PC, by changing your HTTP user agent string;
the website would refuse to serve you the page, and tell you "I don't trust you, are you really a Google Pixel?".
A real Pixel's browser would ask Google Play to vouch for it, and the website would trust Google Play (due to cryptographic shenanigans and whatnot); your browser, however, would not have an attester that:

  • is (claiming to be) universally accepted as trustworthy;
  • answers "yes, I'm a Google Pixel" on a PC;
  • has the necessary cryptographic secrets to work.

That doesn't sound too bad.
But, what if the attester can check your browser's extensions, and tell the website that you're running an adblocker (which is WEI's explicit goal)?
What if it also checks your system's running processes or applications?
What if you ran a debloater script for Windows, and the attester decided that a lack of ads in the start menu was sus?

What if it detected VPN usage? I know some governments that wouldn't like that, I bet they would like it if VPN users would be denied access to half the web...

[-] Blerenes@lemm.ee 3 points 1 year ago

If the comment about VPNs is true, I will lose touch of half of my friends and families that live in Iran. This is truly evil..

[-] Sonotsugipaa@lemmy.dbzer0.com 2 points 1 year ago* (last edited 1 year ago)

It's "true" in the sense that it could happen in theory, Google is (allegedly?) planning to use WEI for forcing people to see ads rather than China-firewalling the web; also, WEI was still under development last time I checked.

Whether the attesters that end up being universally trusted will poke around to check for VPNs is up for speculation, for now.

Even then, this is just an API for websites. If you use other means of communication, you'll be fine.

this post was submitted on 13 Aug 2023
1942 points (97.8% liked)

Memes

45778 readers
2027 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS