Google’s Plan To DRM The Web Goes Against Everything Google Once Stood For
If you don’t like how Google is able to do this, know it’s because of it’s market share, and you should just use Firefox.
You should use Firefox (or a fork of it), but can we expect them to be an option if Google’s actions make it so most sites only work on Chrome?
Google can’t make websites update.
Websites will only update to Chrome specific things if Chrome is the dominant browser.
How do you stop Chrome being the dominant browser? By not using it.
It’s not going to be that simple. CDNs like Cloudflare are already on board with this, and Safari built a similar feature last year (and virtually no one noticed or cared). This horse has already left the barn and I’m not sure there’s anything we can do at this point.
EDIT - Oh and I didn’t think of this but Google absolutely CAN make websites update. “We’ll improve your SEO ranking if you support this new feature”. They’ve done this before and they’ll do it again.
Google can make websites that use its advertising platform support attestation. I wouldn’t be surprised if that’s their plan.
Unfortunately Chrome is the dominant browser by a long way.
I use Firefox on every PC and device and wish it was more popular but the non geeks don’t understand so use Chrome.
Exactly. We need more people to move away from it.
I typically lead by example and will tell anyone who listens about how good modern Firefox is.
deleted by creator
They can make sites to not work on Chrome, not the other way around. Unless you implemented some chrome only features in your site then that’s on you.
I expect businesses to impliment Chrome-only features in their sites…
I recall Edge became Chrome based due in part to Google making needless changes on their own sites (e.g. Youtube) whjch broke functionity in Edge.
Except you’ll have to keep a copy of Chrome handy because this is less about what software you’re using and more about which apps are attested and approved for that website.
Once your bank says “we’re requiring this” it’s kinda over isn’t it?
Your bank will only do it, if, and only if, Chrome is a majority of browsers they see.
How do you stop that? By not using it.
Everyone keeps postulating over a terrible future, but won’t actually do anything now, today, to help prevent it.
But Chrome is already the dominant browser, and Firefox has like 2% market share last time I checked.
The bank already has your money. Asking you to install a free app to use their services would not be seen by regulators as unreasonable. Especially when they play the security argument.
I don’t see how Chrome has to be in the majority for some sectors to start relying on these kinds of attestations. Safari already has a similar mechanism, so that right there is the majority of mobile users when you include Chrome.
Let’s hope not all banks do this so we can switch to the ones that doesn’t
I fear voting with one’s wallet is not enough to prevent any business from doing something in their best interests at the expense of the consumer/user. When it comes to banks we’d have to place our hope the governments… which relies of them actually representing voters.
I’ll be telling my bank I’ll be taking my mortgage elsewhere. I pray that’s still possible.
One does not simply change banks when it comes to a mortgage.
Maybe wherever you live. In first world countries, it’s fairly straightforward.
I’ve been on Firefox for years. Was never much of a problem, but lately there’s more and more sites that require a Chromium-based browser. Some of them quite crucial. A list from experience:
- My bank’s mortgage page
- Microsoft Teams - only supports Chrome, safari and edge on MacOs.
- Microsoft Office - has weird quirks on MacOs
- The new Adobe Express, requires Chrome or Edge
- Google Meet - after years google still only supports Chromium-based browsers if you wish to use video effects
- Microsoft’s new video editing thing
They dropped the “don’t be evil” a while ago.
“The slogan was also a bit of a jab at a lot of the other companies, especially our competitors, who at the time, in our opinion, were kind of exploiting the users to some extent”
- Paul Buchheit, the creator of Gmail
Subtext: now that we have the market share, it’s our turn to exploit the users.
It’s sick.
The problem is that Google is able to more or less dictate how the web works at that time. Apart from Firefox and Safari, which both only have a minor market share, pretty much everything is Chrome based.
If Google wants to push some silly idea just to ensure that their silly ads are not blocked, then they’ll do it. I fear that noone really can stop this stupid idea.
We need to hope some governing body steps in and slaps Google with antitrust, because this is a pretty clear abuse of monopoly
I’m sure our octogenarian leaders who are oh so internet savvy will fully understand the nuances associated with browser market share will craft laws to resolve this issue.
/s unfortunately.
Truth be told… Google applies $$$ to our aged elected officials who don’t understand what a browser is much less the nuances behind chrome and chromium based browsers. And will vote by what their campaign donators say… :(
The EU may be our only reasonable hope.
Chromium based forks (e.g. Brave) can disable or remove the features they don’t want. For example, if Google adds a feature that always shows their ads, Brave can disable that feaure or remove it. Being Chromium-based is not as bad as people usually seem to think.
In this proposed DRM-like feature it is slightly different case because Chrome browser is so widely used.
On the other hand, I don’t really have a fundamental problem with it. I don’t use Chrome and am not going to use this. My approach to websites using it will be the same as programs not running on my operating system: I’ll simply ignore them, same as I already ignore websites today that don’t serve me because of GDPR.
I also do see a problem in adblocking. It’s just that it’s the lesser of two evils for me and as such, I opt into it. Google, being on the other side of the situation, for good reasons comes to a different assessment.
All in all I don’t think this is a good development, but OTOH, if someone doesn’t want me to visit their site, that’s ok.
Governmental regulators need to be involved. But I don’t have my hopes up.
the problem is that this is a malignant feature that can only be used for evil
Google needs to be broken up. It needs to separate in at least 5 different companies:
- Admob/Adsense
- Ads/Adwords
- Search
- Android
- Chrome
Google became what it is because they had the best search results. Today, other like qwant and sometimes even bing are better. If it was not for Android, the reasons for remaining stuck with Google would have become sparse already. And I daresay Apple is now the less evil option.
I don’t know about that. Google is evil for sure, but I haven’t read anything about their factory workers leaping from buildings to escape life.
Who knows at this point? With this level of advanced capitalism, it’s getting kind of difficult to identify truly ethical corporations.
Google is evil for sure, but I haven’t read anything about their factory workers leaping from buildings to escape life.
Try again. This is from 1 month ago.
Luckily, other browser manufacturers (Mozilla, Vivaldi, Brave, and even the WWWC) have already spoken out against this proposal. Google loves marketing it as ‘optional’, which it obviously won’t be once implemented. A system like this would be very dangerous for smaller browsers, as it’s incredibly vague who decides what authorities would be allowed to verify browsers.
Additionally, this is presented as a way to remove captchas from the web by proving a request is coming from genuine hardware. However, this proves absolutely nothing about a request being genuine or non-spam. The only thing this proves is that it was created by a ‘genuine device’, so all a malicious user would have to do is to (automatically) send the request via a verified device and they’d pass the check.
Fine, I’ll make my own web, with blackjack, and hookers!
Fuck Google, I guess we’re going back to the days of BBS’.
Sure, bring that shit to Europe and let’s see how it goes…
i mean this is like working on the nuclear bomb except you’re eager to drop it on yourselves in the name of corporate profits and ad revenue. virulently disgusting
Nothing new here.
Same old shit.
They’re gonna do what they’re gonna do.
There will be ways around it.
It will be difficult to get around this on smartphones. Those are walled gardens already.
But I wonder how Google plans to make this “feature” for desktop PCs? Won’t work at all on Linux and Mac and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?
and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?
That would be one method, yeah. The attester supplies a kernel driver and uses that to generate the auth tokens communicating with it via some protocol or via scanning memory.
The driver is just chilling in the machine, perhaps even evasive to lsmod, such that the only way to detect it is to have your own driver monitoring for some specific signal before the attestor driver gets installed, and then using that signal to track its installation.
There’s always a way. But, as you say, with phones it’s not as simple.
GrapheneOS or some other ROM on an unlocked Android phone is probably going to be the only way of bypassing it.
You already can’t get around this on smartphones. So many companies force you to use their app and only their app if you’re not in front of a desktop.
Question: Would Pi-holes get around this or would websites still recognise that there’s traffic being blocked?
Piholes don’t actually block the traffic. The ads still make it from google to your home network. Pihole just intercepts them and sends them off to nowhere before they get to any of your devices. So I believe they won’t be affected by this.
That’s not true. Pihole voids DNS requests, not the actual HTTP responses. When trying to look up an ad, it tells your devices to look at an unassigned ip address which will then not respond with anything.
I stand corrected. Appreciate you setting the record straight. Apologies if my response misled anyone.
I don’t know which one of you is correct so I’m upvoting all of you because I fucking love Pihole.
The rebuttal is correct.
DNS response from pihole makes it so your browser doesn’t even make the request to the server providing the AD. A blocked ad via DNS doesn’t make it to your device, and doesn’t even get downloaded from the remote server.
Thank you friend!