KoinuJul 19, 2023

This is a credible proposal for DRM for websites in general. It would enable unbeatable adblock-blocking. It would prevent user customization for not just convenience but also accessibility.

I do not say this lightly: Enabling the forfeiture of control over the browsing experience is a fundamentally evil idea that must be rejected now, as it has been in the past, and we must remain vigilant against its reemergence in the future.

https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

Web-Environment-Integrity/explainer.md at main · RupertBenWiser/Web-Environment-Integrity

Contribute to RupertBenWiser/Web-Environment-Integrity development by creating an account on GitHub.

GitHub
Show threadStephanie 🎀Jul 20, 2023
@gsderp how exactly do we prevent this? Who do we contact?
Show threadCassandrichJul 20, 2023
@BeamsAndBows @gsderp Apple, for one. We need Apple unequivocally opposed to this and refusing to do it on their devices.
Show threadrain 🌦️

@dalias @BeamsAndBows @gsderp Apple already shipped an equivalent with https://developer.apple.com/videos/play/wwdc2022/10077/

Marketed as a way to get rid of CAPTCHAs but basically the same thing with some details being different

Replace CAPTCHAs with Private Access Tokens - WWDC22 - Videos - Apple Developer

Don't be captured by CAPTCHAs! Private Access Tokens are a powerful alternative that help you identify HTTP requests from legitimate...

Apple Developer
Jul 20, 2023 at 6:03pmWeb
Show threadrain 🌦️Jul 20, 2023
@dalias @BeamsAndBows @gsderp To emphasize, this actually shipped in current versions of Apple's OSes and is in active use by Cloudflare and Fastly at least
Show threadCassandrichJul 20, 2023

@rain @BeamsAndBows @gsderp Still, Apple.

They don't have to be consistent or morally upright in this. It's perfectly fine to have them demonize and refuse to implement Google's thing even while they have something functionally similar of their own.

Show threadCassandrichJul 20, 2023
@rain @BeamsAndBows @gsderp Apple's thing is relatively harmless because every site knows only users of luxury devices have it and they can't rely on it being present. Having it be a web standard and sites being able to assume cheap devices have it (and locking out anyone who doesn't submit to using one) is what would be disastrous.
Show threadrain 🌦️Jul 20, 2023
@dalias @BeamsAndBows @gsderp Apple's thing is a draft IETF standard: https://www.ietf.org/archive/id/draft-private-access-tokens-01.html
Private Access Tokens

This document defines a protocol for issuing and redeeming privacy-preserving access tokens. These tokens can adhere to an issuance policy, allowing a service to limit access according to the policy without tracking client identity.

Show threadCassandrichJul 20, 2023
@rain @BeamsAndBows @gsderp 🤮
Show threadrain 🌦️Jul 20, 2023
@dalias @BeamsAndBows @gsderp I don't see how that serves the cause of freedom, we're just going to have two different standards that eg banks can check for either of them to lock out free OSes
Show threadCassandrichJul 20, 2023
@rain @BeamsAndBows @gsderp Ah, you're saying it doesn't matter if Apple doesn't implement because of that. Yes. But having them vocally oppose it and keep it out of standards agenda would still be useful.
Show threadNEO//LIX 🔊Jul 21, 2023
@rain @dalias @BeamsAndBows @gsderp If it is basically the same thing, how comes that ad blocking in Safari not only still is possible, but even kinda encouraged through built-in support of content blockers?
Show threadCassandrichJul 21, 2023

@neo @rain @BeamsAndBows @gsderp Um, because Apple isn't an ads company.

Attestation "proves" the client is an actual Apple device running the software Apple wants it to be running, which includes ad blocking support because that's not contrary to their interests. The problem comes when that's Google.

Show threadNEO//LIX 🔊Jul 21, 2023
@dalias @rain @BeamsAndBows @gsderp Which means we can be quite sure that Apple will refuse to implement whatever Google is proposing, while Google can not afford to lock out millions of iOS devices where they simply can't install their own browser engine, which, for once, could be a good thing. 🤔
Show threadCassandrichJul 21, 2023
@neo @rain @BeamsAndBows @gsderp Unfortunately Apple already has a comparable thing, but it just promises the client is a genuine Apple device, not that it follows Google's rules. Still, with both duopoly platforms having one of these, they'll lock out all non-locked-down alternatives. 🤬
Show threadStephanie 🎀Jul 20, 2023
@rain @dalias @gsderp bloody hell, is there any hope for escape from corporate abuses?
Show threadrain 🌦️Jul 20, 2023

@BeamsAndBows @dalias @gsderp Not in the short term. these megacorps are built on top of FOSS and now want to kill it, for consumer software.

FOSS is just not compatible with DRM. Just can't square the two

Show threadKoinuJul 20, 2023
@BeamsAndBows @rain @dalias This is no panacea, and it is highly general/nonspecific, but I wonder if there might be an avenue for small local wins through civic involvement and adding privacy-ensuring conditions to government contract requirements. Consider little things like putting into local law that a bank is ineligible to be awarded a contract to handle the city govt’s accounts if its mobile app or website discriminates against vpn users, people who use a voip phone number, or people who use a phone that doesn’t pass safetynet checks. Stuff like that.