Mastodawn

Koinu Jul 19, 2023

This is a credible proposal for DRM for websites in general. It would enable unbeatable adblock-blocking. It would prevent user customization for not just convenience but also accessibility.

I do not say this lightly: Enabling the forfeiture of control over the browsing experience is a fundamentally evil idea that must be rejected now, as it has been in the past, and we must remain vigilant against its reemergence in the future.

https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

Web-Environment-Integrity/explainer.md at main · RupertBenWiser/Web-Environment-Integrity

Contribute to RupertBenWiser/Web-Environment-Integrity development by creating an account on GitHub.

GitHub

Show thread

Stephanie 🎀Jul 20, 2023

@gsderp how exactly do we prevent this? Who do we contact?

Show thread

Cassandrich Jul 20, 2023

@BeamsAndBows @gsderp Apple, for one. We need Apple unequivocally opposed to this and refusing to do it on their devices.

Show thread

rain 🌦️Jul 20, 2023

@dalias @BeamsAndBows @gsderp Apple already shipped an equivalent with https://developer.apple.com/videos/play/wwdc2022/10077/

Marketed as a way to get rid of CAPTCHAs but basically the same thing with some details being different

Replace CAPTCHAs with Private Access Tokens - WWDC22 - Videos - Apple Developer

Don't be captured by CAPTCHAs! Private Access Tokens are a powerful alternative that help you identify HTTP requests from legitimate...

Apple Developer

Show thread

rain 🌦️

@dalias @BeamsAndBows @gsderp To emphasize, this actually shipped in current versions of Apple's OSes and is in active use by Cloudflare and Fastly at least

Show thread

Cassandrich Jul 20, 2023

@rain @BeamsAndBows @gsderp Still, Apple.

They don't have to be consistent or morally upright in this. It's perfectly fine to have them demonize and refuse to implement Google's thing even while they have something functionally similar of their own.

Show thread

Cassandrich Jul 20, 2023

@rain @BeamsAndBows @gsderp Apple's thing is relatively harmless because every site knows only users of luxury devices have it and they can't rely on it being present. Having it be a web standard and sites being able to assume cheap devices have it (and locking out anyone who doesn't submit to using one) is what would be disastrous.

Show thread

rain 🌦️Jul 20, 2023

@dalias @BeamsAndBows @gsderp Apple's thing is a draft IETF standard: https://www.ietf.org/archive/id/draft-private-access-tokens-01.html

Private Access Tokens

This document defines a protocol for issuing and redeeming privacy-preserving access tokens. These tokens can adhere to an issuance policy, allowing a service to limit access according to the policy without tracking client identity.

Show thread

Cassandrich Jul 20, 2023

@rain @BeamsAndBows @gsderp 🤮

Show thread

rain 🌦️Jul 20, 2023

@dalias @BeamsAndBows @gsderp I don't see how that serves the cause of freedom, we're just going to have two different standards that eg banks can check for either of them to lock out free OSes

Show thread

Cassandrich Jul 20, 2023

@rain @BeamsAndBows @gsderp Ah, you're saying it doesn't matter if Apple doesn't implement because of that. Yes. But having them vocally oppose it and keep it out of standards agenda would still be useful.

Show thread

NEO//LIX 🔊Jul 21, 2023

@rain @dalias @BeamsAndBows @gsderp If it is basically the same thing, how comes that ad blocking in Safari not only still is possible, but even kinda encouraged through built-in support of content blockers?

Show thread

Cassandrich Jul 21, 2023

@neo @rain @BeamsAndBows @gsderp Um, because Apple isn't an ads company.

Attestation "proves" the client is an actual Apple device running the software Apple wants it to be running, which includes ad blocking support because that's not contrary to their interests. The problem comes when that's Google.

Show thread

NEO//LIX 🔊Jul 21, 2023

@dalias @rain @BeamsAndBows @gsderp Which means we can be quite sure that Apple will refuse to implement whatever Google is proposing, while Google can not afford to lock out millions of iOS devices where they simply can't install their own browser engine, which, for once, could be a good thing. 🤔

Show thread

Cassandrich Jul 21, 2023

@neo @rain @BeamsAndBows @gsderp Unfortunately Apple already has a comparable thing, but it just promises the client is a genuine Apple device, not that it follows Google's rules. Still, with both duopoly platforms having one of these, they'll lock out all non-locked-down alternatives. 🤬