KoinuJul 19, 2023

This is a credible proposal for DRM for websites in general. It would enable unbeatable adblock-blocking. It would prevent user customization for not just convenience but also accessibility.

I do not say this lightly: Enabling the forfeiture of control over the browsing experience is a fundamentally evil idea that must be rejected now, as it has been in the past, and we must remain vigilant against its reemergence in the future.

https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

Web-Environment-Integrity/explainer.md at main · RupertBenWiser/Web-Environment-Integrity

Contribute to RupertBenWiser/Web-Environment-Integrity development by creating an account on GitHub.

GitHub
Show threadStephanie 🎀Jul 20, 2023
@gsderp how exactly do we prevent this? Who do we contact?
Show threadCassandrichJul 20, 2023
@BeamsAndBows @gsderp Apple, for one. We need Apple unequivocally opposed to this and refusing to do it on their devices.
Show threadrain 🌦️Jul 20, 2023

@dalias @BeamsAndBows @gsderp Apple already shipped an equivalent with https://developer.apple.com/videos/play/wwdc2022/10077/

Marketed as a way to get rid of CAPTCHAs but basically the same thing with some details being different

Replace CAPTCHAs with Private Access Tokens - WWDC22 - Videos - Apple Developer

Don't be captured by CAPTCHAs! Private Access Tokens are a powerful alternative that help you identify HTTP requests from legitimate...

Apple Developer
Show threadrain 🌦️Jul 20, 2023
@dalias @BeamsAndBows @gsderp To emphasize, this actually shipped in current versions of Apple's OSes and is in active use by Cloudflare and Fastly at least
Show threadCassandrichJul 20, 2023

@rain @BeamsAndBows @gsderp Still, Apple.

They don't have to be consistent or morally upright in this. It's perfectly fine to have them demonize and refuse to implement Google's thing even while they have something functionally similar of their own.

Show threadCassandrichJul 20, 2023
@rain @BeamsAndBows @gsderp Apple's thing is relatively harmless because every site knows only users of luxury devices have it and they can't rely on it being present. Having it be a web standard and sites being able to assume cheap devices have it (and locking out anyone who doesn't submit to using one) is what would be disastrous.
Show threadrain 🌦️Jul 20, 2023
@dalias @BeamsAndBows @gsderp Apple's thing is a draft IETF standard: https://www.ietf.org/archive/id/draft-private-access-tokens-01.html
Private Access Tokens

This document defines a protocol for issuing and redeeming privacy-preserving access tokens. These tokens can adhere to an issuance policy, allowing a service to limit access according to the policy without tracking client identity.

Show threadCassandrich
@rain @BeamsAndBows @gsderp 🤮
Jul 20, 2023 at 6:21pmWeb