KoinuJul 19, 2023

This is a credible proposal for DRM for websites in general. It would enable unbeatable adblock-blocking. It would prevent user customization for not just convenience but also accessibility.

I do not say this lightly: Enabling the forfeiture of control over the browsing experience is a fundamentally evil idea that must be rejected now, as it has been in the past, and we must remain vigilant against its reemergence in the future.

https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

Web-Environment-Integrity/explainer.md at main · RupertBenWiser/Web-Environment-Integrity

Contribute to RupertBenWiser/Web-Environment-Integrity development by creating an account on GitHub.

GitHub
Show threadNoxy 🐾🏳️‍🌈Jul 19, 2023
@gsderp Jeeez. And I was worried about DNS over HTTPS or TLS, this is a whole other level of horrific.
Show threadKoinuJul 19, 2023
@noxypaws DOH/DOT is dual-use, attestation is not. DOH/DOT is an unequivocal good when it enforces the free choice/consent of a device user-owner to control what resolver is used, and to enforce privacy in that use, (against/over the interests of a network-path interloper,) which is essential for further privacy improvements like ECH to be meaningful. In contrast, the fundamental purpose of attestation is to subvert a device owner-user’s ability to enforce their consent and exercise meaningful control over the what their device does, which is indefensibly evil.
Show threadNoxy 🐾🏳️‍🌈Jul 19, 2023

@gsderp Yah, agreed on all points. DOH/DOT is a double edged sword but seems mostly good - I just think a lot about how my LG TV, for example, could start evading DNS based ad blocking.

But yeah this attestation crap sounds just deeply awful.

Show threadAndreas K

@noxypaws @gsderp The funny thing is the champions of that crap usually cannot tell what the use case/benefit for the user are.

E.g. Why the f$ck do all kinds of “security conscious” apps on my phone require attestation, thus locking me out because I run a custom rom. But they have no problem running on an Android 4.0 mobile that had no security updates for years. There are literally apps that can root these things on the fly, given the gazillion of severe security bugs out there.

Jul 21, 2023 at 5:26pmWeb
Show threadAndreas KJul 21, 2023

@noxypaws @gsderp Theory, which probably is the real reason, when I take the total non-representive sample of people I know in real-life and have seen their phones: 90% of phone users don't care about updates, would literally buy phones that are out of support.

Attestation is not about security, it's about control.

BTW, Google has turned off the possibility for github users to comment on the repository.

Guess why, their personal armour was not that pitchfork safe.

Show threadKoinuJul 21, 2023

@yacc143 @noxypaws My assumption is that they were tasked to “do something” about click fraud.

Ad/click fraud (not related to ad blocking) is a genuine problem. However, between the futures of an open web where ad money dries up because of ad fraud and many services become unviable, and a world where remote attestation reaches critical mass and gets leveraged for the hellscape of other evil possibilities it enables, I’ll take the former any day. I have zero sympathy for anyone who supports the latter.

Show threadAndreas KJul 21, 2023

@gsderp @noxypaws
But click fraud is only a symptom of the “individually tracked user level ad industry”.

Pre-Internet the industry lived with rough statistics. And they lived and it worked.

You can only commit view/click fraud because the industry insists on counting them exactly.

If the ads were like in the real-world part of the website that shows them, the advertiser would only have rough numbers (e.g. view estimations from services like alexa ranking). 🤷

Show threadAndreas KJul 21, 2023

@gsderp @noxypaws Google is in a way pretending to solve a problem that THEY have created.

Ruining it for the rest of humanity, but you have to understand, it's Google.

Show threadFerles  Jul 21, 2023

@yacc143 @noxypaws @gsderp same for me with computers

I would rather Word and other programs not update--just let me buy them and then leave me alone

Show threadNoxy 🐾🏳️‍🌈Jul 21, 2023

@Ferles @yacc143 @gsderp Violently agreed.

I'm fucking fed up with rent seeking software. Fuck a subscription.

Show threadHal AetusJul 21, 2023
@Ferles @yacc143 @noxypaws @gsderp Exactly. Plus it's extremely enraging when you get to a remote place, with no internet, and can no longer use your software, or the files you have already saved locally, simply because 365 derped and forgot that you were a subscribed user. Yes, this is with "use offline" turned on and having been connected within 30 days. Sometimes it works, sometimes not. But, that's the ONLY choice you have when you work remotely with an iPad.