Eric SchultzAug 6, 2023

In response to Google's monopolistic implementation of Web Environment Integrity, I have a modest proposal:

Open source JavaScript libraries should add bugs which only occur when they find "navigator.getEnvironmentIntegrity" is being used.

Go into a "while(true)" loop. Start throwing exceptions randomly. Just fuck up the page. Make the lives of every developer who is in the origin trial who uses your library completely miserable.

If they want to fork, they have the freedom to do so. But then they're taking on the maintenance that they would prefer to outsource to their community.

If you have enough big libraries doing this, it might make a dent.

Show threadIncoggAug 6, 2023

@wwahammy purposeful sabotage never looks good.

An npm package dev tried to do it because of the Russian invasion to Ukraine. It's now called CVE-2022-23812, which should tell you everything you need to know about how purposeful sabotage is viewed by the community.

Show threadthe Stripey GoodnessAug 6, 2023
@incogg @wwahammy it is generally not a good idea to consolidate "the Industry" with "the Community"
Show threadIncoggAug 6, 2023

@stripey @wwahammy I don't really see how you can make that differentiation, with so much overlap.

I would not use a package that has been purposefully sabotaged in any way. For any project. Be it open source, a for-pay gig, personal stuff.

Politics go in, package goes out.

A far better option is to add a piece of code to your website that will block browsers with DRM from accessing your website. That's what I'd do to my website. That sends a message.

Show threadthe Stripey GoodnessAug 6, 2023
@incogg @wwahammy
"Politics go in, package goes out"
All this means is that what you use already encodes values which align with *your* politics, and that you have not sufficiently examined what that may be or why that is.
Show threadIncoggAug 6, 2023

@stripey @wwahammy
No, I'm very much anti DRM and anti Putin - but I would not use a package that has been sabotaged for any reason. Definitely a political one.

That being said, and it has yet to happen so far - I may decide not to use a package (or service or product or whatever) from someone whose values conflict with mine enough. Like for example Neo-nazis.

If you insist of interpreting what I write in the light that works for your argument, then there's no use arguing with you.

Show threadthe Stripey GoodnessAug 6, 2023

@incogg @wwahammy oh child. Little one. Dear, delicate flower.

Just because you haven't thought this stuff through before and being confronted with it makes you a little uncomfortable doesn't mean it isn't true.

Show threadIncoggAug 6, 2023

@stripey @wwahammy

If you are okay with having politics embedded into code in packages you use, that's fine. And it says something about you.

I already said what it would make me feel and what it would make me do. That probably says something about me, and you can choose to interpret it any way you like and that's fine. I don't care that much about what goes in your mind.

And if in the future I will see a reason to change my mind about that, I will. I'm not beyond being wrong.

Show threadEric SchultzAug 6, 2023
@incogg @stripey politics are embedded in literally all software.
Show threadIncoggAug 6, 2023

@wwahammy @stripey

perhaps I should qualify it as "I don't like X so despite being technically trivial I'll make sure my package doesn't interoperate with X".

Show threadNicolás Alvarez
@stripey @incogg @wwahammy That's exactly what people are suggesting doing here, with X = WEI.
Aug 11, 2023 at 2:48amWeb