Google’s Plan To DRM The Web Goes Against Everything Google Once Stood For
If you don’t like how Google is able to do this, know it’s because of it’s market share, and you should just use Firefox.
Except you’ll have to keep a copy of Chrome handy because this is less about what software you’re using and more about which apps are attested and approved for that website.
Once your bank says “we’re requiring this” it’s kinda over isn’t it?
Your bank will only do it, if, and only if, Chrome is a majority of browsers they see.
How do you stop that? By not using it.
Everyone keeps postulating over a terrible future, but won’t actually do anything now, today, to help prevent it.
The bank already has your money. Asking you to install a free app to use their services would not be seen by regulators as unreasonable. Especially when they play the security argument.
I don’t see how Chrome has to be in the majority for some sectors to start relying on these kinds of attestations. Safari already has a similar mechanism, so that right there is the majority of mobile users when you include Chrome.
Let’s hope not all banks do this so we can switch to the ones that doesn’t
I fear voting with one’s wallet is not enough to prevent any business from doing something in their best interests at the expense of the consumer/user. When it comes to banks we’d have to place our hope the governments… which relies of them actually representing voters.
But Chrome is already the dominant browser, and Firefox has like 2% market share last time I checked.
I’ll be telling my bank I’ll be taking my mortgage elsewhere. I pray that’s still possible.
One does not simply change banks when it comes to a mortgage.
I’ve never even used a chrome browser except punctually, yet here we are.
I’ve been on Firefox for years. Was never much of a problem, but lately there’s more and more sites that require a Chromium-based browser. Some of them quite crucial. A list from experience:
- My bank’s mortgage page
- Microsoft Teams - only supports Chrome, safari and edge on MacOs.
- Microsoft Office - has weird quirks on MacOs
- The new Adobe Express, requires Chrome or Edge
- Google Meet - after years google still only supports Chromium-based browsers if you wish to use video effects
- Microsoft’s new video editing thing
Ok, I got it wrong guys
Chrome has won
Let’s all go home, install a Chromium-based spyware-laced browser and bow down to our Google overlords.
Google needs to be broken up. It needs to separate in at least 5 different companies:
- Admob/Adsense
- Ads/Adwords
- Search
- Android
- Chrome
They dropped the “don’t be evil” a while ago.
“The slogan was also a bit of a jab at a lot of the other companies, especially our competitors, who at the time, in our opinion, were kind of exploiting the users to some extent”
- Paul Buchheit, the creator of Gmail
Subtext: now that we have the market share, it’s our turn to exploit the users.
It’s sick.
Luckily, other browser manufacturers (Mozilla, Vivaldi, Brave, and even the WWWC) have already spoken out against this proposal. Google loves marketing it as ‘optional’, which it obviously won’t be once implemented.
The problem is that Google is able to more or less dictate how the web works at that time. Apart from Firefox and Safari, which both only have a minor market share, pretty much everything is Chrome based.
If Google wants to push some silly idea just to ensure that their silly ads are not blocked, then they’ll do it. I fear that noone really can stop this stupid idea.
We need to hope some governing body steps in and slaps Google with antitrust, because this is a pretty clear abuse of monopoly
I’m sure our octogenarian leaders who are oh so internet savvy will fully understand the nuances associated with browser market share will craft laws to resolve this issue.
/s unfortunately.
Truth be told… Google applies $$$ to our aged elected officials who don’t understand what a browser is much less the nuances behind chrome and chromium based browsers. And will vote by what their campaign donators say… :(
Hot take: the narrative that politicians do not understand technology due to their age is giving them too much credit. They have entire offices full of staffers whose entire job is to explain these things to them in ways they understand, as I am sure they have for some of the more important things. They just don’t care because their purpose is to serve corporations, not the public.
They just don’t care because their purpose is to serve corporations, not the public.
Sadly… This is probably pretty accurate for most of our modern politicians. I’m sure there’s the odd official who cares… But they are a vast minority.
The EU may be our only reasonable hope.
Chromium based forks (e.g. Brave) can disable or remove the features they don’t want. For example, if Google adds a feature that always shows their ads, Brave can disable that feaure or remove it. Being Chromium-based is not as bad as people usually seem to think.
In this proposed DRM-like feature it is slightly different case because Chrome browser is so widely used.
Governmental regulators need to be involved. But I don’t have my hopes up.
the problem is that this is a malignant feature that can only be used for evil
On the other hand, I don’t really have a fundamental problem with it. I don’t use Chrome and am not going to use this. My approach to websites using it will be the same as programs not running on my operating system: I’ll simply ignore them, same as I already ignore websites today that don’t serve me because of GDPR.
I also do see a problem in adblocking. It’s just that it’s the lesser of two evils for me and as such, I opt into it. Google, being on the other side of the situation, for good reasons comes to a different assessment.
All in all I don’t think this is a good development, but OTOH, if someone doesn’t want me to visit their site, that’s ok.
What about when your banking site or the site your landlord wants you to pay with doesn’t work because of this shit?
It’s gonna be a pain in the ass to switch browsers every time you run into one of these sites, and it’ll eventually make its way into most services just because they feel like it.
There are already way too many Android apps that refuse to work on rooted phones just because they feel like not working on rooted phones after they made safety net. It will be pervasive and at some point you’ll have no option but to comply.
Google became what it is because they had the best search results. Today, other like qwant and sometimes even bing are better. If it was not for Android, the reasons for remaining stuck with Google would have become sparse already. And I daresay Apple is now the less evil option.
I am really hoping some regulatory body strikes this down. Where’s the EU when we need them?
Have you tried to talk to a local EU representative about it?
I don’t live in the EU. I have contacted my local representatives in the US, but we all know they are useless and won’t do a damn thing about it.
Approving some bullshit law nobody needs of course. Maybe in a year or two you’ll hear about them.
i mean this is like working on the nuclear bomb except you’re eager to drop it on yourselves in the name of corporate profits and ad revenue. virulently disgusting
Everyone, please reach out to your local anti-trust government organization to ensure they are aware of this issue. They cannot do anything about something that they are unaware of. It’s easy to forget that the internet is a bubble and not everyone is clued into it’s issues.
Fine, I’ll make my own web, with blackjack, and hookers!
Fuck Google, I guess we’re going back to the days of BBS’.
Nothing new here.
Same old shit.
They’re gonna do what they’re gonna do.
There will be ways around it.
It will be difficult to get around this on smartphones. Those are walled gardens already.
But I wonder how Google plans to make this “feature” for desktop PCs? Won’t work at all on Linux and Mac and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?
and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?
That would be one method, yeah. The attester supplies a kernel driver and uses that to generate the auth tokens communicating with it via some protocol or via scanning memory.
The driver is just chilling in the machine, perhaps even evasive to lsmod, such that the only way to detect it is to have your own driver monitoring for some specific signal before the attestor driver gets installed, and then using that signal to track its installation.
There’s always a way. But, as you say, with phones it’s not as simple.
GrapheneOS or some other ROM on an unlocked Android phone is probably going to be the only way of bypassing it.
You already can’t get around this on smartphones. So many companies force you to use their app and only their app if you’re not in front of a desktop.
Question: Would Pi-holes get around this or would websites still recognise that there’s traffic being blocked?
Chrome will eventually switch to DNS over HTTPS.
Piholes don’t actually block the traffic. The ads still make it from google to your home network. Pihole just intercepts them and sends them off to nowhere before they get to any of your devices. So I believe they won’t be affected by this.
That’s not true. Pihole voids DNS requests, not the actual HTTP responses. When trying to look up an ad, it tells your devices to look at an unassigned ip address which will then not respond with anything.
I don’t know which one of you is correct so I’m upvoting all of you because I fucking love Pihole.
The rebuttal is correct.
DNS response from pihole makes it so your browser doesn’t even make the request to the server providing the AD. A blocked ad via DNS doesn’t make it to your device, and doesn’t even get downloaded from the remote server.
I support Google on this one. Digital fraud is out of control. If you guys have a better idea to stop fraud and sustain the web ecosystem, let’s hear it.
