Mozilla officially opposes Web Enviroment Integrity API (DRM for web pages proposal from Google) - eviltoast
  • Gameboy Homeboy @lemmy.world
    link
    fedilink
    English
    arrow-up
    173
    ·
    edit-2
    1 year ago

    I feel like I’ve been forced to switch a lot of my default applications lately based on shitty decisions from tone deaf companies. I guess I’m going to move from Brave to Firefox finally.

  • FluffyToaster621@lemm.ee
    link
    fedilink
    English
    arrow-up
    94
    ·
    1 year ago

    If this DRM can force you to use Chromium to display a webpage or content, that would be the most anticompetitive thing in recent times, and would absolutely not fly.

    • xeekei@lemm.ee
      link
      fedilink
      English
      arrow-up
      77
      ·
      1 year ago

      That’s why they want to make it a web standard, so they can just blame Firefox and others for not following the standard and avoid EU fines.

      That’s what Microsoft did with their office document standard.

      • Blackmist@feddit.uk
        link
        fedilink
        English
        arrow-up
        21
        arrow-down
        2
        ·
        1 year ago

        Yeah, the sad thing here is that if Apple comply, it will basically become a standard and there’s nothing that Firefox or anything else can do about it. If they can get it on iPhone, it’s game over. Half the web will be blocked unless you agree to see adverts.

        • mothringer@lemmy.world
          link
          fedilink
          English
          arrow-up
          13
          ·
          1 year ago

          If they can get it on iPhone, it’s game over.

          While this is true, I struggle to understand how Apple would stand to gain from implementing this unless it had already become a widespread standard. It’s also an opportunity for more privacy focused marketing if they oppose it, just like they do with government attempts to force them to implement backdoors into iOS.

          • InfiniWheel@lemmy.one
            link
            fedilink
            English
            arrow-up
            7
            ·
            1 year ago

            Yeah, they already dont bother implementing a bunch of actual standards. I don’t see what they would get out of this since their ad network is very limited

        • NaN@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I doubt they will.

          Apple already has the Private Access Tokens that Cloudflare has been working on making into a standard, primarily for skipping captchas. Google doesn’t like those because they are too private.

      • spankinspinach@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        4
        ·
        edit-2
        1 year ago

        I have limited understanding of the technical side of this issue, but based on this comment, this sounds like a brilliant move by Google - Don’t like the rules of the game, change the game…

        Edit: for clarification, this comment was very tongue in cheek - I don’t support Google, this was just an acknowledgement of a smart business play.

        • masquenox@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          an acknowledgement of a smart business play.

          When politicians do it, it’s “corruption.” When normal people do it, it’s “crime.” When capitalist parasites do it, it’s “smart business.”

        • xeekei@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          While I have issues with the rules of “the game”, the current rules are better than the changes that Google are proposing, but since they are infinitely more powerful than me, I can only hope whatever body (W3C?) does not make it an official standard. As long as it’s just an extra thing that Chrome/Chromium does, there’s still hope for Google to get into legal trouble.

          • spankinspinach@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Fingers crossed that you’re right. Definitely don’t want to see them repositioning into an (even more) advantageous policy position. I imagine that a standards body such as the one you mentioned would be fairly careful about adopting anything proposed by a company without significant caution. At least that’s how it works with some international standards agencies haha

        • deejay4am@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          We need to stop this capitalist brainrot. It’s not a smart business move; a smart business move would be one where everyone wins. This is a lazy and evil move designed for pure extraction of value and coercion of compliance.

          Live the way we want you to (and we take 30% off the top!)

          • spankinspinach@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            `I mean, yes, agreed. But this is literally how businesses operate - stay ahead of governments, or change the game so govts are onboard (as regulation regularly trails behind business). A genuinely smart business move would obviously be preferable, but the modern history of megacorps is not exactly a shining beacon of benevolence to the ppl. It should be, but gestures wildly at everything

            Edit: exchanged “always” for “regularly”

            • deejay4am@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              1 year ago

              the modern history of megacorps is not exactly a shining beacon of benevolence to the ppl

              I mean, yes, agreed. But why does anyone think that that’s ok?

  • WaffleFriends@lemmy.world
    link
    fedilink
    English
    arrow-up
    58
    ·
    1 year ago

    Can someone explain to me the google API and DRM situation in stupid people terms? I’m stupidly tech illiterate but I know that this is a big deal and I would like to understand

    • sabreW4K3@lemmy.tfOP
      link
      fedilink
      English
      arrow-up
      95
      arrow-down
      1
      ·
      1 year ago

      Sure thing. With this current proposal, when you visit a website, the site asks your browser if you’re willing to display it as intended, basically with all and any adverts. If the answer is no, then you can’t see the content, if the answer is yes, then you’re likely using Chrome or a Chromium based browser and Google can guarantee more ad impressions, because they’re first and foremost an advert selling company.

      • donnachaidh@lemmy.world
        link
        fedilink
        English
        arrow-up
        35
        ·
        1 year ago

        I may not be 100% right, as I haven’t looked at it in detail, but I think it’s even a bit more than that. Since the way that’s proven is by the browser vendor signing the request (I assume with an HTTP header or something), you could also verify it’s from a specific vendor. So even if Mozilla says, yes, we’ll display your ads, a website could still lock down to Chrome. It would probably also significantly hamper new browsers, and browsers with a security/anti-ad focus, as they won’t be recognised by major websites that use the new protocol until they have market share, which they won’t get if they don’t have access to major websites.

          • donnachaidh@lemmy.world
            link
            fedilink
            English
            arrow-up
            21
            arrow-down
            1
            ·
            1 year ago

            A) Maybe not you, maybe not me or anyone else here, but 99.99% of the rest of the world? And when the rest leave, is Mozilla really going to be able to justify maintaining a browser for those that remain? B) There might not be a website that would do it, but what about if practically all websites with any corporate backing did it?

            • JubilantJaguar@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              1
              ·
              1 year ago

              This is the fundamental point that so many techies fail to get. Saying “I’ll be fine, I’ll do X” is irrelevant. If nobody’s doing what you want to do, then eventually you won’t be able to do it either.

        • Pennomi@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          I mean, they already do that by filtering out user agents. But this is certainly a step beyond.

          • fuzzzerd@kbin.social
            link
            fedilink
            arrow-up
            7
            ·
            1 year ago

            Which is why all browsers cross identify as other browsers. This would make it easier for sites to block and harder for browsers to work around.

      • wanderingmagus@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Why can’t your browser lie and say “yes of course I’m displaying everything my fingers definitely aren’t crossed behind my back”?

        • DrQuint@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          Because it’s not just going to say yes. It’s going to say yes, and then present an unique key that browser made for themselves. Other browsers might be able to spoof the key, but the proposal might have cryptographically expensive to even try.

        • sabreW4K3@lemmy.tfOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Your device would return a signature to say that there’s no adblocking software on the device.

          • wanderingmagus@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            And that signature can’t be spoofed? Or the browser can’t be sandboxed and quarantined so it is made unaware of such software, and the software applied retroactively?

            • sabreW4K3@lemmy.tfOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              People will always find a workaround, look at rooting of phones for example. But they shouldn’t have to. I mean look at how banking apps refuse to work on rooted phones but work in a browser on your desktop without any issues. It will be the same with this. Your device is rooted, we can’t show you this webpage.

      • Whirlybird@aussie.zone
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        6
        ·
        edit-2
        1 year ago

        That’s not true - you can still use ad blockers etc as normal.

        It’s also not a browser check, it’s a device check. It’s to check that the device can be trusted, like android itself hasn’t been tampered with.

        • rainh@kbin.social
          link
          fedilink
          arrow-up
          18
          ·
          edit-2
          1 year ago

          That’s equally stupid though… why shouldn’t I be able to tamper with my phone’s operating system? And how is it any of a website’s business if I do?

          • Whirlybird@aussie.zone
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            9
            ·
            1 year ago

            You can tamper all you want, but apps can already block access to devices that have been tampered with. This just gives that same power to websites.

            • rainh@kbin.social
              link
              fedilink
              arrow-up
              6
              ·
              1 year ago

              … yes, and I am obviously very against giving that same power to websites lol. An app is built from the ground up as a UX created by the company, and that is what you are signing up for when you use an app. A browser should be a contained way of rendering data from some webserver according to a user’s preferences. Google is apparently trying to “app-ify” web protocols in order to give themselves more power over a user’s experience to the detriment of the user.

        • conciselyverbose@kbin.social
          link
          fedilink
          arrow-up
          13
          ·
          1 year ago

          It’s literallly impossible for there to be a valid reason for a website to be entitled to know that under any circumstances.

            • DarkThoughts@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              True, but that’s within their own ecosystem. The internet is not owned by Google. But I guess a certain part of the majority wants it that way with how popular Chromium based browsers are.

        • whatsarefoogee@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          3
          ·
          1 year ago

          How could it not be a browser check if the website relies on the browser to be a middle man? The WebDRM that was pushed by a terrorist organization W3C, currently requires per-browser licensing.

          Per wikipedia:

          EME has been highly controversial because it places a necessarily proprietary, closed decryption component which requires per-browser licensing fees into what might otherwise be an entirely open and free software ecosystem.

    • janAkali@lemmy.one
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I bet you heard about safetynet on android devices. It is a service that checks if you run a genuine licensed not-modified version of android. If not - app developer can just restrict you access to the app. It is mostly used by banking apps, but there’re many examples of not security critical apps utilize this.
      Google wants to do the same but for browsers and websites. If you run firefox or modified chrome or use adblocks: youtube, twitter, etc. would be able to detect it and can restrict access to the website.

        • JamieGL@lemmy.ml
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          1 year ago

          If you root your device correctly. Can’t expect most mobile users to do that. Can’t expect users with locked bootloaders to do that. Can’t even expect many power users to do that. A lot of very tech literate people I know that customise their computer OS heavily still don’t want to root their phone.

    • b14700@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      if they dont like your browser you cant view the site , ultimately its gonna be google who will be deciding what conditions your browser has to fulfill to be approved and the big one they wont say outright is adblockers , if you have an adblocker they will not allow you to veiw the site

  • Raltoid@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    ·
    edit-2
    1 year ago

    They try to present it as “detecting abuse”, but it’s literally just “allow servers to block non-verified browers”(in other words google blocking access to their services for non-chrome users(the people proposing it work for google)).

    And as always these types of asshats always shit all over anyone using accessbility tools(or don’t even consider them in the first place, which amounts to the same thing).

      • jumperalex@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        why did you waste your time asking that question when you already knew the answer?

        It’s always the profits!!!

        • Brahm1nmam@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I get it costs money to develop accessibility, but you can’t rip off a blind man if he can’t navigate your sight. I truly don’t get it.

          Edit: site, not sight

          • Eranziel@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            They’ve simply run the numbers and decided it would cost more to support the blind man’s access than they could get from plundering the blind man.

      • jumperalex@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        pretty much yes to keys and hashes. Just think HDCP and HDMI

        That said, I imagine it’ll have to be easier to hack software that isn’t embedded in hardware. but it’s also easier to issue revocation lists when you don’t have to worry about bricking everyone’s hardware. So I have no idea which way that balance tilts.

  • CondeMg@beehaw.org
    link
    fedilink
    English
    arrow-up
    27
    ·
    1 year ago

    People ask me why I use Firefox when other products hace better features. This is the reason. This is the only feature I want: A fundation that helps and understands the user Thanks for all Mozilla.

  • Jmr@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    1 year ago

    If this goes through. Will Google become a browser monopoly and (hopefully) get sued

  • _galactose@kbin.social
    link
    fedilink
    arrow-up
    22
    ·
    1 year ago

    Have slowly been switching to Firefox for a couple of months, but the DRM proposal has gotten me to fully switch.

      • itadakimasu@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Edge’s left sidebar vertical tabs has ruined me. Plz add this Mozilla, and I’m all in on Foxy Fox

        • Kevin@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Sidebery is a saviour for me and very likely you too. I’ve got 1500 tabs just lying there in my sidebar, inactive and neatly grouped together!

          • NaN@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I just can’t stand the sidebar. Would be nice if they would get native grouping (again, they had grouping for years and removed it) and vertical tabs like pretty much every browser has been integrating now.

    • sabreW4K3@lemmy.tfOP
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Thank you. You’re only one person, but the world is just particles. If enough of us come together, we will be something tangible.

    • zoe@lemm.ee
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      same feel man: too much american shitty companies (especilaly software companies)