Request for Mozilla Position on an Emerging Web Specification Specification Title: Web Environment Integrity API Specification or proposal URL (if available): https://rupertbenwiser.github.io/Web-E...
Google (The company behind Chrome) wants to create a type of DRM for web pages. Google claims that this will help with things like bot traffic, spam, etc.
Mozilla (The company behind firefox) is opposed to creating this DRM because it has no benefit to the end user and is likely to be harmful to the openness of the internet.
Somewhat. Webstandards are voted upon, and I believe Mozilla is part of those organizations.
However Google could always choose to ignore web standards and do what they want. And due to their massive market dominance this would effectively enforce this overnight for over half of the internet.
The reason they may not, is the EU would take them to court over that. The US no longer believes in stopping companies from ruining shit though.
But how can it trust you’re a person when it just confirms that you’re running an in-modified site. It takes a hash of the site, then make sure your local view of the website matches that hash.
This disables add blockers, custom css, etc; but I don’t see how this standard would prevent bots…
It’s not just checking that you’re running in an un-modified OS, that’s just one part of it.
It doesn’t disable ad-blockers or custom css btw. And anyway, websites can already detect when you’re using an ad-blocker and not show you their content. This isn’t needed for that.
Google tried to exert control on the internet with web manifest v3 and now again here. Letting google dictate web standards is a mistake. Using Firefox shows companies they need to support more than chrome.
If it wouldn’t be good at proving users are human, there are probably other motives at work, like putting Google in charge of approving or blocking every piece of web content and every browser for viewing it, and removing the user’s control over how the content is presented.
Google wants to add a feature to the browser where a website can (in a fairly confident and secure way) ask about key facts about the browser environment in the name of security. The kinds of details may be like: What is the browser in use? Has the browser been altered? Are certain plugins active? What kind of OS is in use?
The exact details aren’t really defined yet, but the idea is to be able to provide confidence via answers to these types of questions to the website so they can make decisions based upon these details.
People are (very much rightly) strongly against this since it will only really result in locking down web functionality to environments in the name of security, and there will be a lot of collateral damage in the process while helping browser monopolization.
Using this, websites could lock their use to certain browsers (much more than what’s already possible). Websites could prevent access if certain plugins are enabled (think privacy or adblocking plugins). Websites could prevent access to linux users because “they’re probably hackers”.
Ultimately, this represents a big change into the insight & power a website has in regards to the user browser environment, and is a big risk to the open web, hence why Mozilla are against it.
Blocking ad blockers has to be the real reason behind this convoluted bullshit. Google gets the lion’s share of its revenue from ads. The whole thing is a Trojan horse destined to make things better for them at our expense. The mere proposal is already accelerating my shift away from their products.
Mozilla opposes a proposal because it goes against their principles and vision for the Web.
They believe that any browser, server, or publisher that follows common standards should be considered part of the Web.
Standards are designed to be independent of specific hardware or software, allowing for a wide range of devices, operating systems, and browsers to access the Web.
This diversity of choices promotes accessibility and overcomes personal obstacles.
Mechanisms that restrict these choices harm the openness of the Web and are not beneficial for users.
The proposal’s use cases rely on the ability to detect non-human traffic, which could hinder assistive technologies, automatic testing, and archiving and search engine spiders.
These tools require access to content intended for humans in order to transform, test, index, and summarize it.
The proposed safeguards are unlikely to be effective and fail to address these concerns adequately.
Mozilla acknowledges the importance of addressing fraud and invalid traffic but finds the proposal lacking in practical progress for the listed use cases and highlights clear downsides to its adoption.
Google wants to implement a system that will check if the version of the website that you have loaded on your computer is identical to the one that was intended. They say this will prevent fraud and improve security, but the most relevant impact for end-users is that ad blockers and any other customization you do to websites will prevent you from accessing critical Internet services. The fear is that Googles massive share in the browser will allow them to push this through regardless of consumer opposition.
Basically, the proposal will allow websites to check if there is a real user on the other end, instead of a robot. It uses a DRM style token system to do it. The problem is that this would restrict the web to just those browsers that have an implementation of the DRM. The only implementations of the DRM available are from Google, Apple, and Microsoft. Anyone not on a browser approved by the big 3 would no longer be able to use the web.
It won’t check people are a real user, only that they are using the enforced software. Many bot farms will use the correct software. One was recently found in Ukraine and it had shed loads of sims and hardware. They will easily meet and pass the tests.
I don’t know how technical you are but it looks likes this is a security token api to validate the trust of the environment. I believe that google is trying to propose a universal standard for everyone to use.
I think Firefox is standing negative because they want choice not 1 standard. This is the best I can do without going down a rabbit hole
What they state is that this specific proposal means more hurdles to access the internet as an end user with no clear benefit, as it doesn’t really achieve its stated end goal of reducing spam/bots/etc.
Can anyone eli5 this?
Google (The company behind Chrome) wants to create a type of DRM for web pages. Google claims that this will help with things like bot traffic, spam, etc.
Mozilla (The company behind firefox) is opposed to creating this DRM because it has no benefit to the end user and is likely to be harmful to the openness of the internet.
Not just chrome, but also the lead contributor to chromium (the underlying system in Edge, Brave, etc.)
But does Mozilla’s opposition have any final say in the thing getting implemented in the standard?
Not a final say, but it have some influence on the public discussion.
Somewhat. Webstandards are voted upon, and I believe Mozilla is part of those organizations.
However Google could always choose to ignore web standards and do what they want. And due to their massive market dominance this would effectively enforce this overnight for over half of the internet.
The reason they may not, is the EU would take them to court over that. The US no longer believes in stopping companies from ruining shit though.
The only real benefit to users that I can think of is that it could eliminate the need for captchas.
It really wouldn’t
If the point is so websites can trust that you’re a person then the captchas aren’t needed.
But how can it trust you’re a person when it just confirms that you’re running an in-modified site. It takes a hash of the site, then make sure your local view of the website matches that hash.
This disables add blockers, custom css, etc; but I don’t see how this standard would prevent bots…
It’s not just checking that you’re running in an un-modified OS, that’s just one part of it.
It doesn’t disable ad-blockers or custom css btw. And anyway, websites can already detect when you’re using an ad-blocker and not show you their content. This isn’t needed for that.
I don’t even trust that I’m a person sometimes.
If you aren’t using Firefox yet. Start, ASAP.
Google tried to exert control on the internet with web manifest v3 and now again here. Letting google dictate web standards is a mistake. Using Firefox shows companies they need to support more than chrome.
If people really can’t live without Chrome/brave/…, install an extension to change the use agent to firefox and support the cause that way 😄
Essentially the standard is saying that anything attempting to connect to the web must provide an attestation that it’s representing a human.
Mozilla opposes it because it’s another barrier for new tools to implement, and there is no evidence that bots wouldn’t just say ‘yeah, I’m a human!’
So no benefit, and more barriers
If it wouldn’t be good at proving users are human, there are probably other motives at work, like putting Google in charge of approving or blocking every piece of web content and every browser for viewing it, and removing the user’s control over how the content is presented.
It’s so their ads don’t get blocked.
Greed, as usual.
It’s time to break Alphabet Corp. up in to its constituent letters.
Google wants to be in control of the web, through their browser chrome. Mozilla is saying that Firefox won’t support Google’s blatant power grab.
Google wants to add a feature to the browser where a website can (in a fairly confident and secure way) ask about key facts about the browser environment in the name of security. The kinds of details may be like: What is the browser in use? Has the browser been altered? Are certain plugins active? What kind of OS is in use?
The exact details aren’t really defined yet, but the idea is to be able to provide confidence via answers to these types of questions to the website so they can make decisions based upon these details.
People are (very much rightly) strongly against this since it will only really result in locking down web functionality to environments in the name of security, and there will be a lot of collateral damage in the process while helping browser monopolization.
Using this, websites could lock their use to certain browsers (much more than what’s already possible). Websites could prevent access if certain plugins are enabled (think privacy or adblocking plugins). Websites could prevent access to linux users because “they’re probably hackers”.
Ultimately, this represents a big change into the insight & power a website has in regards to the user browser environment, and is a big risk to the open web, hence why Mozilla are against it.
Blocking ad blockers has to be the real reason behind this convoluted bullshit. Google gets the lion’s share of its revenue from ads. The whole thing is a Trojan horse destined to make things better for them at our expense. The mere proposal is already accelerating my shift away from their products.
Mozilla opposes a proposal because it goes against their principles and vision for the Web.
They believe that any browser, server, or publisher that follows common standards should be considered part of the Web.
Standards are designed to be independent of specific hardware or software, allowing for a wide range of devices, operating systems, and browsers to access the Web.
This diversity of choices promotes accessibility and overcomes personal obstacles.
Mechanisms that restrict these choices harm the openness of the Web and are not beneficial for users.
The proposal’s use cases rely on the ability to detect non-human traffic, which could hinder assistive technologies, automatic testing, and archiving and search engine spiders.
These tools require access to content intended for humans in order to transform, test, index, and summarize it.
The proposed safeguards are unlikely to be effective and fail to address these concerns adequately.
Mozilla acknowledges the importance of addressing fraud and invalid traffic but finds the proposal lacking in practical progress for the listed use cases and highlights clear downsides to its adoption.
Google wants to implement a system that will check if the version of the website that you have loaded on your computer is identical to the one that was intended. They say this will prevent fraud and improve security, but the most relevant impact for end-users is that ad blockers and any other customization you do to websites will prevent you from accessing critical Internet services. The fear is that Googles massive share in the browser will allow them to push this through regardless of consumer opposition.
Best ELI5 I’ve read so far is https://arstechnica.com/gadgets/2023/07/googles-web-integrity-api-sounds-like-drm-for-the-web/
Basically, the proposal will allow websites to check if there is a real user on the other end, instead of a robot. It uses a DRM style token system to do it. The problem is that this would restrict the web to just those browsers that have an implementation of the DRM. The only implementations of the DRM available are from Google, Apple, and Microsoft. Anyone not on a browser approved by the big 3 would no longer be able to use the web.
It won’t check people are a real user, only that they are using the enforced software. Many bot farms will use the correct software. One was recently found in Ukraine and it had shed loads of sims and hardware. They will easily meet and pass the tests.
Yeah, it’s lame considering how easy it is to automate Chrome.
I don’t know how technical you are but it looks likes this is a security token api to validate the trust of the environment. I believe that google is trying to propose a universal standard for everyone to use.
I think Firefox is standing negative because they want choice not 1 standard. This is the best I can do without going down a rabbit hole
Edit: link to another post
https://beehaw.org/post/6801832
I don’t think saying Firefox/Mozilla is against standards is a fair assessment.
https://mozilla.github.io/standards-positions/
What they state is that this specific proposal means more hurdles to access the internet as an end user with no clear benefit, as it doesn’t really achieve its stated end goal of reducing spam/bots/etc.