Google is already pushing Web Environment Integrity into Chromium - eviltoast
  • RagingNerdoholic@lemmy.ca
    link
    fedilink
    arrow-up
    75
    ·
    edit-2
    1 year ago

    Web dev here. It enforces the original markup and code from a server to be the markup and code that the browser interprets and executes, preventing any post-loading modifications.

    That sounds a bit dry, but the implications are huge. It means:

    • ad blockers won’t work (the main reason for Google’s ploy)
    • many, if not most, other browser extensions won’t work (eg.: accessibility, theming, anti-malware)
    • people are going to start running into a lot of scam ads that ad blockers would otherwise prevent
    • malicious websites will be able to operate with impunity since you cannot run security extensions to prevent them
    • web developers are going to be crippled for lack of debugging ability

    These are just a few things off the top of my head. There are endless and very dangerous implications to WEI. This is very, very bad for the web and antithesis of how it’s supposed to be.

    TBL is probably experiencing a sudden disturbance in the force.

    • Peruvian_Skies@kbin.social
      link
      fedilink
      arrow-up
      12
      ·
      1 year ago

      Wouldn’t it be possible to create some kind of “post-browser” that takes input from the web browser and displays it after passing it through ad blockers and whatever else?

      • RagingNerdoholic@lemmy.ca
        link
        fedilink
        arrow-up
        12
        ·
        1 year ago

        Such an abstraction, while unnecessary, should be possible, providing that Google doesn’t forcibly prevent access to the final markup that coalesces (ie.: view source and web dev tools)

        • CallumWells@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          The only acceptable browser would obviously be ones that restrict that access, how else are they going to force people to see all their ads?

      • DogMuffins@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Perhaps, but it’s not as simple as it sounds.

        Most of the Web requires js to work. I don’t think the js will work without the DRM.

        So the proxy would need to be running the js, and emulate your clicks and so on.

    • TipRing@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Would this impact web proxies at all? If so, that would entail a pretty huge security change for a lot of corporations.

      • RagingNerdoholic@lemmy.ca
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        If it’s something like a proxy server that pre-modifies the markup/code, then yes, I can see WEI interfering with that.