If we shoot this down and every bank requires me to download a mobile app, then fine. What this is proposing is basically to turn websites into mobile apps: device controlled, unmodifiable, broken on any non-approved hardware. If that's going to be the case regardless, I'd rather just download the app, at least that would be more honest about what's actually going on, and at least I'd still be able to use my adblocker when I browse the web.
The web is an app platform which competes against other app platforms.
>device controlled, unmodifiable, broken on any non-approved hardware
That's already true of the web without this API. It doesn't change anything in regards to that.
>at least I'd still be able to use my adblocker when I browse the web
Please read the proposal. It has nothing to do with preventing adblocking or detecting people with adblockers.
I fully disagree, I don't see how anyone could credibly make this claim. The web is open and customizable and neutral in a way that native platforms are not. Part of that is full device and OS neutrality where customizations and forks of browser engines do not generally[0] signal untrustworthiness to website operators. And true neutrality for the OS and hardware and browser is incompatible with this kind of full-stack attestation.
[0]: with the exception of a few minor features like web video DRM, which... surprise. It's almost like DRM is bad for the web, and it's almost like all of the licensing and access guarantees given by Google and Microsoft were nonsense and didn't prevent web video DRM from being a giant problem.
----
> Please read the proposal. It has nothing to do with preventing adblocking or detecting people with adblockers.
I have read the proposal all the way through, and I fully disagree, regardless of the "we don't want to restrict things" asides the authors have added. It is impossible to give website operators tools that can prevent automated actions in a browser that can not also be used to prevent accessibility APIs. There is no way to guarantee to a website operator that they are in a "trusted" environment where their code is not being manipulated while still allowing an extension to manipulate that code. And adblockers are only one category of extension that would be hampered by those restrictions, but they would be hampered.
There is a zero percent chance that detecting bot traffic for advertisers will not turn into adblocking/automation restrictions over time, and for Google employees to say that this will not happen means nothing given Google's history around adblockers. We are far, far past the point where Google deserves the benefit of the doubt on this. Chromium devs have been spending that goodwill for years, and they've run out.
Chromium is already less effective at adblocking than Firefox is today, and Manifest V3 is still set to make adblocking worse -- despite employee claims that these efforts were not intended to harm adblockers. Surprise, adblockers still got harmed. And this is a trend; at this point it is not goodwill or good faith to assume that Chrome proposals are neutral towards adblocking, it is burying one's head in the sand.
This proposal has a clear end point and the most charitable thing I can say about the people behind it is that maybe they're not malicious, maybe they're just hopelessly naive. Maybe they're not trying to harm the web, maybe they've just never actually thought about the industry they're in or what the motivations are of the companies in that industry.
----
I'll add to this that "people just don't understand, please read the proposal" is not a new response to Google controversies. It gets pulled out literally every time that Google makes a controversial decision: FLOC, web audio, Manifest V3, Web DRM, the list goes on and on. It is deflection; a suggestion that people pointing out criticisms must just not be informed because otherwise they wouldn't have those criticisms. It's not that Google ever does anything bad, it's just bad at communicating or people are jumping to conclusions.
We're not jumping to conclusions, the first thing I did when learning about this was read through the entire proposal. We understand the proposal, the proposal is just bad.
>device controlled
A website is limited in what it can do by the browser it runs in.
>unmodifiable
Since responses are generated server side you can not modify what they send you.
>broken on nonaproved hardware
There are existing sites which don't support Linux or don't support mobile devices.
>true neutrality of OS and hardware is incompatible with attestation
Attestation doesn't mean that HTML now renders differently. The User Agent string already allows servers to block OSs.
>There is a zero percent chance that detecting bot traffic for advertisers will not turn into adblocking/automation restrictions over time
Sites can already detect adblocking without attestation. There is no evidence that the precense of an adblocker will be a signal to whether an environment is trustworthy. That is not the purpose of the API.
>given Google's history around adblockers
They have worked to support ad blocker extentions and they have provided a platform to ad blocker extentions. They have banned a malicous adblocker which also committed clickfraud. They have had some anti adblock experiments on YouTube such as limiting the resolution.
>We are far, far past the point where Google deserves the benefit of the doubt on this
I disagree.
>Chromium is already less effective at adblocking than Firefox is today
It works fine for me.
>Manifest V3 is still set to make adblocking worse
No, it won't. You just have to use a different API.
>despite employee claims that these efforts were not intended to harm adblockers
They care about improving the experience of the entire chrome user base. Getting rid of poorly designed APIs is a part of making Chrome better for everyone.
>We're not jumping to conclusions
Yes. You are. Google is trying to make the web more private and secure from the current state the web is in. Look at the reponse to FLOC. Despite increasing user's privacy many people forgot upset because they greedily want the web to cater to only them and not to people who rely on advertising. Similarly with Web DRM people panicked because they didn't want DRM because they only care about themselves and do not care about people who want their content to be protected. There is a theme where people get outraged because they don't understand that there are more people who use the web and have different needs than just them.
Giving people the option to protect their content or the option to use attestation as a signal doesn't prevent some idealized open web from existing. Sites that would like extra security can opt into it.