zlacker

[return to "Google engineers want to make ad-blocking (near) impossible"]
1. Adverb+T5[view] [source] 2023-07-26 10:56:52
>>pabs3+(OP)
It isn't just "make ad-blocking (near) impossible" as the current title of the submission suggests. It is:

Make browsing the internet possible only on Chrome, Safari or Edge (with no modifications or extensions). No competition allowed in browsers.

Make browsing the internet possible only on macOS, Windows, Android or iOS (no custom Android distributions, definitely no LineageOS or GrapheneOS or whatever). No competition allowed in Operating Systems, especially no open source operating systems.

Make crawling the internet possible only to Google. No private crawling and no competing search engines.

Let me know if I've missed anything...

◧◩
2. mozbal+S8[view] [source] 2023-07-26 11:14:33
>>Adverb+T5
iirc remote attestation is reliant on hardware attestation, which means these websites will only run on authorized DRM-enforcing hardware and architectures. Only Intel, AMD, Qualcomm and the like. No open-source firmwares, architectures or hardware.
◧◩◪
3. jeroen+Ld[view] [source] 2023-07-26 11:44:33
>>mozbal+S8
What attestation the website accepts entirely depends on the configuration. There's nothing in the spec that will prevent attestations for Linux computers. Linux already works perfectly fine with secure boot and such, I don't see why a signed bootloader starting a signed attestation engine wouldn't be trusted by third party websites.

It'll kill open platforms like the rare open source RISC-V implementations, but for almost any platform in use today this can be implemented.

The real question is "but will it", and in practice websites will probably only whitelist Chrome, Edge, and (reluctantly) Safari.

◧◩◪◨
4. jasonj+nj[view] [source] 2023-07-26 12:20:08
>>jeroen+Ld
Linux computers with an approved boot chain and software environment. Gentoo users are out, as is anyone making a custom kernel.
◧◩◪◨⬒
5. jeroen+Pn[view] [source] 2023-07-26 12:43:11
>>jasonj+nj
Gentoo users and people running Nvidia drivers and the like will be out, that's true. That's very different from "only certain architectures allowed", though.

Even still, there are ways to implement this using an open source, signed, reproducibly built daemon that gets loaded early in the boot process. Altering the daemon would've out of the question but it would solve the more immediate problem of "Netflix doesn't work" that most people would actually care about.

◧◩◪◨⬒⬓
6. raxxor+9s[view] [source] 2023-07-26 13:03:32
>>jeroen+Pn
Netflix can only discriminate because we have attestation in the first place. This is not a security mechanism anymore.
[go to top]