zlacker

[return to "Google is already pushing WEI into Chromium"]
1. ailef+73[view] [source] 2023-07-26 12:26:11
>>topshe+(OP)
Can somebody explain what are the practical implications of this?
◧◩
2. smalls+r4[view] [source] 2023-07-26 12:33:53
>>ailef+73
The Browser application needs to pass a binary image check, and if the browser hash doesn't match Google database, you cannot proceed to the website (since your browser may be corrupted). A major big deal for non main-stream browser, and for non Google browser developers, extension developers (eg. AdBlock), etc. In summary, some websites (like banks, Netflix, etc) will no longer be available for non mainstream browser users. Also, even if you're using Google Chrome, you may need to run the latest version to satisfy the hash check. Every day, the number of broken websites will continue growing until all non Google Chrome users have a blocked internet.
◧◩◪
3. nonane+Ba[view] [source] 2023-07-26 13:02:45
>>smalls+r4
Can you please explain why a third party browser can’t lie about its hash, just like it can lie about it’s user agent?
◧◩◪◨
4. kmeist+4q[view] [source] 2023-07-26 14:04:08
>>nonane+Ba
Because the encryption key you need to sign the hash lives in EL3[0] and only Google and ARM can load code there. In order to lie about your hash, you have to break ARM TrustZone, and if you do that you can be sued under section 1201 for trafficking in copy protection circumvention tools. In other words, the law that prohibits you from selling DVD copiers can be used to give literally any bullshit the backing of law.

[0] An ARM exception level that sits above hypervisors and is specifically intended to support trusted execution modes for isolated mini-operating-systems that do this sort of shit

[go to top]