zlacker

[return to "Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web"]
1. LispSp+n9[view] [source] 2023-07-24 21:48:53
>>jakobd+(OP)
They're going to prevent me from running an adblocker in this "web integrity" environment, aren't they.
◧◩
2. px43+at[view] [source] 2023-07-25 00:01:36
>>LispSp+n9
That makes zero sense. If they ever did that they would lose all their market share overnight, and they know that. Google has always been good about letting people have full control over their devices, despite building incredibly locked down UX.

It would be trivial for them to build a Chromebook, or Android phone, or browser that you can't flip into dev mode, but they've never done that, even though many of their competitors in the space regularly lock users out of their devices.

◧◩◪
3. whatsh+Ry[view] [source] 2023-07-25 00:43:42
>>px43+at
That is what would happen if they made adblocking impossible in chrome today, minus all the people who don't use AdBlock and happen to be numerous enough to be Google's entire business.

In a world with attestation, you can't browse any website unless you are using Chrome or another attested browser. The New York Times would refuse to serve content to unattested user agents. That is what would make everyone use Chrome.

◧◩◪◨
4. gloosx+ni1[view] [source] 2023-07-25 07:27:19
>>whatsh+Ry
> The New York Times would refuse to serve content to unattested user agents.

You forgot one thing – once a copy of the content is server to AT LEAST one attested user agent – what prevents him from sharing his copy with unattested users?

It is easy to see that if something will make getting the content harder – it will immediately find the path of least resistance. This is the reason any new Netflix title is available for free an hour after the premiere. And the harder Netflix will try to fight this - less time will pass before their content is stolen and re-translated for free. Exactly same will happen to New York Times if they refuse to serve - someone would serve a copy instead of them – because there is now demand created for such copy.

◧◩◪◨⬒
5. whatsh+zi1[view] [source] 2023-07-25 07:28:44
>>gloosx+ni1
>once a copy of the content is server to AT LEAST one attested user agent – what prevents him from sharing his copy with unattested users?

This is already covered by the DRM in all major web browsers today. If your software will allow that, it can't get attested.

◧◩◪◨⬒⬓
6. gloosx+ll1[view] [source] 2023-07-25 07:52:40
>>whatsh+zi1
I don't understand – how exactly DRM knows that I have a video-capture card recording my screen right now? The browser has no idea.

Or what prevents me from copying NYT article and re-hosting it? What DRM has to do with it?

◧◩◪◨⬒⬓⬔
7. kuschk+Fx1[view] [source] 2023-07-25 09:48:11
>>gloosx+ll1
Google's DRM today already enforces HDCP. You only see an encrypted mess in all debug tools of the browser in that case.
◧◩◪◨⬒⬓⬔⧯
8. gloosx+c85[view] [source] 2023-07-26 06:36:49
>>kuschk+Fx1
i dont need debug tools in the browser - if the bytes of encoded content are getting transmitted to the socket on my machine, there is no realistic way to prevent me from taking and replicating them, i don't see how some software inside the browser can have any effect on this, because the browser has zero idea where these bytes can go after they hit the socket. A good analogy would be filming your screen manually - computer has no idea of this filming and in no way can prevent it, because it cannot act on a real world around it, the same applies for browser, i can take a document, video or sound from any page without involing the browser
◧◩◪◨⬒⬓⬔⧯▣
9. kuschk+wj5[view] [source] 2023-07-26 08:12:21
>>gloosx+c85
> because the browser has zero idea where these bytes can go after they hit the socket

The attestation uses a secure enclave in your processor with a secret key you can't access to verify that secure boot is on, you booted a signed OS, the OS is in locked-down mode, etc.

◧◩◪◨⬒⬓⬔⧯▣▦
10. gloosx+de9[view] [source] 2023-07-27 06:12:44
>>kuschk+wj5
>The attestation uses

>you can't access

Don't you see how contradictory this is?

No secure enclave of registers or hidden secret keys can help, because a person can utilize the lower-level physical world around the processor to manipulate it (e.g sending electrical currents from a programator device manually). But that is a last resort, there are simple software attacks available already to fake as many "attested" devices as needed (for the same DRM system of Android). It will only bring more jeopardy to the "integrity"

◧◩◪◨⬒⬓⬔⧯▣▦▧
11. kuschk+Ex9[view] [source] 2023-07-27 08:57:30
>>gloosx+de9
See that's exactly the issue why I hate this. You can always circumvent it, worst case with an electron microscope and some acid. So all it really does is prevent the average user from gaining control over their own hardware.

And for tech-minded people it doesn't fundamentally change anything, it just means that it now takes more time to do the same than before

[go to top]