zlacker

It's a fine idea. But what I'm taking away from this post is the link to the Google/Chromium web DRM prototype and summary ... yikes. https://raw.githubusercontent.com/RupertBenWiser/Web-Environ...

>- The web page executing in a user's web browser

>- A third party that can “attest” to the device a web browser is executing on, referred to as the attester

>- The web developers server which can remotely verify attestation responses and act on this information.

Chome only for now but I imagine after it's pushed to Chromium and all the browser based on that Mozilla will implement it too (just like all the other DRM FF has now).

replies(9): >>fooyc+r4 >>38+F4 >>yankpu+oz >>bakugo+5J >>Goblin+9K >>Jeremy+cW >>incomp+rJ1 >>userbi+r42 >>minima+xK3

>>superk+(OP)
Google would do anything to make it harder for others to crawl the web. Killing RSS was part of that strategy.

News sites will implement these DRMs, but of course they will still allow Google because it is their source of traffic. Alternative search engines and good bots will be locked out.

replies(3): >>shiftp+A6 >>ghaff+ei >>numloc+2a2

>>superk+(OP)
actual link:

https://github.com/RupertBenWiser/Web-Environment-Integrity/...

replies(1): >>superk+sc1

>>fooyc+r4
Not just Google, Cloudflare is working hard on it too.

replies(1): >>xwdv+Rd

>>shiftp+A6
Cloudflare works hard but Google works harder.

replies(1): >>intelV+MP1

>>fooyc+r4
>Killing RSS was part of that strategy.

Oh please.

I get that it's more satisfying to blame Google than the faceless masses who had zero interest in RSS and who had a variety of alternatives to Reader in any case.

I guess they also had a strategy to kill social media by axing Google+ and user-created encyclopedias by killing Knol.

replies(2): >>fooyc+cn >>LightB+j01

>>ghaff+ei
Not only Reader, but also the RSS support in Chrome and Firefox (whose Google used to be the primary source of funds). And Feedburner.

replies(2): >>greisk+5r >>scrum-+Js

>>fooyc+cn
> Firefox (whose Google used to be the primary source of funds)

Google deal with Firefox was always about being the default search engine there, and that's it. They never had any power of cutting it adding features to the project.

replies(1): >>mrguyo+fw

>>fooyc+cn
Note: Brave (Chromium) has a RSS support. It's pretty good.

>>greisk+5r
Officially, sure, but you shouldn't pretend that Google's funding isn't the main survival line for Mozilla as an entity, and that there isn't pressure there.

>>superk+(OP)
The weirdest thing is that GOOGLE of all companies now wants to make an obviously anti-scraping technology.

Oh well, the world we live in

replies(2): >>Goblin+4M >>Karell+TC1

>>superk+(OP)
I've been telling people for years that android's safetynet attestation would eventually arrive on PC, seems like it's finally happening.

>>superk+(OP)
Ooh, this is epic, the ultimate antiadblocker is here.

>>yankpu+oz
Isn't it a feature? Now search engines will skip drm sites.

>>superk+(OP)
Yeah... I don't think the original post is the best. This blog post doesn't add much context. Maybe the URL should just be updated to the github document the blog post links? [0]

[0] https://github.com/RupertBenWiser/Web-Environment-Integrity/...

replies(1): >>sclari+S01

>>ghaff+ei
You can Oh please, but Google will never live that one down.

It'll live on in the history of the internet ... foreverrrrrrrrrrr.

>>Jeremy+cW
On the contrary. The URL you post here has been submitted to HN several times (plus my attempt to make the title a little catchier as I linked to the GitHub issue #28, which I titled “Don’t add website DRM to Chrome” in a defensible attempt to expand the title the best I credibly could under HN rules - the issue title is just “Don’t.”)

These all died in obscurity. This blog post by contrast had a catchy title that HN actually engaged with, and as such is measurably superior.

Blame dang & co, for making forum software in which blogspam is the only way to add comment or meaningfully add context and editorialize. (Since blogspam is officially discouraged I’d say the software is not fit for purpose.)

replies(1): >>userbi+O42

>>38+F4
Nah, that's a link to a javascript application you can run that will eventually download and display the text if everything is just right. I linked to the actual text.

replies(1): >>38+pd1

>>superk+sc1
Ok fair point. GitHub does suck

>>yankpu+oz
"Every pirate wants to be an Admiral"

-- Cory Doctorow

https://nitter.net/doctorow/status/1387098297282621442

>>superk+(OP)
I can't even visualise how this would work in any meaningful way. You are going to have some software that "attests" that, say, the user is running an approved version of Chrome. But you couldn't just distribute such software everywhere, since I assume it would be trivial to extract any keys from it and then attest whatever you wanted. The site mentions "Google Play" as a possible attestor, so it would perhaps work on locked-down mobile devices, at best.

replies(1): >>tadfis+P82

>>xwdv+Rd
Honestly, credit to CF - for actual damage to the current internet they're pretty equal even if Google has had to work much harder for their share.

>>superk+(OP)
Remote attestation is the true enemy of your freedom.

People were suspicious of TPM and the "trusted computing" initiative and were fed plenty of propaganda about how it will make things "safer" and more "secure". There are corporate mouthpieces spreading that FUD on any article that's even just slightly critical of them and their plans.

>>32234022

>>29859106

Start revolting against these hostile technologies before it's too late. They're slowly boiling the frog and hoping we don't notice.

>>sclari+S01
These all died in obscurity.

I doubt they died "of natural causes".

It's not HN's fault that the enemy is huge and yields great influence.

>>incomp+rJ1
You can have the same cryptographic chain of trust on PCs with Secure Boot enabled. Essentially the attestation is a signed hash of the computing environment, with Microsoft as its root authority in the PC ecosystem. The kernel+boot environment is next, then the system software stack, and finally the executable image. This is exactly what is provided by the trusted execution environment on Android devices, and Google Play is just the trusted arbiter of the software signatures.

>>fooyc+r4
> Killing RSS was part of that strategy.

Oh boy. RSS died because it was "only for nerds". Never had I ever met a person outside my tech bubble that had used RSS yet knew what it was. That's not how the average Joe uses the internet.

>>superk+(OP)
I consider it an utterly disgusting premise, that will:

- make OSS systems second class systems online

- make older devices second class systems online

- prevent people from modifying devices they own (as it'll break the chain of trust and therefore the attestation)

- prevent people from modifying software (custom builds of Chrome, Firefox, etc won't be signed and therefore break the chain of trust and therefore the attestation)

- prevent people from running browser plugins that do things browser authors don't approve of

But hey, from google's PoV, it's a giant win, they can:

- make it harder for anyone else to crawl the web, and therefore compete with google

- make it harder for people to not watch ads, preserving google's revenue streams

- make it harder for anyone to automate the web in ways they or other browser vendors don't like

The 'holdback' mechanism is a joke and I imagine would disappear after a year or two.

Feels like a really good reminder of why it's a terrible idea for google to both be in control of really large important web properties like google search, youtube, maps, ads, but also the single most popular browser.

edit: I hope Apple and MS push back, as they're both vendors with significant marketshare (Mozilla too, but they're smaller). At least if Apple didn't do it, it'd be hard to rely on in US/UK.