zlacker

This sounds like the final death blow to the web as a useful platform for anyone who isn't a corporation.

>>JohnFe+(OP)
The Web will cease to be an open system, and will become a glorified fax machine and cable TV network. Those few who care will turn to more esoteric, incomplete, user-unfriendly but open systems. Eventually one of those systems will gain popularity with nerds, academics, and weirdos. They'll fill it with information and media they compile and create in their spare time, and it will interoperate in useful ways that for-profit corporate networks can't. Over time it will gain popularity and "normal" people will start using it too. Money will start to pour in, the network will fill up with garbage, and then corporations will come in and take it over and lock it down.

Rinse repeat.

>>JohnFe+(OP)
This is bad but how is it going to affect the usefulness of my personal web site, that will never use that API to check who's reading it, not or human? Same thing for a lot of sites, probably the vast majority of them.

>>gary_0+q2
Except in the age of hyperinformation, you will see such fringe systems pump and dump on the time frame of a few months, not decades like it used to. You would pray that it would not happen and the thing that you are using right now will not gain that kind of attention.

>>pmontr+w2
One day Google may well flag your sure as lower security, refuse to let you show ads, or disappear you from search results.

>>pmontr+w2
It won't at all, of course, but personal websites are a vanishing breed.

>>gary_0+q2
> Those few who care will turn to more esoteric, incomplete, user-unfriendly but open systems.

A lot of that has been happening for a long time now.

>>pmontr+w2
Personal sites likely wouldn't be affected directly. What this will affect is the ecosystem of browsers that people are willing to use. My prediction is that it will slowly strangle independent browser development, which will turn the web into something akin to the Android/iPhone duopoly. This is kind of already the case with browser engines, but because this is DRM, it would extend that same effect to the actual distributed binary (e.g. you can't visit your bank with Chromium on a Debian box, since that wasn't compiled and signed by Google).

> Same thing for a lot of sites, probably the vast majority of them.

Once Google gets this in place, it can then perform these checks through their ads SDK and demonetize traffic from visitors that don't pass the check. This will create an incentive for any site owner that wants to make money through ads to enforce that visitors must use an approved browser. Basically the DRM equivalent of 'Please disable your ad blocker'.

>>afandi+64
You already get flagged as hazardous and uncool for not using https, even on a perfectly-static site.

Some of us called that out as a slippery slope leading to ubiquitous gatekeeping, but we were shouted down in the name of (as usual) "security."

>>JohnFe+p4
HTTPS has a lot to do with that. let's encrypt is free, but requires things common users dont have, such as control of a domain, as it is if google can see your stored certificates it could exclude you from a site based on "sites you hang around with"

>>JohnFe+M4
Care to share some examples?

>>JohnFe+(OP)
Why is that?

>>rpdill+c5
> Basically the DRM equivalent of 'Please disable your ad blocker'. An interesting observation I've had in my own browsing behaviour is that the majority of sites I visit are time wasting visits. If any site presents the above message (or the equivalent - 'sign up to read' like Medium does), I find I just navigate away and do something else.

The bigger concern for me like you call out - major institutions like banks enforcing a separate company's requirements on me in order to interface with them.

>>gattil+L7
Just talking about subcultures/communities that I've been a part of. Several of them only have a minimal presence on the public web, having moved to a network of private sites. A couple of them have assembled what amounts to a "shadow internet" that uses the internet for an encrypted communications channel but provides its own mailservers, IM servers etc. that don't interact with the internet proper.

And, locally, there have been two ISPs set up (one by me and my friends) that aren't meant for public use, but to supply service to smaller groups. The one I set up was to supply internet service to a remote neighborhood that isn't likely to get reasonable commercial internet in the near or medium future.

Those two ISPs supply internet access, but they also operate an intranet that is mostly decoupled from the public internet.

All baby steps, and nobody is 100% "off the grid", so to speak, but it's a trend that started long ago and seems to be gaining a bit of momentum.

My prediction is that the web will ultimately be just for commercial use (it's already 90% there), and there will be a whole bunch of tiny networks -- that may or may not portal to the internet -- that will fill the needs that the internet is increasingly unable to fill.

>>Camper+06
That is because without https, there is no guarantee that the site requested is bring delivered as the site intends. For example, an ISP could insert data or scripts into the page.

>>margin+48
> Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data. At this point your browser would contact a "third-party" attestation server, and you would need to pass some kind of test. If you passed, you would get a signed "IntegrityToken" that verifies your environment is unmodified and points to the content you wanted unlocked.

Because of this. If we're at the point where you need to get permisssion and approval to verify that the platform you're using is acceptable, then the gates are up and the free web is no longer free at all.

>>garden+Bb
And monkeys could fly out of my butt. Not everyone has the same threat model.

Faced with a choice between a vague future threat that might happen (an adversarial ISP or other MIM attack) and a certain future threat that will happen if we let it (incumbent gatekeepers locking down the Web), I'll take my chances with the former, and opt for less gatekeeping rather than more.

>>rolph+86
Yeah, HTTPS accelerated it quite a lot, but the trend was already in play before that push.

>>JohnFe+1c
Why is that? Who is forcing the free web to use this mechanism, since it is the server that requests the confirmation. Why can't it just... not?

>>gary_0+q2
ISPs will not be letting that traffic through. So no little romantic underground. No cycle; the internet is happening just once, and we're in it. The assumption that everything is necessarily part of a little epicycle of history somehow mashes together Whig history and and an inert nihilism. Don't worry, nothing matters?

We're not in a movie. When they close the open internet, there will be no reason for them to open it back up. Everybody's Playstation will still work. Facebook will still work. Twitter will still work, but it will be all blue checks.

In the future they may not even sell general purpose computers to the public that can access the internet. The network will kick them off as unsigned machines. Maybe they won't let anything on the internet that is capable of running illegal or unlicensed encryption.

The open systems will have to be physical places where we go meet each other, and don't bring our phones. Of course, they could make you carry your ID in your phone (for a few years, there'd just be a $100 charge for a physical ID until they eventually just phased them out), or make you carry cash in your phone, so how could you meet up in person if they didn't want you to?

If we're writing stories.

>>JohnFe+db
Are there people writing about this?

edit: I'm studying ways to facilitate decentralized decisionmaking in small permissioned networks.

>>pessim+ho
If we're talking cyberpunk dystopias, we'd have to resort to hand-soldered audio couplers that use our locked-down phones as modems. Once the next Android/iOS update detects and blocks unauthorized binary carriers, we'll have to steganographically hide our traffic in fake voice calls. Crappy baud rate, but good enough for encrypted text. Augment with sneakernet and local hard-wired networks running under lawns and dorm room carpets.

Although in this grim future where all communication is monitored and censored, people like you and I will probably be up in the hills in the rebel camps, and open networking protocols might be low on our list of priorities.

>>JohnFe+1c
> If we're at the point where you need to get permisssion and approval to verify that the platform you're using is acceptable

I guess it has been the case from the good old CGI era? I do remember all those private forums that required me to wait for several days until they can "verify" my identity and "approve" my registration. The control always has been at the hand of platform. The difference is that now attacks are much more sophisticated (GPT-4 powered!), while defense line is left at a pretty miserable state.

>>margin+Wl
All the websites demanding that I disable my adblocker say that they definitely will.

>>garden+Bb
Let's rephrase that...

"That is because without Web Integrity, there is no guarantee that the site requested is being delivered as the site intends. For example, a browser extension could remove ads or modify content on the page."

See where this slippery slope is heading? We DO NOT want what "the site intends". We want to be in control of the content we consume.

>>skydha+lC
That doesn't seem like the free web though.

>>Camper+ad
It's not a "might happen." ISPs, especially in places like hotels and other public WiFi spots, were replacing ads on sites with their own ads. I don't know if they did anything more nefarious but they were probably also snooping and logging to at least some degree.

>>userbi+pC
Well, as you note, user control is exactly the difference; a user can still modify a page with HTTPS, but not with this proposal.

>>gary_0+9v
Most of what I talked about they've already tried to make happen.

>>gary_0+9v
You already can't run modems over the phone network anymore. Modern noise reduction algorithms helpfully remove as much modem data as they can.

>>afandi+64
I never had ads on my site and if it disappears from search results, no problem. I'll give the URL to the very few people that might be interested to browse it. I probably know all of them, plus a number of bots.

>>gary_0+9v
> If we're talking cyberpunk dystopias, we'd have to resort to hand-soldered audio couplers that use our locked-down phones as modems

…and they will make us use lead free solder.

>>afandi+64
Google do that all the time simply because they dislike your opinions or even your fact based arguments.

>>pessim+fq
On the public web? I assume so, but I don't know. I only know about the communities I am a part of.

>>kuschk+es1
Now I kind of want to build one just for the challenge. Analyze what frequencies can get through, and reverse engineer the phone company's codec so I can send a pirate signal, like a phreaker of old.

Fun fact: You can no longer do such a project in software on stock Android. They locked down the voice audio API.

>>pmontr+3v1
They may also flag your site as "unsafe" and will refuse to display it with scary warnings and hidden overrides that the average user will not be able to access it. This already exists btw. Also in Firefox, using Google's blacklist.

>>garden+Bb
Then make laws to force your ISPs to be neutral carriers and prosecute any pulling shit. Most of the world doesn't have this problem yet we are still forced to waste countless of cycles and man-hours on TLS for public read-only content.