zlacker

This is bad but how is it going to affect the usefulness of my personal web site, that will never use that API to check who's reading it, not or human? Same thing for a lot of sites, probably the vast majority of them.

>>pmontr+(OP)
One day Google may well flag your sure as lower security, refuse to let you show ads, or disappear you from search results.

>>pmontr+(OP)
It won't at all, of course, but personal websites are a vanishing breed.

>>pmontr+(OP)
Personal sites likely wouldn't be affected directly. What this will affect is the ecosystem of browsers that people are willing to use. My prediction is that it will slowly strangle independent browser development, which will turn the web into something akin to the Android/iPhone duopoly. This is kind of already the case with browser engines, but because this is DRM, it would extend that same effect to the actual distributed binary (e.g. you can't visit your bank with Chromium on a Debian box, since that wasn't compiled and signed by Google).

> Same thing for a lot of sites, probably the vast majority of them.

Once Google gets this in place, it can then perform these checks through their ads SDK and demonetize traffic from visitors that don't pass the check. This will create an incentive for any site owner that wants to make money through ads to enforce that visitors must use an approved browser. Basically the DRM equivalent of 'Please disable your ad blocker'.

>>afandi+A1
You already get flagged as hazardous and uncool for not using https, even on a perfectly-static site.

Some of us called that out as a slippery slope leading to ubiquitous gatekeeping, but we were shouted down in the name of (as usual) "security."

>>JohnFe+T1
HTTPS has a lot to do with that. let's encrypt is free, but requires things common users dont have, such as control of a domain, as it is if google can see your stored certificates it could exclude you from a site based on "sites you hang around with"

>>rpdill+G2
> Basically the DRM equivalent of 'Please disable your ad blocker'. An interesting observation I've had in my own browsing behaviour is that the majority of sites I visit are time wasting visits. If any site presents the above message (or the equivalent - 'sign up to read' like Medium does), I find I just navigate away and do something else.

The bigger concern for me like you call out - major institutions like banks enforcing a separate company's requirements on me in order to interface with them.

>>Camper+u3
That is because without https, there is no guarantee that the site requested is bring delivered as the site intends. For example, an ISP could insert data or scripts into the page.

>>garden+59
And monkeys could fly out of my butt. Not everyone has the same threat model.

Faced with a choice between a vague future threat that might happen (an adversarial ISP or other MIM attack) and a certain future threat that will happen if we let it (incumbent gatekeepers locking down the Web), I'll take my chances with the former, and opt for less gatekeeping rather than more.

>>rolph+C3
Yeah, HTTPS accelerated it quite a lot, but the trend was already in play before that push.

>>garden+59
Let's rephrase that...

"That is because without Web Integrity, there is no guarantee that the site requested is being delivered as the site intends. For example, a browser extension could remove ads or modify content on the page."

See where this slippery slope is heading? We DO NOT want what "the site intends". We want to be in control of the content we consume.

>>Camper+Ea
It's not a "might happen." ISPs, especially in places like hotels and other public WiFi spots, were replacing ads on sites with their own ads. I don't know if they did anything more nefarious but they were probably also snooping and logging to at least some degree.

>>userbi+Tz
Well, as you note, user control is exactly the difference; a user can still modify a page with HTTPS, but not with this proposal.

>>afandi+A1
I never had ads on my site and if it disappears from search results, no problem. I'll give the URL to the very few people that might be interested to browse it. I probably know all of them, plus a number of bots.

>>afandi+A1
Google do that all the time simply because they dislike your opinions or even your fact based arguments.

>>pmontr+xs1
They may also flag your site as "unsafe" and will refuse to display it with scary warnings and hidden overrides that the average user will not be able to access it. This already exists btw. Also in Firefox, using Google's blacklist.

>>garden+59
Then make laws to force your ISPs to be neutral carriers and prosecute any pulling shit. Most of the world doesn't have this problem yet we are still forced to waste countless of cycles and man-hours on TLS for public read-only content.