I recommend finding everyone responsible for this and exercising your right to free speech on them. It works for politicians, and it should work on this other flavour of bastard too.
Once again, Stallman was very prescient: https://www.gnu.org/philosophy/right-to-read.html
How is this, conceptually, any different from sites that used to block IE out of spite?
I don't agree with doing that either, but whereas things like changing UA headers/page-rewriting proxies would easily get around that sort of discrimination, this is now cryptographically secure.
Governments are scared of encryption because it could be used against them. The population should've realised the same could also apply to them, because it is now actually happening.
Would it be acceptable for a website owner to block users from Detroit (78% African Americans)[1] or block users from El Paso (82% Hispanic)[2] because the website owner claims that fraudulent ad clicking is more prevalent from those cities?
Would it be acceptable to only serve web pages to people without disabilities and without a need for specialist accessibility software because it's not economically viable to consider users with disabilities?
Would the poorest 10% of the population be able to access web pages and services delivered over the Internet with old hardware (all they can afford) and with limited computer literacy and limited ability to raise complaints (that are ignored anyway or responded to by an AI algorithm that doesn't care)?
A website owner is still discriminating when they hide behind technology such as AI algorithms, Web Integrity APIs, etc and pretend that their use of such technology is non-discriminatory.
[1] https://www.census.gov/quickfacts/fact/table/detroitcitymich...
[2] https://www.census.gov/quickfacts/fact/table/elpasocitytexas...
I’m not defending google’s crap but I should be able to block anyone I want from my websites if I choose.
No.
Yes. And not only for discriminating. You make the web shittier than it already is, and more fragmented.
> or should I have to tolerate the script kiddies, ddosing and exploit searches?
This part is unrelated to the first part.
Is it within your rights ? totally. Does it make sense from a business perspective ? yes, probably. Is it morally right ? I'd say no. Will most people give you a damn about it ? probably not.
Most people won't care if you discriminate against some minority they're not part of and don't interact with. Some will, but I'm not sure how much it matters to you if you're seen as a "bad person" either way ?
What's the point of asking a question (...does this make me a bad person for discriminating?) if you're not ready to accept some of the answers?
Yes, geoblocking totally makes the internet a shittier place. In the same way as the hackers and scriptkiddies make it the shittier place. It's a chicken and egg situation. You're blocking part of the world because it's dangerous waters. I am blocking part of the world because I disagree with the politics of that particular part. We are together making geo-blocking tolerable and acceptable. We're together making the internet more shitty than it deserves. Congratulations.
By the way, I'm not sure I wouldn't have done the same thing you did. I guess if I can't properly manage the security of a resource, the easiest way to deal with it would be to eliminate the source of the attack vector. I wouldn't deny that I'm part of the problem though. Because that's exactly what I am.
What is actually making the internet a shittier place is the bad actors, bots, scammers, scrapers, psychopaths and etc. Maybe those countries that get blocked should do more to stop those bad actors in the first place.
Has China or Turkey ever contributed or paid for one of my projects/services? Nope, not once. Have they caused me grief and wasted my time dealing with bullshit? Yes, absolutely!
So I don't think I am a bad, unless you think preventing myself from getting punched makes me bad guy.
Maybe you should change your frame of thought and start pointing the fingers at the actual bad guys who actually ruining the web and stop accusing people of self defense of being "bad guys".
Basically if you don't want to be treated like an asshole (geoblocked) don't act like an asshole. I know it's a very hard concept to grasp.
UA should be fully deprecated already. It rarely achieves its goals at this point. There are better alternatives.
A lot of the push is not for bad actors literally DDOSing servers, but bad users degrading the service for other users. If most users of a service agrees to, for example, run an attestable environment to access a service, then that service should be able to refuse access to users who don’t buy into it.
> Has China or Turkey ever contributed or paid for one of my projects/services?
Have other countries? What about the countries that haven’t? Isn’t it completely unrelated to the “bad actors” question?
Internet is the best thing that we have now. It’s great because it’s open. You’re ruining it. As well as the other bad actors, attackers, etc. You’re just one of them, even though you’re also the victim. So no, you’ve completely missed my point. I’m not blaming the victim. I’m blaming everybody in this particular situation. You are the part of the problem just as well as the attackers.
> I know it's a very hard concept to grasp.
Calm down. Take it as a grown up. You’ve asked for opinion yourself, don’t forget it.
I really hate this attempt by Google and hope they don't follow through, but why should this be illegal?
Software users agent strings are just an identifier added on by a browser to give the server context, it's not a protected class. Google has every right to gate use of their software however they choose, we can just stop using it.
We don't have a fundamental right to an open internet, no one owes us this. I hope we can get back to the days when the internet was much more open and less commercialized, but that day won't come by legal regulation.
For one, blocking users in a geographic region would not be legally considered racial discrimination unless you can prove intent. This is the bullshit loop hole that makes it easy to get away with discrimination, but that's the way it works.
If Google really wants to play this game and create a technical gate preventing usage of sites by anyone that uses a browser that may be blocking ads, there's a legitimate business need there and all they have to say is they are no longer willing to serve users that refuse to pay by viewing ads and providing valuable data. In the case of Chrome they can extend this and say they are helping make sure anyone hosting content online can also protect their revenue as well.
Is that a shitty practice and will it cripple the internet as it was originally designed? Absolutely. But likening this to systemic racism is an insane argument and really doesn't help get at the underlying problem that we would all rather have an internet that is open, free, and not designed entirely as a corporate ad playground.
With Chrome's near monopoly in browsers, most users will run an attestable environment when chrome ships it without ever knowing and agreeing to doing so.
Even if Google manages to "collect" consent, this has so much potential to adversely impact everyone(including businesses) except Google in the long term that it should not be allowed.
> this has so much potential to adversely impact everyone(including businesses) except Google in the long term
How so? It prescribes mechanisms to ensure websites don’t exclude certain browsers/OSes
> To protect against both risks, we are evaluating whether attestation signals must sometimes be held back for a meaningful number of requests over a significant amount of time (in other words, on a small percentage of (client, site) pairs, platforms would simulate clients that do not support this capability). Such a holdback would encourage web developers to use these signals for aggregate analysis and opportunistic reduction of friction, as opposed to a quasi-allowlist: A holdback would effectively prevent the attestation from being used for gating feature access in real time, because otherwise the website risks users in the holdback population being rejected.
From a legal viewpoint, the answer is dependent on the complexity of state laws[1]. What a website owner can do with a website in one country obviously differs from what they could do in another country. Most countries have very weak anti-discrimination laws, and if they do exist, they typically only apply for very specific purposes such as employment discrimination based on age. These limited laws tend to be near impossible to enforce short of someone self-incriminating themselves. In some countries however, an example being Norway, laws against discrimination can be very strict and routinely enforced to the level of requiring all website owners to implement WCAG 2.0 at AA level[2].
From an ethical viewpoint, the Universal Declaration of Human Rights[3] states in Article 2:
"Everyone is entitled to all the rights and freedoms set forth in this Declaration, without distinction of any kind, such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.
Furthermore, no distinction shall be made on the basis of the political, jurisdictional or international status of the country or territory to which a person belongs, whether it be independent, trust, non-self-governing or under any other limitation of sovereignty."
"Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."
[2] https://www.uutilsynet.no/english/about-us/903
[3] https://www.ohchr.org/en/human-rights/universal-declaration/...
There are countless modern PCs that have secureboot enabled by default. Does that mean all their users endorse and agree with secure boot based attestation knowingly?
My point is defaults cannot and should not automatically be treated as implicit consent/knowledge.
Attestation will be enabled by default when Chrome ships WIE and the "majority" condition you mentioned will most certainly be true from day one. That doesn't necessarily mean that every single user of chrome is onboard and happy with WIE.
It’s everyone’s job. It’s the least we can do to prevent entshitification of this beautiful and wild ecosystem.
As a consultant, this would mean I can't turn down a client. Ever. It doesn't matter if I have higher paying offers, moral objections to what they want built, or silly just don't want to work with them.
This type of blanket declaration of freedoms can only extend so far as another person's rights aren't infringed upon. I the consultant example, my right to decide how I spend my time and value my work should be protected. If I can't discriminate for any reason because it could be deemed "[an]other status", my life can be wrecked because anyone asking for my services are owed good faith effort and I can't legally decline.
> Have other countries? What about the countries that haven’t?
Not every country has paid, but they also haven't launched a barrage of DDOS attacks, blatant scraping, and constant scanning for exploits and etc.
You're funny because you think defending one's site from hackers is "ruining the internet". You gave your naïve opinion and I have the right to disregard it and think that it is really stupid, don't forget.