This isn't Chrome/WEI defense btw. All attestation in web browsers ("user agents" my ass) is bad. Base your complaints on objective problems, not hate of one brand.
Definitely not with the Iceweasel fork. https://github.com/fork-maintainers/fenix
Anyone sick at home? Anyone with a visa? Any debt? Student loans? Kids?
You wouldn't just need any other job, you'd need another comparable job.
One extremely small example from the last 60 minutes of my life is that many Google workspace products don't work very well in non-Chrome browsers. I have to switch from Firefox to Chrome whenever I call someone in Google Meet, because the system load is higher and some features are not supported (e.g. visual effects like background blurring). I'm skeptical that these features can't be done in Firefox, but when you try to use them you get a warning to use a supported browser.
I dug into this a little more and they have a page https://support.google.com/meet/answer/10058482?hl=en-GB&exp... which asks you to check for WebGL support, without a major performance caveat, and link to https://webglreport.com/?v=2
On Firefox on a M2 mac, I see "Major Performance Caveat: No".
Currently Firefox is faster than Chrome : >>36770883
[1] https://arstechnica.com/gaming/2021/07/cheat-maker-brags-of-...
https://increditools.com/ad-blockers/
I think survey results showing 40% using ad-blockers is sufficient to question your assertion that most people don't know about ad-blockers. Folks may not all be using them, but I think a majority certainly are aware. And outside the U.S., even a majority use them in some countries.
Ordinary folks on the Internet have friends and family that are technically inclined and often seek advice from them. But most of the time, ordinary folks figure things out just fine in their own.
Web Environment Integrity API Proposal – >>36817305 (618 points/4 days ago/442 comments)
Google Chrome Proposal – Web Environment Integrity – >>36778999 – (117 points/7 days ago/94 comments)
Web Environment Integrity Explainer – >>36785516 (87 points/6 days ago/44 comments)
I am reminded of a story of a retailer who adódnak l accidently stopped advertising online and so no adverse change in sales. While I can't find the exact one I have in mind, it seems this isn't rare.
https://www.forbes.com/sites/augustinefou/2021/01/02/when-bi...
How many web sites still serve you http:// instead of https:// ?
The transition was (is) entirely voluntary. Transition happened more slowly until browsers made the lack of https:// look scary.
https://blog.mozilla.org/security/2017/01/20/communicating-t...
https://httptoolkit.com/blog/apple-private-access-tokens-att...
https://www.theverge.com/2023/6/26/23774547/microsoft-sony-x...
The FTC lost that case.
I think at this point, if a big tech executive avoids doing something due to the threat of antitrust lawsuits, they're just incompetent.
It focuses heavily on privacy concerns and how those will be resolved - the vast majority of criticism I've seen hasn't been related to this at all, and those aren't especially hard problems to solve in the context of the existing spec.
It still largely ignores browser diversity & experience this will create for non-Chrome users. His argument is that blocking fingerprinting in future will mean anti-fraud will make the web unusable, and WEI will make it usable again. Given you accept the premise, still the conclusion is only true for browsers that can access WEI - which means the web will become unusable for browsers who can't (Linux, rooted Android, Firefox, etc etc).
For the ecosystem as a whole, it's better if everybody has a fair playing field. By definition, WEI structurally privileges certain clients. The more widespread that becomes the worse the effect on the wider ecosystem is. If WEI does not exist, and fingerprinting does not exist, providers will be forced to find ways to limit the impact of anti-fraud mechanisms. If 90%+ of browsers use attestation, that pressure decreases dramatically. Using Tor on the web today is a good example of the likely experience.
The mention of holdbacks here touches on this (though for full blocks, rather than wider impact) but ignores the existing strong pushback against holdbacks from others closely involved in the spec & discussion around this (https://github.com/RupertBenWiser/Web-Environment-Integrity/...) and ignores that the attestation they already shipped on Android for exactly the same use case does _not_ do this.
Fundamentally, the issue isn't about privacy during these checks, or whether defeating fraud without fingerprinting is valuable. Those are reasonable but obvious points. The issue is that client-focused validation for fraud is a flawed goal in itself (it's impossible - even with full & perfect attestation, you can set up a fully automated + WEI-approved machine by automating input peripherals directly) that risks enormous collateral damage, and we shouldn't encourage it in any sense. We definitely shouldn't standardize practices to make it easier.
At the end of the day, if you want to block fraud you have to do so server side (statistical analysis, rate limits, validated user accounts, requiring payments, some kind of proof of work, etc). This is a hard problem, absolutely, but it's unavoidable.
Apple already shipped attestation on the web, and we barely noticed - >>36862494 - (530 points/1 day ago/398 comments)
1. Native integration across devices: Safari integrates seamlessly with Apple's ecosystem due to proprietary features like iCloud, Handoff, and universal clipboard, allowing for a consistent user experience across all Apple devices, with seamless transition among them to stay in your flow across devices.
2. iCloud Private Relay: This is a recent security tool from Apple and participating CDNs that encrypts all Safari traffic and protects the user's privacy by preventing anyone, including both Apple and network providers, from seeing which sites are visited.
3. Password Management Integration: Safari offers seamless integration with Apple’s Keychain for password and two-factor authentication (2FA) management across devices and across apps and browsers. Safari leverages Apple's OS level full password manager that's been quietly iterated each major release, now including support for TOTP and compromised-site checks.
4. Increased security/privacy: Safari uses AI/ML backed Intelligent Tracking Prevention to identify and block trackers, ensuring enhanced user privacy. While similar features can be added to Firefox via extensions, Safari has these capabilities by default.
5. Improved Power Efficiency and Performance: Multiple battery life tests confirm that Safari is significantly more power-efficient than Firefox and Chrome. Apple pulls this off through co-optimization of hardware and software, power-efficient technologies, hardware acceleration, conservative use of resources, efficient resource handling, and the blocking of resource-heavy ads and trackers. In real world use, you may see twice the battery life during web heavy usage.
6. Extended Support for WebKit: Use the browser your users use, so you understand and support their experience.
Other factors like persistent tab groups, 120hz scroll performance, and first class "retina" typography simply add to the smooth experience Safari provides on macOS and iOS.
Here are some lesser known tips for tuning up Safari to your liking and using features folks may be less familiar with:
https://www.pcmag.com/how-to/hidden-tricks-inside-apples-saf...
I feel like they could do better, but on the whole, I'm happy with what they provide to everyone for free.
[0] https://www.snellman.net/blog/archive/2023-07-25-web-integri...
US:
- https://www.ftc.gov/enforcement/report-antitrust-violation
- antitrust@ftc.gov
EU:
- https://competition-policy.ec.europa.eu/antitrust/contact_en
- comp-greffe-antitrust@ec.europa.eu
UK:
- https://www.gov.uk/guidance/tell-the-cma-about-a-competition...
- general.enquiries@cma.gov.uk
India:
- https://www.cci.gov.in/antitrust/
- https://www.cci.gov.in/filing/atd
Canada:
- https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/frm-e...
You don't need to believe me, info on the authenticity of their effort is priced into the markets.
Or, you can believe those lined up to fight Apple on these capabilities.
This is really outdated: https://images.apple.com/safari/docs/Safari_White_Paper_Nov_...
But boy did it get Meta mad:
https://www.cnbc.com/2019/09/09/facebook-warns-about-apple-i...
But they did more:
https://appleinsider.com/articles/21/06/07/apple-beefing-up-...
And now more:
https://www.tomsguide.com/news/ios-17-will-stop-websites-fro...
Every time generating letters to Washington and Brussels how Apple's taking food out of the mouths of data and ad brokers.
I'd have run out of tiny violins if I didn't have GarageBand to make me a loop.
> In August 2005,[11] the GNUzilla project adopted the GNU IceWeasel name for a rebranded distribution of Firefox that made no references to nonfree plugins.
> [...]
> The GNU LibreJS extension detects and blocks non-free non-trivial JavaScript.
> Fedora includes support for the UEFI Secure Boot feature, which means that Fedora can be installed and run on systems where UEFI Secure Boot is enabled. On UEFI-based systems with the Secure Boot technology enabled, all drivers that are loaded must be signed with a valid certificate, otherwise the system will not accept them. All drivers provided by Red Hat are signed by the UEFI CA certificate.
Running your own secure boot CA is not enabled out of the box (for obvious reasons), but that does not pose a problem on most systems. Secure boot only needs special care if you need to load unsigned kernel modules (DKMS, Nvidia) or if you run on a super duper special Microsoft device that doesn't have the third party CA certificate by default.
[1]: https://docs.fedoraproject.org/en-US/fedora/latest/system-ad...
And, again, it is complicated to get it turned on. How complicated? Take a look:
https://nwildner.com/posts/2021-04-10-secureboot-fedora/
>The kind of Linux 99% of Linux users are running today.
I severely doubt that even 5% of Linux installs have secure boot turned on because of how complicated it is to get it working. Specifically I imagine that the complicated instructions on the page I just linked will need to be modified depending on the specific secure-boot firmware.
> https://nwildner.com/posts/2021-04-10-secureboot-fedora/
Most motherboards ship with secure boot enabled out of the box. Fedora will install and boot in that configuration without any changes to your system or motherboard settings. You actually have to go out of your way to disable it. The manual (https://docs.fedoraproject.org/en-US/fedora/f36/install-guid...) does not mention any such setting changes.
The page you link goes into custom secure boot keys, which are usually unnecessary. They're arguably more secure, but it's an entirely optional step unless you decide to load unsigned kernel modules.
For instance, initrd is not verified: >>36717975
>The page you link goes into custom secure boot keys, which are usually unnecessary.
You might be right about that.
To use secure boot without calls to mokutil and friends, Unified Kernel Images are introduced in Fedora 38. These images contain everything (kernel, initrd, and so on) in one, published package. If https://bugzilla.redhat.com/show_bug.cgi?id=2159490 is to be believed, UKIs are live already in Fedora 38.
I can only find pregenerated UKIs for virtual machines in the Fedora repositories and I can't tell if they're properly signed or not, but support is being extended and this problem is being solved.
As for providing security: Linux really needs an easy, user-friendly GUI application for setting up proper secure boot. Of course at least one step is out of the control of Linux developers (configuring the firmware to load new keys) but right now "I want to load my system keys (and also the keys for my Linux dual boot)" is awful on any Linux distro. Every guide presents scripts to call scripts to call automated tools but none of them seem to make the process any easier or friendlier.
I think that personally I'm a lost cause. Either give me Firefox in a Chrome's pelt or I stay with Chrome. And maybe that's good this way: Firefox should just focus on new users and make the best browser for "them".
There's also the venerable lynx, and elinks (which I reluctantly admit is better than lynx, even if I don't use it much), and Dillo+ [1] (a fork / continuation of Dillo that supports Gopher and Gemini). And could I forget NetSurf, with its graph-y history navigation? And of course, Ladybird, [2] probably the best-funded of the lot.
These are just the ones I've heard of. There are surely dozens more you'd be interested in, and thousands of little hobby projects. Why not try making your own web browser?
[0]: https://argonaut-constellation.org/