It’s not going to be that simple. CDNs like Cloudflare are already on board with this, and Safari built a similar feature last year (and virtually no one noticed or cared). This horse has already left the barn and I’m not sure there’s anything we can do at this point.
EDIT - Oh and I didn’t think of this but Google absolutely CAN make websites update. “We’ll improve your SEO ranking if you support this new feature”. They’ve done this before and they’ll do it again.
Except you’ll have to keep a copy of Chrome handy because this is less about what software you’re using and more about which apps are attested and approved for that website.
Once your bank says “we’re requiring this” it’s kinda over isn’t it?
The bank already has your money. Asking you to install a free app to use their services would not be seen by regulators as unreasonable. Especially when they play the security argument.
I don’t see how Chrome has to be in the majority for some sectors to start relying on these kinds of attestations. Safari already has a similar mechanism, so that right there is the majority of mobile users when you include Chrome.
I fear voting with one’s wallet is not enough to prevent any business from doing something in their best interests at the expense of the consumer/user. When it comes to banks we’d have to place our hope the governments… which relies of them actually representing voters.
I’ve been on Firefox for years. Was never much of a problem, but lately there’s more and more sites that require a Chromium-based browser. Some of them quite crucial. A list from experience:
My bank’s mortgage page
Microsoft Teams - only supports Chrome, safari and edge on MacOs.
Microsoft Office - has weird quirks on MacOs
The new Adobe Express, requires Chrome or Edge
Google Meet - after years google still only supports Chromium-based browsers if you wish to use video effects
It’s true. Edge is the only browser with 4K support. They claim it’s due to improved HTML5 support, but who knows really. I suspect their content delivery network uses some kind of Microsoft proprietary compression or somesuch. I know old Netflix was Silverlight-based due to their DRM.
See this kind of shit is why I pirate, not because I can’t afford to pay $10 a month. When the $10 for a lot of content becomes $10 per month per piece of media you like, and you can’t watch it on your platform of choice, and you can’t watch it on a flight without paying more or not at all, this makes the $5 per month I pay for a VPN sound like a far better service.
It’s not uncommon for such sites to work fine in Firefox if you just add a user agent switcher addon, so that is worth trying (can be limited to specific sites so you advertise Firefox usage for others).
Advertising isn’t rooted in Nazi propaganda lmao, it was here before and it will be here long after. Calling everything Nazi connected diminishes stuff that really is Nazi connected, like Fanta.
Indeed, advertisement makes us think that lies and exaggeration are normal. It is one of the causes of todays “alternative reality” people. Advertisement should be shunned and pushed back. Honesty and true information should replace it.
"The slogan was also a bit of a jab at a lot of the other companies, especially our competitors, who at the time, in our opinion, were kind of exploiting the users to some extent"
Luckily, other browser manufacturers (Mozilla, Vivaldi, Brave, and even the WWWC) have already spoken out against this proposal. Google loves marketing it as ‘optional’, which it obviously won’t be once implemented. A system like this would be very dangerous for smaller browsers, as it’s incredibly vague who decides what authorities would be allowed to verify browsers.
Additionally, this is presented as a way to remove captchas from the web by proving a request is coming from genuine hardware. However, this proves absolutely nothing about a request being genuine or non-spam. The only thing this proves is that it was created by a ‘genuine device’, so all a malicious user would have to do is to (automatically) send the request via a verified device and they’d pass the check.
Maybe it’s just Google search (ironic), but I couldn’t find anything about the W3C speaking against the proposal. If W3C is against it then I think it’s even more likely the entire thing would be shot down.
Could’ve sworn I saw it in an article or post on here somewhere… but of course now that I actually need the post I can’t find it. Doesn’t really matter though, Chrome can unfortunately push standards through even if others don’t approve, just due to their sheer size alone.
The problem is that Google is able to more or less dictate how the web works at that time. Apart from Firefox and Safari, which both only have a minor market share, pretty much everything is Chrome based.
If Google wants to push some silly idea just to ensure that their silly ads are not blocked, then they’ll do it. I fear that noone really can stop this stupid idea.
I’m sure our octogenarian leaders who are oh so internet savvy will fully understand the nuances associated with browser market share will craft laws to resolve this issue.
/s unfortunately.
Truth be told… Google applies $$$ to our aged elected officials who don’t understand what a browser is much less the nuances behind chrome and chromium based browsers. And will vote by what their campaign donators say… :(
Hot take: the narrative that politicians do not understand technology due to their age is giving them too much credit. They have entire offices full of staffers whose entire job is to explain these things to them in ways they understand, as I am sure they have for some of the more important things. They just don’t care because their purpose is to serve corporations, not the public.
On the other hand, I don’t really have a fundamental problem with it. I don’t use Chrome and am not going to use this. My approach to websites using it will be the same as programs not running on my operating system: I’ll simply ignore them, same as I already ignore websites today that don’t serve me because of GDPR.
I also do see a problem in adblocking. It’s just that it’s the lesser of two evils for me and as such, I opt into it. Google, being on the other side of the situation, for good reasons comes to a different assessment.
All in all I don’t think this is a good development, but OTOH, if someone doesn’t want me to visit their site, that’s ok.
What about when your banking site or the site your landlord wants you to pay with doesn’t work because of this shit?
It’s gonna be a pain in the ass to switch browsers every time you run into one of these sites, and it’ll eventually make its way into most services just because they feel like it.
There are already way too many Android apps that refuse to work on rooted phones just because they feel like not working on rooted phones after they made safety net. It will be pervasive and at some point you’ll have no option but to comply.
Chromium based forks (e.g. Brave) can disable or remove the features they don’t want. For example, if Google adds a feature that always shows their ads, Brave can disable that feaure or remove it. Being Chromium-based is not as bad as people usually seem to think.
In this proposed DRM-like feature it is slightly different case because Chrome browser is so widely used.
Google became what it is because they had the best search results. Today, other like qwant and sometimes even bing are better. If it was not for Android, the reasons for remaining stuck with Google would have become sparse already. And I daresay Apple is now the less evil option.
Google is still one of the better ones for sure… Apple has gone majorly down the route of proprietary tech, not contributing upstream to OSS they use, not updating OSS they used to regularly ship, and vendor lockin games.
i mean this is like working on the nuclear bomb except you’re eager to drop it on yourselves in the name of corporate profits and ad revenue. virulently disgusting
Everyone, please reach out to your local anti-trust government organization to ensure they are aware of this issue. They cannot do anything about something that they are unaware of. It’s easy to forget that the internet is a bubble and not everyone is clued into it’s issues.
Piholes don’t actually block the traffic. The ads still make it from google to your home network. Pihole just intercepts them and sends them off to nowhere before they get to any of your devices. So I believe they won’t be affected by this.
That’s not true. Pihole voids DNS requests, not the actual HTTP responses. When trying to look up an ad, it tells your devices to look at an unassigned ip address which will then not respond with anything.
DNS response from pihole makes it so your browser doesn’t even make the request to the server providing the AD. A blocked ad via DNS doesn’t make it to your device, and doesn’t even get downloaded from the remote server.
It will be difficult to get around this on smartphones. Those are walled gardens already.
But I wonder how Google plans to make this “feature” for desktop PCs? Won’t work at all on Linux and Mac and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?
and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?
That would be one method, yeah. The attester supplies a kernel driver and uses that to generate the auth tokens communicating with it via some protocol or via scanning memory.
The driver is just chilling in the machine, perhaps even evasive to lsmod, such that the only way to detect it is to have your own driver monitoring for some specific signal before the attestor driver gets installed, and then using that signal to track its installation.
There’s always a way. But, as you say, with phones it’s not as simple.
GrapheneOS or some other ROM on an unlocked Android phone is probably going to be the only way of bypassing it.
I support Google on this one. Digital fraud is out of control. If you guys have a better idea to stop fraud and sustain the web ecosystem, let’s hear it.