Firefox it is again?
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
The problem is that Google has such a monopoly over web browsers that Firefox will most probably have to follow and implement this shit as well.
Smells like "this website is only compatible with Internet Explorer 7 or higher" kind of stuff, those were bad back then, it will be a lot worse now.
> it will be a lot worse now
On the other hand: A website implementing such a functionality does not want me as a user. That's fine. I'll find the information elsewhere or give them useless date from within a VM. Starting and stopping minimalist single-purpose VMs isn't hard nowadays.
It's easy for us as we are tech literate, but I mostly think of the average person that "doesn't care about privacy and personal data". We're also not Google's main demographic. When most websites use this kind of shit, it will be extremely hard for everyone to get away from it.
Firefox has been better for 5 years or so. Please use it. It's good for the open web, it's good for privacy, it's good for blocking ads, just use it, please.
Just switched today - after reading the news.
At this point, I only keep Chrome around for the odd website that only works on Chrome. It's astonishing how quickly Google is burning through good will lately.
Google sees that their business is at risk.
Primarily Google is an advertisement company. And so their top priority is to profile you to serve you targeted ads. Every single product of Google has this number one priority.
Why not show you ads on any of their own websites then, like google docs, forms, slides, etc. I get that they show you ads kn YouTube, but that doesn't have Google in the name. Do they want users to not associate 'Google' websites as being overrun with ads, while trying to that to as many other websites and apps as possible?
The worrying thing is how many websites may accept this standard. We can choose to use other browsers, sure. But the vast majority of users are uninformed chrome users. They won’t see a change in their day to day web usage. But Firefox, and other Chromium-based browsers like brave and Vivaldi are choosing to not adopt it. It’s only a matter of time before ad blocking doesn’t work on those browsers because major publishers implement this to ensure their content is properly paywalled.
Most of the times, the websites check the "user agent string" of the browser. If you can change the user agent to chrome while using those websites, you can eliminate the need of keeping chrome around.
Fuck google
Install Firefox
I've been warning people that Google making up their own web standards will end in disaster, for years.
Who would of thought to let an Ad company running everything would be a good thing.
Your computer should say what you tell it to say - so if I want to spoof my browser and OS I can do that right? Right?
Yes. And you should be able to retain that ability.
The magic words are "user-agent header in http protocol"
Also the goal is not for everyone to spoof everyone else, but the goal is to not trust any information you are given by a browser. A good developer would always find ways to bypass any limits with that so it would be useless anyway.
Write to your country’s anti-trust body if you feel Google is unilaterally going after the open web with WEI (content below taken from HN thread https://news.ycombinator.com/item?id=36880390).
US:
https://www.ftc.gov/enforcement/report-antitrust-violation antitrust@ftc.gov
EU:
https://competition-policy.ec.europa.eu/antitrust/contact_en comp-greffe-antitrust@ec.europa.eu
UK:
https://www.gov.uk/guidance/tell-the-cma-about-a-competition… general.enquiries@cma.gov.uk
India:
https://www.cci.gov.in/antitrust/ https://www.cci.gov.in/filing/atd
Example email:
Google has proposed a new Web Environment Integrity standard, outlined here: https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md This standard would allow Google applications to block users who are not using Google products like Chrome or Android, and encourages other web developers to do the same, with the goal of eliminating ad blockers and competing web browsers. Google has already begun implementing this in their browser here: https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd Basic facts: Google is a developer of popular websites such as google.com and youtube.com (currently the two most popular websites in the world according to SimilarWeb) Google is the developer of the most popular browser in the world, Chrome, with around 65% of market share. Most other popular browsers are based on Chromium, also developed primarily by Google. Google is the developer of the most popular mobile operating system in the world, Android, with around 70% of market share. Currently, Google’s websites can be viewed on any web-standards-compliant browser on a device made by any manufacturer. This WEI proposal would allow Google websites to reject users that are not running a Google-approved browser on a Google-approved device. For example, Google could require that Youtube or Google Search can only be viewed using an official Android app or the Chrome browser, thereby noncompetitively locking consumers into using Google products while providing no benefit to those consumers. Google is also primarily an ad company, with the majority of its revenue coming from ads. Google’s business model is challenged by browsers that do not show ads the way Google intends. This proposal would encourage any web developer using Google’s ad services to reject users that are not running a verified Google-approved version of Chrome, to ensure ads are viewed the way the advertiser wishes. This is not a hypothetical hidden agenda, it is explicitly stated in the proposal: “Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they’re human, sometimes through tasks like challenges or logins.” The proposed solution here is to allow web developers to reject any user that cannot prove they have viewed Google-served ads with their own human eyes. It is essential to combat this proposal now, while it is still in an early stage. Once this is rolled out into Chrome and deployed around the world, it will be extremely difficult to rollback. It may be impossible to prevent this proposal if Google is allowed to continue owning the entire stack of website, browser, operating system, and hardware. Thank you for your consideration of this important issue.
"Don't be evil" my arse
https://gizmodo.com/google-removes-nearly-all-mentions-of-dont-be-evil-from-1826153393
It's been a while since they distanced themselves from that motto.
Well, according to the proposal, it doesn't send it to websites. It sends all your data to an attestation server, AKA Google probably, and the attestation server sends stuff to the website.
Of course it does, how else are they gonna make website owners pay for the data access?
Use firefox with brave or Duckduckgo.
Brave is even worse than chrome. They would sell your mother if they could get away with it.
I still don't understand how Brave became the face of the privacy focused browser. Doing some cryptocurrency related shit is the biggest red flag that an entity should not be trusted now.
Can someone tell me how it can be "tamper proof"? Any encryption key inside chrome can be extracted and used to sign anything the user might want to send back.
The idea is that it would be similar to hardware attestation in Android. In fact, that's where Google got the idea from.
Basically, this is the way it works:
-
You download a web browser or another program (possibly even one baked into the OS, e.g. working alongside/relying on the TPM stuff from the BIOS). This is the "attester". Attesters have a private key that they sign things with. This private key is baked into the binary of the attester (so you can't patch the binary).
-
A web page sends some data to the attester. Every request the web page sends will vary slightly, so an attestation can only be used for one request - you cannot intercept a "good" attestation and reuse it elsewhere. The ways attesters can respond may vary so you can't just extract the encryption key and sign your own stuff - it wouldn't work when you get a different request.
-
The attester takes that data and verifies that the device is running stuff that corresponds to the specs published by the attester - "this browser, this OS, not a VM, not Wine, is not running this program, no ad blocker, subject to these rate limits," etc.
-
If it meets the requirements, the attester uses their private key to sign. (Remember that you can't patch out the requirements check without changing the private key and thus invalidating everything.)
-
The signed data is sent back to the web page, alongside as much information as the attester wants to provide. This information will match the signature, and can be verified using a public key.
-
The web page looks at the data and decides whether to trust the verdict or not. If something looks sketchy, the web page has the right to refuse to send any further data.
They also say they want to err towards having fewer checks, rather than many ("low entropy"). There are concerns about this being used for fingerprinting/tracking, and high entropy would allow for that. (Note that this does explicitly contradict the point the authors made earlier, that "Including more information in the verdict will cover a wider range of use cases without locking out older devices.")
That said - we all know where this will go. If Edge is made an attester, it will not be low entropy. Low entropy makes it harder to track, which benefits Google as they have their own ways of tracking users due to a near-monopoly over the web. Google doesn't want to give rivals a good way to compete with user tracking, which is why they're pushing "low-entropy" under the guise of privacy. Microsoft is incentivized to go high-entropy as it gives a better fingerprint. If the attestation server is built into Windows, we have the same thing.
I just was updating my browser setup on my Linux laptop today, and wanted to install an extension I used to like using a few years ago ... 'TrackMeNot'. I couldn't find it on the Chrome Store at all. I had a feeling why... yup!
Of course they would gin up a reason to suppress a plugin that lets users obscure their search engine activity. Slimy Bastards. At least the extension is still available, and still works, if one locally installs the unpacked version: https://github.com/vtoubiana/TrackMeNot-Chrome
We should indeed all move to Firefox (despite their own stupid issues -- someone please start a new browser engine, even if it's a Herculean task these days!)
> > > someone please start a new browser engine, even if it’s a Herculean task these days! > >
Is your issues with Firefox on the product/foundation itself, or are you referring to the Gecko Engine?
And by "you" we mean "we". And just to be clear, this "we" doesn't include "you".