[wei] Ensure Origin Trial enables full feature · chromium/chromium@6f47a22
github.com
This CL moves the base::Feature from content_features.h to a generated feature from runtime_enabled_features.json5. This means that the base::Feature can be default-enabled while the web API is co...
  • m-p{3}
    1552 years ago

    I’ll keep using Firefox and be extremely vocal about websites that won’t support it. I mean that’s all I can really do.

    • appel
      22 years ago

      Is Brave safe from these shenanigans? Asking for a friend.

      • 133arc585
        192 years ago

        Brave is built on Chromium. So, by default, no they are not safe from this. Without extra effort, Brave will have this feature. I don’t know if its feasible but there’s a chance the Brave devs can remove the code from their distribution, but that’s the best case scenario and just puts them in the same position as Firefox: they get locked out because they refuse to implement the spec.

        • @HughJanus@lemmy.ml
          12 years ago

          I have to imagine they will strip it because if they don’t, it’ll be dead to all of their users.

          • 133arc585
            42 years ago

            It may be dead to its users anyway depending on how forceful Google is with this. If Brave doesn’t work on 98.8% of all websites with advertising or indeed on 49.5% of all websites (approximately Google’s ad network’s reach), it becomes as niche as lynx.

            • @HughJanus@lemmy.ml
              -12 years ago

              Yeah Brave would probably be fucked then. If you can’t have privacy anyway, might as well use Chrome.

          • @honk@feddit.de
            12 years ago

            No brave users don‘t care. Brave proved how untrustworthy they are and in any case their business model is unethical yet they still have a cult like following plus a group of crypto bros that are obsessed with getting digital pennies.

    • @krash@lemmy.ml
      12 years ago

      I know I’m just dreaming, but I really like the Gemini protocol and hope it’ll grow and develop more. It doesn’t have everything, but it’s very close to the "old web’.

          • @floofloof@lemmy.ca
            192 years ago

            That will work until websites start requiring it. At that point browsers like Firefox have to either capitulate and implement Google’s DRM or become unusable for the majority of websites.

            And then we’ll have a web where the corporations have complete control over what you can view and how. Ad blocking and anti-tracking will be things of the past, and corporate websites will have a unique key from your browser to help them track you around the web. And no more hiding your identity behind anonymous browsers over Tor or VPNs.

            So we found out about this about 4 days ago, and when people objected they shut down people’s ability to log issues or comment on the GitHub repo. And now they’re already cramming it into their browser. This is strong evidence that Google knows it’s unpopular and tried to keep it under wraps as long as possible so they could get it into the browser before people had time to react.

            • @eek2121@lemmy.world
              22 years ago

              Let them require it. Search engines like DDG should really begin maintaining their own index, and they should exclude sites that use the tech from the index.

              I can also see Apple taking a stand against this. They have a competing (and much more reasonable) implementation that respects user privacy.

              • 133arc585
                62 years ago

                Search engines like DDG should really begin maintaining their own index, and they should exclude sites that use the tech from the index.

                If this gets implemented, it would ruin the ability for competitor search engines (such as DDG) to exist. If Google convinces site operators to require attestation, then suddenly automated crawlers and indexers will not function. Google could say to site operators that if they wish to run ads via Google’s ad network they must require attestation; then, any third-party search indexer or crawler would be blocked from those sites. Google’s ad network is used on about 98.8% of all sites which have advertising, and about 49.5% of all websites.

                • @floofloof@lemmy.ca
                  22 years ago

                  Even if the effects didn’t go this far (which I agree they quite probably will), it wouldn’t be feasible for other search engines to just exclude sites that implemented Google’s DRM. If Google makes it attractive enough to the owners of major sites to implement this (and it will be attractive if it ensures they get ad views), then no one will use a search engine that omits all the most popular websites. The same goes for non-Google browsers. This is really a shocking attempt by Google to use its own browser’s popularity to seize an effective monopoly of the web.

      • @RagingNerdoholic@lemmy.ca
        372 years ago

        Web dev here. It enforces the original markup and code from a server to be the markup and code that the browser interprets and executes, preventing any post-loading modifications.

        That sounds a bit dry, but the implications are huge. It means:

        • ad blockers won’t work (the main reason for Google’s ploy)
        • many, if not most, other browser extensions won’t work (eg.: accessibility, theming, anti-malware)
        • people are going to start running into a lot of scam ads that ad blockers would otherwise prevent
        • malicious websites will be able to operate with impunity since you cannot run security extensions to prevent them
        • web developers are going to be crippled for lack of debugging ability

        These are just a few things off the top of my head. There are endless and very dangerous implications to WEI. This is very, very bad for the web and antithesis of how it’s supposed to be.

        TBL is probably experiencing a sudden disturbance in the force.

        • TipRing
          42 years ago

          Would this impact web proxies at all? If so, that would entail a pretty huge security change for a lot of corporations.

  • @happyfunball@lemmy.world
    332 years ago

    The Internet in the last five or so years has just been less fun and interesting to use in general. Except for anywhere I can interact with friends, I just don’t really care for using corporate social media sites anymore. I’ve pretty much removed Google from my life except for YouTube and rarely Google Maps, and if Google tries to use this to force ads into YouTube (which I’m sure is going to be one of its uses) then I will just stop using YouTube. I will just stop patronizing any site or business that tries to implement this as a feature to stop my browser choice, OS choice, or my extension choice (which included adblock extensions). I miss the days when the Internet was less corporately controlled than it is now, and I think we need a renaissance of those days.

  • @moonmeow@lemmy.ml
    292 years ago

    hey everyone a friendly reminder that alternatives exist, and just drop this shit fast and move to better alternatives. In this case firefox.

    • @SkyNTP@lemmy.ml
      352 years ago

      The problems start to happen when buisnesses adopt this en masse. Expect all banks to implement this for example. You can use Firefox all you want, but then you won’t be able to do online banking.

      Standards are really fucking important to help people stay functional in a society. This is one area that the ANCAP mindset just gets it totally wrong, unless you like the idea of being a hermit.

      Anyway, we are already seeing some websites basically reject browsers like Firefox because they basically give the consumer too much protection and freedom. Arguably we’ve seen this before, but this may be a new tier of corporate lockout of open standards as consumer protection gets thrown in the trash. Thanks America.

      • deweydecibel
        172 years ago

        This needs to be pinned at the top of every single threat about this. Far too many people are just saying “Well I’ll just keep using Firefox”. They do not understand the gravity of the issue.

      • @HughJanus@lemmy.ml
        -72 years ago

        I don’t think that checks out.

        Firefox only exists because it’s primarily funded by Google. It’s funded by Google to ensure they actually have some competition and avoid becoming a Monopoly.

        If they kill Firefox or otherwise make it unusable they’ll be shooting themselves in the foot.

        However, if it ends up being a bad experience that no one wants to use, well that’s not on them and they have no responsibility to fix it.

        What will likely happen is Firefox will also adopt this DRM.

        • @GlitzyArmrest@lemmy.world
          72 years ago

          Mozilla does not exist because of Google. Google doesn’t have controlling power over Mozilla, nor do they have power over the many forks. It’s hilarious that you think a company would give a shit about being a monopoly; that’s what they strive for. This stupid take has been going around for years, and I’m sad to see it spread to Lemmy.

        • @barryamelton@lemmy.ml
          42 years ago

          Oh, you. I remember you from another thread the other week, saying how Chromium is not Chrome and that this would never happen. Hi. It is happening. Also, I remember telling you to stop moving goalposts, which is what you are doing here.

          Microsoft would be happy to pay Firefox to set Bing as default (has happened in the past already) so even your goalpost moving is moot.

          Come on, wake up.

    • ModularTable
      92 years ago

      The issue isn’t that we have no alternative, it’s that this feature will basically eliminate those alternatives sadly. You can read more about it here if you haven’t, but it’s bad.

      • @moonmeow@lemmy.ml
        62 years ago

        For sure, I agree and it’s bad. But frankly unsurprising. This is the trajectory of the internet: greater control.

        We’ve become too dependent on centralized tech companies and erred in allowing tech companies to change, define, and control the internet in the first place.

        Alternatives must be promoted in mass scale.

    • @blterrible@lemmy.ml
      82 years ago

      When websites start blocking clients that don’t implement the wei handshake, you’ll be forced to use one that does if you want to visit those sites. Firefox will either adopt it or become a second rate browser.

    • @HollowNotion@lemmy.world
      32 years ago

      As pointed out above, individual use of Firefox doesn’t really do that much. Especially when Firefox already doesn’t work properly for some sites. Plus, lots of people (myself included) need to use Chrome for work. This shit sucks.

      • @cyberwolfie@lemmy.ml
        22 years ago

        I’m do not experience any of these improper working sites. My daily driver is Librewolf, where this sometimes occur, but when it does, I just switch to vanilla Firefox, and everything is fine.

      • @moonmeow@lemmy.ml
        22 years ago

        for work purposes, ok fine. but personal purposes i’d try and steer clear as much as i can.

        My general point is we should use alternatives whenever possible to discourage this kind of centralized power developing in the first place.

  • deweydecibel
    252 years ago

    As an aside, I know we’re not supposed to care about Reddit, but the lack of this news getting any attention over there is just depressing. Hell the Firefox sub hasn’t had any posts in days apparently.

    • AtemuEnglish
      42 years ago

      Not directly but this could be an antitrust case in some places.

    • MuchPineapplesEnglish
      162 years ago

      Chromium, not chrome. Which means also Brave, Edge, Opera, Vivaldi and a lot more. Basically only Firefox and Safari are left as the big non-chromium ones.

      But that’s not the worst of it. Even if you tear out this code, more and more websites will be built that rely on it. Which means Firefox etc also need to include it to keep functioning.

      • @Rivers@lemmy.ml
        22 years ago

        Well, you can’t say not chrome because it does include chrome, yes, it extends to other browsers using the same codebase, I understand I’m well versed. Either which way, fuck google

  • @vomitaur@lemmy.world
    142 years ago

    i’ve been using a samsung chromebook plus since it launched until now… and it’s end-of-support next month. being a typical human with low funds for new gear, i WAS considering a new chromebook of some kind. The chrome drm bullshit doesn’t effect me too much as I use this mostly within the linux container, or firefox android version… however, I realize i need to take a stand and not financially support these tyrants.

    so, what are my options? a pinebook running debian? are there any good netbooks out there? I don’t use this thing for games or streaming media at all - mostly ssh, some browsing, etc. it’s about time I take the final steps to de-goog my life.

  • @aksdb@feddit.de
    72 years ago

    Can someone ELI5 how this could prevent a fork of Chromium from just not playing nice and telling the website “yeah yeah, it’s all untempered *wink wink*” and then still remove/alter stuff as it pleases?

    Edit: ok I think I got it … it’s basically the server that decides if it trusts the judgment of the client or not. Can’t wait to see that cat-and-mouse game going on 🙄

    • @that_one_guy@beehaw.org
      22 years ago

      it’s basically the server that decides if it trusts the judgment of the client or not. Can’t wait to see that cat-and-mouse game going on

      This is partially correct. The server will check that you have a valid token issued by a trusted third party, who will almost certainly be Google, Microsoft, or Apple. When you connect to the web page, your browser will give this token to the server and say “hey look I’m legit.” The token will have enough information on it to identify that it is relevant (being provided by a client that matches the hardware it is meant to verify) as well as a cryptographic signature that verifies it is in fact from the trusted third party. So it’s less the server trusting the judgement of the client than it is the server trusting the judgement of whatever third party is attesting to your system.

    • @DrQuint@lemmy.world
      22 years ago

      Yeah, I can imagine a fork of chromium existing that takes all the data and does the rendering pipeline “”“normally”“”, but then on the side does something completely different and shows THAT to the user, while giving the server an idea that nothing is wrong and what it is doing is just normal chromium stuff.

      But such an idea will be done entirely by enthusiasts, slowly, on an obscure basis. For the majority of users, that will never even be a conceivable notion of something they can do with the internet. Itll never be something you see on a top, mainstream browser.

      In other words, Google wins.

    • @narwhal@lemmy.mlOP
      172 years ago

      The biggest problem is if Google can influence all the major websites (banks, e-commerce, news sites, streaming services, social media, etc) to adopt this standard.

      They’ve done it before with AMP.

  • @FreeloadingSponger@lemmy.world
    62 years ago

    I don’t understand. Isn’t someone just going to fork Chromium, take out this stuff, put in something that spoofs the DRM to the sites so that adblocking still works?

    • 133arc585
      62 years ago

      Isn’t someone just going to fork Chromium, take out this stuff,

      Yes, upstream Chromium forks will likely try to remove this functionality, but

      put in something that spoofs the DRM to the sites so that adblocking still works?

      This is the part that is not possible. The browser is not doing the attestation; it’s a third party who serves as Attestor. All the browser does is makes the request to the attestor, and passes the attestor’s results to the server you’re talking to. There is no way a change in the browser could thwart this if the server you’re talking to expects attestation.

      • SokathHisEyesOpen
        112 years ago

        This violates just about every single open web principal that allowed Google to gain so much power. When they changed their motto from Don’t Be Evil, to Do No Harm, they obviously chose deception. Their new motto should be Do Whatever is Profitable, or more succinctly Be Evil.

      • @FreeloadingSponger@lemmy.world
        52 years ago

        I don’t really understand how that’s possible. The browser gets a token from the third party, and passes that token to the server to “prove” it’s running the DRM. The server then passes code back to the browser. At that point, why can’t the browser just cut out the DOM elements which are ads?

        I don’t understand how code I write on hardware I run locally can ever have it’s hands tied like this.

        • @schroedingershat@lemmy.world
          42 years ago

          It won’t be your hardware in a few years if this goes through. The code will run in a secure enclave and you won’t be able to access your bank or log in to government websites if you control the hardware.

        • 133arc585
          12 years ago

          I see what you’re saying. I read it as implying the browser would fake the attestation token. I don’t know the answer, but if their (stated) goal is to stop bots and scrapers, I have to assume it wouldn’t be so simple. After all, a lot of bots and scrapers are literally running an instance of Chrome.