CHROME (google) is planing to implement DRM (kinda) into their browser
looks like rendering adblockers extensions obsolete with manifest-v3 was not enough so now they try to implement DRM into the browser giving the ability to any website to refuse traffic to you if you don't run a complaint browser ( cough...firefox )
here is an article in hacker news since i'm sure they can explain this to you better than i.
and also some github docs
You are viewing a single comment
The point of this is so that the user can't modify the site at all, despite what the proposal might say. Their goals and non-goals are contradictory.
Running this content in a container will not protect you. Just don't even try to adapt to it. Reject it completely.
NO, that's not the case.
it doesn't prevent that. did you read that misleading post? All it checks is thay you're running a drm-compilant browser by providing a special token (signed by your device's id and real name from google account) which can be verified by the server.
of course that means that Firefox users will get a worse experience (more captcahas, or get completely blocked) on websites that use this new api.
okay, but what's the idea of a "DRM" compliant browser to you?
because with that vague language, it may be one that the DRM basically blocks out any third-party plugins, extensions, apps or systems from reading, modifying, or changing any website code (which is how most adblocks work); setting the DRM flag may nullify any adblocks ability to even see what is going on with the site as it loads, making it useless - essentially turning the web code into a black box (at least to the extensions) that it cannot interact with, modify, read or even may not know exists at all.
It's security that slowly robs people of their freedom to run whatever they want on their system and interact with the information they receive on any level. It's one step for corporations profits, one giant leap backwards for freedom.
no, the "drm" doesn't actually run 100% of the time, invoked only once to generate the key for server to verify. there's no flag or mode to switch into like with widevine.
I didn't say it does. But for the subject websites, which will be almost all of them eventually, all adblocking or code interactive plugins will be useless.
I can easily see news sites, especially those with any video content, will be impossible to use, because if you look at them without Adblock enabled, they're a mess of ads, it's almost doubtful you can find an article in the page.
This is just laying the groundwork for more unblockable ads.
They also don't want users to be able to use adblockers, that isn't all they're checking for. So this absolutely is the case. Their entire proposal is contradictory.
What I mean is, if the attestor checks the integrity of the site, why couldn’t the unmodified site be ran in a container to trick the attestor?
Possibly, but it sounds like a pain to work with, if I understand the technical details correctly.
Doesn't not being able to modify it would also imply that the information can not be parsed? Thus this consept falls apart immediately as the information would need to be able to be parsed so that it can be rendered?
The browser would need to be allowed to parse it, as they're the ones displaying the content; it would imply, however, that adblockers and other extensions would no longer be allowed.