Google Tries to Defend Its Web Environment Integrity as Critics Slam It as Dangerous
techreport.com
Attacks and doxing make me personally MORE likely to support stronger safety features in chromium, as such acts increase my suspicion that there is significant intimidation from criminals who are afraid this feature will disrupt their illegal and/or unethical businesses, and I don't give in to criminals or bullies
Kick a puppy
Get attacked for kicking a puppy
"These attacks make me MORE likely to keep kicking puppies, as I don't give in to intimidation from criminals and bullies that want healthy puppies for their nefarious ends."
They’re literally burning bridges after crossing them huh. Web scraping is illegal? Their fucking search engine was powered by a web scraper.
WEI is plain anti-competition to me now. Most, if not all, of their stated reasons are now just facade to me.
Fuck Google. I know this isn’t constructive or helpful, but fuck em.
Google gained control of the web by populating the world with Chrome/Chromium and wants to strong arm the web as a whole through it. Climbing the ladder and pulling it up from underneath them, with their fisted approach to Manifest V3 the beginning salvo.
For Google it's just another day in the office.
Embrace, Extend, Extinguish.
Google is the new Microsoft.
The standard “but it’s different when we do it” principle. It’s a powerful tool.
The reality distortion fields are strong around those Google statements
I can’t even see Google from here (reality)
Quick correction: website scraping and ad blocking is not unlawful. It both is a means to make the web more accessible and the latter also reduces CO2 emission through reducing electricity usage from irrelevant ads. The same case could be made for web scraping as a user can make their own feed of news without having to sift through hundreds of pages. This as well can be done in a way that does not disrupt the pages‘ normal function.
That is where the two larger issues come in:
The „pay for information“ is largely a phylosophical problem. It is no problem to pay for someones book or online course but the blanket statement that one has to pay for it is false. As an open source developer I give my work freely to others and in turn receive theirs freely as well (if they use the appropriate license of course).
We really have two sides forming. The „open internet“ crowd that works together for free or maybe accepts donations and the proprietary crowd which is having a huge influence right now.
Google putting in web DRM will cement that situation and make it possible that you can only use vanilla stuff on your browser and ultimately even shutting down any access to open source things completely by making it impossible to run on ubuntu since google will only accept windows clients (this is a possible outcome, not a guaranteed one).
All in all, we are unable to perfectly anticipate the outcome of this but if we see great harming potential, it is fair to weigh it agains the potential benefits (which is the lofty goal of weeding out bots and scammers). I think the cost benefit relation is heavily tilted here.
TL;DR: Tinkering with your browser is not illegal and should be allowed to continue. The cost of (potentially) weeding out bots and scammers is not worth potentially ruining the open source community.
I work with cultural heritage and have the strong believe, that information should be open and easy accessible. Citizen have a right to access to knowledge and to educate themselves unter their circumstanses. But of course the Infrastructur cost money and this should always be a discurse between all parties. And not been dictated by major companies.
It is a really hard fight for museums, archives and libaries lately. What do you do when your electricity bill jumps up to 5 million during the war in the ukrain?
We need to unite and search for ways to keep the Internet accessible.
I can relate. People like you are the structural pillars of our society.
I‘m not familiar to the laws concerning cultural heritage but some of the museums should be partially tax funded, no?
Thanks 😊
Mostly you are right, of course it depence on the country. a lot of institutes are tax funded, but the cost can't be covered just with that. Rent, wages, special rooms for the heritage... the new competitor is everything digital: a homepage, a database, social media. Museums need all of that to stay relevant. but the budget stays the same.
(And of course we depent on open data, to reduce thr dependence on big tech companies)
The war has shown how fragile this is. Cost of electricity had boomt, but there is no room to reduce it. Paintings, glas, it all needs their own temperature. But explain that to someone who is just Management. We scientist/ academics have a weak basis for negotiation, when the administration wants to save money. In my country cultural heritage is clearly not a priority, that leads to institutes having no money and losing relevance. Which is dangerous for the variety of knowledge.
Thanks for giving me the space to shortly explain this. I think we all need to work together to make the web, the heritage accessible! 😤
Sure. You‘re welcome.
It’s heartbreaking how humanity treats its heritage especially given the extreme advancements of the last 100 yrs.
If you feel like your country does not do enough, consider writing letters to your local politicians and explain the situation. Often, people overestimate the amount effort it takes to make a difference with humans.
Good luck.
Plus adblocking should be basic security posture these days. Does no one remember pop up ads delivering spy/malware? Still happening today, why should I allow a site to display ads that are intended to cause harm to my person and property. Does the ad service or site using it have no responsibility to safeguard their users against these threats when removing their ability to defend themselves?
Yes, I remember the malicious popups from the past. In fact, some installers put non hazardous but still unwanted software of your pc while concealing it as just another page of things to accept (like avira for example). It’s all just harvesting that sacred attention and precious data. This is why it needs to stop. We don’t need to accept this. We can actually work together (open source) to advance and improve instead of letting someone use us for their gain while holding a carrot on a stick in our face.
Doesn't Google scrape websites? Isn't that the entire purpose of google.com? If that were illegal, then Google would be the biggest offender. The author should probably look where he's pointing his gun before firing it.
It sounds like the author is getting their points mixed up. It is not unlawful to scrape websites but google kind of makes it look that way which is inherently bad. There’s no two ways about this. Google needs to step back from this.
Is it just me or are Twitter, Reddit, and now Google, scrambling to lock their doors to any entities trying to scrape the web for new AI datasets?
All these hugely unpopular decisions, taken on short notice, that may be fatal to their platforms, seem to be more like knee jerk reactions to protect their treasure hoards of possible AI input data.
Opinions?
From a consumer perspective, it seems like all the FANG conglomerates are trying to shut the stable door after the AI horse has bolted, but perhaps from an industry perspective, their just trying to pull up the ladder behind themselves to curb competition, or stall any emerging upstarts, just like most FANGs where themselves only decades ago.
FANG isn’t really an accurate word anymore.
It’s MAAA: Meta, Apple, Alphabet, Amazon.
You're missing Microsoft, it's bigger than Meta.
oh, MAMAA
They can try and reinvent themselves all they'd like, but I can't be bothered to keep up with their rebrandings if they can't be bothered to commit and sell off the domain name. Something something sacrifice, something, law of Equivalent exchange. /s
Bonus: it sounds like a scream of terror.
Didn't the N stand for Netflix?
Yes, but Netflix isn’t in the same class anymore (High growth, dominating their relevant fields, diversification). Nvidia may fit.
Netflix was (and imo, should still be) there because of their tech. Netflix was years ahead of other companies in terms of their backend engineering when the term was coined, and in many ways they still are.
They don’t employ the people who made their backend so special anymore. Not one of their original chaos engineering team work there anymore, and Brendan Gregg (Hooray for learning BCC/perf!) is over at Intel
Lmao Netflix is nowhere in the near these behemoths
well FAANG used to be mostly a shorthand for the big companies you might want to work at as a software developer/engineer.
not necessary because of the size of the company, since Microsoft is obviously missing from it.
It was actually about the stocks. Microsoft wasn’t a part of it because they weren’t “new”. I’m pretty sure Microsoft is actually in the new tech-stock-group.
After it was popularized as a group of tech stocks to buy, people just used it to talk about the biggest software companies, and a lot of devs I talked to (myself included) kinda implied Microsoft when we said FAANG. And while those companies did tend to pay higher than other devs, I think it’s pretty understood that comes with expectations and stress. None of my dev friends would ever wanna work in that environment.
you are right it does come from Stocks, I only ever heard it used as the place lots of new people aim to work at over at /r/cscareerquestion
No problem! That means you get to be one of todays lucky 10,000. They were definitely sought out positions. It did eventually enter common discussion as just a group of tech giants that pay higher than others. That’s why Microsoft was always implied for me.
There were tons of people who’d get a couple years in at one of the major companies and then just use that experience to work wherever they wanted and enjoy themselves. I couldn’t see myself working for one of those companies though. I think it’d be cool to work on some of the stuff they work on, but it seems like the work culture has gone down hill from when Google used to be considered an awesome place to be a dev.
You do know that FAANG is an acronym for Facebook, Amazon, Apple, Netflix, and Google, not a type of company. Saying "...like most FANGs [sic] where themselves only decades ago" makes no sense as far as I can read it.
My phone keyboard spelling aside, when the acronym was first coined, correct, but it seems to have sence devolved into more of a colloquialism for large scale tech related corporations, outliving the precise corporate restructuring that once comprised the old acronym. At least that's what I've experienced in my workplaces, as well as the comments here:
Was there a equivalent house hold colloquialism for IBM, HP, Xerox, Bell System, etc. back in the day?
I just prefer that people actually are precise in their language to make things as clear as possible. Saying "FAANG-like companies" is precise and correct, saying "FAANGs" is nonsensical. I would always use FAANG as that acronym, if you just want to mean "Big Tech companies" then just say that instead. It's a lot more clear to a lot more people who don't share your tribal-speak of your workplace. People federated here are from a lot more places and making it easier for everyone to know what you're actually meaning should be a good thing.
Language is inherently messy, localized, and ephemeral, so it could be unwise to expect that kind of conformity on the global internet. It can be jarring, for example tech folk here in the EU seem to use corporate slang a lot differently than when I was working near SFO or DFW, we're I'd suspect the greater non-homogeneity of native speakers, as compared to the US, had a lot to do with it.
That aside, I think we merely disagree on the colloquial use of FAANG in 2023, as (from my anecdotal perspective) it seems to have semantically shifted into a categorical noun in common vernacular, rather than a once precise acronym from a decade ago, given most of the conglomerates behind the initial spelling have either re-branded, fallen in stock valuation, declined in labor desirability, or whatever else that had originally garnered acclaim and publicity. In that respect, pluralization of such a noun seems mundane, if not a little odd looking for typographical formatting.
Perhaps this could be coined as another stage of acronymization, or "acronym drift"; the process by which an acronym's original expansion and meaning become less relevant or obscured over time, and the acronym itself is treated and used as a regular word, independent of its original expansion. This can happen when the original meaning of the acronym is no longer relevant, but the acronym continues to be used and recognized based on its familiarity. An example that comes to mind is Google's original acronym for the QUIC protocol, which is no longer used to mean "Quick UDP Internet Connections", as was initially proposed.
It seems to me that you missed my point.
Fair enough. I just wanted to point out why you may see others, or news outlets, refer to tech giants, such as Microsoft, as FANGs or FAANGs given the historical context, regardless of how one may prefer to grammatically re-phrase such nonsensical statements. E.g:
I my experience the people running large companies are idiots who got their position by brown nosing the right people so it doesn't really surprise me. Google is pretty well known too for coming up with stupid ideas they scrap in a few years
Hopefully this is just another idea they scrap and they don't follow through with it.
They want to close the AI market
Eh... nothing's happening with Twitter outside of Elon being dumb as hell, as per usual.
The proposal is bad enough as it is, but it’s the duplicitous gaslighting BS that really pisses people off.
If they came out and said “We came up with this thing to prevent loss of revenue on ads and prevent LLMs from capturing data” then people would still be against it, but at least it would feel like an honest discussion.
Instead it’s just another page out of Google’s playbook we’ve seen many times already.
For what it’s worth I blame W3C as well.
Their relatively young “Anti-Fraud Community Group” has essentially green lit this thing during meetings as can be seen here:
https://github.com/antifraudcg/meetings/blob/main/2023/05-26.md
https://github.com/antifraudcg/meetings/blob/main/2023/07-07-wei-side-meeting.md
W3C is in the palms of Google anyway.
I did not know this. I always likened them to the EFF, an organization that aimed to make things better. Never in a million years would I have thought they were just shills for Alphabet 🙁
Google has been the W3C since Chromium
"WEI can potentially be used to impose restrictions on unlawful activities on the internet, such as downloading YouTube videos and other content, ad blocking, web scraping, etc."
WTF. Most of these activities are actual lawful in the country I life in. (Especially with adblockers, the content mafia tried to outlaw it and failed in court, several times.)
All of them are lawful
not to mention that every single thing your browser is displaying has actually been downloaded. it's conceptually impossible not to be the case...
Did the author of the article come from some dystopian parallel universe?
Yeah, violating TOS or EULA unlawful? Unbelievable bs. Imagine a world where users become criminals for routine and innocuous activities because of shifting TOS that no one reads and is intentionally impenetrable and user hostile.
Sad truth, this is not a new idea. Glad folks are looking out for this and setting precedent against that nonsense. (PDF warning, but a good read)
That's a good initiative from google to put more tracktion behind firefox again. Its userbase and amount of supporters will skyrocket!
It really won't, but I wish it would.
You’re right that it won’t. I will say that I switched from Firefox to chrome when it was still in beta (nobody I talk to ever remembers the “goats teleported” metric). Chrome was way faster. It didn’t handle memory well, but it was the best for me for a long time. The extensions were great.
I just downloaded Firefox on all my devices and I’ve been happy so far. Not as fast as chrome or edge, but gets me closer to leaving google.
I've been using Firefox since before they released their "Quantum" update, thankfully, and it's been quite good for me since then. Still though, we're going to need way more people switching to make a dent in Chromium - if it's even possible at this point.
It's also difficult to 'leave' chromium when many of the alternative browsers are based on the engine.
I love Vivaldi, but at it's cute it's running the Google web engine. This is also going to be part of the problem.
There are very few non-Google web engines, and even fewer being used by other browser makers.
No, it won't.
Upvoted to keep attention on this thing, but that really was a vacuous article with almost no real information in it.
Yeah, I found the discussions on HN and the debates in the Google group mailing list ("Intent to Prototype: Web environment integrity API") much more interesting, but didn't hot link the latter in the OP post to limit brigading. Although that mail list archive is made publicly accessable.
Google must have forgotten when they sued Microsoft for trying to corner the browser market for Internet Explorer. Or maybe they are two faced.
Companies have only one goal, more profit. Both actions here work to that goal.
No no, they sued because they were behind.
Now they are not. Nothing wrong anymore.
That was for tying IE to Windows, and it was also done while there were paid web browsers competing with them. Then they forced OEM PC makers to bundle IE or get dropped as a customer for Windows licenses.
I mean "either use a Chromium browser or you can't display or use the site" sounds pretty similar to me.
Couldn't agree more
However, unlike bundling a browser by default, you'd need to get a lot of websites to agree to "be normal" and support multiple browsers properly.
Then they went and made Chrome OS.
Companies never sue because of idealism or values. They sue to get an advantage.
Same as Musk, who is publically harshly against government subsidies for companies. Unless he's the recipent.
What exactly is the attestation checking? As far as I can tell it is a TPM assertion possibly that you have secure boot enables and that the browser has not been tampered with. Is there anything else? I looked in the Github page but alls that I saw was placeholders. Is this documented somewhere?
I think it's up to the attestor. So in theory it could check anything from what you described (most likely) to requiring that all users have a background image of Ronald McDonald (less likely).
It's TPM based on Android yes from the look of it, their article mentioned the Play Integrity API. So at least on phones it can potentially require a locked bootloader running the vendor's OS completely unmodified.
That makes a lot of sense. Not sure how that would work on Windows where users typically run with admin credentials. Yes, I cannot modify the boot loader, but with admin credentials I can do many malicious things to your traffic in between the browser and the OS, up to and including attaching a debugger to your browser process to see kernel memory.
I know it is possible for Linux to pass secure boot in some cases, so in theory it could be possible for there to attestation on Linux systems, but this suffers from the same flaw as Windows since users have root access.
In the end the only thing this will do is prevent someone from using curl or cli tools to access a site that requires attestation. Will this prevent bots? I am not certain. You could in effect guarantee a 1-1 relationship of users to TPM/Secure Enclaves. This would slow down bot farmers, but not stop them.
Chinese bot farm with 100's of physical smartphones -> https://youtu.be/aSESD6rm54o
IMO, requiring a TPM for any kind of attestation wouldn't do much because they can be procured in the tens of thousands for not much money at all. Then they use an SPI bus to communicate, so you could basically build a cheap device that only multiplexes dozens, hundreds, or thousands of TPM on a single physical host.
The real sham of this, to me, is that Google's talking nonsense about ensuring the client device is "trustworthy" for whatever their criteria means. But in reality the client needs a real assurance that the site it's visiting isn't malicious, serving malicious content, or otherwise collecting data that could be used for malicious purposes. Google has directly failed two of those three for many years, and one of them is their entire business model. Where is our protection from Google?
Maybe Google should use their clout to work against DRM online, and push back on the insatiable corporate greed of most of the content creation corporations? Especially those busy cutting down trees to prevent striking workers from getting shade?
Adding on to this, what of people in sanctioned nations? Google, as a US entity, is compelled to adhere to US law and to sanction nations that the US deems should be sanctioned. What about activists in those nations? What about targeted populations in those countries? What happens when a minority group is targeted by a hostile government and that government demands logs of device tokens accessing information the government doesn't like? This idea is nonsense on so many levels, and such a 180 degree turn from how the internet has developed over its existence.
Here is an alternative Piped link(s): https://piped.video/aSESD6rm54o
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source, check me out at GitHub.
Off-Topic: I saw this same exact post in lemmy.world.
Are some posts posted cross-instances? How does that work.
I think if the local and remote instances are federated - for posts submitted to remote communities that have subscribers from the local instance - posts to the local instance can be annotated with
cross-posted to:links, whenever the local instance is aware of other federated posts that have a matching URL in other OP posts.A single OP can manually cross post to other communities using the
cross-postbutton next to the title of a post, although that will auto populate the body text of the new post with quoted text from the original, as well as an embedded hyperlink to the original.So coss-posts can be both auto detected by Lemmy, or manually created by OP(s).
What's this website that you linked to? It seems like Reddit or lemmy
Hacker news is based on an old version of Reddit. It's a great community for tech & programming news.
Thanks I had no idea! Seems really simple and clean
If you have to resort to false equivalences like these, you're not really making the anti-WEI crowd look good.
*Edit: * There's some massive misunderstanding about my comment.
I called it a false equivalency because it's comparing both the measures ("stronger safety") and the thing is supposed to prevent (doxing and bullying) to puppy kicking.
That's just emotional manipulation done badly. We all call it out when politicians use pedophiles to warrant Internet surveillance, and now apply it ourselves? I don't know about you, but when I see bad reasoning, I'll call it out. Even if it's done by "my side".
Analogies are inherently false equivalences.
It's illustrating the problem with the argument, not equating DRM technology with puppy kicking.
Though, for the record, this is one of the few situations where humanity would have been better off if Google had simply paid their web engineers to go out into the world and kick animals all day long instead.
Both support stronger safety features in chromium and criminals and bullies got equated to kicking puppies. That's why it's a shoddy attempt at illustrating their reasoning.
I think the comment that
the_legois replying to also highlights the false equivalency of calling the anti-WEI crowd as criminals, as was not a good look for Google.That is an analogy.
The analogy being, do something objectively bad, get called out for it, double down because you don't like getting called out for it.
No one is equivocating anti-wei people to puppies.
There's some massive misunderstanding about my comment.
I called it a false equivalency because it's comparing both the measures ("stronger safety") and the thing is supposed to prevent (doxing and bullying) to puppy kicking.
That's just emotional manipulation done badly. We all call it out when politicians use pedophiles to warrant Internet surveillance, and now apply it ourselves? I don't know about you, but when I see bad reasoning, I'll call it out. Even if it's done by "my side".
No, it was not a comparison, it was an ANALOGY.
"A relationship of resemblance or equivalence between two situations, people, or objects, especially when used as a basis for explanation or extrapolation."
The important word here is resemblance. This is an analogy showing a resemblance, not a comparison.
Ok.
This is quite a bit worse than kicking a puppy. Of course, it's horrible when puppies get kicked but ultimately they will be on. This, on the other hand would be a major set back to humanity, potentially permanent as our rights and privacy are erroded day by day.
Agree