Your choice of browser matters — Google's Web DRM and the open internet

Grafcube@fosstodon.org to Open Source@lemmy.ml – 627 points –

Your choice of browser matters — Google's Web DRM and the open internet

https://grafcube.codeberg.page/blog/2023/08/06/web-drm-api.html

I wrote this blog post to inform the people I know who aren't as tech savvy or otherwise don't put any thought into their choice of browser. Another goal is to help get enough awareness on the topic and make sure it fails.

@opensource @privacy #webintegrityapi #WEI #google #mozilla #chrome #firefox #chromium #foss #opensource #OpenWeb #privacy #drm #nodrm #drmfree #freesoftware #browser

85

I've been using Firefox as my primary on both desktop and mobile for about 6 years now, and it's usually pretty great. Desktop rarely has problems. On mobile there are a good number of sites with issues though, because devs don't usually test against it as has had a low number of users. But hopefully this revitalized movement to switch will make them have to care. And that said, 99% of the time these sites are still mostly usable, unless the broken thing is important like say a login screen 😅

I've only had like 1 issue on desktop in the last like 5 years. Mobile I've bumped into a few hiccups with forms, sliders, and other elements not working properly. If I can't resolve the issue by requesting the desktop site I go to my computer or Chrome in an absolute emergency.

That said, I'd take a (waaay) sub-1% failure rate any day in exchange for having the joy of uBlock Origin on my phone. If you're on Android, I can't recommend Firefox enough thanks to the add-on support.

The opposite is true. A friend tells me some site is not working for them and they're using Chrome. I open it on Firefox and yup, works fine.

Of course, it's way more serious when the site doesn't work on FF.

@ZephyrXero Interesting. I've personally never had any problems on Android. I use Iceraven since it has more extensions and the only issue so far has been that initial load is often slow (because of the extensions I use).

I have been using fennec and yeah the load is slow only when i have all the extentions enabled but overall a great browser

I have been using in desktop for about a year and it's been great. I had tried mobile a while back and had some issues but with Google's proposals I'm willing to try again.

I have been using Firefox since the release of Firefox 57 aka Firefox Quantum in 2017. I love the browser and most of sites run well in firefox. But there have been a few cases where I had to use a chromium based browser.

Firefox + Ublock origin is a great and awesome combo.

I also use Firefox on android. It is okay, but I sometimes feel it is slow at loading some sites. But it is not a big deal.

Oh, also Firefox is the only mainstream browser on Android that supports installing extensions.

This. I switched to Firefox on Android, because of extensions. At the same time I switched to Firefox on Windows. And I never looked back. The only problem I have is native support for PWA on Firefox for desktops (we can add support with 3rd party app), and backgorund notifications doesn't work on PWAs on Firefox for Android

Weird , I have been using ff , twitter pwa for years and notifs work for me , although i voluntarily disabled notifs now !

Hm... It doesn't work for me on my own app, where notifications are main part of the app. It does work on Chrome for Android and on both Chrome and Firefox on Windows, but on Firefox I never received a single notitication. And all notifications are enabled. I will try to remove and add PWA in firefox again and we will see. Is there some PWA app where I can test if notitications are working? I am not using Twitter.

There is a telegram pwa i think but i use the open source app for that !

I could never browse the internet without mobile firefox and ublock origin.

Unfortunately this is coming and a majority of people are going to happily step on to the train.

Think of it like this: 99% of all apps could have been just web apps in a mobile browser (Hell, a majority essentially are just a wrapped web app) but because of companies offering more/better functionality people choose to use the app.

All that needs to happen is sites starting require DRM functionality for "security reasons" so that the end user can enjoy more features.

A majority of end users don't understand the implications when making choices like these.

@Mindlight but it hasn't happened yet. Getting everyone to switch away from Chrome isn't going to help anyone and that's why there needs to be legal action.

It will because websites will not drop support for 20% of users, they might if it is 3%. This is how product owners make decisions on browser support.

I think its bit late for awareness campaigns now , google will eventually bring the web integrity api , I am very scared about if we will even be able to use new OSes , but i guess a new web with less dependancy may develop !

I was in dehi recently. Poverty is kinda nuts there, but I noticed everyone had phones, even people who obviously had no home. I assume kinda shitty phones, but it makes you realize a bit how important access is. If someone releases an iOS only app with no web version, they're basically saying fuck you to all those people.

Same same for this though. Googles saying "as long as you use our stuff you'll be fine, and why wouldn't you use our stuff because it's free! (Sometimes kinda sorta). And if you're stuck with something else for some reason, fuck you."

"Sure, Chromiums code is available and you can modify and redistribute it. But if you want to send your changes to the main project so that more people may benefit from it, it is ultimately Google’s decision. This is the problem with projects that are not community-run."

Google is asshole. This shows than NOT all open source codes are free as in freedom. Stallman is right.

@grafcube it's very important to push back against google's browser hegenomy just like we did back in the day with microsoft because now it's not just about one company controllin the software to access the majority of the web but the privacy of it.

This new invention from Google has nothing to do with the browser you use. It is an API incorporated into, with Google affiliates and its own, web pages, which allows these pages to block any browser "for security reasons", when it does not have a Google Token incorporated, that accredits it as secure. That is, it is then Google itself who decides which browser is worthy to access the web. It doesn't matter which browser you use, or incorporate this Token in it, or forget about a large part of the internet and anyway about any Google page or service (Gmail, YouTube, GDrive, GoogleMaps, ....). This is the danger that the free internet faces, that Google decides which browser is worth using and which is not, being able to allow only Chrome itself as the only valid browser to access half of the pages on the network, and Game over for everyone else, Chromium, Gecko, WebKit or any other, without Google Token in it no internet, except if some geek comes up with some Fake Token which can be used (complicated)🤬.

For the downvoters, also Firefox and forks need to insert this Google Token in the Browser or die. Because of this Mozilla, Vivaldi and several others have started a protest before the legislator to prevent this crap. In the EU there is already a debate whether or not this is compatible with GDPR and user rights. We'll see what comes of this. It is legitimate that Google provides tools to web pages to protect against entries from bots and insecure browsers, but it is not legitimate that the decision which browser is secure and which is not, depends on this company, only a certificate from an independent technical institution can be valid on technical grounds and not by Google itself for possible commercial reasons.

Yeah I'm completely over to firefox now. I can't help but notice firefox mobile is still a bit sluggish though but eh

Really, Firefox on Android feels much better then Chrome for me. But maybe thats because of ublock.

Honestly the only issue I have with mobile firefox is how it refreshes when you app switch but I think that's more of an android thing :(

Try Fennec

I just switched to Fennec from Firefox Nightly when I found out it also supports custom add-on collections. Works great!

With Fennec you don't need custom collections, you can just install the official add-ons right away.

I'm talking about third party extensions that the Mozilla store doesn't let you install directly, at least the only way I've figured out how to add them is with the custom collections

Yeah on mobile it hasn't been the best experience comparatively so far on its own, but the extensions have made the difference for me. They're planning to open up mobile to a lot more (all?) of the extensions soon and I feel like it's gonna get a lot nicer to use after that. Could technically already use them all via beta or nightly using collections or something, but I prefer to use the release version.

@grafcube @opensource @privacy

Yaaay, time to really push that SearX/alternative-search-engine crusade, because there is more reason for a user to say "fuck you" to the hungry machine.

I was using Brave's engine for awhile but I feel like its results were getting worse. Went back to my own SearXNG instance, it's pretty polished these days.

Did they change stuff ? I was running an instance on my home server , but the server ceashed and didnt get time to reinstate it !

Compared to a few years ago the UI, especially on mobile, looks super nice. Also they added Lemmy support built-in very recently if you use the latest commits.

I generally take a pull from their git and build it on my machines so yeah !

There is no internet without Firefox. There is an internet without Google.

Good article actually! I think non-tech-savvy people will also appreciate some kind of TL;DR

Edit: didn't know Codeberg can host static sites, definitely migrating mine there from Guthib!

@grafcube @opensource @privacy

> But why do you use Chrome?

I can tell why I do. I used to use Firefox but had to move to Chromium long time ago for several reasons:

  1. It was nicer on RAM on a very small machine I had at the time. I think Firefox got better in that sense since then.

  2. Many web apps don't work quite well (or don't work at all) on anything but Chrome. That's a sin many lazy web developers make, and it forces their choice on the users.

The first point is no longer true. The second point is, sadly, quite relevant.

By just changing user agent string you can make the site work on Firefox too!

True for many cases. But I was referring to cases in which the site really acts out because it's optimized for Chrome.

To the second point, as a avid firefox user, I noticed that some Webapps seem to not depend on the Browser alone.

Even in safe mode, some Webapps sometimes work better on different systems than on others using the same Firefox version.

For instance youtube streaming seem to work better on my Linux laptop then on my Windows desktop, where it becomes stuttery. In Chromium there it works as well as Firefox on my Laptop.

What I want to say is that browsers and all the systems around this are very complicated. So your milage with the same browser will vary, and you might blame the wrong thing.

Oh I'm aware of that. Network drivers, GPUs, running processes, etc.

After using Firefox for 20 years, aside of maybe 3 times I never had any problems. So I can't confirm the second point at all

@grafcube @opensource @privacy Very good blog post. I use a fork of LibreWolf called FireDragon with all the settings I used to use on LibreWolf select including blocking fingerprint tracking, total cookie protection, and also multiple containers for sites. Cookies are only saved for sites I specify and the rest are deleted on closure.

I remember WaterFox but this is getting ridiculous.

If WEI proceeds, I won't have a choice of browser. Or operating system.

Excellent write up. Thank you for doing this, I'll share with my whole family and friends.

I use Floorp, works pretty well and has the option to look like Edge which I really like

@grafcube @opensource @privacy I will make some comments to it, when I finished reading. I just want to say u already got some points wrong, Brave plans to continue supporting MV2 too, same for Vivaldi as far ik. Also DuckDuckGo's Browser are not chromium based too, they use the Systems Webview.

Edit: removed the info that Brave will not support WEI, since it got later mentioned in the blog post

The WebView on Android at least is Chromium based though, but I agree its probably best to make that distinction.

Also its breaking sites left , right and center ! Things load on ff much better

@Skimmer I guess, there are still some differences to a normal chromium based browser if a browser operates with the systems webview Integration, which u can also change.

True, that's why its probably good for a distinction to be made, I agree.

What is the Systems Webview?

@hevov It's basically a system component which display web content. Android, Windows and other OS has this.

So you mean DuckDuckGo is just using the default browser engine?

Windows is probably using Edge/Chromium Mac OS is using WebKit.

That what you mean? I only found an Android app of a browser engine called System Engine.

@hevov No, It's using the Webview Implemantion of the OS, which is different than a OS based on chromium. Since it's function differently, probaly is based on Chromium, but is more like a fork of it. Windows has Edge Webview2 (Which isn't that much related to it), Android has Android Webview or Chrome if Webview isn't installed, you can also install alternative Webviews on Android. About iOS and MacOS, I don't rly know. They have probaly smth with webkit.

Anybody knows what happened to the impervious browser?

@grafcube @opensource @privacy So mostly, I agree with what you said, but except the things you got wrong, which I already, mentioned there some other things I wanted to say: You critized Brave for including it's crypto stuff, which is fair, but you said it like it would make it less trustworthy or bad for privacy which isn't true, also u just can disable it and it has also the posetive effect that people who like this crypto stuff, start using a privacy respecting browser instead of the others

@grafcube @opensource @privacy Which I also wanted to say, the only Ads Brave allow are Ads in Search Results as far ik, I never seen any other ads so far while using Brave on Android (on Desktop I have uBO on top), you also said that Firefox has the superior Fingerprinting Protections which isn't rly true, Brave's approach to defend fingerprinting by randomization (giving every website a unique fingerprint every new session, etc.) is pretty effective. While Vivaldi has almost no fingepriting1/2

I am fairly tech savvy and I willingly avoid using Firefox because I despise Mozilla. Thank you for your concerns.

What do you use? And why do you despise mozilla?

I don't really like Mozilla, but how is Google any better? And those are the two options, unfortunately.

And those are the two options, unfortunately.

Exactly. Mozilla is better but not that much. What we really need is a 100% community-developed browser engine sponsored by several large companies that are independent from each other. But seems like it's too late, we're boiled frogs at this point. Although maybe these are the circumstances under which such an initiative could finally emerge.

Developing a community based browser engine that remains up to date with all the updates to the html, css, and javascript standards would require an immense amount of infrastructure and monetary backing. Essentially Firefox's Spidermonkey is the closest we have.

I'd be curious if Mozilla could somehow get enough funding without Google or Microsoft or any other big tech corporate funding/influence and still keep up to date with new features and security patches. Doesn't seem likely though.

Librewolf on Linux Desktop with NoScript, Chameleon, etc. Mull on Android mobile with similar. (Both are firefox based).

I'm on Graphene OS for mobile though, which necessitates the use of Google's Pixel and uses a hardened Chromium based browser called Vanadium. Main dev has criticized Firefox for being insecure in the past, but still use Mull anyway...

You could at least explain why you avoid firefox, so the comment at least is more informative.