Request for Mozilla Position on an Emerging Web Specification Specification Title: Web Environment Integrity API Specification or proposal URL (if available): https://rupertbenwiser.github.io/Web-E...
Google (The company behind Chrome) wants to create a type of DRM for web pages. Google claims that this will help with things like bot traffic, spam, etc.
Mozilla (The company behind firefox) is opposed to creating this DRM because it has no benefit to the end user and is likely to be harmful to the openness of the internet.
But how can it trust you’re a person when it just confirms that you’re running an in-modified site. It takes a hash of the site, then make sure your local view of the website matches that hash.
This disables add blockers, custom css, etc; but I don’t see how this standard would prevent bots…
It’s not just checking that you’re running in an un-modified OS, that’s just one part of it.
It doesn’t disable ad-blockers or custom css btw. And anyway, websites can already detect when you’re using an ad-blocker and not show you their content. This isn’t needed for that.
Somewhat. Webstandards are voted upon, and I believe Mozilla is part of those organizations.
However Google could always choose to ignore web standards and do what they want. And due to their massive market dominance this would effectively enforce this overnight for over half of the internet.
The reason they may not, is the EU would take them to court over that. The US no longer believes in stopping companies from ruining shit though.
Google tried to exert control on the internet with web manifest v3 and now again here. Letting google dictate web standards is a mistake. Using Firefox shows companies they need to support more than chrome.
Google wants to add a feature to the browser where a website can (in a fairly confident and secure way) ask about key facts about the browser environment in the name of security. The kinds of details may be like: What is the browser in use? Has the browser been altered? Are certain plugins active? What kind of OS is in use?
The exact details aren’t really defined yet, but the idea is to be able to provide confidence via answers to these types of questions to the website so they can make decisions based upon these details.
People are (very much rightly) strongly against this since it will only really result in locking down web functionality to environments in the name of security, and there will be a lot of collateral damage in the process while helping browser monopolization.
Using this, websites could lock their use to certain browsers (much more than what’s already possible). Websites could prevent access if certain plugins are enabled (think privacy or adblocking plugins). Websites could prevent access to linux users because “they’re probably hackers”.
Ultimately, this represents a big change into the insight & power a website has in regards to the user browser environment, and is a big risk to the open web, hence why Mozilla are against it.
I don’t know how technical you are but it looks likes this is a security token api to validate the trust of the environment. I believe that google is trying to propose a universal standard for everyone to use.
I think Firefox is standing negative because they want choice not 1 standard. This is the best I can do without going down a rabbit hole
Can anyone eli5 this?
Google (The company behind Chrome) wants to create a type of DRM for web pages. Google claims that this will help with things like bot traffic, spam, etc.
Mozilla (The company behind firefox) is opposed to creating this DRM because it has no benefit to the end user and is likely to be harmful to the openness of the internet.
Not just chrome, but also the lead contributor to chromium (the underlying system in Edge, Brave, etc.)
The only real benefit to users that I can think of is that it could eliminate the need for captchas.
It really wouldn’t
If the point is so websites can trust that you’re a person then the captchas aren’t needed.
But how can it trust you’re a person when it just confirms that you’re running an in-modified site. It takes a hash of the site, then make sure your local view of the website matches that hash.
This disables add blockers, custom css, etc; but I don’t see how this standard would prevent bots…
It’s not just checking that you’re running in an un-modified OS, that’s just one part of it.
It doesn’t disable ad-blockers or custom css btw. And anyway, websites can already detect when you’re using an ad-blocker and not show you their content. This isn’t needed for that.
I don’t even trust that I’m a person sometimes.
But does Mozilla’s opposition have any final say in the thing getting implemented in the standard?
Somewhat. Webstandards are voted upon, and I believe Mozilla is part of those organizations.
However Google could always choose to ignore web standards and do what they want. And due to their massive market dominance this would effectively enforce this overnight for over half of the internet.
The reason they may not, is the EU would take them to court over that. The US no longer believes in stopping companies from ruining shit though.
If you aren’t using Firefox yet. Start, ASAP.
Google tried to exert control on the internet with web manifest v3 and now again here. Letting google dictate web standards is a mistake. Using Firefox shows companies they need to support more than chrome.
Google wants to add a feature to the browser where a website can (in a fairly confident and secure way) ask about key facts about the browser environment in the name of security. The kinds of details may be like: What is the browser in use? Has the browser been altered? Are certain plugins active? What kind of OS is in use?
The exact details aren’t really defined yet, but the idea is to be able to provide confidence via answers to these types of questions to the website so they can make decisions based upon these details.
People are (very much rightly) strongly against this since it will only really result in locking down web functionality to environments in the name of security, and there will be a lot of collateral damage in the process while helping browser monopolization.
Using this, websites could lock their use to certain browsers (much more than what’s already possible). Websites could prevent access if certain plugins are enabled (think privacy or adblocking plugins). Websites could prevent access to linux users because “they’re probably hackers”.
Ultimately, this represents a big change into the insight & power a website has in regards to the user browser environment, and is a big risk to the open web, hence why Mozilla are against it.
I don’t know how technical you are but it looks likes this is a security token api to validate the trust of the environment. I believe that google is trying to propose a universal standard for everyone to use.
I think Firefox is standing negative because they want choice not 1 standard. This is the best I can do without going down a rabbit hole
Edit: link to another post
https://beehaw.org/post/6801832