Privacy @lemmy.ml BlackEco @lemmy.blackeco.com 1 yr. ago

Mozilla opposes Web Integrity API proposal

github.com /mozilla/standards-positions/issues/852

45 comments

Can anyone eli5 this?
- Google (The company behind Chrome) wants to create a type of DRM for web pages. Google claims that this will help with things like bot traffic, spam, etc.
  
  Mozilla (The company behind firefox) is opposed to creating this DRM because it has no benefit to the end user and is likely to be harmful to the openness of the internet.
  
  Not just chrome, but also the lead contributor to chromium (the underlying system in Edge, Brave, etc.)
  
  But does Mozilla's opposition have any final say in the thing getting implemented in the standard?
  
  The only real benefit to users that I can think of is that it could eliminate the need for captchas.
- If you aren't using Firefox yet. Start, ASAP.
  
  Google tried to exert control on the internet with web manifest v3 and now again here. Letting google dictate web standards is a mistake. Using Firefox shows companies they need to support more than chrome.
  
  If people really can't live without Chrome/brave/..., install an extension to change the use agent to firefox and support the cause that way 😄
- Essentially the standard is saying that anything attempting to connect to the web must provide an attestation that it's representing a human.
  
  Mozilla opposes it because it's another barrier for new tools to implement, and there is no evidence that bots wouldn't just say 'yeah, I'm a human!'
  
  So no benefit, and more barriers
  
  If it wouldn't be good at proving users are human, there are probably other motives at work, like putting Google in charge of approving or blocking every piece of web content and every browser for viewing it, and removing the user's control over how the content is presented.
- Google wants to be in control of the web, through their browser chrome. Mozilla is saying that Firefox won't support Google's blatant power grab.
- Google wants to add a feature to the browser where a website can (in a fairly confident and secure way) ask about key facts about the browser environment in the name of security. The kinds of details may be like: What is the browser in use? Has the browser been altered? Are certain plugins active? What kind of OS is in use?
  The exact details aren't really defined yet, but the idea is to be able to provide confidence via answers to these types of questions to the website so they can make decisions based upon these details.
  
  People are (very much rightly) strongly against this since it will only really result in locking down web functionality to environments in the name of security, and there will be a lot of collateral damage in the process while helping browser monopolization.
  Using this, websites could lock their use to certain browsers (much more than what's already possible). Websites could prevent access if certain plugins are enabled (think privacy or adblocking plugins). Websites could prevent access to linux users because "they're probably hackers".
  
  Ultimately, this represents a big change into the insight & power a website has in regards to the user browser environment, and is a big risk to the open web, hence why Mozilla are against it.
  
  Blocking ad blockers has to be the real reason behind this convoluted bullshit. Google gets the lion’s share of its revenue from ads. The whole thing is a Trojan horse destined to make things better for them at our expense. The mere proposal is already accelerating my shift away from their products.
- Mozilla opposes a proposal because it goes against their principles and vision for the Web.
  They believe that any browser, server, or publisher that follows common standards should be considered part of the Web.
  Standards are designed to be independent of specific hardware or software, allowing for a wide range of devices, operating systems, and browsers to access the Web.
  This diversity of choices promotes accessibility and overcomes personal obstacles.
  Mechanisms that restrict these choices harm the openness of the Web and are not beneficial for users.
  
  The proposal's use cases rely on the ability to detect non-human traffic, which could hinder assistive technologies, automatic testing, and archiving and search engine spiders.
  These tools require access to content intended for humans in order to transform, test, index, and summarize it.
  The proposed safeguards are unlikely to be effective and fail to address these concerns adequately.
  
  Mozilla acknowledges the importance of addressing fraud and invalid traffic but finds the proposal lacking in practical progress for the listed use cases and highlights clear downsides to its adoption.
  
  Credit: https://chatbot.theb.ai/ just another version of https://chat.openai.com/ without the need to sign-up.
- Google wants to implement a system that will check if the version of the website that you have loaded on your computer is identical to the one that was intended. They say this will prevent fraud and improve security, but the most relevant impact for end-users is that ad blockers and any other customization you do to websites will prevent you from accessing critical Internet services. The fear is that Googles massive share in the browser will allow them to push this through regardless of consumer opposition.
- Basically, the proposal will allow websites to check if there is a real user on the other end, instead of a robot. It uses a DRM style token system to do it. The problem is that this would restrict the web to just those browsers that have an implementation of the DRM. The only implementations of the DRM available are from Google, Apple, and Microsoft. Anyone not on a browser approved by the big 3 would no longer be able to use the web.
  
  It won't check people are a real user, only that they are using the enforced software. Many bot farms will use the correct software. One was recently found in Ukraine and it had shed loads of sims and hardware. They will easily meet and pass the tests.
- Best ELI5 I've read so far is https://arstechnica.com/gadgets/2023/07/googles-web-integrity-api-sounds-like-drm-for-the-web/
- I don't know how technical you are but it looks likes this is a security token api to validate the trust of the environment. I believe that google is trying to propose a universal standard for everyone to use.
  
  I think Firefox is standing negative because they want choice not 1 standard. This is the best I can do without going down a rabbit hole
  
  Edit: link to another post
  
  https://beehaw.org/post/6801832
  
  I don't think saying Firefox/Mozilla is against standards is a fair assessment.
  
  https://mozilla.github.io/standards-positions/
  
  What they state is that this specific proposal means more hurdles to access the internet as an end user with no clear benefit, as it doesn't really achieve its stated end goal of reducing spam/bots/etc.
This is why they dropped "Don't be evil"
Google is so big that it can't be avoided. They shouldn't have a monopoly on the internet. I am surprised they haven't been hit by anti trust laws along with the other big tech.*
- Not sure I understand the down votes. Google is proving to be a scourge, and I agree they need to be stopped
- They get hit by anti trust every day but for Google its just cost of doing business. Google is bigger and powerful than some government so Googs don't give 2 shits about anti trust.
So Say We All
- So say we all!

You've viewed 45 comments.