It depends how websites choose to implement it, and how other browsers choose to implement it.
If Firefox et.al chooses not to implement browser environment integrity, then any website that chooses to require strict integrity would completely cease to work on Firefox as it would not be able to respond to a trust check. It is simply dead. However, if they do implement it, which I imagine they would if this API actually becomes widespread, they should continue to work fine even if they're stuck with the limitations on environment modification inherent to the DRM (aka rip adblockers)
Websites will vary though. Some may not implement it at all, others may implement a non-strict integrity check that may happily serve browsers that do not pass the check. Third parties can also run their own attestation servers that will report varying levels of environment data. Most likely you will see all Google sites and a majority of "big" websites that depend on ad revenue implement strict integrity through Google attestation servers so that their precious ads don't get blocked, and the internet will become an absolutely horrid place.
Frankly I'll just stop using anything and everything that chooses to implement this, since we all know Google is going to go full steam ahead with implementation regardless of how many users complain. Protecting their ad revenue is priority 1 through 12,000 and fuck everybody else.
I feel like I fully lack the words to describe what I mean here, although I’m confident in my understanding of the idea. (Which is to say, please give me charity when untangling my rambling.)
I share your sentiment and I’ve been thinking about this the past few days.
I’ve read in a few places that Musk is trying to turn twitter into a ‘one-app’ in the same way that WeChat is. The common pushback against that is that we already have that - it’s the web browser. The web browser isn’t going anywhere.
But turning the browser into a closed ecosystem that Google gets to set the standard for, harvest the data for, advertise through, and ensure that users are locked in to their version of the experience/data that they collect essentially makes Chrome the one-app.
In much the same way that google killed XMPP, Microsoft used its weight to hamstring open document formats - this seems like an effort to thread a rope around the neck of the open internet and use google’s considerable market share to close off the open internet.
Somewhat ironically, we may find ourselves in search of a ‘new, open internet’ if corporations continue to define our current internet.
Maybe we’ll call it “Web 1.0.”
I think Google will try, but we all know how it will end. Google and other for profit companies have this stage where they become “anti user” and just care about squeezing the more money out of everyone with no regard to the experience or the value they keep providing.
At that point Chrome will be a terrible experience and users will be looking for alternatives. Not the passive users, but the world is full of users who don’t just sit there seeing everything getting shittier and shittier every week. A large enough portion of users will hear about a better place and get curious.
Nah not just one company. Reddit, Twitter, basically every social media, streaming services, every site adding stupid ads and auto playing videos, etc. It all adds up
Fully agree, I was just trying to keep it relevant to Google. All that shit needs to be dropped. As people realize that rather than free, all that shit is really expensive, maybe they'll make a move.
The vast majority of internet traffic these days goes through a few different portals. Pretty much the few biggest sites. Google/YouTube, Facebook/Instagram/Whatsapp, Tiktok, Reddit, Twitter("x")
Most people connect through these through some type of application on a mobile device. Most of these users couldn't tell you what DRM was or what web standards are. They don't care, they just wanna look at funny videos and get updates through clickbait headlines.
These people aren't going to boycott anything. The same thing that reddit is in the process of doing - killing off the old users and considering their power over the average apathetic user - Google is essentially going to try and do.
It's a scary time. The internet we all grew up with it irreversibly changing.
Neutral like electricity. It is a force that can be used for good or bad. Google is trying to harness that energy for its own profit and control. I wasn't referring to the structures created to administer it. That is another can of worms.
This. Like for real. I might be in a minority here but but I'm not going to just accept this crap and deal with it. If you implement these changes and your site is not absolutely essential for me then I'm going elsewhere. If 90% of big websites become unusable with my browser then I'm going to hang in the rest 10% with my like-minded folks. I don't care that it's quiet and much more slow paced, it's still better than the shit everyone else is serving and frakly better for my mental health aswell.
I spent like 2 to 3 hours on reddit every single day for 10 years. Then they killed my favourite app and I just quit then and there and haven't looked back. I have no problem doing that again.
I have a weak grasp of this, but a developer working on this responded to some criticism.
If the developers working to implement this are to be believed, they are intentionally setting it up so that websites would have an incentive to still allow untrusted (for lack of a better term) clients to access their sites. They do this by intentionally ignoring any trust check request 5% - 10% of the time, to behave as if the client is untrusted, even when it is. This means that if a website decides to only allow trusted clients, they will also be refusing trusted clients 5% - 10% of the time.
The relevant part of the response is quoted here:
WEI prevents ecosystem lock-in through hold-backs
We had proposed a hold-back to prevent lock-in at the platform level. Essentially, some percentage of the time, say 5% or 10%, the WEI attestation would intentionally be omitted, and would look the same as if the user opted-out of WEI or the device is not supported.
This is designed to prevent WEI from becoming “DRM for the web”. Any sites that attempted to restrict browser access based on WEI signals alone would have also restricted access to a significant enough proportion of attestable devices to disincentivize this behavior.
Additionally, and this could be clarified in the explainer more, WEI is an opportunity for developers to use hardware-backed attestation as alternatives to captchas and other privacy-invasive integrity checks.
I mean, the same thing that is happening right now, right? The point would be that websites would not be built to only allow trusted clients-- it would still have to allow all clients. If they wanted to remove this 10% thing, it's not like the entire web would instantly stop being built to allow untrusted clients.
I'm not sure this is true (keep in mind: weak grasp). This 10% would push websites from specifically blocking untrusted clients-- but if they got rid of the 5%, it would not magically change all the websites to block untrusted clients. They'd still need to update to do this.
I don't want to come off like I'm defending this though-- I really just don't know enough to say.
Thats such a weird clause to include and is likely just a honeypot. Why even bother allowing unverified browsers to connect, since it invalidates the entire purpose of the trust system? If any bad actor can simply choose to not use the trust system while still having full access, then the system is less than useless for its stated purpose (catch bots/bad faith traffic, ensure no malware) and serves only to decrease the speed and experience of legitimate users.
That opt-out clause won't last a year once it's mandatory in Chromium.
An attestation method that randomly fails in 5-10% of cases makes no sense. It's not attestation anymore, it's a game of dice. This is blatant rhetoric in response to the DRM criticism. Nobody sane would ever use such a method.
I confess I don't really understand how it is supposed to work if it's designed to randomly not work haha. I really hope I've made it clear that I lack knowledge in this.
The purpose is to make it so websites don't require a trusted client. If they took that away after the fact, the websites wouldn't magically switch to requiring trusted clients, wouldn't they? It would still need to be updated for this. So we'd be pretty much where we are now, with a software change and public outcry about it.
That sounds nice but there's no guarantee they'll implement it, or if they do, that they won't just remove it someday down the road. This could just be a way for them to avoid criticism for now, and when criticism has died down a bit, they can just remove it.
Maybe this thing will evolve into two webs. One where the majority using Chrome will be, mostly busy watching ads and reading the shitty sites Google has picked for them.
But another where browsers who don't support this can be. Stuff like Lemmy and forums and other things run by individuals with an interest and passion.
We would still need to use chrome for the official stuff like our bank's or office websites, but there would be another world out there for people who refuse to accept being subjected to this shit. Alternative websites would shoot up and became popular.
However, if they do implement it, which I imagine they would if this API actually becomes widespread,
The problem is, is not really possible to implement it in a truly open-source browser, since anyone compiling it themselves (including distro maintainers) would fail the check unless they perfectly match a build approved by the attestor. If it differs from the approved version, that's specifically what WEI is intended to prevent.
The original top level domains were only .com, .net, .org, and .gov. Your fancy country top level domains were never part of the original internet plan.
You're missing the point. Lemme test yet another thing (do not click if this pops up as a link)...
google.bullshit
^ See, I don't know what dot nonsense they do and don't accept anymore, but I'm gonna make an educated guess before I post that for at least some users that'll display as a link.
Either way, et.al is used frequently in legal documents, at least in the USA. And they retrofit their new top level domains to old documents where it was never used as any sort of link.
et.al should be banned, literally for all previous legal court documents.
That's on you, not the internet or google. As has been pointed out, dot al is a TLD for a country. Just because you can't type properly and didn't spell check yourself, doesn't mean the internet is doomed.
Of course I make typos :) But .al is the top-level domain of a country. This is the original purpose of the system. If you type something that looks like a valid domain, and this is a valid domain, why not make it a link? Maybe I mistook your point all along. Why don't you think this should be a link?
I would agree that we have too many useless TLDs, and Google did help in spreading more domains, but I just don't think this is a case where it applies.
You can tell me what's incorrect all day long. Doesn't matter. Many people can't spell to save their life, plus autocorrect likes to screw with people as well.
If one accidental character is the difference between a legal term and a link, the world is soon to be fucked.