looks like rendering adblockers extensions obsolete with manifest-v3 was not enough so now they try to implement DRM into the browser giving the ability to any website to refuse traffic to you if you don’t run a complaint browser ( cough…firefox )
here is an article in hacker news since i’m sure they can explain this to you better than i.
and also some github docs
Ad Blocking is cyber security
Every once in a while I help a family member or friend out with their machine and am stunned when I see the web without an adblocker. It honestly reminds me of the malicious early 2000s porn and “free downloads” sites… but it’s everywhere now, like cnn and eBay and shit. First thing I do is install Firefox and ublock origin, and mostly for their security.
Youtube has also been running basically porn ads on “for kids” youtube channels as well and my kindergarten aged niece and nephew have been exposed to that shit. Adblock is 100% cyber security AND for kids safety.
100% agree. The few times I have to turn off uBlock because it is breaking some obscure website it is always an awful experience. Auto-playing videos, ads taking up half the screen, and those annoying as fuck cookie banners. I can’t imagine using the internet without an ad/cookie blocker. I accidentally turned it off on Lemmy for a while and it was the only site that I didn’t immediately notice.
It’s always nice when you look at uBlock Origin and it says
connected: 1 out of 1
19/19 right here on lemmy.ca
Huh? When I visit lemmy.ca, it also shows me 1/1
Opening the debug console shows that it connects to other lemmies, like the originating one here, lemmy.dbzer0.com.
I said this in another thread, but a lot of the internet is unusable without uBlock Origin IMO.
and am stunned when I see the web without an adblocker.
True, True, it’s damn near unusable. You take it for granted what a job your blocker is doing for you.
You remember browser toolbars? People would have 3 of them at once, having no clue where they got it from nor how to remove it.
Good times.I installed uBlock Origin on clients computers when I worked at Geek Squad, even.
It kinda makes sense. All the people who know better already use an ad blocker so they don’t know what it’s really like and all the people who don’t know to use an ad blocker don’t know any better and that’s just what the internet looks like.
What company was running those ads on “kids” channels?
The FBI recommends using an ad blocker: https://www.ic3.gov/Media/Y2022/PSA221221
Malvertising (a portmanteau of “malicious software (malware) advertising”) is the use of online advertising to spread malware.
It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.
Because advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, more safety precautions, or the like.
Malvertising is “attractive to attackers because they ‘can be easily spread across a large number of legitimate websites without directly compromising those websites’.”Just as noscript and pop-up/new tab blockers are.
That’s the point ofc.
Quiet parts out loud.
A better quote
We need more browser options, not just Firefox and 20 versions of chrome.
Google Chrome (v42.12.0183, MULTi5) [FitGirl Repack]
It’s going to be very annoying to find new cracks every week
Just google it.
Excuse me but would you happen to have the link to the 100% real ONE LINK no-fake MegaUpload version?
No! LOL! Who still uses direct links? Get with the times man. The kids these days are torrenting. (they’re not zooming around in Elden Ring, it’s just a piracy term)
–>since everyone is confused about this i’m gonna try to explain as best as i could and also clearing some misconceptions:
1# why this is such a big deal ?
if this gets implemented AND it gets widely adopted websites now can refuse to give you content if you are running a non complied browser, remember those website that say “oh you are using an ad blocker so disable it to access our site” they can detect this by various methods but ultimately all of them rely on running a JavaScript into your browser. which you guessed it, its easy to modify and tamper with manually or using extensions
now what WEI-API does is that it can verify the integrity of the web page ( JavaScript/HTML/CSS has not been modified ) and even tell the website what extensions - ad blocker detected no content for you - you are using and what browser you are using - firefox or brave detected no content for you - and do not be fooled into thinking that this can be spoofed. and website owners who think that they are running a business not a charity will implement this.
2#will using firefox save me?
if this gets widely adopted and you inevitably encounter a website that require this ( for your job ,school or your bank ) you have no choice but to use chrome just like when your banking apps refuse to work because your phone is rooted which means that SAFETY-NET is broken
3#why this is a threat to begin with?
this is only viable if the web adopt it so why bother?, well guess what google is famous for making its services very easy to integrate and well documented just look on how easy it is to integrate google analytics and google adsense* into websites and how many of them use it in the internet.
4#what can we do to prevent this?
this is my personal opinion but i think we simply can’t, this not like the reddit incident were very large portion of the user base was upset most people don’t know/care/give-a-fuck about web technologies and how they work.
#and Finally “but google said they don’t plan to use this to fingerprint you (Device ID) or track your browser history or interfere with the work of extensions”
do you really believe that a company like google whose bread and butter is advertising would not make it easier for themselves, a company who has been exposed time and time again for lying and having ulterior motives ( you don’t need to look far just look into what manifest-v3 did )
remember those website that say “oh you are using an ad blocker so disable it to access our site”
I can easily imagine this not being a necessary, anymore. Just let the website using this WEI API automatically disable all browser extensions on a WEI-enabled site. Why not, after all? Why should you dictate the traffic you receive on your computer? Why should you own anything?
I will happily stop visiting any website that demands I use an approved browser.
Well, those of us who care all say that but I for one have to access government and banking websites in several countries, if they implement this I have no choice. This abomination must be prevented in the first place.
You can use Chrome for those websites if they completely break, and Firefox for everything else.
Banks and government websites don’t tend to have adverts.
Do you require ad blockers with these? This use case sounds like the intention of the feature, not like the perversion we’re headed for now.
Agreed.
We can criticize the EU, but they would not allow or force people to install Chrome in order to access government web sites.
You won’t have a choice if it’s a bank or your job. This is the truly insidious thing, if enough important websites start demanding the standard, you might just end up forcing yourself off of the internet with that attitude
There would have to be very significant reasons for a bank to do that.
Like what? The only reason I’ve seen is laziness. Several banks in my area still require IE for some of their more elaborate online services. It’s typically limited to business users, but they’re still requiring it; to the point where they have a team of support agents that remote connect and reconfigure edge to run an IE-mode tab to the site, and install all their malware on your PC to make the service work. With the proper effort the whole thing could be reduced to little more than a chrome/firefox/opera/edge/safari/whatever extension…
But they don’t. because they’re lazy.
What Banks do this? USAA doesn’t, and that’s what I use.
I’ve zero issues swapping banks if needed.
On the consumer front, almost everything has a web interface layer over the grotesque monster that actually runs the services.
For any business accounts, banks are an entirely different monster. If you’ve only ever used consumer services, you’ll never know the disgusting mess underneath it all. Banks have only done this much for consumers because if they didn’t, they would have either lost, or never attracted any of the modern generations to their services, namely millennials, and all those who came after.
The older generation for the large part, is happy to continue using IE, and walking into a bank to do whatever they need to… But starting with millennials, having browser agnostic web based services to do simple things like bill payments, account to account transfers, balances and transaction records, and most don’t need much more than that.
One of the more recent, and possibly most egregious examples was a cheque scanner for a business, which was a USB attachment to a client’s workstation for bringing in payments in bulk, rapidly. Think about it like the mobile cheque deposit in your favorite banks app, but on steroids. The bank provided the cheque scanner, and a business login page for the service. The way it operated, from what I could see, is that it required special drivers from the bank for the device, and a series of custom ActiveX plugins, which, as expected, only work with IE. The entire process was essentially to take a high resolution scan of the cheque, and dump the image into the website (I presume, securely), to submit the payment to the bank. This process would be complete in a matter of seconds when it’s running correctly. From what I saw from what the bank technician did, remotely, was to load the site in edge, force it to display in an IE tab, then adjust the drivers and signing of ActiveX control to validate and submit the scans.
The mobile deposit does the same but much slower, potentially taking minutes to capture the cheques image and fill in all the details, per cheque. Meanwhile this process could literally process a dozen cheques in the same amount of time. What kills me is that mobile deposit is basically the same thing and they have the structure for it already. It should be relatively trivial to adapt the process to use the cheque scanner to submit the images of the cheque, compared to basically having to registry hack each client computer to work with the antiquated system instead; but they do it anyways.
I was asking for a list of Banks, not multiple paragraphs I’ve no interest in reading.
All of them.
Partly. Financial applications aren’t so easy to update for some valid reasons. No only do youave to implement the whole application on a new stack but also validate and extensively test them for flaws, things that have already been done on the ond application over many years.
Thats why some high end financial systems run on archaic architectures that needs to be emulated for lack of hardware.
Similarly for large enterprise applications that rely on decace old releases of OS and platform only performing security patches to mimimise breakages.
Its too simple to chalk it up as lazy.
So you’re taking your experience, with banks only local to you, and extending that as a blanket statement for all banks…
Please list all these banks near you that require IE?
I’m a totally separate person, and I can also verify that forcing business users to use IE for certain services is definitely a thing.
I’m not sure what your point is? It’s not necessarily going to apply to ALL banks, but it’ll probably apply to SOME of them, and that will suck if it happens to be your/my bank.
oh, I also want to point out that you completely ignored my question; you said “There would have to be very significant reasons” and I asked what that was, and instead of responding with a clarification on what is required as a reason for a bank to actually do the thing, you attacked my position asking for more clarity on which banks were actually doing this, I’m sure in an effort to minimize the scale at which my experience is relevant, yet other lemmings have already chimed in to say that they have also witnessed the same lazy behavior.
Classic misdirection. So, what justification is required for banks to actually innovate? The only thing I’ve seen from banks is them trying everything they can not to; so I’m genuinely curious what justification is required to actually make a bank do something.
I used to work at a credit union in IT. I can confirm financial institution laziness knows no bounds. Separate from their laziness is the vendor compatibility. I can’t count how many vendors do not update their software to run on modern browsers and relied on specific IE instances. Adding to all that is just the institution itself having decades old hardware and software because modernizing things can be incredibly expensive. The core my company used was incredibly outdated Unix and required a ton of different middleware just to make sure we were compliant where absolutely necessary. If it wasn’t necessary nothing got done. And that’s better than a lot of banks that could be running on some COBOL based core. Completely redoing the core will affect every middleware crap solution they’ve patchworked together to keep running over the past few decades and will be insanely resource, cost, and time intensive.
Even these days at my current company I run into this shit. Huntington bank requiring IE for check processing, or SAGE DB software requiring 2013 Access or else it won’t work. These are huge companies still utilizing outdated piles of garbage.
Please list all these banks near you that require IE?
yes.
You won’t have a choice if it’s a bank
Time to find a new bank.
your job
I’m self employed so I aint worried about that.
They don’t need everyone to comply, just the vast majority.
Which is why it’s important to encourage and educate as many about it as possible now.
I’m already locked in, I have to use google products daily for work as my work email and drive is all done through google. There’s no moving off that unless I leave my job and even then there’s no guarantee.
Fuck man, this blows.
… Until all the sites you absolutely need to use in order to *function in society *require approved devices with proper tracking.
So you fight it now by switching away from Google as much as you can.
That won’t help when you must use it for any online access to (for example) your bank, any loan application, school enrollment, car maintenance, online shopping, tax filing, airline tickets, passport renewal, license3 renewal, mortgage payment, etc., etc .
I will as well, unless it’s necessary for work/school, or to participate with the government, or not using it will isolate me from friends and family.
Google has close to absolute control of the internet, which is now an essential tool to participate in society. The amount of power they have is insane, it rivals governments.
Stop using Google products I don’t know how else to fucking say it.
Chrome -> Firefox Drive -> sync or Dropbox or any number of options Sheets and productivity tools > libre office or Apache open office YouTube -> Invidious or even better, odysse Google search -> duck duck go, SearXNG, StartPage, etc Gmail -> not a ton of great options. I’d probably recommend proton mail but the FOSS email world is definitely lacking, or gets blocked or goes down, harder to self host etc.
How is the worlds biggest ad distributor also the worlds biggest browser maker without it being an anti-trust violation?
Because it is legal in the US to bribe politicians and this company has a lot of money
Also doesn’t help that half the people supposedly in charge of cracking down on this kind of thing in the US belong in an old folks home. Most of them don’t even comprehend the issue.
I’m surprised I haven’t heard any pushback on it from the EU though.
Because the majority of legislatures think Chrome is the Internet
I’ve met plenty of people who can’t differentiate between facebook and the internet, or the term “wifi” and the internet - literally calling ethernet a “wifi cable”.
The people in charge barely understand enough to put on their own pants sometimes, yet they’re pushing legislation like they’re fully informed, and most don’t even read the brief about a new law before voting on it; literally voting along party lines because that’s what’s expected of them. They’re mostly braindead as-is; and you expect them to differentiate between the internet, a website, and a browser?
They should, but I really don’t expect that much from anyone who is elected.
Don’t forget that one dude who said 72 hours wasn’t enough time to read a 99 page bill
Hilarious.
Well anti-trust would get in the way of profits, you see
Remember when browsers just browsed…
deleted by creator
Yeah, sure, it’s always the same story:
- Chrome adds a shitty anti-user “feature”
- Firefox users say “no come to firefox we don’t have that!”
- 3 months pass
- Firefox adds the same “feature” because it’s the standard now!!
I’m a Firefox user myself but I really hope something new comes along that actually cares about its users
You’re saying this like Firefox is adding the shitty standard because they want to, and not because Google used their monopoly to force adoption of the shitty standard forcing Firefox to follow suit if they don’t want their users to have a broken experience.
If Google introduces a shitty standard to YouTube and Firefox doesn’t adopt it, do you honestly think users are going to care or understand and blame Google? No, they’ll get pissed because they think Firefox broke YouTube and they’ll move to Chrome.
This exact situation played out with shadow DOM, Google implemented it into YouTube while it was still a draft standard, so all non-Chrome browsers ran worse because they had to use a polyfill.
That is why we’re telling people to stop using Chromium. If they didn’t have this monopoly none of this would be possible. Mozilla has some issues as an organization, but do honestly you think the better choice is letting an advertising company decide how the web works?
Mozilla has some issues as an organization
What is that actually?
What are the issues I have with Mozilla? They’re floundering with little direction and seemingly incompetent management.
They laid off a bunch of their key engineers while they continue to increase the CEO’s compensation. They keep making half baked decisions with regards to features and marketing that don’t seem conducive to their core offering, like the Pocket integration. They completely killed PWA integration, that only works now with an extension and third party software. They retired BrowserID. They orphaned Thunderbird. There’s probably more I’m forgetting.
Thanks for explaining. I wasn’t updated with all of these. I just use their browser. And thought they are some nice company.
No for-profit is nice, but they are the lesser shit of the two choices we have. Remember that the Mozilla Corporation is a for-profit, the Mozilla Organization is a non-profit. There is a clear conflict of interest between those two entities.
I do and will continue to use their browser because it’s the only choice I have if I want to stand by my principle of supporting a free and open web.
This is exactly why everyone should use fully idenpendted browser like Firefox
This is exactly why everyone should donate to Mozilla so they can stop being reliant on the Google search deal in Firefox.
The sad part is Mozilla is more of a political organization than just the developers of Firefox now. So you’re donating for their lobbying, not just browser development.
Firefox needs new ownership. But it’s kinda hard considering how big of a project a browser is nowadays.
not just browser development
Not even a single dime can go towards FF development, as it is done by a Corporation (Mozilla Corp.) which can’t legally take donations.
You can’t legally donate to Firefox, as it is developed by a Corp (Mozilla Corp.).
Donations go to Mozilla Foundation, which does… other things with you money (advocacy and, frankly speaking, a lot of unrelated crap) In other words, your money don’t go towards FF development, so you may want to think twice before donating.
“Do no evil.” …unless it’s projected as profitable, in which case, evil that shit up!
I see so many comments from people saying they’ll jump ship if Google adds this to Chrome. They’ll move over to Firefox right away. But the thing most people don’t know is one reason Google has such a broad reach is they make it so crazy easy to integrate their services for developers.
So, yes, users who dislike what they’re doing should stop using Google products if possible. But, more importantly, developers or project managers, etc. should all resist the urge to utilize this kind of feature even if it’s easy.
What do you mean? Gcloud is definitely not “easy” when compared to others like AWS. Also I think it’s common sense to avoid google products because they tend to abandon ship in a few years.
I completely agree.
Would you like to follow me on G+ ?
Google & Microsoft are famous for copying what all the other companies are doing and then letting it all die.
Hello from Zune land.I mean Google has very convenient libraries that developers can add to their apps/websites like libraries for ads, A/B testing, crash reporting, push notifications, etc. Even using one’s Google account for SSO in an app just leaks a tiny bit of data for Google to suck up. I think the average phone user is unaware of how even non-Google apps can have Google code, even for iOS. Obviously, this is worse for Android since Google Play Services is installed on almost all Android devices.
This kind of feature is likely to be cloud agnostic, so Gcloud vs AWS isn’t really what’s up for debate.
They’re likely referencing the ease of adding something like google analytics to a website, where you include a url in the code for a page and you’re done.
Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots.
Won’t you think of the poor poor ad companies?
Users like visiting websites that are expensive to create and maintain
Do they actually, or is that just all they have to visit anymore? Would users not be happier visiting a bunch of cheap geocities pages with blink tags instead of tracking cookies?
It’s all about how far we can push the user and how much the user is willing to pay. Gotta squeeze and close all avenues of escape, so they tolerate some more.
Unfortunately all the masses want is maximum ease of use, full stop. Just look at the Reddit exiles -
“Welcome to Lemmy, pick a server any server be a winner”
“WTF IS THIS NERD SHIT SIGNUP TOOK MORE THAN ONE ACTION ON MY PART RIP LEMMY LONG LIVE REDDIT IS LEMME JUST REDDIT YET NO FUUUUUUUUU”
Sadly you’re right. Every migration from phpBB to Digg to Reddit filtered the people who made a minimum effort to understand the platforms, and now we have this.
And I remember all the people who were not programmers, and could still setup and administrate their own phpBB…
Half the internet now seems to be bots creating content purely for the enjoyment of other bots. Typing any kind of difficult question into a search engine will now have you dodging a minefield of AI generated articles, none of which contain any useful information other than what they’ve scraped from other AI generated pages.
So true. I want to bang my head against a wall whenever i get a problem and the first three result pages are the same different article scraped by AI. To make matters worse, it’s almost always some speech about corruption followed by dism /fixnow
Thats what chatgpt solves.
Nobody considers the plight of the humble sprawling multinational corporation and their army of lobbyists.
Wait, is this google basically admitting they’ve been scamming advertisers by taking their money to show ads to bots?
Time for me to start donating to Firefox. Need to do my part to make sure Chrome doesn’t complete its monopoly
You can’t legally donate to Firefox, as it is developed by a Corp (Mozilla Corp.). Donations go to Mozilla Foundation, which does… other things with you money. In other words, your money don’t go towards FF development.
However in theory the more self sustaining the Foundation is, the less the Corp needs to support it.
I believe under US laws, it’s the opposite. The more donations a nonprofit receives, the more money it can earn though for-profit subsidiaries. I.e. the more donations, the more money the foundation can take out of the corporation.
Ofc both are interested in a sustainable relationship though.
I don’t think it works like this. Anyway, your money, your choice.
Good to know
Except websites can just drop support for incompatible browsers.
So then stop going to those websites. It’s a viable way to protest.
Yeah, but be realistic. They aren’t going to miss us, the 7% who already block ads and mostly don’t pay for anything, anyways.
FireFox already supports DRM. Sites like Hulu/Netflix already refuse to work without it
Yet another vitally important front in the war on general purpose computing (it’s a short and important read imo)
Fuck Google, and fuck DRM.
Thank you for that read. That honestly gave me a lot more perspective than I had, and that speech was quoted from over a decade ago!? The more I know, the more I realize how much I don’t know… but hot damn. I know it’s been a fight, but “a war” really does seem more apt
What a read, wow. Thanks for sharing!