Author Topic: Google's web DRM?  (Read 4369 times)

0 Members and 1 Guest are viewing this topic.

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 8276
  • Country: de
  • A qualified hobbyist ;)
Google's web DRM?
« on: July 25, 2023, 03:34:07 pm »
Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web: https://arstechnica.com/gadgets/2023/07/googles-web-integrity-api-sounds-like-drm-for-the-web/
 

Offline ConKbot

  • Super Contributor
  • ***
  • Posts: 1400
Re: Google's web DRM?
« Reply #1 on: July 25, 2023, 04:58:11 pm »
Please use your digitally signed browser install, with locked down extensions, with you real name windows account, tied to the tpm module on your system to ensure the OS hadn't been modified in unauthorized ways.
Trust us bro, it's for your own security.
 
The following users thanked this post: amyk

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Re: Google's web DRM?
« Reply #2 on: July 25, 2023, 07:06:49 pm »
No no no no! It is a freaking web browser.

Sounding like a joke to me that they want firmware control of the device.

I remember Microsoft trying something like this with Edge and this integration thing I turned off some years ago when it was bringing up suggestions of file usage in history. With that disabled it seemed brilliant at first until the next update they introduced animated skeleton placeholders on the menu causing a 4 second delay in like history and favourites.

The only time I might consider something like this is with a bank on a separate device used only for that where liability is involved but with the tpm module, demanding email and device/profile account name, windows account etc and I wouldn't want that either with the intrusion I find goes so deep.

Every time I do a search I start with DuckDuckGo, then Google.

I hope one day it catches up.

Quote
Issue #134 calls the idea "absolutely unethical and against the open web.

I am not going to an don't want to, create an account, fill in and do a whole load of things, sign in, download an app, sign into that and have constraints and restrictions imposed on my device depending on how they feel.
« Last Edit: July 26, 2023, 01:23:09 pm by MrMobodies »
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15800
  • Country: fr
Re: Google's web DRM?
« Reply #3 on: July 25, 2023, 10:23:42 pm »
You will own nothing. ::)
 

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Re: Google's web DRM?
« Reply #4 on: July 25, 2023, 11:32:40 pm »
I have seen a video of Louise Rossman talking about this about visitors trust and so on.
https://odysee.com/@rossmanngroup:a/google's-trying-to-drm-the-internet,-and:0

https://www.techradar.com/pro/googles-new-plan-for-the-future-of-the-web-has-a-lot-of-people-worried-heres-why
Quote
introduces the idea that a website could be able to “request a token that attests key facts about the environment their client code is running in” in order to ascertain trust over the visitor and their browser session, and thus grant access.
That is the moment I stop trusting them by denying me access to content by blatant discrimination in order to see it.

The information is out there but we don't like your browser or your device or not using it in a certain way etc so we will hide it from you until a set of demands are met to see it.
« Last Edit: July 25, 2023, 11:36:32 pm by MrMobodies »
 

Offline Faranight

  • Supporter
  • ****
  • Posts: 241
  • Country: si
Re: Google's web DRM?
« Reply #5 on: July 26, 2023, 05:11:02 am »
Sounds like another power grab attempt from a big company. IMO, DRM has no place in the web browser (or the open web), and people should not be forced to choose a browser (I'm looking at you, Chrome) because the other browsers don't work on a particular website. This is what standards bodies like W3C are for where all browsers should adhere to a set of rules instead of having one major vendor push their custom ideas into their browser and then forcing everyone else to adopt them.
Fara-day? Fara-night.
 
The following users thanked this post: MrMobodies

Offline mendip_discovery

  • Super Contributor
  • ***
  • Posts: 1024
  • Country: gb
Re: Google's web DRM?
« Reply #6 on: July 26, 2023, 02:22:05 pm »
Chances of a site using this to add extra data to your profile to make tracking you just a little easier.

Iirc with firefox you can set certain tabs to be sandboxed away from the others. Handy for Facebook etc. But it's my choice to do that and not a demand from a website.

I can see lots of sites demanding special security for you to log in even though they dont need that level. I still come across sites that expect an annoying password that I know I will have fun remembering next time I use it.
Motorcyclist, Nerd, and I work in a Calibration Lab :-)
--
So everyone is clear, Calibration = Taking Measurement against a known source, Verification = Checking Calibration against Specification, Adjustment = Adjusting the unit to be within specifications.
 

Offline themadhippy

  • Super Contributor
  • ***
  • Posts: 3266
  • Country: gb
Re: Google's web DRM?
« Reply #7 on: July 26, 2023, 02:53:40 pm »
Quote
That is the moment I stop trusting them by denying me access to content by blatant discrimination in order to see it.

The information is out there but we don't like your browser or your device or not using it in a certain way etc so we will hide it from you until a set of demands are met to see it.

Isn't that already happening,at least here theres been many occasions were i  cant access an american  web site because  of the uk/eu cookie laws
Quote
  people should not be forced to choose a browser (I'm looking at you, Chrome) because the other browsers don't work on a particular website
Almost like we've stepped back to the late 90's  with mozzila and microsoft  claiming there way was right
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15800
  • Country: fr
Re: Google's web DRM?
« Reply #8 on: July 26, 2023, 07:56:18 pm »
Sounds like another power grab attempt from a big company. IMO, DRM has no place in the web browser (or the open web), and people should not be forced to choose a browser (I'm looking at you, Chrome) because the other browsers don't work on a particular website. This is what standards bodies like W3C are for where all browsers should adhere to a set of rules instead of having one major vendor push their custom ideas into their browser and then forcing everyone else to adopt them.

Yes they should.

The number of web sites that work with Chrome/Chromium and not with Firefox for instance is growing and hint, it's not because Firefox doesn't comply with the standards. ::)

Chrome has completely eaten the competition in terms of market share which allows it to pretty much ignore standards when it looks convenient.
It has gotten to a market share that even IE had never achieved back when MS forced it on Windows users.
OK Google. :-DD


 

Offline Infraviolet

  • Super Contributor
  • ***
  • Posts: 1185
  • Country: gb
Re: Google's web DRM?
« Reply #9 on: July 26, 2023, 08:06:29 pm »
"websites trusting the client environment they run in"
Firstly, for the most part they don't. Websites run things backend where they want to have control of it, and just take input and serve output to the browser.

Secondly, the creeps at Gogle have obviously got their ideas about trust problems the wrong way round. "I know my device is secure, it's your website I can't trust" is the real world situation, not Google's nonsense inversion of this.

Such plans are a corporate attack on human beings, a way to let those remote services that already can't be trusted have power over people who can trust themselves. Websites have no right to be able to check that your browser is honest about itself, they are the ones who need checking upon.

With integrity tokens by third party servers his appears in many senses an internet version of the crime against humanity already committed by many countries that fell in to the delusion* of vaccine passport digital ID cards in the later part of that pesky pandemic. There is something deeply morally wrong with requiring people to get a third-party (megacorporate, governmental...) to show a permission card to approve their right to do things they could always do privately without interference beforehand.

*Not saying the vaccine didn't work, or that it did, for individual health, but we all know it never stopepd transmission and we knew that from the start. So from the very start digital ID passes served no purpose except to give states powers to interfere in private matters.

These plans need to be nipped in the bud before they can cause any damage.
 

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Re: Google's web DRM?
« Reply #10 on: July 26, 2023, 08:55:05 pm »
https://www.pcworld.com/article/2009730/vivaldi-mozilla-warn-of-googles-proposed-drm-for-the-web.html
Quote
Vivaldi, Mozilla raise alarms over Google’s proposed ‘DRM for the Web’
*What happens if Gmail decides only Chrome users can access it?

Mark Hachman
By Mark Hachman
Senior Editor, PCWorld JUL 26, 2023 12:10 PM PDT

A proposed Google specification for ensuring trust on the Web has come under fire for potentially giving websites control over which browsers have the right to access them — and potentially blocking an unwanted browser from accessing a site owned by Google or Microsoft.

At issue is what Google calls Web Environment Integrity, described in this explainer uploaded to GitHub by several Google engineers. The proposal has drawn fire by both Vivaldi as well as Brian Grinstead, a senior principal engineer at Firefox developer Mozilla, who said that his company opposes the proposal as well.

Here’s what Web Environment Integrity would do, according to Google’s proposal. WEI assumes that users want to interact with real people on websites, and verify that any software downloaded from a site is legitimate. Those sites, by contrast, want to ensure that the visitors visiting the sites are “real,” not bots, but without applying a multitude of analytical signals that can identify the user.

What Google proposes doing is allowing sites to ask for a WEI token that describes “key facts about the environment their client code is running in,” such as whether or not the user is surfing from a secure Android device. It’s up to the website to decide whether they trust the token, and therefore the user.

The issue is what would happen if a website rejected a user’s token, thereby blocking them. A site like PCWorld might accept all browsers; what smaller browser makers like Vivaldi and Mozilla fear is that a large Web service like Gmail, Google Search, or other sites owned by Google might block users arriving there via a small, alternative browser.

Vivaldi explained its concerns in a blog post. “Simply, if an entity has the power of deciding which browsers are trusted and which are not, there is no guarantee that they will trust any given browser,” Julian Picalausa, a software developer at the company, wrote. “Any new browser would by default not be trusted until they have somehow demonstrated that they are trustworthy, to the discretion of the attesters. Also, anyone stuck running on legacy software where this spec is not supported would eventually be excluded from the web.”

“While this seems like a noble motivation, and the use cases listed seem very reasonable, the solution proposed is absolutely terrible and has already been equated with DRM for websites, with all that it implies,” Picalusa added.

This issue has cropped up before, in a different context. Mozilla, for example, has published research noting how operating systems steer users to their own browsers. Microsoft threw up roadblocks to moving away from Edge in Windows 11 before changing its browser-choice approach. Vivaldi has previously complained about Microsoft throwing up ads when you try to download an alternative to Edge.

Both browser companies, therefore, are sensitive to a company like Google potentially sidelining them. As it is, companies like Vivaldi, Mozilla and Opera provide browsers to just a few percent of users on the Web.

WEI’s controversy doesn’t appear to be ending anytime soon. One of the Google developers, Ben Wiser, noted that the backlash has shown that a “bigger discussion needs to take place.” Proponents of an Open Web hope that it will.

*Well if it is going to be all your's and then I don't want it.

https://github.com/RupertBenWiser/Web-Environment-Integrity/issues?page=4&q=is%3Aissue

Doesn't seem to be going down good.

4 Pages of hatred see attachments

I am a bit confused. If this proposal by one individual named "Rupert Ben Wiser"?
https://github.com/RupertBenWiser
benwiser.com

Is that arrogance and self importance I see and as in name?

https://stackdiary.com/web-environment-integrity/
Quote
Google engineers want to make ad-blocking (near) impossible

One of the Google employees who authored the paper (Rupert Ben Wiser) has made a comment on GitHub saying that they are feeling the backlash: read it here (https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/28#issuecomment-1651129388).
So it is him one individual.

Quote
RupertBenWiser commented 13 hours ago
Hey everyone, thank you for your patience, and thank you to everyone who engaged constructively  :bullshit:. It is clear based on the feedback we’ve received that a bigger discussion needs to take place, :bullshit: * and I’m not sure my personal repository is the best place to do that) [/b][/i]- we are looking for a better forum and will update when we have found one. We want to continue the discussion and collaborate to address your core concerns in an improved explainer.

I want to be transparent about the perceived silence from my end. In the W3C process it is common for individuals to put forth early proposals for new web standards, and host them in a team member's personal repository while pursuing adoption within a standards body. My first impulse was to jump in with more information as soon as possible - but our team wanted to take in all the feedback, and be thorough in our response.

That being said, I did want to take a moment to clarify the problems our team is trying to solve that exist on the web today  and point out key details of this early stage proposal that may have been missed.

WEI’s goal is to make the web more private  :bullshit: and *safe
The WEI experiment is part of a larger goal to keep the web safe and open while discouraging cross-site tracking and lessening the reliance on fingerprinting for combating fraud and abuse.  :bullshit: Fraud detection and mitigation techniques often rely heavily on analyzing unique client behavior over time for anomalies, which involves large collection of client data from both human users and suspected automated clients.

...
What doesn't he understand in, THEY DON'T WANT HIS PROPOSAL and end of no discussion?

Reminds me of something about Nadhim Zahawi and the School Bill that got withdrawn where he wanted more power for Whitehall.
https://www.theguardian.com/education/2022/jun/30/government-announces-u-turn-on-schools-bill-after-criticism


Quote
Thank you to everyone who engaged constructively
Sounds to me very arrogant and playing the high ground/pretending to be assertive despite the majority against it.

I don't find anything constructive about ignoring the backlash.
« Last Edit: July 26, 2023, 09:40:26 pm by MrMobodies »
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 7198
  • Country: fi
    • My home page and email address
Re: Google's web DRM?
« Reply #11 on: July 26, 2023, 09:58:32 pm »
Quote from: Rupert Ben Wiser
Thank you to everyone who engaged constructively
Sounds to me very arrogant and playing the high ground/pretending to be assertive despite the majority against it.
This has become the standard approach in software development, putting surface communications skills, social pressure, and human interest narratives above any technical concerns.
I first started noticing it in Debian – of all places! –, so it is not just an US industry thing.

I blame universities, shifting from educating people to indoctrinating them.
 
The following users thanked this post: amyk, SiliconWizard, MrMobodies

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Re: Google's web DRM? Ben Wiser hides Linkedin Profile amid backlash
« Reply #12 on: July 26, 2023, 10:27:28 pm »
Oh look he removed his LinkedIn Profile from public view but URL still there so must be recent:





Signed into my MrMobodies Linkedin account and the profile does exist.

See attachment

Now I wonder why would he do this?
« Last Edit: July 27, 2023, 12:07:07 am by MrMobodies »
 

Offline coppice

  • Super Contributor
  • ***
  • Posts: 10035
  • Country: gb
Re: Google's web DRM?
« Reply #13 on: July 26, 2023, 10:32:44 pm »
Quote from: Rupert Ben Wiser
Thank you to everyone who engaged constructively
Sounds to me very arrogant and playing the high ground/pretending to be assertive despite the majority against it.
This has become the standard approach in software development, putting surface communications skills, social pressure, and human interest narratives above any technical concerns.
I first started noticing it in Debian – of all places! –, so it is not just an US industry thing.

I blame universities, shifting from educating people to indoctrinating them.
Some people study the cuckoo, and see a plan for their own lives.
 

Offline PlainName

  • Super Contributor
  • ***
  • Posts: 7509
  • Country: va
Re: Google's web DRM?
« Reply #14 on: July 26, 2023, 10:34:54 pm »
Quote
I am a bit confused. If this proposal by one individual named "Rupert Ben Wiser"?
https://github.com/RupertBenWiser

Lennart wannabe.
 

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Re: Google's web DRM?
« Reply #15 on: July 26, 2023, 11:00:08 pm »
I blame universities, shifting from educating people to indoctrinating them.
If that is true then he'd be indoctrinated out here:
https://www.linkedin.com/in/💾-ben-wiser-b55b2911a/
Quote
Monash South Africa (University in Roodepoort, South Africa)
Computer and information sciences, Computer Science
2014 - 2016
Grade: 78

https://3di-ltd.com/About-Us#Contact
Quote
3d innovations
288 Bishopsgate
London

enquiries@3di-ltd.co.uk

Quote
Back End DeveloperBack End Developer
Forge (London)

Quote
Software Engineer
Amazon
Apr 2019 - Feb 2022 · 2 yrs 11 mos
London, United Kingdom

Quote
Software Engineer
Google
Quote
35 jobs available
If there any Google office in UK?
We opened our first Google office in the UK in 2003 and we've since grown to thousands of employees, with teams in engineering, sales, and many other roles. Our diversity of teams enables us to make an impact both within Google and in the UK.

Born or went half way around the world to University then come to Britain and get jobs but only in London.

I wonder if this is his company:
https://find-and-update.company-information.service.gov.uk/company/11058044
https://suite.endole.co.uk/insight/company/11058044-wiser-results-ltd
Quote
WISER RESULTS LTD
Company number 11058044
Incorporated on 10 November 2017

WISER, Ben
Appointed on 10 November 2017
London
Occupation Consultant

https://whois.domaintools.com/benwiser.com
Quote
Whois Record for BenWiser.com
Domain Profile
Registrar   GoDaddy.com, LLC
IANA ID: 146

Dates   2,359 days old
Created on 2017-02-08
Expires on 2024-02-08
Updated on 2023-02-09
Greater London - Islington - Digitalocean Llc

https://www.linkedin.com/in/💾-ben-wiser-b55b2911a/
Quote
Ben Wiser
Junior Software Engineer
3di (3d innovations) · Full-time3di (3d innovations) · Full-time
Mar 2017 - Jun 2017 · 4 mosMar 2017 - Jun 2017 · 4 mos
Skills: JavaScript

Quote
Software Engineer
Google Mar 2022 - Present · 1 yr 5 mos
Doing cool things for privacy :bullshit:  on the embedded Web on Android.
He has only been there for a year and come up with this idea.

It makes me think whether someone at Google or outside is influencing/incentivising him.

According Endole IF that is his company it is in -£69,663 liabilities 83.32% debt ratio from last year and it seems he is renting flat looking at his address.
« Last Edit: July 26, 2023, 11:52:21 pm by MrMobodies »
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 7198
  • Country: fi
    • My home page and email address
Re: Google's web DRM?
« Reply #16 on: July 26, 2023, 11:56:46 pm »
Born or went half way around the world to University then come to Britain and get jobs in London.
Well, I am not interested in him personally, only on his behaviour and how that affects projects and technology that affect my life to a large degree.

His behaviour matches a pattern I've observed in large enough projects (regardless of whether they're proprietary or open source), with university education in IT being an immediate common factor.  But what do I know?  Nothing much, really; and even when I do, I'm often wrong.  That's why I wrote I blame.  I did study and work in a couple of Universities, for over a decade myself.

Anyway, using social engineering (or "social gaming", as I often call it) to override factual and technical criticisms, is one of my buttons.

I see absolutely nothing positive for the end user in this, nor any reasonable technical basis for the initiative, except to exploit users further, by wresting the choice and control of the software and hardware from the human end user to the corporation running a website –– or, is providing internet service to that user, as that seems more likely to be the true goal behind this initiative to me.  Paranoid? No, I do not think so in this case, because the corporation at hand is one of those that already considers its users the true product it sells.
« Last Edit: July 26, 2023, 11:59:19 pm by Nominal Animal »
 
The following users thanked this post: MrMobodies

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Re: Google's web DRM?
« Reply #17 on: July 27, 2023, 12:25:31 am »
https://github.com/RupertBenWiser/Web-Environment-Integrity/issues?page=1&q=is%3Aissue
Quote
Cowards Cowards #138 Closed
pivotman319-owo opened this issue 5 days ago

Enough said.

Breaking apart the Internet won't help anyone.

yoavweiss closed this as completed Jul 24, 2023
Well, I am not interested in him personally, only on his behaviour and how that affects projects and technology that affect my life to a large degree.

His behaviour matches a pattern I've observed in large enough projects (regardless of whether they're proprietary or open source), with university education in IT being an immediate common factor.
I wonder if coward is one of them?

Just found that yoavweiss (who closed the thread above down) wrote an entry in his blog that seems to be about this four days before it:
https://blog.yoav.ws/posts/web_platform_change_you_do_not_like/
Quote
So, you don't like a web platform proposal
How can you influence the web platform so that a change you don't like is less likely to get shipped?

20 Jul 2023

Has this ever happened to you?

You wake up one morning, scrolling the feeds while sipping your coffee, when all of the sudden you land on a post related to a web platform proposal that you really don't like. Worse, one that you believe would have significant negative consequences on the web if shipped?

At that point, you may feel that your insights and experience can be valuable to help steer the platform from making what you're sure is a huge mistake. That's great!! Getting involved in web platform discussions is essential to ensure it's built for and by everyone.

At the same time, there are some pitfalls you may want to avoid when engaging in those discussions.

Given that the above has certainly happened to me, here are some lessons I learned in my years working on the web platform, both before and after I was employed by a browser vendor.

#Things to bear in mind
#Don't assume consensus nor finished state
Often a proposal is just that - someone trying to solve a problem by proposing technical means to address it. Having a proposal sent out to public forums doesn't necessarily imply that the sender's employer is determined on pushing that proposal as is.

It also doesn't mean that the proposal is "done" and the proposal authors won't appreciate constructive suggestions for improvement. Different proposals may be in different stages of their development, and early stage proposals are often extremely malleable.

All that means is that with the right kind of feedback at the right time you can raise concerns early, and significantly increase the chance they would be properly addressed and mitigated.

#Don't assume a hidden agenda
When thinking about a new proposal, it's often safe to assume that Occam's razor is applicable and the reason it is being proposed is that the team proposing it is trying to tackle the use cases the proposal handles. While the full set of organizational motivations behind supporting certain use cases may not always public (e.g. a new device type not yet announced, legal obligations, etc), the use cases themselves should give a clear enough picture of what is being solved.

#Avoid legal language
The fastest way to get someone working for a large corporation to disengage from a discussion is by using legal or quasi-legal language. Such language will prevent them from replying to your claims without talking to their corporate legal counsel, which will probably mean they will not reply to your claims. If you want to have a productive exchange with the folks making the proposal, it's best to not pretend you're a lawyer. (and if you are one, may be best to pretend you're not)

#We're all humans
Every one working on the web platform is a human being, with human feelings, who's trying to do their job. Even if you disagree with their choice of employment, their technical decisions or their conclusions, that doesn't change that fact.

To be more concrete and clear, personal attacks or threats addressed at the folks working on the platform are not OK. That's not how you get your voice heard, that's how you get yourself banned!

#What should I do then?
#Be the signal, not the noise
In cases where controversial browser proposals (or lack of adoption for features folks want, which is a related, but different, subject), it's not uncommon to see issues with dozens or even hundreds of comments from presumably well-intentioned folks, trying to influence the team working on the feature to change their minds.

In the many years I've been working on the web platform, I've yet to see this work. Not even once.

On the receiving end, this creates a deluge of emails that's very hard to sort out. While some of those may be full of technical insights, it's very hard to find them in that pile and distinguish them from the other forms of commentary. So while it may feel good to join a good old-fashioned internet pile-up, it's very unlikely to lead to the outcomes you actually want.

You should instead try to provide meaningful technical feedback (more on that in the next section), and do that in places where that signal is less likely to drown in the noise.

#Provide technical arguments
There are a few things you want to focus on when debating technical proposals.

#Use cases
The use cases the proposal tackles are typically the core of the problem the team pushing the proposal is trying to solve. Everything else flows from that. Focusing on use cases would enable you to distill the essence of the proposal, and potentially propose alternatives that still address them without the bits you find harmful or risky.

In some cases, you may consider the use cases themselves to be ones you think shouldn't be supported on the web. If that's the case, if I'm being honest, you're up for an uphill battle. But you can still make your case by building a solid argument as to why these use cases shouldn't be supported on the web, while considering the different trade-offs that support for them or lack-thereof would entail. At the very least, that would help you establish a common language with the feature's proponents and have a frank discussion regarding the trade-offs.

In other cases, adjacent use cases you may care about are not covered by the proposal. Raising issues on that front can help expand the proposal to cover those use cases or at the very least ensure that it can be expanded in the future.

#Risks
If the proposal contains risks in terms of compatibility, interoperability, or any other risks to the open and safe nature of the web platform, that's something worthwhile pointing out.

Any such risks need to be addressed by the proposal and properly mitigated before that feature is shipped. That doesn't mean that any claim for risks would be taken at face value, but if your arguments about the risk are sound, you can expect the proposal owners to respond to them.

#Considered alternatives
Another area to focus on is what an alternative proposal that addresses the use cases may look like. In many cases, such alternatives are already outlined in the proposal's explainer, with their trade-offs spelled out. But it's also possible that some reasonable alternative was not considered, and could be an improvement on the current proposal. If such an alternative comes to mind, that could be good feedback to the team working on the feature, so that they can consider it and potentially change course.

#Use professional language and be kind
This should come without saying, but.. people are less likely to understand and internalize your constructive feedback when it's littered with distracting and unprofessional language.

Beyond that, you should remember that on the other end of the keyboard there are humans that are trying to do their job to the best that they can. They are most likely stressed out about engaging publicly regarding their project and how it'd be received. Even if you disagree with them or even the premise of their work, providing your feedback with kindness and empathy has literally no downsides. You can deliver the exact same message without the sarcasm.

#So, get (constructively) involved!
Obviously, the above doesn't guarantee that the next point of feedback you provide on a proposal would be accepted and integrated. But at the same time, I think these guidelines can increase your chances of being heard and impacting the outcome of the discussions you're involved in. And after all, that's the point of getting involved, right?

Thanks to Johann Hofmann for reviewing an early draft of this post!

In my case it is not about "not liking" it.

There are lots of things I don't like that I have to use extensions, like to hide fixed headers, suggestions, fake loading spinners, dimming overlays (well that affects my eyes too when large parts sudden change tone of colour), animated placeholders that flash and annoy me and slow the whole webpage down but it doesn't stop me from viewing the contents.

Giving someone firmware level access and control to my device over a webpage and asking to trust them, then dictate what I can and cannot see is a big nono no matter what they say or claim to do.
« Last Edit: July 27, 2023, 12:34:49 am by MrMobodies »
 

Online amyk

  • Super Contributor
  • ***
  • Posts: 8526
Re: Google's web DRM?
« Reply #18 on: July 27, 2023, 12:35:14 am »
I've seen this news show up on other sites too, and IMO it deserves to. Google is attacking a big part of what makes the web great --- you can use whatever browser you want to access sites in a way that makes sense for you. There are currently obstructions to doing that, but they're still not too hard to overcome. Now they want to use cryptography to absolutely lock it down. I do wonder what makes people like him actually associate his real identity with it - maybe he's trying to attract the other DRM control-freaks at the {RI,MP}AA?

 
The following users thanked this post: MrMobodies

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Re: Google's web DRM?
« Reply #19 on: July 27, 2023, 01:01:13 am »
Google Ben Wise is attacking a big part of what makes the web great ... Now they Ben Wise wants to use cryptography to absolutely lock it down for his benefit. I do wonder what makes people like him actually associate his real identity with it
Joke: Arrogance and self importance.

Maybe they could design an extension called "Go away Ben Wise" to get around such nonsense just like what happened to David Cameron and his DNS web filter idea.

Quote
RupertBenWiser commented 13 hours ago
I want to be transparent about the perceived silence from my end.
Isn't there NOTHING transparent giving access to someone's firmware and blocking access to websites/content?

Quote
That being said, I did want to take a moment to clarify the problems  :bullshit: our team is trying to solve that exist on the web today   :bullshit: and point out key details of this early stage proposal that may have been missed.
What PROBLEMS? (Their problem?)

Quote
WEI’s goal is to make the web more private
I think what he may mean is to make websites/content private specific to the device and account in question using accessing it therefore safe for the copyright holders.

Here is how he sounds from one of his Youtube videos:


It is a speculation of mine that he is desperate for something whether it be cash or career promises if he puts his name on it and pushes through with it and if not him it'd be someone else desperate enough who'd have a go at it.
« Last Edit: July 27, 2023, 01:16:37 am by MrMobodies »
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 7198
  • Country: fi
    • My home page and email address
Re: Google's web DRM?
« Reply #20 on: July 27, 2023, 01:36:36 am »
Well, I can definitely imagine many, many business reasons why Google would want to provide services to those using only official versions of Chrome, with only officially approved extensions installed.

It is not a secret that Youtube (which Google owns, of course) is trying to find out how to get rid of ad blocker users already, for example.  Google Search is probably having a similar problem.

Combined with Google Fiber internet service, this "proposal" would give Google a full control of the entire stack down to the software used on the client side.
I'm sure many people in their marketing department and in non-technical Cxx roles have already wet their panties imagining the spoils they can run off with, if they could just pull this off.  Now that they have the sufficient market share (not exactly a monopoly, but large enough chunk of the market to make such a move possible), is probably their only opportunity to make such a move, as EU and others are starting to pressure the large companies wrt. sales and handling of user information.  (Unlikely to actually hinder their business models now, but might make a suggestion like this impossible in the future.  So it could be a now or never -type situation.)

It could also be a wanky self-kill by someone who has been asked about this kind of stuff by the marketing department and non-technical Cxx roles, and are willing to ruin their career to stop it.  I doubt it, because of the language and behaviour exhibited by the promoter.
 
The following users thanked this post: MrMobodies

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
I see it isn't just him alone according to this article
https://itwire.com/government-tech-news/technology-regulation/google-trying-to-corner-browser-market,-norwegian-firm-vivaldi-claims.html
Quote
Norwegian firm Vivaldi, which produces a browser of the same name, has criticised Google for releasing a specification known as Web Environment Integrity which it claims would be toxic to the Web at large.
Thursday, 27 July 2023 06:29 By Sam Varghese

The specification in question has not been formally released by Google yet; the details have been uploaded to GitHub and credited to four Google employees: Ben Wiser, Borbala Benko, Philipp Pfeiffenberger and Sergey Kataev.

Vivaldi software developer Julien Picalausa said in a blog post on Tuesday: "Web Environment Integrity... is as simple as it is dangerous. It would provide websites with an API telling them whether the browser and the platform it is running on that is currently in use is trusted by an authoritative third party (called an attester).

"The details are nebulous, but the goal seems to be to prevent 'fake' interactions with websites of all kinds. While this seems like a noble motivation, and the use cases listed seem very reasonable, the solution proposed is absolutely terrible and has already been equated with DRM [digital rights management] for websites, with all that it implies."

Some Western technology websites have canned the proposal, among them Ars Technica and The Register.

...

Just noticed one of them has been engaged in anti piracy stuff:
https://www.linkedin.com/in/skataev
Quote
Borbala Katalin Benko
Senior Software Engineer
Google  Budapesti Mûszaki és Gazdaságtudományi Egyetem

Software Security Engineer
Apple
Mar 2020 - Jul 2022 2 years 5 months
San Francisco Bay Area

Security Software Engineer
PACE Anti-Piracy, Inc
Jul 2019 - Feb 2020 8 months
San Francisco Bay Area

...

Inside Secure
5 years 4 months

Sr Field Applications Engineer
Apr 2014 - Jul 2019 5 years 4 months
Glasgow, United Kingdom

Supporting customers evaluating and using Metaforic software world-wide.
- Metaforic Core and Concealer: * application integrity protection and obfuscation.
- Metaforic WhiteBox: cryptography obfuscation

Mainly protecting Android and iOS apps, mostly mobile payments and streaming video DRM solutions.
Helping customers design security schemes using MF tools when necessary
* "application integrity protection" and Web Environment Integrity.
Doesn't that sound a bit familiar?

I wonder if he'd be the one designing it if it goes ahead using his previous works?

https://paceap.com/about-us/
Quote
PACE provides world class software security tools and platform for empowering global software publishers to maximize their licensing processes and profits in real time.

https://www.design-reuse.com/news/38981/inside-secure-drm-fusion-google-widevine-modular-drm-system.html
Quote
INSIDE Secure DRM Fusion Adds Support for Google Widevine Modular DRM System
Broadcasters can use a single content protection solution to comply with Hollywood studios’ latest security requirements while selecting from multiple popular DRM solutions

Consumer Electronics Show, Las Vegas, NV – January 7, 2015 – INSIDE Secure (Euronext : INSD), a leader in embedded security solutions for mobile and connected devices, today announced it is enhancing its award-winning Digital Rights Management (DRM) Fusion solution with support for Google’s Widevine DRM system. The updated content protection solution meets Hollywood studios’ requirement for increased security as outlined in the MovieLabs Specification for Enhanced Content Protection V1.1. DRM Fusion is a multi-DRM solution, allowing broadcasters to choose among DRM solutions and save time and money by only having to develop their player application once to access multiple popular DRM solutions.

Over-The-Top (OTT) content distribution is a fast growing market that requires dynamic and flexible solutions for content protection.According to the Global OTT TV & Video Forecasts report from Digital TV Research in June 2015, global OTT TV and video revenues [covering 64 countries] will reach $51.1 billion in 2020; a massive increase from the $4.2 billion recorded in 2010 and the $26.0 billion expected in 2015. This trend is driven by consumers’ demand to access popular content anywhere, anytime and from any device. What is becoming a must-have for consumers however represents a technical challenge for content providers and broadcasters.

“Irrespective of the platform and the content owners' security requirements, we can meet their security needs; from a software-only solution to meet Google’s Widevine Level 3, to a Level 1 solution where unencrypted video is never available outside of a device’s Trusted Execution Environment (TEE) or a secure connection during transmission,” said Andrew McLennan, Executive Vice President of the Mobile Security Division of INSIDE Secure. “INSIDE Secure can help our customers protect premium content, including 4K/UHD and HDR content, anywhere it is on Smart TVs, set-top-boxes, game consoles, smartphones or tablets.”

Benefits of DRM Fusion include:

Technology from the market leader: DRM Fusion has been deployed over 80 times by broadcasters, including HBO, BBC, Sky, Orange, Canal+, and Bell Canada, and is used by more than 100 million consumers every day
Approved by Hollywood studios for premium content distribution
Based on INSIDE Secure's award-winning application protection solution that includes integrity checking, anti-reverse engineering and the scrambling of keys and other secrets.
Support for Google Widevine DRM and Microsoft® PlayReady®
A multi-DRM solution, allowing broadcasters to choose among DRM solutions to provide the most suitable security and customer experience  :bullshit:

Save time and money by only having to develop a player application once to access multiple popular DRM solutions.

INSIDE Secure is a one-stop-shop for content protection, uniquely serving the needs of application developers, chipset makers, OEM’s and operators. Device manufacturers, for example, can use DRM Fusion in conjunction with chipsets that incorporate hardware security IPs to meet MovieLabs specifications.

INSIDE Secure is demonstrating its DRM Fusion solution at the Consumer Electronics Show (CES), in Las Vegas NV - 6-9 January 2016 - Stand 21734 - Tech East, LVCC, South Halls 1 - 2, Ground Level.

DRM Fusion support for Google Widevine DRM is available now. For more information about INSIDE Secure’s Premium Content Protection offer please visit: http://www.insidesecure.com/Markets-solutions/Content-Protection-and-Entertainment.

About INSIDE Secure

INSIDE Secure (Euronext Paris FR0010291245 – INSD) provides comprehensive embedded security solutions. World-leading companies rely on INSIDE Secure’s mobile security and secure transaction offerings to protect critical assets including connected devices, content, services, identity and transactions. Unmatched security expertise combined with a comprehensive range of IP, semiconductors, software and associated services gives INSIDE Secure customers a single source for advanced solutions and superior investment protection. For more information, visit http://www.insidesecure.com.

Another one: "Integrity checking" and I see they can manipulate too at chipset/firmware level for copyright to satisfy the movie studios or whatever.

So that engineer had been working on that for years and Google has now found someone well associated with it.
« Last Edit: July 27, 2023, 03:54:51 am by MrMobodies »
 

Online NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9323
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Google's web DRM?
« Reply #22 on: July 27, 2023, 04:57:50 am »
It is not a secret that Youtube (which Google owns, of course) is trying to find out how to get rid of ad blocker users already, for example.  Google Search is probably having a similar problem.
I can see the rise of a stealth adblocker. And maybe some scripts to intentionally generate a lot of fake ad "views" and make the whole idea of push advertising come crashing down.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline Faranight

  • Supporter
  • ****
  • Posts: 241
  • Country: si
Re: Google's web DRM?
« Reply #23 on: July 27, 2023, 09:26:27 am »
The number of web sites that work with Chrome/Chromium and not with Firefox for instance is growing and hint, it's not because Firefox doesn't comply with the standards.
It's because the websites don't comply with the standards since Chrome has led them astray.
Fara-day? Fara-night.
 

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Re: Google's web DRM?
« Reply #24 on: July 27, 2023, 11:49:26 am »
It's because the websites don't comply with the standards since Chrome has led them astray.
I hear this phrase a few times and one time from a developer at Palemoon forums, "Google junk code" and now I see what they may mean.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf