hngopher.com

       [HN Gopher] Google Chrome Proposal - Web Environment Integrity
       ___________________________________________________________________
        
       Google Chrome Proposal - Web Environment Integrity
        
       Author : screenshot
       Score  : 17 points
       Date   : 2023-07-18 20:59 UTC (2 hours ago)
        
 (HTM) web link (chromestatus.com)
 (TXT) w3m dump (chromestatus.com)
        
       | Klonoar wrote:
       | AKA: The shadow war on bot traffic continues humming along.
        
         | michaelt wrote:
         | I'm sure it'll also detect ad blockers.
         | 
         | You know, to ensure the 'integrity' of the 'web environment'.
        
         | kevincox wrote:
         | Bot traffic? Anyone using Linux will get blocked because "they
         | can't be trusted". Only people running an "approved" operating
         | system from a billion dollar corporation will be allowed to
         | access.
         | 
         | This is already what is happening with SafetyNet on Android.
         | For now most applications don't require hardware attestation so
         | you can pass by spoofing an old device that didn't support
         | hardware attestation but I'm sure that will change within a
         | decade.
        
           | charcircuit wrote:
           | You don't have to be a billion dollar corporation to become
           | Play Protect certified.
           | 
           | Being able to trust the security of a client can protect
           | against many attacks and it is up to web sites to evaluate
           | what to do with into information that a client is proven to
           | be secure.
        
       | jauntywundrkind wrote:
       | > _Motivation: Users often depend on websites trusting the client
       | environment they run in._
       | 
       | Aka corporations insist on control & want to make sure users are
       | powerless when using the site. And Chrome is absolutely here to
       | help the megacorp's radically progress the War On General Purpose
       | Computing and make sure users are safe & securely tied to
       | environments where they are powerless.
       | 
       | There's notably absolutely no discussion or mention of what kind
       | of checks an attestation authority might give, other than "maybe
       | Google Play might attest for the environment" as a throwaway
       | abstract example with no details. Any browser could do whatever
       | they want with this spec, go as afar as they want to say, yes,
       | this is a pristine development environment. If you open DevTools,
       | Google will probably fail you.
       | 
       | It appalls me to imagine how much time & mind-warping it must
       | have taken to concoct such a banal _" user motivation"_ statement
       | as this. This is by the far the lowest & most sold-out passed-
       | over bullshit I have ever seen from Chrome, who generally I
       | actually really do trust to be doing good & who I look forward to
       | hearing more from.
        
         | prox wrote:
         | "who generally I actually really do trust to be doing good"
         | 
         | These are mega corporations and you aren't the client. They
         | aren't making Chrome "for you". They are for optimizing for
         | Advertisers.
        
         | anaganisk wrote:
         | Many Googlers here, hope they are more vocal when Google comes
         | up with BS. Rather than when they post a positive blog post.
        
         | warkdarrior wrote:
         | How do you, as website owner, protect your users from something
         | like this?
         | 
         | https://www.bleepingcomputer.com/news/security/451-pypi-pack...
        
           | Asooka wrote:
           | You do not, the user is responsible for the operation of
           | their device. Most of the time this should be caught by
           | whatever malicious software detector the user runs. Also,
           | Chrome and Firefox very heavily guard against extensions
           | being installed from outside of the usual way, i.e. by
           | outside programs.
        
           | dotancohen wrote:
           | Why do you, as a website owner, think that it is your
           | responsibility to protect your users from mistyping the name
           | of Python packages they are installing via pip?
        
       | predictabl3 wrote:
       | Lots of people doom and gloom here about threats to user privacy
       | and freedom.
       | 
       | This is the one I'd be worried about. Thought it was annoying to
       | not be able to use banking apps on a rooted Android? Think about
       | how annoying it will be when you can't do much of anything, even
       | on the Web, unless it's from a sealed, signed
       | Apple/Google/Microsoft image-based OS...
       | 
       | I realize the way Firefox's user share is going, it might not
       | matter or they might feel they don't have a choice but I really,
       | really hope Mozilla doesn't even remotely consider implementing
       | this.
        
       | akomtu wrote:
       | I'm surprised the ad corps haven't forked the internet yet:
       | special drm-ed websites accessible only via special drm-ed
       | browsers. At least it would relieve those who want to share
       | knowledge from the presence of those who sell addiction.
        
       ___________________________________________________________________
       (page generated 2023-07-18 23:00 UTC)