[HN Gopher] Google Chrome Proposal - Web Environment Integrity ___________________________________________________________________ Google Chrome Proposal - Web Environment Integrity Author : screenshot Score : 17 points Date : 2023-07-18 20:59 UTC (2 hours ago) (HTM) web link (chromestatus.com) (TXT) w3m dump (chromestatus.com) | Klonoar wrote: | AKA: The shadow war on bot traffic continues humming along. | michaelt wrote: | I'm sure it'll also detect ad blockers. | | You know, to ensure the 'integrity' of the 'web environment'. | kevincox wrote: | Bot traffic? Anyone using Linux will get blocked because "they | can't be trusted". Only people running an "approved" operating | system from a billion dollar corporation will be allowed to | access. | | This is already what is happening with SafetyNet on Android. | For now most applications don't require hardware attestation so | you can pass by spoofing an old device that didn't support | hardware attestation but I'm sure that will change within a | decade. | charcircuit wrote: | You don't have to be a billion dollar corporation to become | Play Protect certified. | | Being able to trust the security of a client can protect | against many attacks and it is up to web sites to evaluate | what to do with into information that a client is proven to | be secure. | jauntywundrkind wrote: | > _Motivation: Users often depend on websites trusting the client | environment they run in._ | | Aka corporations insist on control & want to make sure users are | powerless when using the site. And Chrome is absolutely here to | help the megacorp's radically progress the War On General Purpose | Computing and make sure users are safe & securely tied to | environments where they are powerless. | | There's notably absolutely no discussion or mention of what kind | of checks an attestation authority might give, other than "maybe | Google Play might attest for the environment" as a throwaway | abstract example with no details. Any browser could do whatever | they want with this spec, go as afar as they want to say, yes, | this is a pristine development environment. If you open DevTools, | Google will probably fail you. | | It appalls me to imagine how much time & mind-warping it must | have taken to concoct such a banal _" user motivation"_ statement | as this. This is by the far the lowest & most sold-out passed- | over bullshit I have ever seen from Chrome, who generally I | actually really do trust to be doing good & who I look forward to | hearing more from. | prox wrote: | "who generally I actually really do trust to be doing good" | | These are mega corporations and you aren't the client. They | aren't making Chrome "for you". They are for optimizing for | Advertisers. | anaganisk wrote: | Many Googlers here, hope they are more vocal when Google comes | up with BS. Rather than when they post a positive blog post. | warkdarrior wrote: | How do you, as website owner, protect your users from something | like this? | | https://www.bleepingcomputer.com/news/security/451-pypi-pack... | Asooka wrote: | You do not, the user is responsible for the operation of | their device. Most of the time this should be caught by | whatever malicious software detector the user runs. Also, | Chrome and Firefox very heavily guard against extensions | being installed from outside of the usual way, i.e. by | outside programs. | dotancohen wrote: | Why do you, as a website owner, think that it is your | responsibility to protect your users from mistyping the name | of Python packages they are installing via pip? | predictabl3 wrote: | Lots of people doom and gloom here about threats to user privacy | and freedom. | | This is the one I'd be worried about. Thought it was annoying to | not be able to use banking apps on a rooted Android? Think about | how annoying it will be when you can't do much of anything, even | on the Web, unless it's from a sealed, signed | Apple/Google/Microsoft image-based OS... | | I realize the way Firefox's user share is going, it might not | matter or they might feel they don't have a choice but I really, | really hope Mozilla doesn't even remotely consider implementing | this. | akomtu wrote: | I'm surprised the ad corps haven't forked the internet yet: | special drm-ed websites accessible only via special drm-ed | browsers. At least it would relieve those who want to share | knowledge from the presence of those who sell addiction. ___________________________________________________________________ (page generated 2023-07-18 23:00 UTC)