Skip Navigation

CHROME (google) is planing to implement DRM (kinda) into their browser

looks like rendering adblockers extensions obsolete with manifest-v3 was not enough so now they try to implement DRM into the browser giving the ability to any website to refuse traffic to you if you don't run a complaint browser ( cough...firefox )

here is an article in hacker news since i'm sure they can explain this to you better than i.

and also some github docs

523 comments
  • -->since everyone is confused about this i'm gonna try to explain as best as i could and also clearing some misconceptions:

    1# why this is such a big deal ?

    if this gets implemented AND it gets widely adopted websites now can refuse to give you content if you are running a non complied browser, remember those website that say "oh you are using an ad blocker so disable it to access our site" they can detect this by various methods but ultimately all of them rely on running a JavaScript into your browser. which you guessed it, its easy to modify and tamper with manually or using extensions

    now what WEI-API does is that it can verify the integrity of the web page ( JavaScript/HTML/CSS has not been modified ) and even tell the website what extensions - ad blocker detected no content for you - you are using and what browser you are using - firefox or brave detected no content for you - and do not be fooled into thinking that this can be spoofed. and website owners who think that they are running a business not a charity will implement this.

    2#will using firefox save me?

    if this gets widely adopted and you inevitably encounter a website that require this ( for your job ,school or your bank ) you have no choice but to use chrome just like when your banking apps refuse to work because your phone is rooted which means that SAFETY-NET is broken

    3#why this is a threat to begin with?

    this is only viable if the web adopt it so why bother?, well guess what google is famous for making its services very easy to integrate and well documented just look on how easy it is to integrate google analytics and google adsense* into websites and how many of them use it in the internet.

    4#what can we do to prevent this?

    this is my personal opinion but i think we simply can't, this not like the reddit incident were very large portion of the user base was upset most people don't know/care/give-a-fuck about web technologies and how they work.

    #and Finally "but google said they don't plan to use this to fingerprint you (Device ID) or track your browser history or interfere with the work of extensions"

    do you really believe that a company like google whose bread and butter is advertising would not make it easier for themselves, a company who has been exposed time and time again for lying and having ulterior motives ( you don't need to look far just look into what manifest-v3 did )

    • remember those website that say “oh you are using an ad blocker so disable it to access our site”

      I can easily imagine this not being a necessary, anymore. Just let the website using this WEI API automatically disable all browser extensions on a WEI-enabled site. Why not, after all? Why should you dictate the traffic you receive on your computer? Why should you own anything?

  • Louis Rossman made a video about this and especially where he quotes users from HackerNews hammers the point home for me. Firefox will be forced to adopt this "feature" if it ever becomes reality, as Chrome has overwhelming market share and the average user only cares that the site loads.

    • not OC: this comment written by CatZoomies@lemmy.world

      It’s a 16 minute video with many points and better if you watch it. However, here’s a break down of key points, made to be as simple as possible - there’s a lot more technical stuff, but I’ll try to keep it concise and less technical.

      This is probably about a 10 minute read if these concepts are not familiar to you:

      • Google owns Chrome (not Chromium), and they dominate the market ever since they won the internet browser wars.
      • As an amoral corporation (not evil, simply lacking morals), their business runs on advertisements.
      • They’re revealing a new feature called Manifest v3 which is a locked down version of the browser that’s built around what they feel is security and trust.
      • Under their proposal for Manivest v3, your browser will have to be “verified” in an attempt to keep you “safe”. Are you a human or a bot? They’re making a more trusted internet with trusted software.
      • Companies like Netflix, news web sites, etc. will eat this up and implement the proper protocols to use Manifest v3. To visit your bank’s web site which has this protocol, you’ll need to use Chrome’s browser.
      • Using Chrome’s browser, you’ll need to authenticate yourself and become a “trusted” user. With this enabled, you can then visit your bank’s web site.
      • If you use an alternative browser that isn’t approved, you won’t be able to use that web site.
      • Eventually other corporations will implement these protocols, too, and you’ll be locked out from participating in the internet.
      • Google, an ad company, gets to control advertisements better, gets to learn more about their users, and now gets to mark them as “trusted”. In other words, you get the North Korean version of the internet, “Mommy and Daddy’s Safe and Approved Internet”. Meanwhile, North Korea and Mom/Dad get to spy on you, see what you’re up to, monitor you, control you, and shape you. The benefit is they also make money off you by selling the information they learn about you.

      Why is this bad:

      • It’s censorship. It’s like your mom and dad grabbing your phone, computer, enabling severe parental controls, giving it back to you, and they get to see and approve what you’re allowed to do and say at any time. Apply that same protocol to your money, too. Want to send money through the internet using PayPal? Even more censorship. Want to watch Netflix? Your parents lock it down so only certain things can be watched, at certain times, and certainly under their permission.
      • It buries competition and makes Google even more of a monopoly. We already know Google Search is bad (advertisements, phishing web sites, auto-generated content web sites are always the first results in Google.
      • Digital Rights Management. Just a bit north of 20 years ago, when you purchased a digital product, you could own it. Streaming didn’t exist. In an age where “buying” no longer means “owning”, this new protocol will further enforce DRM. Pay for Netflix and want to watch it? You’ll have to be a Trusted User that uses Chrome. Bought a new video game you’re excited to play on Steam? You’ll need to be a Trusted User. Don’t want to stream music through Spotify and instead use something like Bandcamp? To make a purchase at Bandcamp, you’ll need to be a Trusted User. Don’t want to buy something through Bandcamp and instead just download what you already paid for? You guessed right - you’ll need to be a trusted user to even login and reach your downloads. Don’t forget your downloads are hosted on servers that are run by Google and Amazon - you’ll have to be a trusted user in order to download from that server.

      Can I use Firefox and stop using any Chromium browser

      • Most browsers are Chromium: Chrome, Brave, Ungoogled Chromium to name a few. They will all eventually implement Manifest v3, and if they don’t, they will disappear.
      • Firefox is not Chromium, but think about how many users use Firefox now. Google Chrome has the overwhelming market share and has captured users into their platform.
      • Because the majority of users use Chrome, corporations have to evolve to adopt Manifest v3: banking web sites, governments, job applications, benefits, healthcare, personal emergency, etc. All of these will be forced to adopt it because that’s where the users are, and Google will force corporations to participate. After all, banking web sites will face less downtime through Manifest v3, because bots won’t be able to spam them and try to get in. Netflix will have to spend less money on security, because only trusted users will be able to even reach Netflix. Your “free” email service through Gmail now stops all spam because it only accepts incoming messages from trusted users. Of course everyone will adopt it - Google is safe, secure, and trusted. And best of all it’s “free”!
      • If you use Firefox now and continue to use it, you’ll be safe for several years. For now.

      What can we do?

      • Right now, you can opt out of using Chrome by using Firefox and other decentralized tools.
      • In the not too distant future, there’s not much that you can do. Educating users to switch from Chrome, use Linux, use stock Android (e.g., Graphene OS), will not help.
      • Eventually, the users that use Firefox, Linux, stock de-googled Android will get locked out. An average user isn’t going to invest their time to learn these platforms. They’ll stick with what works: “I can login to Chrome and watch my Netflix and pay my bills. You’re telling me that this Linux thing doesn’t let me do that? Screw that, I’ll use Chrome OS - at least my shit works! What’s wrong with these Linux developers, they can’t get anything right! They should take a lesson from Google and fix their shit.”
      • Write your politicians and hope that some governments will help restrict this rollout. Keep in mind though that some version of this will get passed and approved. Also don’t forget that corrupt regulators and politicians are captured and owned by corporations. This will get passed, there’s no doubt about it.

      What will happen 20 years from now?

      • Humans have tenacity. You can only frustrate humans so much before they break. Take away too many of their freedoms, impose many restrictions, and eventually they will break.
      • The trick for all of time, seen throughout history by all our overlords, kings, emperors, etc. is to find a careful balance. Take away “just enough” freedoms. Give them “just enough”. Work them until they’re tired, but don’t let them break. And of course, give them a few handouts here and there, but not enough to make their lives easy.
      • Manifest v3 (or its derivative) will be implemented. There’s no doubt about that at all.
      • The 99% of the population will continue to use these services because they want to be able to participate: They have to pay bills, access money, access healthcare, use government systems, do education, have entertainment, etc.
      • The 99% will continue to use this because they won’t care. So long as they can be happy enough, they will persist.
      • Eventually, an infinitesimally small minority will be affected by something. Something will break and cause them to snap, and they will do the only thing that an individual human can do: opt out.
      • That small minority will leave, opt out, and refuse to participate in the system. Those clusters will grow at an extremely small rate because they’re able to recognize the whole picture and see that personal freedoms are so restricted. They’ll remember their history and learn from it.
      • Enter decentralization - the removal of power from centralized powers.
      • Those who recognize decentralization will build new platforms, and others will eventually follow. This is why the Fediverse and Bitcoin exist. They recognize the problem of centralization and are full of users who decided to opt out. The Fediverse adoption exploded with the 2023 Reddit API problem, and the constant Twitter issues under Elon Musk. Bitcoin happened in 2009 out of anger from the 2008 global financial crisis when “Satoshi Nakomoto” decided to build a new economy of money that had “rules, but without rulers”.

      What happens 20+ years from now?

      • In 30 years when more of the population realizes their freedoms are under attack, they’ll consult the ones who left 10 years previously.
      • In 40 years, you might have choice. There may be a “new Firefox” that pops up after the old Firefox was wiped out 10 years ago, and let’s you use the internet, your IP, and your content in a different way.
      • The trick is to train yourself to see the big picture. You’ll never defeat your overlords - they’re behind tall walls and they control the money. However, you can opt out. You can refuse to participate. But by doing so, remember that you will be locked out. That’s not an easy choice to make.
      • But those users that do opt out, they will be the ones that were pushed too far. This is why refugees leave their homes - they just want to be safe, they want to be alright, they want their freedom from their opressors.
      • We will have “Google Internet” (Manifest v3) refugees one day

      not OC: excellent original comment here from https://programming.dev/comment/1256612 based on https://programming.dev/post/865990

      more by CatZoomies@lemmy.world here and here

      Louis Rossman video alt sites https://onion.tube/watch?v=0i0Ho-x7s_U https://inv.zzls.xyz/watch?v=0i0Ho-x7s_U https://invidious.io.lol/watch?v=0i0Ho-x7s_U https://vid.puffyan.us/watch?v=0i0Ho-x7s_U https://inv.citw.lgbt/watch?v=0i0Ho-x7s_U

    • Firefox won't even implement something as mundane as WebSerial because Mozilla has deemed it "harmful", I really can't see them going along with this.

    • Here is an alternative Piped link(s): https://piped.video/watch?v=0i0Ho-x7s_U

      Piped is a privacy-respecting open-source alternative frontend to YouTube.

      I'm open-source, check me out at GitHub.

  • They want everything to run in TEE on the TPM, which has device specific keys signed by the manufacturer and can't be accessed through normal means

    Best case scenario is someone learns to spoof it, but that's not easy. Possible, but unlikely to be packaged for personal use, since it'd be the kind of exploit you could sell to the right group for a 6 or 7 figure payout - and that's doing it officially and above board. Plus, if you did share it, you'd want to keep your identity hidden, the manufacturer would probably try to silence you with legal action

    Hopefully, the EU challenges them if they try to move forward, someone brought up a law on the books in Germany that makes it illegal to use an automated system to make the decision to deny someone access to a system

  • Remember kids, piracy and shoplifting are your friends. Reason I say shoplifting is this will be used to block you from paying for stuff online, just look at how google pay is blocked on non google approved spyware Roms

  • This code will only ever be installed on my machines by force against my will.

    No benefit to any users at all, all benefit only to Google and their Advertisers.

  • I have long felt that the computer industry course-corrected with mobile phones. They made a mistake in the early years of computers by letting users do things like install software from unauthorized sources, modify software to run to their liking, or even strip out the operating system and replace it with an alternative. Now we get things like TPM, Pluton, chains of trust, and DRM. 2% (rounding up) to protect users from malicious software tampering, 99% (rounding down) to extract rents from users and to track them for advertising or other purposes.

  • I know my uBO has saved me from some hostile shit. So yeah it's a part of my browser security. I have it configured to a stricter blocking mode so it's not just blocking ads for me, it gets other stuff that can be a problem.

    Anyway I'm aware of the Manifest V3 business and being on Chrome I'm just waiting for the hammer to fall before going to Firefox. If they start adding DRM as well, I'm out of there quick.

    Yeah, yeah, I know, just go to Firefox now, but I don't really want to deal with a new browser and all my custom stuff until I have to. I'm old and that shit is super hard to motivate on for me. Not to say I'm inept, I mean I've spent my whole career in tech, but old dogs and all.

  • From what I've read, the information they're gathering already exists and can be gathered by the server (browser type, user, etc.) with an added layer of encryption to ensure that information isn't tampered with which is easily spoofed today. Of course, this approach doesn't stop folks from tampering with the web browser directly to inject whatever information (outside of maybe what browser they're using since that'll be tied to the key) they want into the payload but that makes closed-source web browsers substantially more trustworthy (aka not Firefox) to site owners.

    If this does gain mass market adoption, then yeah, I suspect it will force users to use proprietary web browsers (google chrome, edge, etc.). Which is a step in the direction that Google wants.

    I imagine that ad providers (Google) can also start throwing their weight to force mass adoption by de-monetizing non-compliant browsers, which may pressure site owners to not serve non-compliant browsers.

    Correct me if I'm mistaken.

523 comments