> It’s not impossible to win this fight, we won the fight against Palladium, even with a well-resourced Microsoft combined with the PC industry, if not the NSA and MPAA.
Actually it was a pyrrhic victory, as Microsoft went on to apply their ideas to XBox, Azure Sphere, and now the change is coming back as future Windows hardware requirements for secure workstations via Pluton integration.
There’s enormous momentum with closed source computing. I think that’s an amazing step in the right direction, as it lowers the barrier of entry for someone to try out Linux.
It doesn't. The problem is you can't go in a shop and buy a Linux computer. They're just not there. Also, every school teaches students how to use Windows for some reason. This is a completely unfair competition.
Availability in a store somewhere in the world isn't the same as availability in the common case.
And we've now reached the point that PCs come with Windows for the same reason you can't find a non-"smart" TV anymore. It comes preloaded with spyware, which has a market value to the seller, which makes that device cost less than one with only free software on it.
Sophisticated buyers then take the discount and wipe what it came with, which contributes to alternatives not being widely available, but unsophisticated buyers don't know how to do that and get stuck with the spyware.
All you have to believe is that there is a market for alternative tech stacks, and the embargo on exporting CPUs and CPU tech to China is basically guaranteeing that outcome. That’s the thing about totalitarianism, there can only be one.
The problem here is that most people don't give a crap. I was explaining this situation to my girlfriend last night over a drink. She's a high level academic with a strong mathematical and logical background in a different field but she didn't really formulate an opinion on it past "if my stuff keeps working, why is it a problem?". Which is fair, because it's a hypothetical risk, but the side effects are a net negative and the open nature of the web is at risk.
As always people see the happy path down the middle of the forest, not the creatures waiting to leap out and eat them two steps down the line.
>"if my stuff keeps working, why is it a problem?"
I find the easiest way to make these people think, is to attack it from a money angle. Disregard all the ideological, practical, security, surveillance related issues. Ask them how would they feel if from tomorrow, they would need to shell out money, a $100 equivalent of their local currency when buying any kind of computer (ipads, mobile phones, pcs, macs) for a stamp of approval, and then having to fork over $10 every month for renewing an "attestation license".
You are not forced to get this stamp. There will be some websites restricted that you can't access, but your computer will keep working fine. First it will be your bank website, then streaming sites, then food ordering services, and so on, until eventually all the major services will be walled off until you pay.
Because that's what will happen (among other things). All this infrastructure will need setup, maintenance, and it will not be free, and you can bet your ass that FAANG (or whoever will be running the attestation services) will be charging whoever is using their services, and they will be forwarding the bill to you, the end user.
> describing an internet that could run without ads and by paying instead
How are you drawing this conclusion? What about paying Apple for verification would imply that any of that money would go to the websites you're visiting, or would make it any easier for those websites to collect payments from you?
> she didn't really formulate an opinion on it past "if my stuff keeps working, why is it a problem?".
Once upon a time, I was a homeless teenager running from a cult. If not for software I wouldn't have gotten out of that.
WEI (and other such things) are mainly about regulating who is allowed to write software, and so the way I think about it is this: If WEI existed when I was a homeless teenager, I might be dead.
I do not think I would like your girlfriend very much if she said keeping "her" stuff working was more important than my life, although I could understand her not understanding how big of a deal it is when you talk abstractly about the "open nature of the web" without putting it into human terms;
The "open" part is really important to get across because it means anyone who has the ability to can contribute: Does such a high level academic with a strong mathematical and logical background understand what can be lost not just to industry, but to science itself when a church wants to name itself the arbiter of who can work?
This is a fundamental problem of society including democratic societies. Minorities without a strong lobby can be disproportionately affected by something without eliciting so much as shrug from everybody else.
It takes many years of activism to build awareness for these sorts of issues. I worry that increasingly tight technological control over various aspects of our lives will create more of these situations and eventually overwhelm our capacity to build awareness. The result could be widespread cruelty.
The solution cannot be for each and everyone of us to be aware of and emotionally enganged with every possible predicament in which others could find themselves. It's just not possible psychologically.
We need to design our rules and systems to be resilient in the face of unexpected things going wrong and in the face of permanent partial brokenness of everything, including rule making itself. It's very difficult and I'm not optimistic.
>WEI (and other such things) are mainly about regulating who is allowed to write software
No, it's about being able to prove that your device is secure. Attestation doesn't stop you from writing software for your device.
>if she said keeping "her" stuff working was more important than my life
Arguing that you would be dead if your viewpoint isn't correct is a bad argument.
>what can be lost not just to industry, but to science itself when a church wants to name itself the arbiter of who can work?
It would be a better analogy to say that "employers can run background checks on people who want to work for them." Because it is up to each website to choose which attestors they trust and the websites have the choice of doing whatever they want with information or not requiring attestation at all.
> No, it's about being able to prove that your device is secure.
It’s about proving your device meets an unspecified standard. Today that standard would probably involve a signed browser binary and kernel verified by a hardware root of trust.
Tomorrow it could be “Please drink verification can.” or “Your social credit score is too low for you to use this feature.” or any other arbitrary criteria that gets cooked-up.
> Attestation doesn't stop you from writing software for your device.
Attestation means the metes and bounds of your computing experience are defined by a third party.
What you use your computer for today might not be permitted tomorrow. Look at the invasive software mechanisms that games use for “anti-cheat” if you want to see one possible eventuality.
This is “Right to Read” territory we’re walking into. We’re already there with phones because we ceded freedom for “security”. (“Phones aren’t computers.”, “I just want my phone to work.”, “I don’t want to remove malware from the phones of the oldsters in my life.” Blah. Blah. Blah.)
Now we’re going to do that with personal computers.
>Tomorrow it could be “Please drink verification can.” or “Your social credit score is too low for you to use this feature.” or any other arbitrary criteria that gets cooked-up.
Neither of those require attestation.
>Look at the invasive software mechanisms that games use for “anti-cheat” if you want to see one possible eventuality.
A future where people can't cheat when playing with me is a positive direction to take computing.
>This is “Right to Read” territory we’re walking into.
I assume you are talking about "The Right to Read" by RMS. It is already illegal to redistribute ebooks if you don't have the rights to do so. We already live in that world. Unlike the essay as an industry we have chosen to focus on hardware based security instead of making debuggers illegal.
Any assumption the client is "trustworthy" requires attestation. I was certainly being hyperbolic with my examples. Using a more concrete example of, say, a device's camera and LIDAR claiming a living human is interacting w/ the device would require software and hardware attestation with a chain of trust extending to the camera and LIDAR hardware. Without that one could connect emulated inputs to those devices and game the system.
> A future where people can't cheat when playing with me is a positive direction to take computing.
I agree, provided that the architecture of the anti-cheat relies on that infrastructure happening server-side. Any architecture that requires the client to be "trustworthy" requires attestation and runs afoul of freedom.
I think having anti-cheat is a poor trade off for user freedom on personal computers.
> I assume you are talking about "The Right to Read" by RMS. ... we have chosen to focus on hardware based security instead of making debuggers illegal.
You can make a literal interpretation if you'd like. My takeaway from "The Right to Read" is a cautionary tale about architectures of control being used to remove user freedom. That rings true to me irrespective of the mechanism employed in the story, or even that it deals with ebooks specifically. That Stallman didn't think about tamper-resistant hardware, e-fuses, and key material locked up in embedded processors doesn't change the message of the story.
>Using a more concrete example of, say, a device's camera and LIDAR claiming a living human is interacting w/ the device would require software and hardware attestation with a chain of trust extending to the camera and LIDAR hardware
Sure, but that sounds useful.
>Any architecture that requires the client to be "trustworthy" requires attestation and runs afoul of freedom.
Okay, but I would give up freedom if it means there are no cheaters. Not all cheats can be detected server side. The cost of stopping name cheats server side is more expensive to do than stopping them client side. If the cost of anticheat is cheaper it means that games can be developed for cheaper incentivizing more and higher quality games to be made.
It doesn't prove that your device is secure at all. It just "secures" it from the user, not from malware. Even if it's signed and approved, malware can still hijack it....
Okay let me rephrase it. The point is to be able to prove what software is running for the purpose of being able to tell when software deemed as secure is running.
>Even if it's signed and approved, malware can still hijack it....
At which point the vulnerability in the software or hardware should be fixed and the old version should be blacklisted.
So every time anyone finds a new CVE in Windows, we're going to blacklist every single Windows machine until it's patched? I mean, that would be hilarious, but that's not how it will ever actually be implemented.
>How do I prove my device is secure while also being able to run any software that I want?
The operating system should properly prevent software from violating the security of the system. If you mean that you want to be able to run an OS that does that provide a level of security that is expected then you shouldn't be able to prove that insecure OS is secure.
>What is the process of getting attlestation certified?
Reach out to an attestor and discuss with them what the process is for them to trust you.
>How much will it cost?
It will likely be free. If not it will be significantly less than the cost of writing an OS.
>This presents enormous barriers of entry to both hardware and software entrants
Hopefully they are high enough that fly by night malicious actors do not bother with trying to get their insecure hardware and software to be trusted, but row low enough that good actors can prove that they can be trusted.
Ok let me know when there’s an OS or browser that’s totally secure. Attestation does not prove that a device meets any security bar. And likewise lack of attestation does not prove that a device does not meet a security bar. Attestation merely shows that a device has been “allowed”. You might argue that all devices with attestation have been audited for security so at least that provides some standard. How well did audits work in the past for things like mortgage backed securities in 2008? No, it doesn’t provide any guarantee other than the power that be are empowered to grant themselves and their friends privileged status while leaving everybody else without a device that can run the software they want.
>Ok let me know when there’s an OS or browser that’s totally secure.
As an industry we are getting better at security and finding and patching vulnerabilities.
>Attestation does not prove that a device meets any security bar.
But it can prove that a device's software and hardware is running software and hardware that does pass your security bar.
>No, it doesn’t provide any guarantee other than the power that be are empowered to grant themselves and their friends privileged status while leaving everybody else without a device that can run the software they want.
Security doesn't have to be perfect in order to be beneficial.
> Arguing that you would be dead if your viewpoint isn't correct is a bad argument
When discussing tradeoffs, it's not about correctness but value judgments. Is it preferable for people like geocar to die than to continue allowing people to access all websites with arbitrary devices and software?
Of course, there are services that could be exposed through a website where the consequences of improper use would be catastrophic, but I would argue the web is usually inappropriate for control of life-critical systems without other safeguards or redundancies.
My point is that he wouldn't die if attestation on the web had existed, but is saying that he would be dead to try and manipulate the people he is arguing with.
We know neither their story nor the full impact of web attestation if Google is successful in popularizing it. It definitely has the potential to shift a huge amount of power to site owners from users, which constrains what kind of software can become popular.
Might that apply to the software geocar credits with saving their life? Without knowing more, we can't say. There's a good chance it applies to things like running open source operating systems and browsers.
> The problem here is that most people don't give a crap
Most people are not qualified to give a crap.
We don't adopt medicines on the basis of "most people's" opinion, we don't adopt anything technological with potentially harmful impact on the basis of the opinion of large uninformed masses.
Thats why we have regulators and other institutions that should be informed and give an informed crap. On a ongoing basis and not only a result of popular outrage.
Which brings us to regulatory capture and said institutions actually failing their mandate to serve the interests of the people that fund them.
But now we have something that most people should give a crap about. This is not technical, it goes to the foundation of democracy and governance. Otherwise we might as well stop voting and accept we live in a corporate oligarchy.
>Thats why we have regulators and other institutions that should be informed and give an informed crap
Yes, but unlike say construction, the environment, or medicine, when it comes to IT, most of our gov representatives in charge of regulations are horribly out of touch with what's happening in tech world and how fast things are changing.
Just look st the senate hearings of Zuckerberg and the TikTok CEO, what questions they were getting: "can TikTok access my Wi-Fi?". I rest my case.
They have no clue how the whole "internet-thingamajigs" work, nor do they care to listen to people who actually do know, because they can also be easily lobbied by big-tech to look the other way, especially since for the US-government, having US companies dominate everything IT related on a global scale is a national-security asset rather than a curse, which could be say if Chinese companies were to take over instead.
> most of our gov representatives in charge of regulations are horribly out of touch
why should that be accepted though? There are plenty of experts to consult and (like the very salaries of politicians) none of that expense is out of their own pockets.
> a national-security asset rather than a curse
when every excuse fails national security is invoked. Somehow advertisers are now a critical element in keeping the free world free.
This can be a really dangerous approach though. Appeals to authority can easily turn dark if the wrong authority is in charge, and by then the people have been conditioned to blindly follow them.
People should never be expected to make meaningful decisions in their life only because someone with degrees said it's best for them, or even worse make no decision because the leader already made it for them. People need to be able to think for themselves and make their own decisions, even if the few experts may disagree with the decisions made.
In my opinion, this should have been the most important lesson from three years of pandemic response. We had a small group of experts getting out over their skis and speaking with certainty about the virus and what everyone must do. In reality these experts had much less research-based data to support this level of confidence, and in some cases the data even contradicted them. In the meantime we were all forced or coerced into various decisions and protocols that didn't seem to pan out, for a virus that we once got kicked off social media platforms for comparing to the cold or flu while that's precisely how said experts discuss it today.
Experts should absolutely weigh in and attempt to educate people on what's at stake and why they should make one decision of another. But a system in which a few at the top decide for and control the rest of the population is extremely dangerous and should be reserved for only the absolutely most important situations.
Yes I definitely share the same concerns. But there is a practical need to rank risks and identify what are immediate, first order ones versus second order and broader concerns. In the absence of independent and minimally competent bodies we are in dire straits, effectively in snake-oil-salesmen territory regarding a technology that is considered as central to our future.
I don't think there is or there will ever be perfect regulation. Pick any sector (banking is a prime example) and you can identify recurring failure, capture, complacency and other pathologies on top of the intrinsic difficulty of working out the unknown-unknowns.
Ultimately the only structural mitigation available is to have as many checks-and-balances as possible and transparency about motivations and incentives of all actors involved.
But that is not the immediate problem with "tech". I put the term in quotes because even that is a conceit. The accurate term is probably "random conglomerates that were first movers in adopting digital technologies, with user-data based advertising the overwhelming business model".
The shtick has been that "heavy handed" regulation of said "tech" will stifle innovation and other such drivel. Indeed, if by innovation we mean drifting ever deeper into the black hole. For more a decade now we are trapped in an egregiously suboptimal situation.
Many things have a "if my stuff keeps working, why is it a problem?" vibe.
On personal level we have health - why can't I have fries and ice cream all day, everyday. That's what any sensible children would choose. Education - why can't I play video games and watch tik tok attention grabbing videos all day. In fact many do.
On country level, why would we want to help Ukraine or Taiwan. Why would we want to reduce carbon footprint. Stuff just keeps working.
Lead pipe worked just fine. Asbestos worked just fine. Smoking was just fine. Until they aren't.
Secondary effects require experience and education. We are not so good at grasping causal relationship when the results aren't immediate.
> "if my stuff keeps working, why is it a problem?"
"Is your stuff going to keep working? There's literally a website dedicated to the products Google has killed. What makes you think you're so special that they won't do that to something you use?"
Of course, you're probably sleeping on the couch that evening...
I will preface this with the agreement that I am kind of an asshole on some things. With that out of the way...
I would find quite a bit of value in getting that person locked out of their google accounts and forcing them to deal with the consequences; Especially if the lock-out was just me getting in and changing their password so that their access can still be recovered. A little controlled scare would be far better than getting locked out at some unknown/unprepared-for point in the future.
So perhaps in your case, the wise thing to do would be to ask your gf to try to pretend she was locked out of her google accounts for a week. Force her to see how much she relies on it, and how bad it is when that spf actually fails. You could probably accomplish it by allowing her to change the password to something she doesn't know for a week.
I would agree but it's best to boil the frog slowly I find. One divorce was enough here ;). I've just got her to back up her stuff onto OneDrive and an external disk so if she's hacked or the house burns down then she's covered. Next is MFA. Then a custom email address which will feed into your point. I'm selling it on taking control of her identity.
GF: "If my stuff keeps working, why is it a problem?"
BF: "Is your stuff going to keep working? There's literally a website dedicated to the products Google has killed. What makes you think you're so special that they won't do that to something you use?"
GF: "If Google deploys this and then kills it, my stuff will keep working. So why is it a problem?"
...and she would be right. If it doesn't break her stuff when some websites start relying on it for user device attestation, then if Google kills it making it so sites can no longer use it for user device attestation those sites aren't going to just say "Oh no! User device attestation no longer works! Let's shut down the site!". They will go back to whatever they were doing before it became available.
I don't think it's the same. It's more the assumption that stuff is going to keep working forever. A lot of us have been around long enough to see the change. Many haven't. Their first email address may have been a gmail.com one for example and they still have it. I mean a friend of mine still has a hotmail address from the late 1990s that works.
Its insane that the digital technology of Western world has come to be completely dominated by a couple of advertising companies. The conflicts of interest with societal (including economic) objectives are enormous and the solutions so simple and natural.
That such a pivotal issue is not handled competently with the top priority attention it deserves says more about the state of the US polity than the horned man storming the Capitol.
If you think about it a bit, it's almost expected. Ads are a (the only?) effective way to monetize any digital device. So an advertiser has an interest in nearly all (internet connected) digital technology, as all areas can be exploited for additional advertising revenue by them. Their only meaningful competition at that scale is other ad companies, as nobody else can monetize arbitrary digital devices as effectively.
This is why we need to be politically active and politically effective and I'm glad OP called that out in their post too. It's like reminding people to vote when dealing with the consequences of elected officials.
edit: What business, other than an ad business, can safely say "we don't care what digital technologies we invent, as long as they are popular we can make piles of money." IMO, that is the motto of a dominant tech company. You can see a striking example of this failing with the various home assistants. Despite their popularity, tech companies can't figure out a way to shove ads into the UX, so they can't make money.
> Ads are a (the only?) effective way to monetize any digital device.
As stated this is not strictly true. E.g., Apple would object (with at least some merit) and every tech company before adtech (i.e decades of commercially viable tech) would object as well.
What is true is that adtech is the most lucrative way to monetize any digital consumer device.
This economic dominance of adtech is real and extremely distortive of the technology landscape but 1) it is predicated on questionable behavioral stances ("consumers don't care about privacy") which are manifestly not universal (see e.g. EU-wide regulation) and 2) is an incongruous and incomplete architecture for a digital economy: e.g., there is no hard line between consumer and business devices. Do businesses also don't care about commercial secrecy?
Effectively adtech short-circuited the digital society motherboard by identifying an emerging opportunity that did not exist in traditional physically organized economies. Large and vital sections of the motherboard (e.g. journalism) are now burned out.
I have always wondered if political solutions are really viable when the free market doesn't care.
We didn't have to buy into these products or allow them to take over or lives if we has an issue with ad companies running them. We could simply not use them, accepting the negative impact that will have on parts of our current life. If the majority of our people don't care and have chosen the convenience, and the dopamine hit of, the digital products should politicians really step in though?
If politicians in a representative democracy are meant to represent the people then it really isn't their job to fix this, the people have already spoken. I don't agree with it and do my best to limit my use of these ad companies, but that doesn't mean it's my responsibility to rip these products of everyone else's hands of they chose their own tradeoffs. If Google wants to do this and people really care, they'll just stop using Google and accept that they won't have access to any services that decide to require this kind of DRM-like verification.
AFAIK the US bigtech dictates a lot of the tech movement narratives and America is already a P2W society if you think about it from a game industry perspective, so this isn't exactly a surprise, what comes next should be a surprise, like, either AI outpaces US capability to dictate digital narratives in the western countries and states manage to get into their own digital narratives or the America vs China technology/economic warfare winners will. Would love to have a 3rd alternative but all other assumptions sound stale to me at this point.
I grew up in India, and the majority of the population doesn't have access to the latest hardware. If websites starts implementing these changes, a lot of these people would be cut off from the internet. Most of these people belong to marginalized communities. My country has a history of discriminating people based on their castes, and any progress we have made in this aspect would be destroyed by this change by further limiting the online resources available for people from these communities. This is outrageous.
All android and ios phones sold in the last couple of years comes with ARM trustzone or secure enclave or something similar. It's already here.
The vast majority of Indian internet users are from mobile. It's a market lead by Xiaomi and other Chinese OEMs who sell phones that dies after a year or two with horrible ota updates. Some people downgrade, some use custom roms. But the majority just buys a new phone every 2-3 years. Or even 1 year. The poorest of people here buys iPhones with financing. Besides you don't need to buy expensive devices. Every GMS certified phone made in the last couple of years has it.
Now for actual computers, most are either prebuilts or laptops. They all come with secure boot since 2013?. The last Windows release without a mandatory TPM is going to be discontinued in 2025, microsoft will scare people into upgrading.
These are old machines. Any laptop made in the last 4 years will be able to access the new closed web so it won't be hard to replace of them.
I'm just hoping this "end of internet" happens really quickly. So that people would notice. One day people should wake up locked out of the web on their expensive devices. If it's a slow boil, we'll be too late to stop it. Again.
I would expect the actual restrictions to be 10, maybe 15 years into the future. After all, this is a long term plan how to make world worse, not a spontaneous idea. Will people not refresh the hardware by then?
> Well, guess what? People who root their devices and use custom ROMs like LineageOS (myself included) nowadays hide root from bad apps and can pass these checks anyways. I use Google Pay all the time on my OnePlus 11 running an unofficial LineageOS build, thanks to root hiding. Does Google not realize how commonly bypassed Play Integrity is? In fact, it is easy even on Google’s very own Pixel devices, as someone who previously used multiple generations of Pixel devices, including the Pixel 7.
Important to note here that it's only possible to "fool" SafetyNet/Play Integrity because of compatibility with older devices. The strongest Play Integrity level (MEETS_STRONG_INTEGRITY) is simply not possible to fake on a device with an unlocked bootloader, it's just not a big problem right now because most apps do not require it yet, since there are still many old devices that don't pass it, because of missing hardware or outdated android versions.
Eventually, in a few years, a time will come where the number of non-unlocked devices not compatible with MEETS_STRONG_INTEGRITY will be low enough that apps will start requiring it, and that will be the end of bootloader unlocking for most users that still do it.
One of the "issues" the this is suppose to address is that advertisers "need" to know that humans are viewing their ads and not some robot.
That seems really one sided. To me that indicates that I as a user have a right to know that a human and not a robot is responsible for me seeing this ad. That's not the case of course. What this would do is kneecap the enemy/users and let the advertisers be the only ones with access to automation and integrity validation.
I doubt that many objects to see ads for powertools on a DYI forum or developer tools on Stackoverflow, seems reasonable. The objection is to being bombarded by obvious scams, micro transaction laden mobile games, online casinos and anything that in no way benefits me as a consumer. Google should perhaps focus a bit more on validating the integrity of their consumers i.e. the advertisers.
I doubt it’ll be abandoned so easily. Whilst Google has a track recording of abandoning projects, this doesn’t apply to anything directly related to selling search ads.
I'd expect world leaders to be more vocally opposed at having their citizens' (and their own) freedom being singlehandedly restricted by an american company that seems to have huffed authoritarian paint fumes.
Somehow I am not convinced that Ad blockers are such big of a problem for Google. Especially when these are not used much on Mobil, and the world is clearly transitioning to Mobil.
Do we know the financial impact ad blockers are thought to have?
I’m guessing ad fraud is a way bigger problem, although some would argue that add fraud is not googles problem, it still hurts Google.
Maybe it’s also a third thing I just can’t think of right now, ad blocks just seem to niche to me.
How about just enforcing a stronger monopoly on user tracking?
Google is an advertising company. That's their bread and butter, everything else largely serves to boost that business unit. Blocking ad blockers, alternate clients..etc, is absolutely in line with their business goals of serving more ads.
And also, frankly, I don't really frakking care if their purpose is to prevent ad fraud. That's not my problem, why should I be the one paying for Google to make more money from a problem they created themselves in the first place. As far as I'm concerned, if Google really wants to prevent ad fraud, they can just stop doing advertising; Problem solved.
Yes, ad blockers aren't big right now, but Safari on iOS and Samsung Browser on Android has ad blocker support. What happens if Apple or Samsung decides to bundle an ad blocker? Google wants to defend against any future moves.
Already, other browsers have led on tracking protection and control of third-party cookies, affecting Google's business model. So Google built Chrome, invested in it so people would prefer it, pushed it on their websites to ensure people would prefer it, and built a walled garden with Chrome Sync + Passwords.
Then they started using it to decrease privacy by signing in to Chrome when you sign in to Gmail. They track your websites visited and use it to improve their advertising even when the website doesn't use Google ads.
Theirs is the only password manager for Android which is limited to their browser. That's for a reason.
Signing into chrome upon signing into a Google service really rubs me the wrong way.
Why does Google get to do something that no other website in the world is allowed to do? This feels like something Microsoft would have gotten hit by antitrust over decades ago.
There’s no reason why logging into a Google site should silently give them all of your web browsing history across every site you browse. I know you can turn both those settings off but most people don’t even know they exist.
They make a big fuss about it like the movie industry does about privating movies. They "lose" millions sure but they are making "billions" even with a few people doing it.
There's indeed more than Ad blockers to this matter. Web scrapers became a major issue since they realized the great economical potential of LLMs and AI in general. Incumbents may wish to make it hard for competitors to run their own bots.
They had to speed things up, not only Sergey Brin is back at Google's headquarters, other SV companies are going deep into the identity realm, that directly clashes with Alphabet identity exploitation, same for Meta, these companies largely payed to win the "digital identity dilemma" but things will change pretty fast over the next 2 years. Sam Altman WorldCoin and Musk's X platform should be the telltale but people are missing the clues?
It's actually worse - Microsoft wanted to use Trusted Computing to sell more software. Google wants to use Environment Integrity to control what you can and can't see, hear and say.
I wonder how many HNers angry about this are also some combination of 1) working for bigtech 2) using iOS/OSX/Android instead of Linux (yeah, I know Android is technically a Linux) 3) using Chrome/Safari instead of Firefox and 4) have endorsed, at least in the past, bigtech firms like Google and Cloudflare acting as arbiters of what is/is not acceptable content for the internet, and even whether it should be viewable by anyone at all.
It's not just hypocrisy. Many of the HNers railing against this are actually responsible, even if just indirectly, for it. Take Chrome (including Chromium) use, for example. Chrome has never been that much better (e.g. 2-3x) than FF. Maybe at its best, when it first debuted and V8 wowed everyone, it was 20-30% better--not enough to justify the investment a poweruser (who heavily customizes their browser) would have to make to jump ship, and not enough for anyone concerned about the open web. Yet I would guess most people here jumped ship at some point (probably when it was new and shinny and Google still paid lip service to "don't be evil"), and they've never looked back, despite FF having caught up and remaining competitive.
Asking people to not use Chrome isn't asking much, and yet people here can't even manage that.
> Supposedly, this is to make sure a browser environemnt can be “trusted”, but it seems Google wants this so they can kill ad blockers.
How would they kill ad blockers this way? I can just use librewolf browser, sites will detect it and not work. But we already have this in form of Widevine DRM. Spotify does not work in my browser without DRM. They can't really force this on google search, because many clients will never support it (older Nokia 3x4 keyboard phones etc).
Sure, a few sites with drm'd content today is no big deal, but when any site that wants to serve advertising is using drm, when google.com and gmail both are, when amazon.com is, that's a step change.
Interesting thought that this may be a “careful what you wish for” moment:
> In many ways, if we get Web Environment Integrity, we’ll need every government to regulate Google, Apple, Microsoft, and adtech in every way possible
This will force fraudsters to build farms of "trusted" devices, with cameras pointing at the display with computer vision and simulated fingers clicking on the ads.
One part of the proposal describes web servers getting information from attestors on the amount of activity coming from the user. And I imagine in the future web servers will contribute information back to the attestor indicating how likely they think the user is a bot based on their activity. I think, for sure, attestation accomplishes what it intends to. It's the end of the cat and mouse game. Tom catches and eats Jerry and there won't be a sequel.
How does Google intend to implement this when they've been preaching for years that there's no such thing as 100% uptime? Will they be ready to compensate operators for lost profit during the five minutes plus each year that the internet is unavailable?
Or was this an afterthought like everything else in their proposal?
Firefox once was the only alternative to internet explorer. Then Google came along to become the new and improved alternative to the alternative and it became quite successful. MS eventually threw in the towel and their browser market share is lower than it has ever been. And most of that is now Google Chrome.
And now history repeats itself and we have Firefox being the alternative to the mighty Google Chrome and Google emulating more and more of what people hated about Microsoft's stewardship of Internet Explorer and dictating to users what they must have their eyeballs exposed to. In Microsoft's case that was obnoxious popups and popunders, shitty toolbars, and endless crap they came up with to somehow lock users into all that. Now Google is whining that nobody wants to see their shitty ads (correct) and somehow feels entitled enough that they can dictate browsers to respect their authority regarding what users can and cannot block. It's the same behavior. And the fix is the same: abandon the Chrome ecosystem. The more users do that, the more the web will basically remain outside of the control of Google.
> somehow feels entitled enough that they can dictate browsers to respect their authority regarding what users can and cannot block. It's the same behavior. And the fix is the same: abandon the Chrome ecosystem. The more users do that, the more the web will basically remain outside of the control of Google.
This is fundamentally the problem isn't it. They feel entitled _because_ they can dictate terms to the rest of the web, or at least they think so. There's no fixing this by changing Google's mind, only by forcing their hand by making this decision hurt their wallet. And as you point out, that only happens if people stay outside of the Google garden.
IE's monopoly was broken by Google spending billions of dollars on chrome and advertising it. Where is such spender who would do it for the open web? It doesn't exist. The only hope is regulatory/legislative action, but taking away freedom and relative anonymity online is now pretty well aligned with the interests of the western ruling elites(not to mention some degree of regulatory capture), so the incentive structure just isn't there. Open web will continue to exist for some time, but eventually will be limited to several websites with an activist position. (Unless there is a subsequent legislative mandate to enforce this attestation for everything, for safety and security of course)
I think circumstances are different now because alternatives to IE provided superior user experience, so there was a motivation for "normies" to switch. At present it seems to me that "normies" are quite content with Chrome and enticing them to switch is going to be quite challenging.
Not sure what is the solution here. Several years ago it seemed to me that Mozilla may be on track to get their shit together, then they decided to lay off Rust/Servo people, left their Firefox for Android team barely staffed so they couldn't even handle more that handful of supported extensions and instead spent all the money on their CEO bonuses. Guess this is going to be quite a painful decade for the open Web...
As soon as Firefox started grabbing market share, Google backed them and at the same time (probably) started the process of creating Chrome. IE is one of those zombie things that's still around that does not matter. Arguably it's a nuisance even to MS at this point.
But IE didn't just become irrelevant overnight. It took antitrust enforcement and multiple massive companies pooling their resources to dislodge it from it's position. There was a significant, concerted effort to knock out IE, and I just don't see the same going on vis-a-vis Chrome now.
I can still remember trying out Phoenix when it first came out because I wasn't interested in a lot of the features of the Mozilla Suite.
And also when Firefox 1.0 came out, sneaking around the school library computers and installing it as the default browser. The librarian eventually found out and asked me to just install it on all the computers so that the other kids wouldn't be confused why the browser was different on some machines.
Most younger people in USA only access internet via iPhones+Safari so this all debate is pretty academic at this point of time anyway - soon neither Chrome nor Firefox will be relevant anymore. There's no other choice than Safari there and Safari has DRM builtin as well.
It needs to be stressed that Firefox was getting direct support by Google at the time via patches, one reason that Google created Chrome was that Firefox took too long / was arbitrary about patches sent upstream.
Frankly I'm unsure if Firefoxs fate was to be EEL (embrace, extend, lock down) would we be worse off or better off than what we are right now with Chrome?
This is a really weak argument. Chase "requires" certain OSes because that's all the QA and develop for, not for some client trust reason. There's no reason for a bank to require a trusted environment, user authentication is sufficient. Trust environments really do matter for other cases and provide security for the user. All good tech has bad applications.
"requires" is correct. I use chase.com on my Linux computer all the time without any pop-ups or warnings that I'm using it on an unauthorized OS. I'm sure if I had some type of QA Issue they would then point out that they don't support Linux but I haven't had an issue yet.
All these elites always want to know what we plebs are running. The governments want Venmo to report anything that adds up to over $600 a year to the IRS. FATCA travel rule pushes all countries to do the same, for $1K but FINCEN has lobbied for as low as $250!
Meanwhile the Pentagon can’t account for trillions, and both parties give them more money than they even ask for. We have government officials in constant secret meetings, failing to avert disasters, then the plebs have to fight.
I say — we should have attestation that the server is running verified code, the one that was audited by third parties that I accept! That would be what I always wanted on the Web. Instead, they only do it the other way.
We the People have to rise up and demand that Google implements a standard that uses SGX extensions or whatever, to guarantee that the code managing the website matches the audited code. This is long overdue! It is also why we use smart contracts and Web3 for now.
All I really want, on the mobile Web, is a way to visit a URL that has a content hash, and it will load a static file matching a content hash, and save it so it’s always available locally. That’s it! So I can trust the code. Without having to install an extension. Instead Apple clears everything after 7 days, making it useless! And SRI only works for subresources. Which means the server can be hacked and serve malicious code to me anytime!
I think I have become a web accelerationist. I hope this newest bit of mendacity succeeds and we abandon this flaming disaster that the modern internet will become. The tiny (just depressing how tiny) subset of its useful functionality can be reimplemented in any other system that might come take its place in minutes.
Is everyone ignoring that “holdback” mechanism google is introducing with the idea? Where 5-10% of the traffic behaves as if it did not have attestation enabled, I would like to understand how that does not address the “web DRM” concerns but I can’t find an explanation anywhere
It's very obvious that is disingenuous; they will use that as an excuse to make it palatable while planning to silently turn it off in a couple of years. Clearly it's a "foot in the door" technique similar to how Apple tried (but ultimately backed down) to introduce local scanning of all content on user devices (in the name of CSAM of course - a palatable scenario - which later opens the door for scanning anything a government entity dislikes).
TLDR holdbacks might help with specifically the DRM component; but they can only go one of three ways:
- They can be effective at forcing sites not to rely on attestation, in which case there is no benefit to this proposal because everyone (including users of browsers like Chrome) will still be subjected to the same invasive backup strategies. You'll still be fingerprinted and tracked no matter what because even if you're using Chrome 1/20 times you send a request the website will just revert back to the original fingerprinting.
- Or if they aren't effective at forcing sites not to rely on attestation, well... then they haven't solved the DRM problem.
- Finally, attestation might be used to primarily decrease annoying behaviors, which will still in practice make browsing the web for anyone who doesn't use a browser with attestation so painful that they'll eventually switch. Think "you're not on Chrome, so you're going to see 9x the captchas you otherwise would see."
You can't simultaneously have "this allows us to trust the client" and "we can't rely on it." One of them has to give. At their best holdbacks would turn this into another tracking vector and would change nothing about the web for the better. More likely, holdbacks will allow sites that would previously be judicious about where they used captchas and blocks around the site to start spamming them everywhere -- because Chrome users will only see 5-10% of those annoyances. And at their worst, sites would just not implement the fallbacks because the attestation signal is still reliable enough.
Holdbacks call the entire motivation of this spec into question, since the whole point of holdbacks is to make it impossible for websites to get rid of the invasive "backup" walls and tracking and captchas that the spec claims to be trying to replace. Blocking ad fraud? Blocking automated requests? WEI only helps with that if websites can trust the signal and block browsers that aren't sending it; otherwise websites are right back to square one trying to prevent fraud. But if they can do better blocking based on that signal, then we're back in DRM territory.
Implementing holdbacks in a way that actually prevents DRM is likely to be fairly challenging. In the most straightforward implementation, websites can simply retry the request until they get an attesation token or until they hit 10 iterations, at which point they'll ban you as normal.
Statistically profiling users and determining whether or not their browser supports attestation is likely to be fairly easy, unless Google has a much cleverer implementation of holdbacks than they've revealed so far in the spec.
This would be the worst case scenario -- holdbacks would be used as an excuse to push the changes through and sites would simply ignore them and block users based on aggregate stats: you haven't passed an attestation check in the past 30 minutes even though you made 20 different requests that should have had a token attached? Yeah, you're pretty likely on an "unsupported" browser.
This is the content of a email I have sent to a number of politicians, government agencies, and consumer advocacy groups. You are welcome to use as is, reformat or modify as you see fit, or just generally complain about structure/grammar/arguments etc.
---
Dear <<REPLACE>>,
I am a <<COUNTRY>> citizen, and I live and vote in <<REPLACE>> district. Professionally I am a software engineer <<blah blah blah years of exp, exp with web etc>>. I am writing to you with a concern about a recent planned change by Google called Web Environment Integrity (WEI). I believe this change is anti-competitive, against the open web, and a risk to our country's security agencies.
Very simply WEI allows websites to verify the users browser (e.g. Chrome), and potentially the Operating System (e.g. Windows) is official and unmodified, this process is called attestation. Basically how it will work is:
1. User navigates to a website
2. The website executes a challenge to the browser (e.g. Chrome) asking for attestation and listing the acceptable attestation services.
3. The browser makes a request to a third-party attestation service (e.g. Google)
4. Software, an attestation agent, runs on the user's computer. This software scans files and memory of the user's computer or phone and sends back proof, to the attestation service (e.g. Google), the user is running an acceptable, official and unmodified browser and/or operating system.
5. Once satisfied, the attestation service issues the user's browser a token.
6. The user's browser forwards this token to the website
7. The website can use this token to check against the attestation service that the user is indeed running official or unmodified software.
8. The website then permits the user to access the site.
In the event the attestation fails or the browser fails to provide a valid token the website will likely deny access to the site.
On the face of it it may seem like this is a noble goal, unfortunately it mainly entrenches Google's position of power. Google's browser Chrome is used by 85% of users, Google search is the most popular search engine, and Google controls the biggest online advertisement service, AdWords. Once implemented Google's existing dominance places it in a position to push it onto websites and users. Google could deny access to GMail, Google Maps, and YouTube unless the user has this feature. Google could deny placement of ads, and subsequent payment to website owners unless those accessing their site have WEI enabled.
The proposal is bad for the following reasons.
1. Limited Attestation Services - Website owners have a list of attestation services they trust. It is extremely unlikely a large number of websites will add Joe Bloggs third-party attestation service as trusted. As a result it is likely only 3 attestation services will exist: Google, Microsoft and Apple. This proposal will further entrench these three companies as owners of the web. This is anti-competitive.
2. Prevents alternative browsers - Create a standards compliant browser is a monumental task which is why only a limited number exist Chrome (uses Chromium which is based off Webkit), Safari (based of Webkit), and Firefox (uses its own Gecko browser engine), most others (Brave, Microsoft Edge) use Chromium browser engine under the hood. Currently, apart from the effort, there is nothing preventing a group from creating a brand new browser engine. An extremely dedicate team could create a new browser and all websites would work with it. If WEI was implemented this new browser would need permission from the incumbents otherwise attestation would fail and users would be denied access to, potentially, most of the web. This is anti-competitive.
3. Prevents accessibility tools - Some people have additional needs due to disability or age and may use tools like screen readers or text only browsers to navigate the web. This involves additional software which injects itself into the browser in order to provide the functionality. This process, while legitimate, may result in attestation failing, especially after new software updates, and as a result denying marginalized users access to the web. This is against the open web.
4. Prevents alternative web crawlers - In order for your website to be listed in Google search an apps called Googlebot and Google crawler need to connect to your website and go through each page, this is then indexed and the results are presented based on relevant search terms. There are other web crawlers by Microsoft/Bing and Yandex which do something similar for their search engines. While they are likely to provide themselves attestation tokens in order to continue the service and new company may invent a better way of providing internet search but in order to crawl, with WEI in place, they would need to ask permission from Google to authorize their crawler. This is anti-competitive.
5. Prevents legitimate scraping - Similar to crawling there are legitimate uses for scraping, which is extracting data from a webpage by an automated tool for use as some other purpose. One example is the Internet Archive (archive.org) they regularly visit millions of websites around the world take a copy of them for historical purposes. You can use archive.org to view Google's first homepage from 1999, or Yahoo! from 1996. WEI prevents new companies or groups from creating novel tools created from legitimate scraping without asking permission from Google first. This is anti-competitive.
6. Prevents security agencies from doing their jobs - Government security agencies and police hack, monitor, and scrape, as permissible under law. These actions are performed by expert agents who are also supported by various scripts, bots, and custom built apps. These tools are rapidly modified and continuously changing depending on the operation. WEI would require these tools to be authorized by the attestation agent or service, while there are a number of ways this could occur, ultimately this requires Google to authorize each tool in order for the tool to successfully collect a valid token. Google could temporarily or permanently deny access to valid tokens, or change the algorithm for generating them to prevent security agencies from generating their own, which would deny security agencies from using their tools against operational targets. This is a risk to our country's security agencies.
Hit them with bullet points that they will care about right at the start to grab their attention. Then explain why it matters.
"""
Dear <<WHOEVER>>,
I'm writing to inform you of a change that Google is proposing which will:
1. Reduce the ability of the security agencies to do their jobs
2. Limit the ability of ordinary citizen to access the internet
3. Lock control to big tech companies and reduce innovation in the technology sector
As a citizen of <<COUNTRY>> living and voting in <<REPLACE>> and a software engineer with X years of experience, I believe this proposal (called Web Environment Integrity or WEI), although presented as improving security and privacy, is damaging because ...
"""
Stress "anti-competitive"/"antitrust" perspective. For those in the US - an ancillary buzzword for some districts you could go as far as label this as "one further step towards <insert your flavor of "Communism"/"Socialism"/"Fascism", regardless if it actually applies or not(crony capitalism via favoritism is more apt but less likely to pique interest in said districts)>"
I tried to put it in language and terms anyone could understand while building up terminology. Maybe I need to rethink the audience.
In the emails I sent I did use judicious formatting. i.e. "Prevents alternative browsers" is in bold, and "this is anti-competitive" is italic so someone scrolling through it could just read those.
How it works could be dropped or pushed to the end.
Email messages go straight to staffers who might read it, but odds are it will go to the trash folder. Write a physical letter instead. Attend any "town hall" events and bring the issue up.
I hope HN has a different blog post with its own take on WEI on the first page every day until the proposal is closed and Google publishes an apology and promises never to try this again. Maybe we can get Apple's web attestation removed too.
It seems like this solution is intended to solve the problem of bots padding numbers for sites providing advertisements on the web. This isn’t a userland problem, it’s an advertiser problem. But the user experience will be worse for it.
I’m seeing the biggest issue is who decides what a “trusted” browser is. Is it Google? I’m guessing the will establish a non-profit “independent” advisory board which will have members who somehow align with the interests of all major advertising stakeholders in the world. This is dripping with anti-compete potential. Some lawyers are going to get rich from this.
IIRC these keys are often produced in batches to help protect anonymity so revoking them may have undesirable impact on the bystanders who happen to have a key in the same batch.
So if we could reliably extract keys it may be enough to break this. (or force TPM makers to have per-device keys instead of per-batch keys)
thats advantageous in the context of key spraying attacks, aiming to get as many possible keys blacklisted as forgeries, leading to large scale key losses.
you dont have to know any keys just the structure of a valid key, then make things up according to spec
There is a freedom problem, there is a hardware problem and there is a social problem.
The freedom problem is this: you will not be able to roll your own keys.
This is probably the biggest nail in the coffin for a ton of computers out there. In theory you could simulate via software the workings of a TPM. If you built a kernel module the browser would have no real way of knowing if it sent requests to a piece of hardware or a piece of software. But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible.
The hardware problem is this: you will not be able to use older or niche/independent hardware.
As we established that software simulation is impossible, this makes a ton of older devices utter e-waste for the near future. Most Chromebooks themselves don't have a TPM, so even though they are guaranteed updates for 10 years how are they going to browse the web? (maybe in that case Google could actually deploy a software TPM with their keys since it's closed source). I have a few old business laptops at home that have a 1.X version of the TPM. In theory it performs just as well as TPM 2.X, but they will not be supported because, again, I will not be able to use my own keys.
Lastly there is the social problem: is DRM the future of the web?
Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests. Maybe the Wild West era of the web was a silly dream fueled by novelty and inexperience and in the future we will look back and clearly see we needed more guarantees regarding web browsing, just like we need a central authority to guarantee and regulate SSL certificates or domain names.
Citation needed. I'm pretty sure all Chromebooks have a TPM and it's a firm requirement for making one. ChromeOS uses the TPM extensively and fully supports remote attestation:
TPMs have been a requirement on PCs since at least 2016 I think, and in reality most came with them before that too (but there's a v1 vs v2 difference).
> a 1.X version of the TPM. In theory it performs just as well as TPM 2.X but they will not be supported because, again, I will not be able to use my own keys.
This is all wrong. TPM 1.2 uses SHA1 for everything which is a broken hash function so there is a major difference in robustness between them. That's why TPM 1.2 is being phased out. It has nothing to do with "using your own keys" which is out of the domain of what TPMs do anyway, TPMs are always owned by the device user. You're thinking of firmware boot signing and other things that are separate to the TPM chip but even there, you can use your own signing keys.
SHA1 is not for encryption, it is a signature algorithm.
It is considered broken because there is a faster way than simple brute force to create a collision. The currently know approach is still computationally expensive.
It is correct to call it broken, but I don't see the implications for TMP at all. TPM is shitty tech in the first place in my opinion, but aside from that there is little practical relevance.
The wild west internet did perform perfectly. There are some problems here and there that could be improved. None of them are addressed by suggestion like this. This is for control and market reach, nothing else. Secure boot was as well. Evil maid problem is at least believable in a corporate context. These suggestions are just fluffy crap.
Really? Spam, scams, seo trash, bots and AIs, are utterly rampant.
I don’t want Google and Microsoft to have the keys to the kingdom, but on the other hand, I really want a way to know that I’m having genuine interactions with real people.
It can (that's why it's being pursued) and that, ironically enough, could even empower decentralized and P2P networks. Hear me out.
If you look at the history of the internet it's basically a story of decentralized protocols with a choice of clients being outcompeted by centralized services with a single client, usually because centralized services can control spam better (+have incentives to innovate etc, it's not just one issue).
The reason spam kills decentralized systems is that all the techniques for fighting it are totally ad-hoc security-through-obscurity tricks combined with large dollops of expensive Big Data and ML processing, all handled by full time teams. It's stuff that's totally out of reach for indy server hosters. Even for the big guys it frequently fails!
Decentralized networks suffer other problems beyond spam due to their reliance on peers being trusted. They're fully open to attack at all times, making it risky and high effort to run nodes. They're open to obscure app-specific DoS attacks. They are riddled with Sybil attacks. They leak private data like sieves. Many features can't be implemented at all. Given all these problems, most users just give up and either outsource hosting or switch to entirely centralized services.
I used to work on the Gmail spam team, and also Bitcoin, so I have direct experience of the problems in both contexts.
Remote attestation (RA) isn't by itself enough to fix these problems, but it's a tool that can solve some of them. Consider that if USENET operators had the ability to reliably identify clients, then USENET would probably have lasted a fair bit longer. Servers wouldn't have needed to make block/allow decisions themselves, they could have simply propagated app identity through the messages. Then you could have killfiled programs as well as people. If SpamBot2000 shows up and starts flooding groups, one command is all it takes to wipe out the spam. Where it gets trickier is if someone releases an NNTP client that has legit users but which can be turned into a spambot, like via scripting features. At that point users would have to make the call themselves, or the client devs would need to find a way to limit how much damage a scripted client can do. So the decision on what is or is not "approved" would be in the hands of the users themselves, in that design.
The above may sound weird, but it's a technique that allows P2P networks with client choice to be competitive against centralised alternatives. And it's worth remembering that for all the talk of the open web and maybe the EU can do this or that, Facebook just did the most successful social network launch in history as a mobile/tablet only app that blocks the EU. A really good reason to not offer a web version is because mobile only services are much easier to defend against spam, again, because mobiles can do RA and browsers cannot. So the web is already losing in this space due to lack of these tools. Denying the web this sort of tech may seem like a short term win but just means that stuff won't be served to browsers at all, and nor will P2P apps that want to be accessible from desktops be able to use it either.
Anyway it's all very theoretical, because at this time Windows doesn't have a workable app-level RA implementation, so it's mobile-only for now anyway (Linux can do it between servers in theory, but not really on the desktop).
No, it can't -- see bellow; there's also no quantitative objective stated or communicated. Hence, it is not controllable, whether it achieved the stated objective or not. What would happen, if it doesn't achieve it? Nothing, because it was not promised clearly enough, just in some vague way.
But it happens to achieve different goal -- for example, even more concentrating the control over general computing into fewer hands.
Would it be rolled back, if it doesn't achieve the stated goal? Of course not; it will achieve the hidden ("it just happened, who could ever know, pinky swear") goal, and that's important. Not the pretend-goals that was used to sell it to the general public.
Now, why it won't achieve the stated goals: because spam is problem also with closed systems. Ever got a junk call? Users use only "approved" devices, and even if the system can put limits on the source, it also limits how the destination can protect itself. The important thing with spam, scams, etc. is, what whenever there is a possibility to make money, the scammers will find a way. Even with low-tech approach (like hire a bunch of human operators of the approved machines). They weren't stopped even when what they did was illegal, why do you think RA achieve what the law didn't? To make things worse, the closed nature made it more difficult for the victims to save evidence of the spam, scam.
So of course it won't reduce the scams. But it will make the situation worse for us all. And web losing to proprietary platforms? It will certainly lose, when it is turned into one of the proprietary platforms.
Spam is much less of a problem with closed systems. BTW phone calls aren't a great example. The global telco system has enough players that it's closer to email than Facebook, and telcos are classed as common carriers so there's a limit to how much spam fighting they can do.
I don't really know what to tell you. This stuff does work extremely well, it's unambiguously the case. Google already use a software-only form of RA on the web and have done for years. It cut through spam like a knife through hot butter. They could already detect 10 years ago if a Python script was pretending to be Chrome, or if Chrome was pretending to be Firefox, or if IE was being driven by VBScripts or an IE WebView was embedded into apps that then manipulated the web page externally. No hardware chips or new web standards needed! But, the approach used is/was in the end just a neat hack, and it's guaranteed that spammers will eventually defeat it. Perhaps they already did. I guess there must be a reason why this proposal surfaces now, given the ideas aren't new.
> To make things worse, the closed nature made it more difficult for the victims to save evidence of the spam, scam.
I don't quite follow the logic here. Why wouldn't they be able to save evidence?
> at this time Windows doesn't have a workable app-level RA implementation
To make this work, I suppose it will finally be necessary for Windows to disallow all user-space code injection (e.g. in-process hook DLLs), including from assistive technologies. I guess this tightened security could be a per-app opt-in feature, at least initially. UI Automation on Windows 11 may finally be ready to take over the work that in-process injected DLLs (particularly from screen readers) previously did without performance regressions, though as far as I know, this hypothesis hasn't really been tested yet (or if it has, that happened inside the Windows accessibility team at Microsoft after I left). The trick will be to give the third-party screen reader developers a strong incentive to prioritize moving away from third-party code injection, without harming end-users in the process (i.e. not suddenly releasing a browser or OS update that breaks web browsing with screen readers).
What other changes or API additions do you think will be necessary to enable workable app-level RA on Windows?
Yes, it's harder for Windows. Desktop operating systems don't have all the details figured out especially around detecting and controlling automation. RA has been around as a concept for decades, and implementations in consoles/phones/servers do pretty much work for a while, but RA that works on general purpose desktop computers is very new and really only Apple has it.
The Windows team would need to at least:
- Get apps using MSIX (package identity)
- Design an API to get an RA for an app that has package identity. Make a proper keychain API (or better) whilst they're at it.
- You don't have to block debuggers or code injection, but if those things occur, that has to leave a trace that shows up in the RA data structure.
- Expose to apps where events come from.
- Compile databases of machine-level PCRs that reflect known good configurations on different boards. Individuals can't do that work, it's too much effort to keep up with all the different manufacturers and Windows versions that are out there. MS would need to offer an attestation service like Apple does.
Some of that stuff is already there because they pushed RA in an enterprise context for a long time. I don't know how widely adopted it is though.
Apple is no general computing platform by far and I believe the flexibility is what makes general computing attractive.
How would you not block debuggers if those aren't verified? This adds insane busy work for little advantages and again would make Microsoft the gatekeeper of hardware.
Macs are general purpose computers. In what way are they not? Is there some task you just can't achieve with them?
There are no problems with debuggers. For one, debugging an app that isn't compiled in debug mode is very hard. If you're at that point something has gone badly wrong somewhere already. For another, there would only be a problem if you're trying to debug a production build of the browser whilst simultaneously accessing a service that wants to measure your environment. That would be an extremely specific scenario that virtually nobody would ever encounter, especially not compared to the much more common scenario of being asked to solve horrible CAPTCHAs.
The force for centralization is that for social networks it simply is the natural topography. People are drawn to where everybody else is, so something being central is a main attractor, even if we disregard the ambitions for reach. Spam is a secondary factor at best.
While Spam is a problem and affects decentralized systems more easily (if they have a critical number of users), the cost of client attestation is just too high.
I am perfectly happy if the web and stays open and a lot of people go into the app space and stay there. I am happy for facebook and don't think I am missing out on the web. I don't use any apps for social media and exclusively use browsers. I wouldn't want a second app space on the web at all because the mobile environment is an ugly abomination of software crap.
If we have a form of RA, it will get worse for users and developers alike. It will be a far worse hassle than killing a bit of spam and we give the wrong players too much power.
Perhaps. Email, IRC, USENET and the phone system are or were all decentralized social networks. They did fine in their heydey.
If you're a 2023-web purist who's willing to just avoid whole services because they're not on your preferred platform, then hw-backed web RA would make no difference to you even if it could be implemented (which IMO it can't): you'd avoid the services that use it just like you already do today.
This is not realistic outlook. If such systems are present, I would see additional hurdles along the way, just we see by Cloudflare if your requests aren't of the usual kind. This does make web discoverability much worse.
It is simply the wrong approach to focus on the negative, in this case spam or in general hostile bots.
> If SpamBot2000 shows up and starts flooding groups, one command is all it takes to wipe out the spam. Where it gets trickier is if someone releases an NNTP client that has legit users but which can be turned into a spambot, like via scripting features. At that point users would have to make the call themselves, or the client devs would need to find a way to limit how much damage a scripted client can do
At which it comes back to not allowing anything but the most locked-down clients, and disempowering users... and still failing, bcecause all clients can be turned into spam bots with the most trivial application of autohotkey et al.
- The OS can trivially expose to the app whether events are coming from real hardware or another app, information the app can then either report or not report.
- The attested user-agent string given can be extended to include information about any scripts that are driving it, e.g. script hashes.
And so on. Then these things can have reputations computed over them. If there's a script hash that shows up reliably in spam, and never shows up in ham, then you can auto-mark those posts as spam. If the scripts aren't known then messages can be throttled until enough users have voted on whether the messages are spam or not. All this is fairly straightforward to code up, again, in a theoretical world in which operating systems expose information like whether events are emulated or not (today they don't).
The trick is that clients don't have to be locked down. The tech is fundamentally about letting you prove true statements. Those statements can be as complex as needed to allow whatever level of customization and control is desired. The more malleable clients are the more complex it becomes to determine what is and isn't considered OK, but in a decentralized system that policy complexity is up to the end users themselves to decide. They can share logic in the same way USENET users used to share killfiles.
Anyway, my point isn't to try and design a full system here. It's research level stuff. Only to point out that this stuff brings spam/abuse control out of BigTech-only world back into the realm of small scripts that can be written and shared by users in a decentralized way.
> If there's a script hash that shows up reliably in spam, and never shows up in ham, then you can auto-mark those posts as spam. [...] All this is fairly straightforward to code up, again, in a theoretical world in which operating systems expose information like whether events are emulated or not (today they don't).
And in a world that has zero outliers or unusual users. In reality, I guarantee my accessibility software would get flagged as emulated input (because it is) and marked as spam.
Then maybe we can also take into account whether the emulated input comes from remotely attested assistive technology. Yes, this will have the effect of at least restricting third-party assistive technology, but we have to keep in mind what's best for the largest number of people (including disabled people who aren't hackers) in the big picture, rather than taking an absolutist stance on hacker freedom.
That makes the tech far more expensive because you introduced useless overhead without gaining anything relevant.
You didn't protect non-tech savvy users at all, on the contrary, you introduced a point of failure for their devices. Some have customized ones which would need to be verified. Doesn't sound like a good idea at all.
Again, it's all chainable. If an app is being controlled by accessibility software, the identity of that software can show up in the RA, so readers can say "it's OK if this app is automated as long as it's by something on this community maintained list of genuine accessibility tools".
Sorry, but don't be silly. Government is part of the problem here. This is the reason why naïve freedom of wild west internet become what it is now is government's actions.
Corporations and govs are actually the same structure. Look to healthcare, pharma, military it is so tight connected. Now IT is just part of the puzzle.
If government were, they would just be acting to further enhance the moats of the largest companies, which finance their campaigns.
At least in the US. I’m not sure how EU politics is actually motivated, though they seem to advance the most useless political solutions to technological problems (browsers not having good defaults for cookies? Let’s make website owners show confusing cookie modals within the website context, that don’t usually even work!)
I live in Turkey and would totally love my government to distribute a national OS and a browser, even if with national TPM keys. Even if I did not trust my government to act in my interest. Because WEI and remote assertion will create absolute dependencies on American companies (who have no incentive to act on my interests anyway), even more than ever. And I don't think this is any good in terms of national security. F16 fighters sold to us which didn't fire on targets USA didn't want us to comes to my mind. Thankfully we were able to be independent from USA in weaponry in the recent years. What is a freedom problem for you is a national independence problem for us as well.
> But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible.
Yes completely impossible to fake by design. Otherwise whats the point? But I think the root of trust is whatever signs the hardware TPM module. So, Intel, AMD and Apple.
If I understand it correctly, the secure chain of trust will be something like, hardware TPM module -> secure boot -> windows signed kernel -> Chrome (signed binary). Its not clear to me if desktop linux will be able to participate in this ecosystem at all - which is ironic given how much google uses linux. Maybe a couple of the big distributions like Canonical will be able to sign their linux kernel builds.
> Lastly there is the social problem: is DRM the future of the web?
Its opt-in by website operators at least. Assuming this happens, there are two big questions in my mind:
1. How much of the web will go dark to anyone not using a corpo software stack? I imagine bank websites will adopt this technology immediately, while sites like HN, personal blogs and wikipedia won't touch this stuff. How much of the web will stop working on my terrible "hacker" computer where I use firefox on linux?
2. How will this interact with browser extensions and dev tools? If websites won't function outside of chrome, will we be able to continue to drive chrome programmatically? Will chrome's dev tools still work? Will websites be told about my ad blocker extensions? Will webdriver (and similar tools) be blocked?
I really hate it - banks are already so inaccessible these days that it is a nightmare. Why isn't there a read-only key that I can use to programmatically and automatically pull transactions? I need to login though third-party OTC apps from an "unmodified" mobile phone (I only bought for banking, which I consider as e-waste the other 99% of time), download the proprietary PDFs, process them in some custom and complex Python code I hacked together, to finally extract the information into a proper usable format.
Just think about it: I really conceptualized how I can hook my Android phone to my server, add a digital camera to photograph the OTP-Code, OCR it and have a docker based Selenium script with chromedriver to login to my bank to pull the PDFs. All that just because big banks can afford to be so customer unfriendly.
Well, perhaps it will drive adoption of Web3 and permissionless decentralized open protocols — * ducks *
I mean — all this doom from HN about huge centralized corporations, about banks being inaccessible, but the moment you mention the only viable (at the moment) alternative — many people reach for their trusty downvote button.
I mean, with all the hate towards all alternatives to trusting Big Tech corporations, with all the effort to actively bury any potential to build and improve decentralized systems, some of you deserve to live in a world controlled by large states and corporations. This would be your future dystopia, because you actively dismissed every alternative out of hand. But it won’t be your future — because many people outside of HN continue to build systems like MaidSAFE, IPFS and BitTorrent which do not have these restrictions. There are far better and nore scalable networks coming out that are beyond blockchain and beyond smart contracts that allow building backends which CAN’T discriminate against clients, and let anyone generate their own public-private keys. Even though you may hate on these technologies and downvote any post mentioning them, they’ll be there when you finally need them. You’re welcome!!
> How much of the web will go dark to anyone not using a corpo software stack?
If you can detect if anyone is using a system that supports this then you can ban only them instead of allowing only them, right?
Maybe we should nip this in the bud? If even 10% of sites banned anyone with this enabled from day zero before anyone else is requiring it, users would turn it off and then it wouldn't be there for anyone else to use.
> I imagine bank websites will adopt this technology immediately, ...
I don't see banks adopting it at all for consumer banking. I work for a bank; I can tell you a bank isn't interested in adopting any technology that introduces friction for high-balance customers. What would they gain? A little extra fraud protection? You'll find lots of articles online spelling out the reasons that the optimal amount of fraud is not zero.
Plus they may start to see in person traffic soar. I won't have signed software, so now I'll go to the bank for all transactions while also filing FTC complaints.
I imagine many elderly folks that haven't kept their systems current or updated may also face the same issue.
For now. But in many countries you already have to show ID to buy a SIM card. This could be extended to all devices that have this key on them. And then it could become a dereliction of duty for certain types of websites not to do checks they could easily do.
> But in many countries you already have to show ID to buy a SIM card.
I can buy a SIM card that gives internet pretty much everywhere around the world with bitcoin with silent.link. Granted you don't get an IP matching the local country, but still...
You can do all sorts of things to circumvent all sorts of rules for all sorts of reasons.
But over time rules are tightened, penalties increased, more loopholes closed and fewer people will have the expertise, the determination, the funds and the nerve to work around the rules, even if it is theoretically their right to do so.
Eventually only hardened criminals and highly knowedgable and principled activists and professionals will realistically have access to some of these options.
This is the actual missing key bit. The problem that Google is trying to solve here is not actually a hardware / computational problem, it's a Real Identity problem. Hardware / TPMs are a poor proxy for solving that problem.
There's drastically less eWaste and impact on software freedom if you seek attestation from a national ID provider than if you seek attestation from one of a handful of personal electronics OEMs. National ID providers can offer to sign not only Real Identity attestations, but also anonymized attestations to protect citizen privacy. A web operator can decide whether to allow for attestations from only their own national ID provider, foreign national ID providers, private ID providers, or none at all if they just have a read-only site and don't really care.
The truth is that government inaction is forcing Big Tech down the road of violating user privacy and freedoms to solve Big Tech's problems. But getting the government to offer a flat Identity Provider playing field would solve these problems in a way that doesn't require such violation.
And what if I don't trust and don't want to rely on my citizenship government?
Being a Russian passport holder who lives abroad for years, I don't want to be in touch with my gov in any way possible, and moreover depend on it.
That's actually the case for millions of people from different countries with dictatorships, do you propose just to discriminate everyone outside of 20-30 countries with more or less democratic systems ? Those countries don't care about "citizen privacy".
Apart from that, we all see the bill in the UK which is as much a disaster to human freedoms as Russian and Chinese laws, for example. So even being a citizen of a more modern country is not a guarantee.
People don't always live in their country of citizenship, they don't always live in one place (see digital nomads) and have a residence, they don't always trust their government and they should not be discriminated on internet usage because of that. That makes a person more of a government property rather than a human being.
> Being a Russian passport holder who lives abroad for years, I don't want to be in touch with my gov in any way possible, and moreover depend on it.
Real identity doesn't necessarily mean passport. It can mean, for example, a visa issued by your host government; being a valid visa holder therefore grants you a valid digital identity issued by that country.
> People don't always live in their country of citizenship, they don't always live in one place (see digital nomads) and have a residence, they don't always trust their government and they should not be discriminated on internet usage because of that. That makes a person more of a government property rather than a human being.
Then let's get rid of passports. Sounds like the deeper issue, no? Wouldn't you agree that freedom of movement and immigration is a higher and more important freedom than freedom of internet access?
This is the world we live in. Immigration concerns exist. Government-issued identity is real. It just hasn't caught up to the 21st century.
That's true, I also don't understand why some people are "better" by the right of birth and not by things they did in life and pure merit.
There is basically no reason for, for example, African young person to be more restricted in his freedom of movement than European one, but we are where we are.
Though I believe while we have outdated and unfair system of belonging to some borders, it's better not to make it even worse by adding new layers of dependency on these IDs.
Wouldn't be better to add more opportunities equality instead of hardening it?
> Wouldn't be better to add more opportunities equality instead of hardening it?
I couldn't agree more, but you gotta apply the right leverage to the right problem, put the round pegs in the round holes and the square pegs in the square holes. Real digital identity does for the digital economy what credit cards did for the retail economy: dramatically reduce the cost of friction, and therefore dramatically expand, how much activity there will be. It is this reduction in friction which opens additional opportunities even to people with identities issued by less-favored governments. Separately, we can and should push to make qualified immigration simpler, faster, and for more applicants.
Digital (not strictly connected to real) identity is a not a bad thing in itself. But I honestly don't think that digital identity should be managed by governments or corporations, they already have too much leverage over individuals.
I am a bit opinionated about that, because I already saw lots of that in Russia with all these fancy "security" and "convenient" digital tools and how it ended.
Digital Id should be solved by some kind of WebOfTrust, private DIDs and somehow distributed reputation systems, not by centralized government databases. It's a straight way to tyranny.
> I honestly don't think that digital identity should be managed by governments or corporations, they already have too much leverage over individuals
The reason why it needs to be managed by the government is because legal contracts are ultimately enforced by government courts. Many things that, today, rely upon pen-and-paper signature (and Docusign-style electronic variants, which are just digital facades to the pen-and-paper reality), to get them enforced, require submitting more mountains of paperwork and physical appearances etc. We can't get out from behind that paper legacy, really start to explore contracts that can be disputed and enforced with simple online forms and no in-person appearances (everything from employment, to real estate / housing, to credit...) until the courts have a trustworthy to say, for this digital identity that signed that agreement, we know that it really was such-and-such a real person.
> It's a straight way to tyranny.
You'll disagree, but I would argue that it isn't more powerful tools that make government tyrannical, but a lack of education, poor culture, and a lack of checks-and-balances on government power. The government is supposed to have a monopoly on various parts of life, first and foremost a monopoly on violence (police, courts, and justice). "Democratic" but weak governments (consider e.g. Mexico, in the context of the drug wars) are ineffective at securing the blessings of life, liberty, and the pursuit of happiness; America has a history of strong governmental institutions that protect these rights. "Technology is neither good, nor evil, nor neutral, it simply is," and indeed, improving governmental strength by pushing past technical barriers is simply an orthogonal concern (IMO) to whether or not governments are just or tyrranical.
Pushback against voter ID laws would be ridiculous if those laws were accompanied with measures to make it cheap and easy for citizens to obtains the necessary ID. If those laws were accompanied by such measures most of the pushback would go away.
But in most of the states that have been pushing such laws that is very much not the case. The deliberately pick forms of ID that are less prevalent among poor and minority voters and that for many are expensive to obtain. In several they have also taken measures to make it even more difficult for those people to obtain ID.
For example if they require an ID that you get from the state's department of motor vehicles (DMV) they (in the name of budget cuts) close many DMV offices, and in the ones that remain open the cut back on the hours during which they will issue licenses to a few hours on weekdays. The closures mostly hit in poor and minority districts.
Yes, some of those laws do make some forms of acceptable ID free, but only in the sense that there is no fee to obtain that ID. Obtaining the documents necessary to obtain the ID will still have fees.
I’ve seen this argument repeated ad infinitum by opponents of voter ID. The idea that minorities and poor people are incapable of acquiring proper identification is so prejudice. Proper ID is essential for so many things. Almost everyone has one and can acquire one.
OP offered a bunch of reasons why the law proposals are discriminatory and insidious things they do to make it hard to obtain an ID.
You claim to believe it's not and offer no counter point outside of you feel it in your gut and a desire to deflect and attack OP for making the point by calling the poster prejudice.
I just read through each link and now fully understand the point you were making based on facts and evidence. You are right. I stand corrected. Thank you for taking the time to include so many sources. I really appreciate it.
It disenfranchises more people than fraudulent votes it prevents. Like, orders of magnitude more. If your goal is to accurately assess the opinion of the electorate, voter ID laws get you further from that goal, not closer to it.
It's theoretically possible, but for a year of my life, for example, I didn't have a residence and moved around. Lots of people do that to optimize their taxes. Why would you require to be a resident from a person to use an internet in the first place?
Being nobody's resident doesn't mean that you're not a human.
And anyway, there are a lot of people inside Russia, China, Iran, etc. And instead of helping them to use services with better privacy and consume uncensored views from outside id based system will give an impressive way to censor internet usage by government attesters. Have wrong views - say goodbye to the internet.
Dodging is illegal, being nobody's (or some low/zero tax country) tax resident and not paying anyone is perfectly fine, nothing wrong with that. Apart from maybe US with their specific global tax residence regulation.
You can stay in UAE for half a year, start being their resident with 0% tax and then moving around stayng less than 183 days anywhere. It's of course better to be connected to UAE or other low tax jurisdiction in case of "personal connection" taxes requirements. Nothing unethical, illegal or bad in that. As far as it's perfectly legal in lots of countries, that's optimizing and not dodging or avoiding.
If you are staying UAE resident this way, you probably will have some troubles receiving gov services, because you don't live there in fact most of the time (and you are still just a tax resident and not always resident in terms of long-term living permit).
Anyway, placing a person to be "managed" by some government is a really dystopian concept.
Bear in mind as well, you need to be earning a ton for the tax savings to offset the price of flights + price differential of short-term housing compared to long-term housing. You may have moral reasons for not wanting to pay taxes to a particular government, and there are of course quality-of-life benefits to being able to travel to so many places that can make it worth the cost, but I'm wary of claims that such nomadship actually saves anyone money.
Yeah, it's more profitable to reside in a low tax jurisdiction as I do, for example, but he asked me to elaborate on the idea and I know that such way of life exist and works perfectly fine for lots of people.
Th main idea as that I strongly disagree that a person must have an ID outside of some questionable country and that's more of an example. I personally traveled just because I wanted to travel a lot, it was before the war and stuff, but as I know currently lots of Russians, Ukrainians, Belorussians are changing countries to find the best for them. When you don't have home anymore, there is no reason to settle to the first place you visited.
BTW, 3 flights per year with 2-3 bags will cost you around 3k USD, you will probably overpay around 300-400 USD per month staying in Airbnb in low-cost of living countries like Thailand, so in fact the whole cost of moving will be around 7-10k USD per year. If you earn IT remote salary, you will probably save a lot.
Though you'll need a tax consultant to avoid breaking any tax law accidentally, but that's not so expensive outside of the EU and the US.
Any kind of digital National ID is a privacy disaster in itself because then things will use it to correlate your activity across different devices and services. That should not exist.
This entirely depends on what uses it. If every website on the planet starts requiring you to attest to your identity to view the site, then yes. If it's actually just banking and e-filing taxes, even if you're doing that over Tor from a burner laptop running Tails on library WiFi, the activity is attached to your identity anyway.
But if it's actually just banking and e-filing taxes then you don't need a "digital National ID" you just need a login to your bank and one government website, which have no real reason to even be the same login.
> Any kind of digital National ID is a privacy disaster in itself…
Ah, ha!
The PR spin necessary to kill this in the US would be to connect it national ID. I hadn’t thought of that.
A narrative about national ID with some vague “mark of the beast” insinuation thrown in and suddenly a large political faction who otherwise would care about this would be opposed. I like it.
I know your post is in jest, but I think you might not be aware of how suspicious right wing populists (especially bible reading right wing populists) are of Fed + Big Tech alliance. It will not take much to rally this group against these types of initiatives. There has been plenty of evidence of collaboration between Feds and Big Tech to suppress their political voice in the last 12 months (twitter files, FBI whistleblowers, etc)
I think a political strategy of getting rural school districts + 20 State governments to go on record saying they will not purchase or use computers that have Google WEI could be very effective.
No jesting on my part. I don’t buy into the “mark of the beast” narrative but if it works to help hold on to the freedom we have with personal computers I’ll hitch my wagon to it.
> I don’t buy into the “mark of the beast” narrative but if it works to help hold on to the freedom we have with personal computers I’ll hitch my wagon to it.
It's also worth considering where this stuff comes from instead of ascribing anything the other team says to superstitious fools and their invisible sky man.
Branding people like cattle wasn't invented in modernity. It's infamous Nazi behavior, and the Nazis weren't the first to do it either. It's so old that people centuries ago saw how bad it turns out and put a warning against it in their ancient book.
You don't have to believe in the devil to believe that history repeats and learn a lesson from the people who came before.
> It's also worth considering where this stuff comes from instead of ascribing anything the other team says to superstitious fools and their invisible sky man.
I didn’t say any of that. You have no idea what I believe beyond that I don’t buy into the “mark of the beast”. Anything else you read into my comment is something you read in.
That you went straight to comparing my comment to Nazism seems a bit uncharitable.
Why does everyone assume that a reply is meant as a dispute?
I'm not comparing your comment to Nazism, I'm comparing universal identity systems to Nazi behavior, because that's what they are. Their primary use, the major thing they do that decentralized credentials systems don't, is to facilitate mass surveillance and authoritarianism.
My point is that this has been understood for a long time, and the people who say "mark of the beast" have a legitimacy to their concern that has been demonstrated throughout history, regardless of whether or not you believe the fine details of the allegory.
> Why does everyone assume that a reply is meant as a dispute?
I took your particular reply as accusing me of being critical of religiosity-- specifically "...ascribing anything the other team says to superstitious fools and their invisible sky man."
I took your statement about "branding people" as a statement on this perceived accusation that I was speaking unfavorably about religiosity.
Your clarification that your were comparing universal identification to Nazism makes me read your comment in a different light.
Do you remember when electronic voting machine fraud was a mostly left-wing concern? Today I'm seeing the same sources dismiss the possibility out of hand. That was a bit of an eye-opener.
That entirely depends on how the mechanism is implemented.
For example you could have the website never knowing your actual ID but simply passing an encrypted string to the national server, which would return a 200 response if the document is valid. You could also have additional requests like "is the user 18+".
The website will just know the request is coming from something which has a valid ID available. The state will also not know which pages you browsed, only the domain of the request, just like with HTTPs your ISP does not know exactly the pages you browse but just the websites themselves.
And before someone talks about the state knowing your browser history: they already can by calling up your ISP, and they would get a lot more information than this mechanism would provide.
There's a lot of trust in that model. I would have to trust that the web server isn't passing extra information like the page I visited, that the government isn't passing back extra info like a unique identifier, and that the scripted strong is completely anonymous and single use.
If any of that trust is broken my privacy is at risk.
> And before someone talks about the state knowing your browser history: they already can by calling up your ISP, and they would get a lot more information than this mechanism would provide.
That depends on how you browse the internet today, and how the ISP tracks it. Simply using a different DNS service goes a long way, and using a VPN or the tor network may not be totally fool proof but should get around the basic drag nets am ISP is likely to use.
No, there isn't. It's basically an OAuth login flow. The spec is publicly documented, anyone can register applications and check if the government is responding as desired, both by correctly requesting auth for the correct scopes in the government-hosted auth page, and by checking that the data returned from the gov matches what the spec promises.
It will never work. It'll all come down to a single ID. No one is going to do an ipta more eork than necessary
Dissuade yourself of this illusion. Besides which, any type of "nerfed" system that avoids abusive patterns by design will just get
A) used as political chaff for jockeying by power hungry politicians as distraction fodder or FUD material
B) centralized by the intelligence community of your country, or an allied country with an agreement that they'll do the work for your government that your government can't.
There are things that simply should not, nay, must not be made.
The Single Identification Number is one. We have all the tools to do it today. The only thing keeping it from happening is refusal to implement at the grassroots level.
> The website will just know the request is coming from something which has a valid ID available. The state will also not know which pages you browsed, only the domain of the request, just like with HTTPs your ISP does not know exactly the pages you browse but just the websites themselves.
Just the domain is still a pretty major information leak.
> And before someone talks about the state knowing your browser history: they already can by calling up your ISP, and they would get a lot more information than this mechanism would provide.
Yeah, but they have to ask. This creates a system that requires preemptively sending them that information.
My ISP will tell them I spend most of my time connected to Mullvad VPN, and Mullvad will tell them they don't know anything about what any particular IP address was doing.
Having to give identity attestations either directly or proxied by a government server would make such anonymous browsing much more difficult, if not impossible.
Really the only way to defeat it would be by having all the citizens share their keys openly so no activity was ever guaranteed to belong to the credential owner.
With the system you propose, the state would positively know that "citizen 24601 is being age verified at ObscenePornForConsentingAdults.com".
The ISP, with SNI implemented, would only be able to tell the state that "a device connected through this physical location accessed a server through Cloudflare".
1. 18+website tells the browser age verification is needed, gives a random token
2. Browser signs a verification request with the local ID card (or a key temporality allowed to do so), forwards it to government server
3. Government server sees the request with random token, signs both, answer the browser
4. Browser forwards signed attestation to 18+website.
The government server only sees the random token. The website only has the attestation. There are other things that can be nitpicked against, but not this. For instance, can we require local ID cards? What about foreign visitors? Possibly an attestation from their passport? And of course, browsers sit in the middle and see everything.
However, this could be a useful mechanism to have. For age verification, nationality check, or even identity check on official websites. And if we have this, it's bound to be abused in some ways (Facebook could require an ID check).
Also worth noting that if the system is designed in this way then anyone can set up a "pretend I'm 21" service which will sign anybody's token using a random adult's ID because it can't be traced back to them.
Conversely, that system is not secure if the site conspires with the government, because the government could record the signature (or the token) and then compare it to the one the site has to violate the anonymity of a legitimate user. There are forms of encryption that prevent this (the user does a cryptographic operation on their own device that munges the data so the site can still verify the signature but can't tell which one it was), but now you need the government to implement that system -- and update it if any vulnerability is found -- and do a coordinated update of all the sites in the world with the new protocol that patches whatever vulnerability is found -- and do this rapidly and competently because in the meantime the system would have to be taken offline to avoid it being actively exploited.
France has an app in beta right now called "France identité".
It can replace your physical ID but it also has other useful features.
The most useful one is the ability to generate Identity Proofs that contain only the minimum required information to prove your identity.
They even have an expiration date, a named recever and a motive.
Of course the receiver can verify their legitimacy in the app.
No more sending copies of your ID !
I also think one of the features is proof of majority without revealing your identity. Probably made for adult websites because a ruling was made a while ago that they would have to enforce age restrictions better.
I think there is a 10% probability of a new, decentralized network forming in the next 5 years, replacing the internet / web as it becomes more authoritarian and centrally controlled.
I speculate that it might start off as a mesh network, maybe using unregulated spectrum on a local level. It will probably resemble BBS fidonet, but with more modern features. bandwidth and E2E latency will be terrible, but it will be free.
As long as there are skilled engineers who have the spirit of freedom, there will always be an 'open' network for humanity to communicate (with all the good and ills that comes with 'open').
Do you honestly think any significant amount of people will put up with the setup, latency, and inability to use their bank's website that would entail?
Most people don't know how the internet works, don't care as long as it works and do not think about it beyond that.
The high water mark of Joe Q. Public giving a damn about DRM or anything related to it was when Keurig added DRM to their coffee machines. As soon as the normies who cared enough to do something about it (which still was nowhere near a majority of Keurig owners/users) found a simple workaround they stopped giving a damn again.
The general public doesn't care, and won't care until it actually materially affects them. Until then they'll look at the people who do care as weirdos. And even then, plenty of people still won't care so long as they can access their social media etc. on their shiny new iPhone 28 or whatever version is out when that time comes.
The web was successful because it wasn't a lock down platform, any client could talk to any website.
Google is essentially hijacking the web and turning it into something that it can entirely control and dictate, since Google owns not only critical infrastructure (Chromium, the most used browser), but the most visited websites (Youtube, Search). That's a coup d'état, no more no less.
And the slippery slope is abrupt dude, we went from EME which was already spyware to WEI, and there will be a next step, since we would have already accepted Google's supremacy.
I wonder if the internet will migrate to a radio spectrum allocation type system (I'm aware of APNIC - yes it's the same legally) where there's the Google spectrum, the MSFT spectrum etc...and they run all these enclaves but with their own credential tokens
In which case the internet we all grew up creating will effectively turn into the "Ham radio" of digital computer communications and will be effectively bandwidth throttled the way amateur spectrum allocation is
Doesn't seem crazy that something like this would be the end result
they're looking for a way to completely capture the "boons afforded by digital assets" (digital goods)
if they control your computer, they can prevent you from incurring in 'illegal' activities such as piracy
but it all boils down to the logic of the market, the raw fact that capitalism works even with marginal costs. but when copying (and distribution) costs go lower (less than 'marginal' down to zero cost) it all starts to break down
if people aren't selling digital assets to each other (which doesn't make sense with the technology we have right now), they cannot be taxed and so on.
solution: fix the technology. make it so that only those with specially authorized keys (trust worthy actors) can copy digital information at will. everybody else will have to pay them for this privilege.
oh and nevermind the fact that computers work by copying bits all over the place
There's going to be some harsh language in the post, because this stuff pisses me off to no end, and what you're talking about, ultimately, is none of those things.
We've allowed a lot of people to become really fucking lazy. That's the bottom line. Baby Boomers, some Millennials (not all), and a lot of Gen Z.
Generation X had no choice but to gain a strong knowledge of computers if they wanted to do anything on the Internet, because it was still difficult, it still required a little reading, and you couldn't just press the WPS button on your router to connect your new MacBook Pro.
Every single problem the web faces is that. Period.
A lot of people never had to learn jack shit, so they don't know jack shit. They can't tell the difference in a legitimate website versus one that isn't. They don't know how to read a web address. They can't figure out that irs.gov is legitimate and irs.4doad04ldud.com isn't. I have met people who are 50+ years old who have used Windows computers since they were 22 years old, but look absolutely goddamned dumbfounded when you tell them, "Just click on the Start button and go to Word."
Fuck.
Them.
Fuck every single one of them. We have tolerated lazy uninterested users for long enough. I'm not saying every computer user needs to be able to debug assembly code and fix their own driver issue by rewriting it from the ground up. I'm saying that as a society, we have progressed past the point where you can throw your hands up and say, "I'm JuSt NoT A CoMpUtEr PeRsOn!"
To quote Captain Jean-Luc Picard, "NOT GOOD ENOUGH! NOT GOOD ENOUGH, DAMMIT!"
And the entire industry across the entire planet and every single national, state, county, city, provencial, whatever government is going to have to get onboard, come together, and say, "Okay, here's a baseline set of knowledge about how computers and our communications systems work that every single human being needs to have."
You cannot "tech" your way out of this problem. Not without massive corporate and government overreach and invasion of people's privacy. Lazy shitty people are just going to have to be made to suffer until they stop being lazy and shitty. There are plenty of average IQ people who can grasp the basics of how their computer and the Internet work - but they're never made to. Well it's time to start making them.
The dumbing down of every single technological product and concept does our species no favors.
Not sure why this has no reaction. While this is the very forceful version of it I think the piss poor education of people is very obviously a huge contributor here and to nearly every other problem in the past few years.
>Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests.
If this is the future, I'm going to say "fuck the internet" and return to the soil.
During the pandemic society as a whole showed a strong affinity for authoritarianism over freedom if it could be justified in terms of dubious safety gains. Governments and businesses took note of just how easy it was and especially how willing much of the public was to assist the authoritarians to achieve their goals. Expect a never ending series of these initiatives to make everything "safe", that will coincidentally also accelerate the centralization of power over everything.
What a great way to start an article. Insult your audience.
> If you haven’t been under a rock, you may have heard about Google’s evil Web Environment Integrity “proposal”. Supposedly, this is to make sure a browser environemnt can be “trusted”, but it seems Google wants this so they can kill ad blockers.
Also you misspelled environment. Surprising for a geological enthusiast.
Actually it was a pyrrhic victory, as Microsoft went on to apply their ideas to XBox, Azure Sphere, and now the change is coming back as future Windows hardware requirements for secure workstations via Pluton integration.
https://www.microsoft.com/en-us/security/blog/2020/11/17/mee...
I bet mostly UNIX focused folks haven't noticed that their next PC might have a Pluton CPU on them.
https://www.thurrott.com/hardware/260917/here-come-the-first...