I’m happy to see this being noticed more and more. Google wants to destroy the open web, so it’s a lot at stake.
Google basically says “Trust us”. What a joke.
From this github comment:
If you oppose this, don’t just comment and complain, contact your antitrust authority today:
- UK:
Dear madam/sir
I dont trust googel. take me seriously.
yours, Willer
Dense US citizen here. Eli5 how I should explain “just trust us not to abuse collection of all your data or else get locked out of the world wide web” applies to antitrust laws for the FTC?
I’m genuinely wanting to submit an email complaint/report. I understand that WEI protects nothing, but risks your data with all the sites you visit, all in an effort just to block possibly unprofitable users – but I’m not sure how to tie in and word the Breaks Antitrust Laws part.
Thank for your time to post these links.
Nothing dense in this, I don’t quite know what to write either. In my opinion what you wrote in your comment is just perfect, you’re a citizen simply expressing an honest concern, without lying – not all people are tech-savvy. It also makes it clear that it’s a letter from a real person.
But that’s only my point of view, and maybe I haven’t thought enough steps ahead. Let’s see what other people suggest and why.
Another dense citizen here. I ould say that you put it quite eloquently in your comment.
But direct the question towards them.
“Would googles new changes on their ad and user policy be affected by FTC data protection laws and GDPR or would they be in compliance”
Or something among those lines.
*waiting patiently for EU to catch on to this.
Google may not like the outcome…
They claim it’s to prevent bots, but we all know it’ll soon become standard in every WAF out there (Cloudflare, Akamai, etc) to just blanket block browsers failing attestation.
All you need to know what will happen is to root an Android phone. You’d expect Netflix and bank apps and other highly sensitive apps to stop working. Okay, I can accept that, it kind of make sense. But the more you use the phone the more you realize a ton of apps also refuse to work. Zoom complains and marks your session as insecure, the Speedtest app refuses to test your speed, even the fucking weather app won’t give you weather anymore. Jira/Confluence/Outlook/Teams also complain about it. It’s ridiculous.
Even if it’d trust Google to not misuse the feature and genuinely use it to reduce ad fraud, the problem is the rest of the developers and companies. Those, they absolutely cannot be trusted to not abuse the feature to block everyone. Security “consultants” will start mandating its use to pass security audits, government websites will absolute use it, and before you know it, half the web refuses to work unless you use Chrome, Edge or Safari.
Yup I noticed this also. I used a rooted phone without Google apps on it and so many apps simply refused to work. They use Googles api in the background which means Google finds out about literally everything we do on our phones. They already own the entire operating system but we can’t even run apps without them being in the middle.
This is all similar to using Microsoft Windows or Mac OS so I guess people are so used to this behavior that it’s somehow ok.
But I’m a long term Linux user and I’m used to the OS not calling home and not reporting what apps I use. And this is how it should be. I’m so over big tech it’s not even funny anymore.
It’s even worse without Google apps, but I was talking about SatetyNet/PlayIntegrity specifically.
The mere act of unlocking the bootloader, without even modifying anything, will cause all the problems I outlined, and it’s the same API that Google is proposing to use by browsers to check for device integrity.
Stuff depending on Google libraries, eh, that annoying but people can and will reimplement those, be it microG or Wine/Proton. Not being able to see the weather I literally could get just looking out the window because my bootloader is unlocked? That’s insane.
I used a rooted phone without Google apps on it and so many apps simply refused to work. They use Googles api in the background
This has nothing to do with being rooted but with Google encouraging people to build apps using its proprietary libraries to make Google Android more valuable than Android Open Source Project. There may be a connection to the EU’s attempts to stop Google from forcibly bundling several of its other apps with the Play Store.
For most use cases, good alternatives are available and it’s just a matter of developers being lazy, but I’m not sure there’s another good option for chat apps to get timely notifications without high battery consumption. MicroG provides an open source alternative to Google’s libraries and works for most apps, including chat notifications.
It’s a bit worse than just Google libraries, apps can use Play Integrity which uses hardware attestation to validate it’s bootloader lock status and that it’s running a vendor signed and Google approved ROM.
Current bypasses emulate older devices without the necessary hardware, but those will eventually stop working and there won’t be bypasses unless someone leaks some master keys or finds TPM exploits to trick it into signing the integrity request. It’s very bad.
Yes, but they’re two separate issues. Many apps that don’t care whether you have root or a third-party Android build use Google’s libraries.
Patching apps is another workaround. It won’t beat server-side checks, but I think those are still fairly rare. ReVanced makes it easy to do, though I’m not sure there are patches related to SafetyNet yet.
This is all similar to using Microsoft Windows or Mac OS so I guess people are so used to this behavior that it’s somehow ok.
Not so much used to it, but just kinda sigh and accept it because I like my apps to work. I’m a long time Linux user as well, and I still have to keep a Windows box around for random shit that just refuses to work on Linux for various bogus reasons.
I have a rooted LineageOS running Android and besides Kostum widgest everything is working fine. Yea I had to fiddle around with the banking app, but other than some popups and ingame stores not working everything is fine.
I use e os and no problems here
I heard spoofing safety net is possible with magisk so banking apps should work with it
Unfortunately some apps don’t check only for SafetyNet
What other ways are there? At least my banking app worked with spoofed safetynet
Checking whether the bootloader is locked or not, checking for abnormal system properties like whether the ROM is using release keys or test keys, and other methods that idk of, you can test momo which is an app that checks the environment and tells you if there is anything abnormal about it, some use it to check if they were successful at hiding root and anything abnormal
They don’t care about a “safe web environment”. That is not making them any more money. Knowing much more about their users and being able to perfectly match everything a user does anywhere with Googles advertising business, though, will.
This is actually in correct. They do care about it because they are going to enforce a standard. Which means they will be able to force ads to be displayed. Ads is Google’s main revenue source.
deleted by creator
Yes exactly. This is what worries me the most since I also run only Linux, and I can’t imagine even being interested in computers anymore if Linux is not allowed on the web. That would be horrific.
It’s 100% critically dangerous and must be stopped.
deleted by creator
They’ve needed to be broken up for over a decade now, but that’d require the government to actually enforce antitrust/monopoly laws
The FTC is apparently going after Amazon, so I’d be curious to see how that goes
If it goes anything like Microsoft’s antitrust trial, they’ll drag it out until they get a complicit administration to settle with.
Yup. It’s the first FTC in a long time that’s even tried to do their job. Really hoping they have success.
It’s crazy to think that a little over two decades ago, Microsoft was almost broken up for selling an operating system and a web browser. How monopolistic!
I want to live in the timeline whete Microsoft was borken up
What really disturbs me is how the recent tech shenanigans have been a long time coming; seems the internet we have come to know for the last 15 years only existed thanks to the ridiculous interest rates post 2008.
I’d be interested to hear more of your theory on this:
the internet we have come to know for the last 15 years only existed thanks to the ridiculous interest rates post 2008.
I think this article from the Verge explains it pretty well.
tl;dr:
- The Fed kept interest rates low from 2008 to 2021. Low interest rates made it easier to borrow money and meant that debt-backed investments like bonds had a low return, so investors favored stocks for a better yield on their investment.
- This meant tech companies could borrow a ton of money at low interest rates and raise a ton of money from investors through stock sales, allowing them to build services that weren’t profitable in order to grow as rapidly as possible. This basically defined the internet as we know it today - big companies offering free/cheap services with minimal restrictions. Companies could afford to charge low fees and look the other way on things like ad blockers.
- However, now that interest rates are going up, borrowing is much more expensive and investors are less motivated to buy stock, so all that easy money has dried up. Companies are having to raise revenue by increasing prices, adding more ads, blocking ad blockers, etc.
I’m just a layman, but it has been nagging my brain how all these big tech companies seem to be turning shitty all at once. I’ve seen others propose similar explanations, but the basic idea is that the historically low rates got them addicted to “free” capital. Now the faucet has been slammed shut and they have to make up for the shortfall.
Also, it’s not just big tech at fault. The massive worldwide inflation we’ve experienced happened for the same reason - shortsighted greed.
It’s definitely the high interest rates. All of tech has been built on venture capitalist money with “grow at all costs” as the primary strategy. With sustained higher interest rates, VC money is much harder to get. The focus has gone from “grow at all costs” to “become profitable at all costs.” It’s jarring, and it’s happening everywhere at the same time.
Online services cost a lot of money. People don’t realize how much because VCs and corpos w/ deep pockets have been subsidizing most major services for a long time. Now that the free money period is more-or-less over, these services need to start paying the bills with their users - commence enshittification
Well it’s not that they “need to pay bills” they make plenty money to pay bills with the revenue they already earn. The issue is that capitalism demands not just profits, but continually increasing profits each quarter.
To put thing in perspective and trying to not use too obscure financial terms:
- Company’s stock prices are related to their Earnings (i.e. their profits) via what’s called a Price/Earnings Ratio: basically the idea is that each stock entitles you to a shared of their profits (via dividends: a share of a company’s profits which is paid to those who have shares in that company), so if their profits are higher their stock prices should be higher too because each stock entitles you to get more money in dividends.
There’s some extra maths here because different companies split iownership in a different number of stocks but the basic principle is that the total value of all stocks in the company at the current stock price are related to its yearly profits.
Now, run-of-the-mill companies (say, traditional automakers, energy companies and so on) have P/E ratios around maybe 20 or 30 (it varies from company to company and depends on the general stockmarket mood, going up when people are more hopeful - i.e. bully - and down when they’re less hopeful - i.e. bearish).
By comparison Tech companies (and that includes automakers who managed to pass themselves as Tech companies, such as Tesla) have P/E ratios of around 80, 120 and going all the way at times to infinity for companies not making profits (Twitter for a long time was losing money and had a P/E of infinity).
By the way, this is how Tesla manages to have a higher total market worth (the price of each stock times the total number of stock) higher than companies which sell 10x+ more cars: it’s treated as Tech, hence gets this magical boost to stock price.
So, what’s the stated reason for this: well, those holding those stocks at such prices claim it’s because the growth prospects of such companies are huge.
In reality (IMHO) a lot of it is just speculation, and now that holding stocks at inflated stock prices whilst you wait for a bigger sucker to buy them from you for even more money is something that might actually loose you money (unlike before with zero interst rates, now that interest rates are back up you often could be making more money from it if you bought treasuries instead) the speculative “hold, wait and see if they grow massivelly” posture on stocks (which was even done with lent money on which 0% interest was paid) isn’t anywhere as appealing so it’s unravelling.
So all of the sudden Tech companies are having to justify stock prices the same way as traditional companies do: by having profits that justify them, hence lowering their P/E ratios from la-la-land values to something more realistic.
Linux would still be allowed, but you would have to use Chromium.
This is why projects like tor are important
“All Google associated platforms hereby block all ios devices.”
I am not a fan of apple. But this would piss a lot of people off but is well within their ability and rights to do. And unfortunately they have enough of a monopoly with the internet (Google, youtube, and all the other sites served through their dns) that they can essentially break the internet for people they block. They would get 90% of those ios users to switch to Android.
The flow of information through the internet is one of the greatest advancements of man kind and we have to trust a massive cooperation not to destroy it.
The fact that they have that much of a monopoly is exactly why it isn’t legal, but those laws are basically never enforced
I am not a fan of apple. But this would piss a lot of people off but is well within their ability and rights to do.
That’s a goddamn lie. They absolutely DO NOT have the “right” to engage in behavior that blatantly anti-competitive!
Ok they the power and apparently the legal power*
Ad of right now ues and until ftc grow a spine
You underestimate the willingness of iOS users to tolerate a sub-par experience in exchange for their fancy walled garden ecosystem.
Just the os alone is restrictive as hell, and they don’t care.
Could they do it? Maybe. But it would be profoundly stupid of them to try.
Your high-horse opinion of Apple users aside, you are right that OP is greatly overestimating people’s commitment to google’s services over their iPhones.
I think you underestimate how much of the internet depends on Google to operate.
Apple already has attestation in safari, so why would any major companies exclude them when they offer it also?
Google would be really stupid to try to exclude apple os, because apple has safari. They would lose their iOS users, iOS users wouldn’t become android users.
I guess if such things were to concretise, alternative ways would rise. Slowly and far less efficient than the Google engine, but I guess there is always a solution. Maybe a network of relay, like VPN but for accesing Google domains ? I know it would be far from perfect…
Boycott companies that act like this.
Legislate against and use anti-trust law to destroy companies that act like this. Boycotts, while not a bad idea, aren’t even close to sufficient.
WEI can potentially be used to impose restrictions on unlawful activities on the internet, such as downloading YouTube videos and other content, ad blocking, web scraping, etc.
Not one of those things is illegal.
Some are against a site’s TOS and some are outright fine.
This is the most disturbing “boring dystopia” thing yet.
Yeah that’s bullsh*t by the author of the article.
Well ai scrapping is against copyright.
Scraping itself is not illegal. It’s not until an AI generates a copyrighted IP that it becomes an issue.
It’s like if I were trying to start an art business. You come to me and ask me to draw a princess. I’ve never seen a princess before, so I go online and look up images of princesses to get an idea what to draw. I go back to the studio and draw you a picture of Snow White.
Me looking up princess images is fine. It’s only when I sell a Disney® IP without their permission that it becomes illegal. And, even then, it’s a civil matter, not criminal.
While you are at it, convince Apple to allow Firefox on iOS, and decline to use WEI in Safari. Otherwise there’s no way to avoid WEI on iPhone, and only one mainstream rendering engine free of this insidious malware. Many companies will shy away from it if it breaks mobile apps on the Apple platform.
I think with the possibility of sidloading apps, Apple in Eu will have Firefox
Here’s hoping that happens, but it still won’t fix two things: Firefox is kinda weird and clumsy on mobile, and it’ll still need attestation if that’s implemented on key websites as a hard-barrier to usage. I’m now on Android (I alternate between the two, so next cycle will be Apple), and even as a highly technical type I don’t sideload on there anyway, so I think few will sideload on iOS either.
Vote with your wallet. Corporations only understand money. If users leave because they are not getting what they want, they’ll get what they want.
On mobile web in iOS browsers, they’ll just do the old “install our app to continue” move.
Probably, which gives more ways to collect data and still uses WebKit underneath.
If you are not using Firefox now is a good time to start.
Just switched yesterday, was way easier than I thought it would be. I’m converted on all my devices, all my stuff has been synced from Chrome in a few clicks. Just do it people.
If you haven’t already, check out Firefox Sync.
You can sync your stuff across Firefox instances (PC, mobile, different PC profiles etc.) You can choose to sync logins, open tabs, bookmarks, add-ons etc.
Each place you use Firefox can choose to sync different stuff, so for example you can sync logins everywhere but only sync open tabs on the PC.
In case you replace the phone or your PC HDD crashes etc. all you have to do is login back to Firefox Sync and you get all that stuff back.
I have too use Edge at work. Is Edge also implementing this shit?
Im so sorry u should use it…
deleted by creator
I’ve been using Firefox mobile for a few years now too, and the one thing I’ll point out is that the addon store is a lot more limited than on PC – unless you’re using Firefox nightly or beta, which lets you use any. But for the average user that only needs ublock or noscript, etc. it’s a perfect choice:)
I recently switched and all’s good so far. Correct me if I’m wrong, wei would also be able to block certain browsers, including Firefox, right? I wish just switching browsers would be enough to avoid Wei though :/
If google gets their way websites will be able to block OS’s and browsers. But if enough people switch to Firefox they won’t be able to push this change as easily. Google Chrome has about an 80% marketshare in the browser market and most of the alternatives are forks of Chromium which google controls. If this doesn’t change Google will be able to do anything they want.
Firefox in the meanwhile but long term we need to move away from the unfathomably bloated web
protocolstandard/browsers.Web protocol? Which one?
I wouldn’t consider http or dns bloated, for instance. And tcp/ip isn’t web-specific enough for me to think that’s what you mean by “the web protocol”.
Are you just trying to say you don’t like websites in a way that sounds techy?
I’m referring to the totality of what is required to make a complete and secure web browser from scratch.
That’s a rant about the complexity of modern browser engines, not the protocols. The web worked just fine before CSS and JS. The protocols aren’t the problem. Lynx is still being maintained if you want the web without the bloat of features like js and inline images.
I believe the rant demonstrates there cannot be more competition for browsers and therefore justifies the idea that browsers will stagnate and come to an end. I think the solution will be to move away from one application doing many things to using separate software dedicated to narrow purposes.
What’s the “web protocol”? Are you talking about HTTP?
I wish I’d said “web standards” instead.
You mean HTML, CSS, JavaScript, etc?
Including those but also all specifications defined by the W3C. I would post other examples here but I’m out of my depth.
Ok well, the modern web technology ecosystem is incredibly featureful and flexible, it allows a huge array of options for building rich interactive applications, all delivered to your browser on-demand in a few seconds.
Sure some of the technologies involved aren’t perfect (and I challenge you to find any system that feature-rich that doesn’t have a few dark corners), but there really no alternative option that comes close in terms of flexibility and maturity.
I’m glad the reaction all around seems to be “That’s sus as fuck”
It’s time to use web integrity against them, by blocking access to your site if they “pass” integrity checks, and telling them to use a freedom respecting browser instead.
This is actually already implemented, see here.
Absolutely. And build web sites where all browsers and operating systems are welcome.
Not that I find idea bad but doesn’t this statement contradict the one you’re commenting?
Yes you are right actually. :P
Can’t get that past a programmer can I… :)
I would support this
There is no defense of the move. It’s bad for the internet. Pure and simple!
There’s an ongoing protest against this on GitHub, symbolically modifying the code that would implement this in Chromium. See this lemmy post by the person who had this idea, and this GitHub commit. Feel free to “Review changes” –> “Approve”. Around 300 people have joined so far.
I don’t think filling Google repositories with complaints and well-intentioned, but garbage issues/pull requests. At best they’ll just delete them occasionally and at worst work less in the open, changing permissions on repositories, doing discussions more in internal tools.
What you can do is support alternative browsers, get other people to use them too and notify news as well as your local politicians about such problems. Maybe join organizations on protecting privacy or computer clubs (in Germany, support e.g. Netzpolitik.org and CCC).
Maybe acknowledge what the in-principle good things about WEI would be and support alternative means of achieving them. This proposal uses good things like less reliance on captchas and tracking, a simple to use API to enable a huge potential for abuse and power grab. Alternatives might be a privacy pass, as mentioned by WebKit https://github.com/WebKit/standards-positions/issues/234
(also @[email protected])
Maybe it is pointless, maybe it is a bad idea. Maybe not. It’s difficult to predict what this kind of small-scale actions will have on the big picture and future development. No matter what you choose or not choose to do, it’s always a gamble. My way of thinking is that it’s good if people say, through this kind of gestures, “I’m vigilant, I won’t allow just anything to be done to me. There’s a line that shouldn’t be crossed”.
Of course you’re right about supporting and choosing alternative browsers, and similar initiatives. There are many initiatives on that front as well. I’ve never used Chrome, to be honest; always Firefox. But now I’ve even uninstalled the Chromium that came pre-installed on my (Ubuntu) machines. Besides that I ditched gmail years ago, and I’ve also decided to flatly refuse to use Google tools (Google docs and whatnot) with collaborators, as a matter of principle. If that means I’m cut out of projects, so be it.
Regarding WEI, I see your point, but I see dangers in “acknowledging” too much. If you read the “explainer” by the Google engineers, or in general their replies to comments and criticisms, you see that they constantly use deceiving, manipulative, and evasive language. As an example, the “explainer” says a lot “the user needs this”, “the user desires that”, but when you unfold the real meaning of the sentences it’s clear it isn’t something done for the user.
This creates a need for human users to prove to websites that they’re human
Note the “need for human users”, but the sentence actually means “websites need that users prove…”. This is just an example. The whole explainer is written in such a deceiving manner.
The replies to criticisms are all evasive. They don’t reply the actual questions or issues, they start off a tangent and spout a lot of blah blah with “benefit”, “user”, and other soothing words – but the actual question or issue never gets addressed. (Well, if this isn’t done on purpose, then it means they are mentally impaired, with sub-normal comprehension skills).
I fuc*ing hate this kind of deceiving, politician talk – which is a red flag that they’re up to no good – and I know from personal experience that as soon as you “acknowledge” something, they’ll drag your into their circular, empty blabber while they do what they please.
More generally, I think we should do something against the current ad-based society and economy. So NO to WEI for me.
That PR doesn’t appear to make any sense. It modifies an include rule, so at best it would make Android Webview fail to compile.
deleted by creator
They used to have a motto like “Do no evil”, which was kinda sus to begin with (they were a search engine in a time when many didn’t even consider the evil possibilities of the internet). But if you start out with a motto like that, it’s even more sus if you suddenly drop it, which they did.
Usually when a company loudly proclaims that “we have this quality” they’re compensating for not in fact having it.
You get the same in people: “I’m so smart”, “I’m so beautiful”, “I’m so confident” and so on are usually said to others by people who don’t actually believe they have such (otherwise self-evident) qualities.
In that logic “Do no Evil” was a red flag.
Google does not have a trusted position.
From the point of web infrastructure and standards, they certainly do.
It won’t block browsers that spoof their identity? Yeah, sure.
Trust me, I’m Google.
Hey kid, I’m a computer. Stop all the downloading.
Help computer.
Who wants a body massage?
You’re not cooking…
Pork chop sammiches!
G I Joooee.
The fraud-fighting project has fired up quite a controversy
fraud-fighting? Even Google’s initial pitch was explicitly describing it as a way to sell more ads.
I wish they’d have grown a pair and outright said “we’re forbidding ad blockers in Chrome, come at us”. I bet there’d be less controversy. This WEI thing just makes them look like sniveling weasels.