- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Why are we saying “engineers” when we know full well there isn’t a single qualified engineer in there that thinks this bullshit is a good idea?
This is management being management.
It’s a bad idea to assume everyone in the field is of a similar mindset and philosophy. There are a LOT of people who genuinely want to make the world worse and see things like adblocking as piracy.
In fact, I’ve met people who hate the concept of Open Source and want things to be closer to creative fields. They’re shortsighted of course, greedy. But the basis doesn’t change the outcome. Yes, it’s blatantly their desires to “own” a piece of code the same way musicians often own a movie’s score and get licensing fees on them that led that path. But they still walked it and they still exist and they’re still out there, hoping for the day they get to go against you.
I dunno, I’ve met a few engineers that fancied themselves as being smarter than everyone else. Their ideas were the only ones that held merit due to their belief that they were ‘enlightened’, so to speak.
The vast majority I’ve met are normal, well-adjusted human beings that think the ‘smart’ ones are full of it. Specifically, they they can’t seem to see the forest for the trees.
Ah, Elon’s.
But they will still implement it. Does it really matter if they didn’t come up with the idea if they are the people that will build it up?
The world collectively decided that just following orders wasn’t excuse for doing something wrong. While this might be quite as cut and dry a situation, it is definitely partially the fault of those who implement this. Engineers aren’t the type of laborers that risk homelessness and suffering when quitting a job typically. They have the privilege of withholding their labor that most Americans don’t. They choose not to exercise it, which leaves two options, indifference, or support, of these implementations.
It does matter, because the article uses the word “want”.
So these assh… are going to pay the wasted data from metered connections? they’ll pay me money? they can also guarantee that malware is not spread anymore via ad networks? sure sure.
When a machine gets infected with malware because of drop-in ad content, the ad broker should be liable to the machine owner for $$$.
Should be. As far as I know they are. But nobody seems to care…
We should ask the EU already
Louis posted a video on a much bigger problem that Google has with ads. These campaigns seem to completely neglect.
In short: it’s fake views. That’s were advertisers pay for viewed ads, but the view happened to a bot. Ad block at least doesn’t discourage advertisers since they don’t pay for unviewed ads.
Ultimately, my browser must render each web page element, no? I don’t see how an ad blocker could be impossible, unless ads are part of the content itself like what happens with video streaming.
The browser could just refuse to attest if you’ve got an ad blocker enabled. That’s the whole point of this.
So let the browser live unmodified. Intercept JavaScript on memory and block it. Of course there’s a way, no matter how complex, to stop a remote server from displaying something on your screen - Google isn’t controlling your graphics driver (well, unless you’re using ChromeOS 😅)
Actually, they are controlling your graphics driver. If you’re using a custom driver you’ll fail attestation because you have untrusted code in your kernel and/or browser process. I expect this will also fail if you’re using an old driver with known vulnerabilities that allow you to use your own device in unexpected ways.
Chrome can’t determine what my kernel is doing, unless I give it admin privileges.
I’m not giving a browser admin privileges, and I can guarantee they’ll not make it mandatory otherwise many educational and business machines would be locked out of Chrome.
Your TPM unit in the motherboard has more privileges than you do. It attests to the integrity of the kernel, graphics driver included, and the kernel attests to the integrity of the browser and any peripherals.
That’s not what the TPM does, though you could theoretically build up a chain of trust based, partially, on the TPM.
That being said, this doesn’t change the level at which the browser runs, how much it’s aware of my screen, and most importantly, it’s once again obviously not going to be anywhere near required unless Google is about to halve Chrome usage worldwide.
Why can’t it? I’m sure Windows allows non-admin processes to get information about active drivers, secure their own memory, and provide attestation that they are secured, provided TPM and secure boot are enabled.
I’m not sure about what you’re talking about here. I’m not suggesting ad blocking will require an aftermarket modified Nvidia driver.
You said “Google isn’t controlling your graphics driver”
Ads need to be blocked at a higher level. Get as many as possible to vow to never buy a thing advertised on a webpage. You see an ad, that thing advertised gets a no-buy stamp.
That’s not how people’s minds work, even if you managed to convince everyone to do it.
Wasn’t this tried with videos already? graphic overlay mode or something, for a few years you can’t even take a snapshot of a video playing on your screen, you just get a black box.
And now people forgot it was ever a thing.
I’m pretty sure overlay mode was always about performance, not preventing screenshots.
It’s still very much a thing and works fairly well to protect high quality DRM content. People forgot it’s a thing because a regular person is rarely in a situation where it would prevent them from doing something.
The major point is not so much whether your browser could block ads - your point regarding the browser ultimately having to render each element is true. The problem is that if the web server gets a request from an unattested browser (such as an old version, or one that has an ad blocker installed), it will refuse to serve any content, not just ads.
Regular people will inevitably get frustrated and we end up in scenarios like “<x browser>is bad, it doesn’t work with <y site>” because of this proposal, and more and more people end up switching until you have to use a compliant (Chromium-based) browser to do anything at all on the internet, and Google’s strangehold on web standards solidifies even further.
It’s possible but not particularly plausible.
Someone always finds a way.
Technical explainer:
https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md#how-it-worksIt apparently requires some kind of proprietary operating environment to function, thus making it compatible with free (as in freedom) computing. You would need either a proprietary library/OS or an open OS but a proprietary piece of vendor hardware to act as the attester.
Assuming you meant incompatible.
It’s been evident big tech wants their own corporate intranet of sorts. Perhaps we’re seeing the beginnings of a great net split. That’s if there’s enough movement to forge on with a free (as in libre) standards regardless of what big tech is doing on their own.
I’ll just use AI to filter out ads in future. Too bad advertisement needs to be recognizable, so AI can.