So let the browser live unmodified. Intercept JavaScript on memory and block it. Of course there’s a way, no matter how complex, to stop a remote server from displaying something on your screen - Google isn’t controlling your graphics driver (well, unless you’re using ChromeOS 😅)
Actually, they are controlling your graphics driver. If you’re using a custom driver you’ll fail attestation because you have untrusted code in your kernel and/or browser process. I expect this will also fail if you’re using an old driver with known vulnerabilities that allow you to use your own device in unexpected ways.
Chrome can’t determine what my kernel is doing, unless I give it admin privileges.
I’m not giving a browser admin privileges, and I can guarantee they’ll not make it mandatory otherwise many educational and business machines would be locked out of Chrome.
Your TPM unit in the motherboard has more privileges than you do. It attests to the integrity of the kernel, graphics driver included, and the kernel attests to the integrity of the browser and any peripherals.
That’s not what the TPM does, though you could theoretically build up a chain of trust based, partially, on the TPM.
That being said, this doesn’t change the level at which the browser runs, how much it’s aware of my screen, and most importantly, it’s once again obviously not going to be anywhere near required unless Google is about to halve Chrome usage worldwide.
Why can’t it? I’m sure Windows allows non-admin processes to get information about active drivers, secure their own memory, and provide attestation that they are secured, provided TPM and secure boot are enabled.
The whole chain here is that no matter what Google does with the browser, ultimately, I can control what pixels light up in my monitor. The only possible exception was indeed if Google made the drivers and somehow forced ads to display - that’s an exaggerated point that is obviously not true, but to emphasize that indeed, that would be the only way to truly guarantee apps show up.
You started a chain about Google having driver control - but one, that’s not true, that’s not what TPM and secure computing do. Secondly, not the point. The point is that you can pass an integrity check and not display an ad, so long as you’re still the admin user.
The technology is useless if you can pass an integrity check just by running as admin. The point is that Google has control over what the process is doing and knows if you’re tampering with it. I guess nothing would stop you from making a device’s that uses the hdcp osd support to draw black boxes over ads you find using accessibility information, but if you’re able to modify the page through extensions or developer tools or memory manipulation, then you’re able to make automated API calls, and preventing that is supposedly the whole point of this system.
The reason for using an external device to overlay data on the video signal is that there is a browser API for tracking occlusion. It’s supposed to be used for things like disabling animations of elements that are not visible, but could be unethically used for things like making you pay extra to listen to videos if you don’t have an extra display to put them on.
I don’t know why you think secure computing doesn’t relate to driver control. Drivers run with special privileges and can modify protected memory. This is why people write root kits, and detecting those root kits is one of the primary motivations behind secure computing.
Ads need to be blocked at a higher level. Get as many as possible to vow to never buy a thing advertised on a webpage. You see an ad, that thing advertised gets a no-buy stamp.
Wasn’t this tried with videos already? graphic overlay mode or something, for a few years you can’t even take a snapshot of a video playing on your screen, you just get a black box.
It’s still very much a thing and works fairly well to protect high quality DRM content. People forgot it’s a thing because a regular person is rarely in a situation where it would prevent them from doing something.
The major point is not so much whether your browser could block ads - your point regarding the browser ultimately having to render each element is true. The problem is that if the web server gets a request from an unattested browser (such as an old version, or one that has an ad blocker installed), it will refuse to serve any content, not just ads.
Regular people will inevitably get frustrated and we end up in scenarios like “<x browser>is bad, it doesn’t work with <y site>” because of this proposal, and more and more people end up switching until you have to use a compliant (Chromium-based) browser to do anything at all on the internet, and Google’s strangehold on web standards solidifies even further.
The browser could just refuse to attest if you’ve got an ad blocker enabled. That’s the whole point of this.
So let the browser live unmodified. Intercept JavaScript on memory and block it. Of course there’s a way, no matter how complex, to stop a remote server from displaying something on your screen - Google isn’t controlling your graphics driver (well, unless you’re using ChromeOS 😅)
Actually, they are controlling your graphics driver. If you’re using a custom driver you’ll fail attestation because you have untrusted code in your kernel and/or browser process. I expect this will also fail if you’re using an old driver with known vulnerabilities that allow you to use your own device in unexpected ways.
Chrome can’t determine what my kernel is doing, unless I give it admin privileges.
I’m not giving a browser admin privileges, and I can guarantee they’ll not make it mandatory otherwise many educational and business machines would be locked out of Chrome.
Your TPM unit in the motherboard has more privileges than you do. It attests to the integrity of the kernel, graphics driver included, and the kernel attests to the integrity of the browser and any peripherals.
That’s not what the TPM does, though you could theoretically build up a chain of trust based, partially, on the TPM.
That being said, this doesn’t change the level at which the browser runs, how much it’s aware of my screen, and most importantly, it’s once again obviously not going to be anywhere near required unless Google is about to halve Chrome usage worldwide.
Why can’t it? I’m sure Windows allows non-admin processes to get information about active drivers, secure their own memory, and provide attestation that they are secured, provided TPM and secure boot are enabled.
https://www.microsoft.com/en-us/security/blog/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/
I’m not sure about what you’re talking about here. I’m not suggesting ad blocking will require an aftermarket modified Nvidia driver.
You said “Google isn’t controlling your graphics driver”
You’re misinterpreting my comment.
The whole chain here is that no matter what Google does with the browser, ultimately, I can control what pixels light up in my monitor. The only possible exception was indeed if Google made the drivers and somehow forced ads to display - that’s an exaggerated point that is obviously not true, but to emphasize that indeed, that would be the only way to truly guarantee apps show up.
You started a chain about Google having driver control - but one, that’s not true, that’s not what TPM and secure computing do. Secondly, not the point. The point is that you can pass an integrity check and not display an ad, so long as you’re still the admin user.
The technology is useless if you can pass an integrity check just by running as admin. The point is that Google has control over what the process is doing and knows if you’re tampering with it. I guess nothing would stop you from making a device’s that uses the hdcp osd support to draw black boxes over ads you find using accessibility information, but if you’re able to modify the page through extensions or developer tools or memory manipulation, then you’re able to make automated API calls, and preventing that is supposedly the whole point of this system.
The reason for using an external device to overlay data on the video signal is that there is a browser API for tracking occlusion. It’s supposed to be used for things like disabling animations of elements that are not visible, but could be unethically used for things like making you pay extra to listen to videos if you don’t have an extra display to put them on.
I don’t know why you think secure computing doesn’t relate to driver control. Drivers run with special privileges and can modify protected memory. This is why people write root kits, and detecting those root kits is one of the primary motivations behind secure computing.
Ads need to be blocked at a higher level. Get as many as possible to vow to never buy a thing advertised on a webpage. You see an ad, that thing advertised gets a no-buy stamp.
That’s not how people’s minds work, even if you managed to convince everyone to do it.
Wasn’t this tried with videos already? graphic overlay mode or something, for a few years you can’t even take a snapshot of a video playing on your screen, you just get a black box.
And now people forgot it was ever a thing.
I’m pretty sure overlay mode was always about performance, not preventing screenshots.
It’s still very much a thing and works fairly well to protect high quality DRM content. People forgot it’s a thing because a regular person is rarely in a situation where it would prevent them from doing something.
The major point is not so much whether your browser could block ads - your point regarding the browser ultimately having to render each element is true. The problem is that if the web server gets a request from an unattested browser (such as an old version, or one that has an ad blocker installed), it will refuse to serve any content, not just ads.
Regular people will inevitably get frustrated and we end up in scenarios like “<x browser>is bad, it doesn’t work with <y site>” because of this proposal, and more and more people end up switching until you have to use a compliant (Chromium-based) browser to do anything at all on the internet, and Google’s strangehold on web standards solidifies even further.
It’s possible but not particularly plausible.
Someone always finds a way.