Conversation

Notices

1. Embed this notice
   Koinu (gsderp@packmates.org)'s status on Friday, 21-Jul-2023 01:06:00 JST Koinu

   This is a credible proposal for DRM for websites in general. It would enable unbeatable adblock-blocking. It would prevent user customization for not just convenience but also accessibility.

   I do not say this lightly: Enabling the forfeiture of control over the browsing experience is a fundamentally evil idea that must be rejected now, as it has been in the past, and we must remain vigilant against its reemergence in the future.

   https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

   • Embed this notice
     feld (feld@bikeshed.party)'s status on Friday, 21-Jul-2023 01:05:57 JST feld

     in reply to
     I haven't looked to deeply yet, but are you certain that this would break user customization?
   • Embed this notice
     feld (feld@bikeshed.party)'s status on Friday, 21-Jul-2023 22:44:12 JST feld

     in reply to

     • HRH ginsterbusch
     What do your scripts do and which websites?
   • Embed this notice
     HRH ginsterbusch (ginsterbusch@kosmos.social)'s status on Friday, 21-Jul-2023 22:44:13 JST HRH ginsterbusch

     in reply to

     • feld

     @feld @gsderp Certainly websites are already breaking my custom accessibility scripts. With an "enforce"d approach, this would mean ableism at its finest.

   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Friday, 21-Jul-2023 22:59:25 JST Sexy Moon

     in reply to

     • feld
     @feld @gsderp there's no way they can enforce the integrity of a secure environment if they allow arbitrary plugins and extensions so they will have to be approved specific-use extensions. chrome and firefox have moved to an approved extension model so they have the mechanism in place already to do this. extensions are gatekept and subject to manpower limitations and stupidity, in approval in particular if your extension manifest includes functionality they know is a risk of compromising the environment eg anything that has network access to a remote resource. I feel like the answer is that their statement is deliberately misleading.
   • Embed this notice
     feld (feld@bikeshed.party)'s status on Friday, 21-Jul-2023 23:01:16 JST feld

     in reply to

     • Sexy Moon
     > there's no way they can enforce the integrity of a secure environment if they allow arbitrary plugins and extensions
     
     but their goals state they will *not* interfere with their usage. So maybe there's something going on that we do not understand yet.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Friday, 21-Jul-2023 23:06:20 JST Sexy Moon

     in reply to

     • feld
     @feld @gsderp I don't understand how it could talk about security or integrity otherwise but I am open to the possibility I am wrong. I am highly skeptical of this.
     
     the way that extensions like userscripts work is interesting because they can modify the dom at a higher layer that is invisible to the web application while still presenting the modified content to the user (it's possible to leak existence of your script though) so you could have an extension that for example does css changes to a secured webpage that isn't any serious risk of violating the sandbox. this can be determined by the extension manifest so I could see a future where google allows arbitrary extensions that can modify any webpage in this way, but then there's other classes of extensions that won't work on a locked down page unless it's gone through an audit by google and approved as an extension in their store.
   • Embed this notice
     feld (feld@bikeshed.party)'s status on Friday, 21-Jul-2023 23:10:06 JST feld

     in reply to

     • Sexy Moon
     I think it's a lot of overreaction and armchair analysis right now
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Friday, 21-Jul-2023 23:11:53 JST Sexy Moon

     in reply to

     • feld
     @feld @gsderp I'll read the entire proposal this evening and see what I think. To me this seems like a logical progression from how they've already crippled and locked down extensions and have been trying to remove extension functions that allow effective adblocking so I don't feel like giving them benefit of the doubt. but I want to be accurate if I tell people what I think they're doing so I'll educate myself fully on it.
   • Embed this notice
     feld (feld@bikeshed.party)'s status on Friday, 21-Jul-2023 23:14:42 JST feld

     in reply to

     • Sexy Moon
     It just feels like nobody really read this
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Friday, 21-Jul-2023 23:17:51 JST Sexy Moon

     in reply to

     • feld
     @feld @gsderp to be fair it's listed as an open question, I read it like a fig leaf so later they can say "well we tried but it was impossible"
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Friday, 21-Jul-2023 23:19:51 JST Sexy Moon

     in reply to

     • feld
     • :blank:
     @i @feld @gsderp I'm not 100% opposed to locked down corporate devices except that things like this are the back door and the building blocks of systems forced on everyone later. maybe it won't happen but it's undeniable that if you build it at all for one group of people it's way less difficult to repurpose it for a different group
   • Embed this notice
     :blank: (i@declin.eu)'s status on Friday, 21-Jul-2023 23:19:52 JST :blank:

     in reply to

     • Sexy Moon
     • feld
     @Moon @feld @gsderp this and https://lapcatsoftware.com/articles/2023/7/1.html is probably going to be for corporate offices and schools, where the user doesn't own the device anyways and can't do any of that without bypassing systems that this would enforce in the first place
     
     the new generation of computing is suffering
   • Embed this notice
     feld (feld@bikeshed.party)'s status on Friday, 21-Jul-2023 23:20:05 JST feld

     in reply to

     • Sexy Moon
     It's also probably worth reading the Github issue that lead to this document being published
     
     https://github.com/antifraudcg/proposals/issues/8#issuecomment-1158928350
     Sexy Moon likes this.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Friday, 21-Jul-2023 23:22:06 JST Sexy Moon

     in reply to

     • feld
     @feld @gsderp I worry that while it is possible to build a decentralized attestation system, the system we will get will be centralized on just a few big vendors. I will read this doc soon.
     feld likes this.
   • Embed this notice
     HRH ginsterbusch (ginsterbusch@kosmos.social)'s status on Sunday, 23-Jul-2023 13:03:39 JST HRH ginsterbusch

     in reply to

     • feld

     @feld @gsderp I use Bookmarklets / GreaseMonkey / TamperMonkey scripts to improve the overall accessibility and usability of sites.

     Eg. a semi-dark reader with bigger font sizes for selected or all sites whenever I need it. Some sites tend to eg. enforce nasty unreadable sizes, or use garbage contrasts etc.

     Its not that I'm near blind, but I'm both strongly sight-impaired and am light-sensitive in combination with synesthesia, so overload gets induced quickly if there is .. interference.