this post was submitted on 22 Jul 2023
2515 points (99.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54833 readers
309 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
 

looks like rendering adblockers extensions obsolete with manifest-v3 was not enough so now they try to implement DRM into the browser giving the ability to any website to refuse traffic to you if you don't run a complaint browser ( cough...firefox )

here is an article in hacker news since i'm sure they can explain this to you better than i.

and also some github docs

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (2 children)

web env. integrity is not as bad as people make it out to be.
yeah I absolutely agree that it's terrible and also a bad idea (we don't need MORE drm in our browsers, I'm looking at you, Widevine (although firefox worked around it by running drm in an isolated container)), but it's main purpose is to detect automated requests and effectively block web scraping with a drm system (it ensures two things: your useragent can be trusted and you're a real non-automated user), NOT detect ad blockers. It doesn't prevent web pages from being modified like some people are saying.
there's a lot of misleading information about the api as it doesn't "verify integrity" of the web page/DOM itself.

it works by creating a token that a server can verify, for example when a user creates a new post. If the token is invalid, server may reject your attempt to do an action you're trying to perform. (this will probably just lead to a forced captcha in browsers that don't support it...)

Also, here's a solution: Just don't use Chrome or any Chromium-based browsers.

[–] [email protected] 9 points 1 year ago

Also, here’s a solution: Just don’t use Chrome or any Chromium-based browsers.

Provided your bank has not stopped supporting your "non-secure" browser. The previous browser vendor that had a functional monopoly did abuse user-agent to harass the competition. Using non IE required changing your user-agent to IE/Windows for a lot of sites.

Or as they say:

Websites will ultimately decide if they trust the verdict returned from the attester.

It is expected that the attesters will typically come from the operating system (platform)

There is... ...the risk of websites using this functionality to exclude specific attesters or non-attestable browsers

[–] [email protected] 1 points 1 year ago

(it ensures two things: your useragent can be trusted and you’re a real non-automated user),

Nothing in the current proposals does either of those two things. In particular the second.