this post was submitted on 26 Jul 2023
933 points (98.8% liked)

Technology

34423 readers
187 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
[email protected]
933
Google is already pushing Web Environment Integrity into Chromium (github.com)
submitted 1 year ago by [email protected] to c/[email protected]
342 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 70 points 1 year ago* (last edited 1 year ago) (2 children)

Web dev here. It enforces the original markup and code from a server to be the markup and code that the browser interprets and executes, preventing any post-loading modifications.

That sounds a bit dry, but the implications are huge. It means:

  • ad blockers won't work (the main reason for Google's ploy)
  • many, if not most, other browser extensions won't work (eg.: accessibility, theming, anti-malware)
  • people are going to start running into a lot of scam ads that ad blockers would otherwise prevent
  • malicious websites will be able to operate with impunity since you cannot run security extensions to prevent them
  • web developers are going to be crippled for lack of debugging ability

These are just a few things off the top of my head. There are endless and very dangerous implications to WEI. This is very, very bad for the web and antithesis of how it's supposed to be.

TBL is probably experiencing a sudden disturbance in the force.

[–] [email protected] 12 points 1 year ago (2 children)

Wouldn't it be possible to create some kind of "post-browser" that takes input from the web browser and displays it after passing it through ad blockers and whatever else?

[–] [email protected] 11 points 1 year ago (1 children)

Such an abstraction, while unnecessary, should be possible, providing that Google doesn't forcibly prevent access to the final markup that coalesces (ie.: view source and web dev tools)

[–] [email protected] 2 points 1 year ago

The only acceptable browser would obviously be ones that restrict that access, how else are they going to force people to see all their ads?

[–] [email protected] 1 points 1 year ago

Perhaps, but it's not as simple as it sounds.

Most of the Web requires js to work. I don't think the js will work without the DRM.

So the proxy would need to be running the js, and emulate your clicks and so on.

[–] [email protected] 6 points 1 year ago (1 children)

Would this impact web proxies at all? If so, that would entail a pretty huge security change for a lot of corporations.

[–] [email protected] 4 points 1 year ago

If it's something like a proxy server that pre-modifies the markup/code, then yes, I can see WEI interfering with that.