this post was submitted on 26 Jul 2023
934 points (98.8% liked)

Technology

34987 readers
438 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago (2 children)

Isn’t someone just going to fork Chromium, take out this stuff,

Yes, upstream Chromium forks will likely try to remove this functionality, but

put in something that spoofs the DRM to the sites so that adblocking still works?

This is the part that is not possible. The browser is not doing the attestation; it's a third party who serves as Attestor. All the browser does is makes the request to the attestor, and passes the attestor's results to the server you're talking to. There is no way a change in the browser could thwart this if the server you're talking to expects attestation.

[–] [email protected] 14 points 1 year ago

This violates just about every single open web principal that allowed Google to gain so much power. When they changed their motto from Don't Be Evil, to Do No Harm, they obviously chose deception. Their new motto should be Do Whatever is Profitable, or more succinctly Be Evil.

[–] [email protected] 6 points 1 year ago (2 children)

I don't really understand how that's possible. The browser gets a token from the third party, and passes that token to the server to "prove" it's running the DRM. The server then passes code back to the browser. At that point, why can't the browser just cut out the DOM elements which are ads?

I don't understand how code I write on hardware I run locally can ever have it's hands tied like this.

[–] [email protected] 5 points 1 year ago (1 children)

It won't be your hardware in a few years if this goes through. The code will run in a secure enclave and you won't be able to access your bank or log in to government websites if you control the hardware.

[–] [email protected] 2 points 1 year ago

Android phones are starting to do this, and it's a nightmare for people like me who actually want to own the device they purchased.

Needing root access on Android to regain basic functionality (such as the ability to backup installed apps) is a sad indicator of where we're headed ☹️... As much as I dislike iOS's walled garden, they make backups dirt easy for the end user - and they do complete backups too - app data, homescreen layout and all.

[–] [email protected] 0 points 1 year ago

I see what you're saying. I read it as implying the browser would fake the attestation token. I don't know the answer, but if their (stated) goal is to stop bots and scrapers, I have to assume it wouldn't be so simple. After all, a lot of bots and scrapers are literally running an instance of Chrome.