- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
I think I understand why this is bad, but I am not confident in my technical understanding of the mechanics here. Will appreciate an explainer :)
cross-posted from: https://lemmy.dbzer0.com/post/978408
looks like rendering adblockers extensions obsolete with manifest-v3 was not enough so now they try to implement DRM into the browser giving the ability to any website to refuse traffic to you if you don’t run a complaint browser ( cough…firefox )
here is an article in hacker news since i’m sure they can explain this to you better than i.
and also some github docs
DRM is allegedly “copy protection”, but in reality is absolute control over how you access content. Want to stream a movie on the wrong computer/browser? Fuck you.
Want to browse a website without 100 trackers injected to make sure everyone who might want to knows your entire browsing history? Sucks to be you. Want to block ads because there isn’t an (web) ad platform out there that does the due diligence to avoid providing a substantial vector for malware? Nah. Need help from accessibility tools that Google hasn’t white listed? Maybe just don’t be disabled.
Hopefully I wouldn’t swear if you were actually 5.
If you want an actual ELI5:
Bad DRM is like bad parents. When you want a new toy, and you’re 5 years old, you have to ask your parents to get it for you; you can’t just go get it yourself if you want to. Lets say you want a new bicycle. You ask your parents to get you a new bicycle, and they get one for you! But, they say that you’re only allowed to ride your bicycle between 10 and 11pm. They also tell you that you can’t ride your bicycle with 2 feet, or 2 hands, you have to use 1 foot and 1 hand. On weekdays, 10pm is past your bedtime so you really can’t ride it at all. On weekends, it’s dark out at 10pm most of the year so it’s really hard to see. The few times you do get to ride it, it’s really hard to ride because you can only hold on with 1 hand and pedal with 1 foot.
Even with good DRM (parents) that let you ride your bicycle during the daytime and with both your hands and feet, they are always the ones in control. They might tell you today that you can ride your bicycle anytime and anyway you want, but if you get a bad grade, or they are just in a bad mood (for the adults: profit motivated) they can at any time exercise the control they have and take your bike away, or tell you that the only way you can use it are ways you don’t want to use it.
Code is like a set of Lego pieces you put together to make an app or website. Usually, you have to go to Windows’ house to play with Windows Legos, and you can’t play with Windows Legos at iOS’s house. If you tried to put a Windows Lego on an iOS Lego, they wouldn’t fit. This means that if you want to make something with Legos, you have to do it in their house and play by their rules.
Website Legos are special. You can play with Website Legos at the public library, and any other kids who go to the library - a public place that’s always open to everyone - can play with Website Legos too. Even Windows and iOS can come to the library and play with Website Legos. No one gets to decide what Legos are allowed or who gets to play with them, and kids can build things together because their Legos fit together.
What Chrome is doing is bad because they want to take all the Website Legos back to their house, and force every kid in town to come to their house if they want to play with Legos. That way, Chrome gets to decide who is allowed inside, and can ban any Lego shapes they don’t like from their house.
We need to stop Chrome, because every kid deserves to play with Legos, and kids make much cooler things when they can all work together with a shared Lego set.
So, DRM is an acronym for Digital Rights Management. How do you profit on something that can be copied infinitely for free? You make it hard to copy, and hard to view outside of controlled environments.
DRM software is what creates and maintains that environment. Steam, Epic Games Store, EA Origin, they’re all forms of DRM.
What that looks like in a web browser is a different matter though- they’re going to want to prevent you accessing any “unlicensed” content, then funnel you into whatever subscription they want you to pay.
You can put aside the tech side for a minute and reflect on how dangerous the following idea is:
“If you don’t have anything to hide, then it should be perfectly okay for you to let us put software limitations on your own hardware that you purchased with your own money so that we can decide what you can and cannot do with it, but that shouldn’t bother you as you normally wouldn’t do stuff with it that we deem illegal anyway, and if you don’t agree with us then you’re just a criminal.”
Because that is essentially what they’re telling you.
So the person you cross posted this from does not seem to have read this.
This is not impactful of extensions or different browsers. The main point of this actually seems to be replacing captcha.
The dumbed down version is, attestation of the software stack such that it is reasonable to assume a human is actually using it and not an automated process.
Quite frankly, as a web dev I can already prevent certain browsers from accessing my webpage by trying to access unique functions of a browser as a condition of loading the rest of the content.
So what the other user is concerned about already exists, in fact Google meet already does this to prevent Firefox users from accessing certain features, changing user agent doesn’t change the outcome of whether or not the features are available. (In this case it’s because Firefox will crash, but most of the time this is done is for bad reasons).
Edit: this is the most reasonable criticism https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/44
I do agree with it completely (that the proposal can’t actually work)