I do, and I keep having those tiring conversations, but it's really hard to get the point across in layman's terms. I have enough friends in tech who stick with Chrome out of convenience instead of just falling back on it in case something actually doesn't work in Firefox. how do I convince tech illiterate people of doing this?
For the tech illiterate recommend Safari. For tech people, appeal to their privileged position and the importance of defending the web by choosing any other browser (or Safari).
Both users can keep Chrome installed as a fallback - that will help with convincing too.
Tech illiterate people should be using MacOS anyway. Windows just gets worse every year. MacOS is actually more like classic Windows than Windows 11 is so it's actually easier to use for tech illiterate people.
Whenever a new device needs to be setup for my parents, I just install whatever I use (Firefox in this case). Then I show them the things they need on a day by day basis. The problem are people who did grow up with tech. They will say things like it will take too long. In cases like this you need to manipulate them based on their personality.
Not sure why you're getting downvoted, but this is a big deal IMO. We're here because Chrome has been the better product for a long time. Firefox not doing things people want well enough will hurt its adoption, which will impact its capacity to influence the Web.
Add to Mozilla's perceived not-very-good management and you have a death spiral on your hands, and more power to Google and Apple to shape the Web towards their interests.
Mozilla in the past ignored the criticism users had regarding UI/UX changes and went with deploying this bulky mobile-oriented interface for desktops. And here we are.
This itself is one issue; there are also all sorts of adventures they decide to go for little to not at all related to the browser development, and which are conducted to convince people all around the world that they're a good humane corporation that cares. Igh.
Containers are useful, but it's like having a few similar terminal windows open. Eventually you'll type something on the wrong window... at least I found myself searching for personal stuff on my work Google container.
With profiles I can have different bookmarks, extensions, and even a different theme so I'm aware I'm on my personal profile, not on a work profile. Since switching profiles on Firefox + macOS is a pain in the butt, I use 2 different Firefox channels (stable + dev).
Anyway, containers are nice, but they're not a replacement for profiles.
> Anyway, containers are nice, but they're not a replacement for profiles.
This, so much. Anytime I've brought up profiles on Firefox, I'm told about this alternative that isn't a replacement for the feature.
Safari is (finally) bringing this, so maybe the folks at FF will begin to see this as a feature worth investing in. First-class profiles support is one of the main reasons I stick to Chrome, despite trying to switch.
And then to use them you have to start firefox e.g. :
firefox -P <profile-name>
Very few casual users (nor even most technical users) start Firefox from a command line, and setting up shortcuts for these is also a step that most users won't do.
The support for profiles is there, it's just hard to use in the context of a GUI desktop.
That's part of the "problem" with Firefox's support of profiles. It feels more like an afterthought and less like a primary use case the product wants to surface. To approximate the functionality Chrome has, I had to bookmark "about:profiles" and make it my home page.
Chrome also added this nifty feature that lets you open links as a Profile, making it easy to switch.
These may seem like small issues, but the end up mattering.
Firefox is also missing a don't allow any website to play audio unless explicitly enabled setting (mute tabs by default, except on allowed sites), as far as I can tell.
That's not the same thing. Chrome's setting can force audio to be muted regardless of user interactions or manually started playback, until the website settings are changed to allow sound.
Clearing all state (all saved data and cookies), Incognito mode, disabling the few extensions she was running. When it got to the point where the only thing left to do was reinstall Chrome, we installed Firefox instead.
this is where you should vote with your wallet and feet. and I think it's not really a stretch to ask Google's engineers who work on chrome/ium to get a job somewhere else.
I think it would be interesting to get their views on it. I wouldn't be surprised if a lot think this is a good idea. Not that I agree, but I think it's unlikely that everyone sees it the same way as those outside the organisation.
Obviously, if you get paid to implement this you don't want the cognitive dissonance of knowingly doing something bad, so I'm sure those folks have already laid out their justification for this technology.
I wish Google could and would make Chrome closed source. It would at least give all those rebranded Chromiums (Opera, Vivaldi, Brave) a strong reason to reconsider their choice of engine, or at least maybe work together on a more divergent fork of it that stays away from Google's evil stuff.
"It is difficult to get a man to understand something, when his salary depends upon his not understanding it".
I imagine it's hard to push back against it even internally. Not to be jaded, but one or two people raising a stink about it will only achieve them screwing up their career prospects within Google.
A cynic might observe that the tech sector - and US big tech in particular - has just seen the biggest round of layoffs that many of the developers in that market will remember. Many of those same developers might have been thinking even 18 months ago that their extremely high compensation was guaranteed because finding another extremely well compensated job was easy. Now they know better and I'm sure a lot of people are scared. Seems like a good time for management to push bad ideas that their remaining employees might not like.
If adopted by publishers, the web will be closed to everyone but allowed browsers on allowed OSes on allowed hardware. No ad blockers, no extensions, no customizations beyond what the few chosen browsers allow explicitly.
You'll need an "approved" browser and potentially "approved" hardware to access the web. Since Cloudflare is on this too, most of the web will be locked for anyone who doesn't use mainstream hardware.
Indeed. Nor a search company, nor a phone operating system company, nor a maps company, nor an email provider, nor a business software company.
Whatever someone may think of Google or even of ads, it’s smart to keep that important thing in mind and remember their alignment is and must always be toward maximizing and improving advertising.
It’s far worse. If you go back to to the html and http protocols, they are extremely open and friendly. I would say extremely elegant and helped build the web we know today. But google has been iterating away from open and accessible standards in favour of controlling experiences (see amp, WEI, etc). I’m all in favour of secure boot chains with options for unlocking because of the security benefits. There’s absolutely no good user reason to apply this to web resources though.
I know it's not exactly what you mean, but this is why I dislike HTTP2 and 3 (both also heavily pushed by Google but also others). While open, they are the opposite of "welcoming and friendly".
The stated reason is to stop bots from being counted as ad views and make sure that all ad views are done by actual humans. This is likely even honest reasoning from the people developing it.
The same technology could easily be applied to simply blocking anyone who isn't verified (in the name of stopping spam, DDoS, bank security, you name it), meaning anyone not using an approved install of Windows/macOS/Android/iOS is shut out from the internet.
In the long term, in the name of "banking security", they're likely to add a mode that also lets you ensure your pages aren't tampered with by extensions, and there go all the ad blockers.
>> The same technology could easily be applied to simply blocking anyone who isn't verified
Sounds like a great way to enforce censorship:
- websites can deny access to unverified web browsers / web clients
- WEI-enforcing web browsers / web clients can refuse to go to unverified websites (not a stated goal, but it is a logical next step to boost website adoption of WEI APIs once a critical mass of clients is reached)
Google wants to build a wall around the Web and have their own walled garden:
Oh, so it’s like the HDMI DRM that attempts to let displays certify “I’m a real honest-to-goodness TV, not a capture card.”
That one is in the category of things that is little more than a nuisance in practice since it’s so easy to circumvent, but that’s a hardware thing and therefore it’s easier to plug something in that is unauthorized. Things are getting so tightened up on the software side with secure boot, Apple’s read-only system partition and by-default App Store Only policy on the Mac, etc. that I suspect this type of thing will be a pain for normal people, though actual at-scale bad actors will probably figure it out.
I think there are a lot of parallels with what Reddit did.
Reddit wanted to control how users consumed content on their site. To control the experience (i.e. monetize with ads), they had to shut down third-party clients, since those could remove ads.
Google appears to be doing the same thing, but for the entire web. WEI is a way for sites that want to monetize with Google ads to prevent folks from accessing their site unless they can cryptographically assure that the user's browser will follow all the rules Google sets. We don't yet know exactly what all those rules will be, but it isn't hard to guess that they'll be along the lines of whatever makes Google the most money.
This applies to desktop browsers, but also affects automated tools like wget and curl. It could kill web scraping altogether.
Third-party clients could have been made to display ads, or they could have gated third-party client access behind Reddit Gold. That wasn't the problem.
The problem was that if you used a third-party client, Reddit would have to coordinate with them to launch whatever new stupid cryptocurrency scam they wanted to push that week. On a web browser they can just push new code into it[0], and their first-party mobile clients can be updated ahead-of-time with support for the feature. But third-party clients would have to spend their own development time adding stupid "click here to get your Snoovatar[1]" links. They could slow-walk that, or just not implement that, and Reddit would have to spend time and money kicking users off that third-party app.
This, incidentally, is why every other major social media platform bans third-party clients. Third-party clients are user agents, not platform agents.
[0] Which, incidentally, makes web browsers not user agents
Cloudflare want to be the internets backbone. And they've honestly succeeded.
Now it's almost impossible to access websites in an automated way -- the CTO posted you can just email him (https://news.ycombinator.com/item?id=34639212) and he'll sort it. Because that scales.
edit: Mispoke about the CTO, said he would approve you, I was wrong. Apologies.
Their DNS is "privacy focused", but they provide "aggregated results" of domains. How is that privacy focused?
Cloudflare came from the approach of being a developers friend ("Look! SSL is now free!") but was given the internet on a silver platter.
Yes. Cloudflare was irresponsible in fighting to keep 8chan, Daily Stormer, and Kiwifarms up as long as they did. Every other ISP with a competent abuse desk dropped them. If you don't think that's bad, then let me remind you that back in 2012, Malwarebytes actually had a policy of blocking all Cloudflare services specifically because they were hosting malware and refused to remove it[0]. The excuse Cloudflare used for not removing malware from their network was the same language used to justify keeping the aforementioned sites operational. If Cloudflare was paid to run the Great Firewall of China they'd bend over backwards to try and claim it was to protect Xi Jinping's freedom of speech.
Remember that moderators can be abusive not just in terms of removing content that shouldn't be removed, but also by forcing you to accept things that harm you. Moderation is a trust relationship because I'm delegating my own personal decision to accept or block traffic/content/etc to someone else. Cloudflare is not trustworthy.
Cloudflare also used to be a big pain in the ass for Tor/VPN users because competent DDoS protection requires some kind of traceable identity. Their solution was Privacy Pass - an extension that let you pre-solve their CAPTCHAs. However, this wasn't good enough, so their next solution... was to literally partner with Apple to implement Web Environment Integrity, years before Google even proposed it. Nobody noticed this - not even me - because it was sold as a way to make CAPTCHAs less annoying. It was literally the trojan horse Google could only dream of building.
Sorry, this was wrong. I was a fool to post that without providing context and I apologise. I have updated my comment. I sometimes forget there are real people on the other side of the computer sometimes.
I'm having trouble grasping how WEI works, providing examples of what would and could happen and what to ask/tell the EU specifically.
From my limited understanding it would mean the lockout of people with non-compliant hardware/software, greatly increase the fingerprinting of web browser users and further vendor lock in to Google as a company?
From a very top level view, this gives Google, and other websites, the ability to block requests from devices/browsers they don't approve.
This implements device level verification of the code running your browser. If the device identifies as something Google, or other implementing websites, don't approve, you'll get an error similar to how you see 404 errors for missing/wrong links.
The Browser application needs to pass a binary image check, and if the browser hash doesn't match Google database, you cannot proceed to the website (since your browser may be corrupted). A major big deal for non main-stream browser, and for non Google browser developers, extension developers (eg. AdBlock), etc. In summary, some websites (like banks, Netflix, etc) will no longer be available for non mainstream browser users. Also, even if you're using Google Chrome, you may need to run the latest version to satisfy the hash check. Every day, the number of broken websites will continue growing until all non Google Chrome users have a blocked internet.
The idea is that an operating system service provides the attestation. In turn, the OS is signed, with the bootloader verifying the signature. The bootloader is also signed, with a hardware chip verifying the signature.
The infrastructure to do signed OS loading is already in place, and on some operating systems (e.g. Android), the OS attestation service is already in place. So everything is mostly in place already to have your browser attest that it is official Google chrome on Google Android on an approved device with a hardware chip that verifies a Google approved boot signature. That hardware chip contains a Google approved private key (a key that's signed by a manufacturer that Google has in turn approved/signed) that can't be extracted, and that's the key that makes the attestation. Replace the hardware boot verify chip with one that will verify software you want, and you lose your attestation key.
They could also make the OS service reach out to a web service to get an attestation that the attestation key hasn't been revoked, so even if someone did physically extract the key from hardware and share it, it could be revoked (assuming each device gets its own key).
In effect, wide use of this kind of thing means that open source software is no longer free since even if you can look at the code, you must be part of the anointed class (i.e. working within our approved by a major corporation) to edit it and run your edits.
Because the encryption key you need to sign the hash lives in EL3[0] and only Google and ARM can load code there. In order to lie about your hash, you have to break ARM TrustZone, and if you do that you can be sued under section 1201 for trafficking in copy protection circumvention tools. In other words, the law that prohibits you from selling DVD copiers can be used to give literally any bullshit the backing of law.
[0] An ARM exception level that sits above hypervisors and is specifically intended to support trusted execution modes for isolated mini-operating-systems that do this sort of shit
> Can you please explain why a third party browser can’t lie about its hash, just like it can lie about it’s user agent?
Because that thing basically describes a proprietary plugin like Activex, Silverlight or Flash before it, so a third party browser which doesn't have that proprietary tech can't fake it, under pretense of "standard". The code of that plugin will not be open source, worse, it will act as a spyware on people's computers at the OS level.
It's like EME before and these proprietary techs have no place in a open standard spec.
Nothing will happen. People have been making the same complaints about every new crypto standard for decades, and yet here we are. TPMs are a thing, EME has been around for over a decade now, DRM on the web is as pervasive as it's ever going to get, and yet no one's user experience is any worse than it was before these technologies existed.
It really does feel like something is fundamentally wrong when we're trending towards getting our video and audio content via online streaming but the streaming services are trending towards being gatekeepers more than facilitators.
The temporary nature of any licensing deals behind these services and the resulting lack of reliable long-term access to content have become more and more obvious.
Increasingly the streaming services seem to be so paranoid about piracy that they are blocking "unapproved" players from getting the highest quality versions of the content - as if anyone who wants to pirate any blockbuster movie can't already find a way to get it in 4K somewhere else if they really want to. Meanwhile you can't watch your 4K movie on a service you're literally paying to provide that movie. IIRC Amazon Prime Video still won't even let you have HD content if you're on Linux.
It feels like the commercial incentives for tech firms to create walled gardens and a culture of never owning anything permanently are going largely unchecked and by now the governments who are supposed to act in the interests of their people should really be stepping in with regulation to counter those negative trends.
So, no 4K Netflix on Linux (and not even 1080p without light hacks), presumably because of some incompatibility with the DRM. Still handily beats the situation that existed before. "Similar to video DRM" doesn't scare me. Mass surveillance is scarier.
>DRM on the web is as pervasive as it's ever going to get...
Apple and Google only just now implemented this kind of web DRM, which absolutely can have further restrictions added to it. Careful with your absolutes.
Unblockable ads, sites can serve you data that you can’t manipulate or copy, micropayments can exist, invasive surveillance.
Surveillance is possibly the worst of the bunch. They say it’s just to do a better job of serving ads, but that’s only the tip of the iceberg. Governments could easily use it to know and track everything you do online. Just wait till the next elected nut job wants a list of everybody that has ever looked at or searched for a certain type of information, maybe they don’t like that you looked up info on abortions or lgbt info, now they can know the full extent of what you saw and when.
Ads will be worse. You think YouTube ads are bad now, just wait till you can’t visit any page without the mandatory viewing of their ads. They can require a cam installed to make sure your eyes are on the ad, helpfully pausing the video when you look away.
This is essentially a backdoor attempt to TiVoize[0] web browsers. The only difference is that, instead of directly using hardware to prevent you from running a modified browser, the intent is to use network effects to accomplish the same thing.
To turn your browser (an agent acting on your behalf) into a proprietary application (an agent acting on behalf of a website) -- i.e. the equivalent of forcing you to install a proprietary application in order to visit a website.
If websites wanted this feature, and the choice is between Chrome implementing it versus me installing proprietary software, I would rather choose Chrome, especially since Chrome is implementing it in the open.
There are already various services that require proprietary applications to be installed, most of which are closed-source with dubious security track record. Replacing those propriety apps with a common web browser is not necessarily a bad outcome.
Personally I am voting with my money and just avoid services that are user-hostile, independent of which user-agent I use to access those services.
I feel like I have to repeat this, since so much is at stake here, where it is about the preservation of the web as we know it today, at the peril of having it turned into yet another walled garden:
The only way around the dystopia this will lead to is to constantly and relentlessly shame and even harass all those involved in helping create it. The scolding in the issue tracker of that wretched "project" shall flow like a river, until the spirit of those pursuing it breaks, and the effort is disbanded.
And once the corporate hydra has regrown its head, repeat. Hopefully, enough practise makes those fighting the dystopia effective enough to one day topple over sponsoring and enabling organisations as a whole, instead of only their little initiatives leading down that path.
Yeah, financial and social pressure is basically the only weapons we have against corporations when regulations don't exist. And honestly, financial pressure doesn't work at this scale or in this case.
Yes, but this will be an uphill battle. Every campaign must be financed, so every politician must effectively be vetted by monied interests. The same monied interests that we see here on a strategic offensive against the rest of us. Regulators will tend to be sympathetic to them, not us, until things get really bad.
"At the same time, Schmidt has been appointed to numerous White House advisory positions, giving him privileged insight into the administration’s policies in technology, science and military defense, as well as unusual access to top policymakers."
I don't want to put words into the OP's mouth with regards to his assertion about Schmidt, but given the loose wording: "basically shadow president", it's fair to say it isn't meant literally, and it usually comes with a negative connotation and to imply that Schmidt was so deeply involved, from a standpoint of strong biases in favor of Google and the obvious potential for corruption in participating as an advisor to someone (Obama) who doesn't have the same grasp on technology — and the extent and length of Schmidt's involvement throughout Obama's terms.
It could be said that Schmidt disproportionately influenced important decisions in the tech realm, to a degree nearly equal to executive authority, because it presumably (and greatly) outweighs the opinions of the other heads of Big Tech, so long as Obama was naive enough to agree with him on key issues he didn't fully understand.
This is especially damning in light of the NSA / Prism scandal during Obama's term, and Big Tech's involvement and compliance with that.
Of course, anyone could assert this about an advisor to a President depending on the President's level of knowledge and outright willingness to apply their advice, even if in spite of fairness (competition), rights, laws, or precedents.
Speaking of regulations, I think an angle that can help spread awareness to the general public is casting this as essentially being the equivalent of SOPA/PIPA but being pushed by Big Tech rather than Big Gov.
If you live in a representative democracy, and Google has a presence there, contact the offices of those representatives. These things don't always seem like they matter, but sometimes they do. Big tech generally (and Google specifically) is a pretty popular target right now -- seemingly worldwide and across most ideological divisions.
This is true, but I think the main issue is whether people are quick enough to call for congressional hearings and decisive actions / lawmaking that would have any impact before it's too late. It's a race to the finish, and big tech companies always have the advantage. Of course, that doesn't mean regulation couldn't call for a reversal on what's been implemented.
The other side to this issue is despite the scrutiny towards big tech, they can still lobby and make any regulatory actions seem effective, when in practice, they've already gotten their fingers into influencing policy in such a way that doesn't ultimately address the consumers' concerns.
I think people like to take the easy way out of declaring those with a different mindset "evil." Everyone is the hero of their own story, and honestly there are multiple incompatible-but-internally-consistent models of how technologies can and should work. I think it's more useful to recognize these things than to write off a competing mindset (especially when the competing mindset is in a position of power).
Consider incentives from Google's standpoint. They want to provide users a safe and secure experience. They want to simplify maintenance of software and provide developers the ability to simplify maintenance of software (a problem simplified by chopping the unbounded set of possible user agents down to a blessed, vetted subset). They have the resources to make their site screen-reader compatible, so they're not concerned about damage that could be done to screen-readers because they'll just bless one and support it. And, of course, they implicitly trust themselves to do all this.
In that ecosystem, Weiss's viewpoint is completely reasonable. The old model of the web is old, and led to gestures broadly at all the bad things about the web today... fraud, users getting owned, CP, botnets, misinformation factories. I can definitely see the viewpoint where someone concludes "It's time for a new model, and this company has the resources to do it."
I don't agree with him (and in fact I think the idea will fail; I think Google actually overestimates its ability to provide an equivalently-good user experience to what we have now if they aren't leveraging the unpaid labor of other vendors putting the effort into making their own houses work with Google's house without Google even being aware of their work). But I think it's useful to wrap our heads around how one gets into that headspace without thinking oneself a monster.
As they say: "the road to hell is paved with good intentions". Wanting to fix the world by taking complete control of it is one of the most trivial examples of a plan that should be immediately labeled "evil", as, if nothing else, "absolute power corrupts absolutely".
This plan doesn't take complete control. It provides a mechanism for a web site to delegate trust on UA configuration authenticity to a third party, or even to itself via side-channel.
Nothing in the proposal requires the third party be Google. The proposal does decrease the control the user has over their own hardware, in the sense that it provides a channel for a site to decide the user-agent / hardware stack is the wrong pedigree to serve; that's not universally considered evil either (few people really get bent out of shape that you need a Nintendo Switch to use Nintendo Switch Online services).
Google sells ads. They want to kill ad blockers. This is how.
> Weiss's viewpoint is completely reasonable
Chasing diversions around in circles is not neutral. Someone wins by default. Diversions exist and they exist to tempt you into poor attention allocation decisions. This is not about safety, security, and providing an excellent experience. It's about ads and making sure you can't stop them.
It's extremely likely it's about both. It can be both about making it hard to skip ads on YouTube and about making it hard for somebody to replace human users with automated devices.
> When thinking about a new proposal, it's often safe to assume that Occam's razor is applicable and the reason it is being proposed is that the team proposing it is trying to tackle the use cases the proposal handles.
Ockham's Razor doesn't apply in an adversarial situation.
It is also for when you are comparing two explanations that do an equally good job of explaining empirical data.
"Google is an advertising company and does whatever leads to more profitable advertisements" does a much better job of explaining Google's actions than "Google just wants to build the best possible browser", so it should be preferred even though it is a more complicated explanation.
Please don't do this here. It's not what this site is for, and destroys what it is for.
Edit: I suppose I need to add—no, we're not pro-$MegaCorp or pro-$web-destroying-dystopia. We're just trying to have an internet forum that doesn't suck, and you guys need to make your substantive points without degenerating into mob behavior.
Please don't do this here. It's not what this site is for, and destroys what it is for.
Edit: I suppose I need to add—no, we're not pro-$MegaCorp or pro-$web-destroying-dystopia. We're just trying to have an internet forum that doesn't suck, and you guys need to make your substantive points without degenerating into mob behavior.
Probably also consider all Google employees complicit. All of them -- especially those who could easily just choose to work someone else, like their developers -- are either in favor of, or okay with, Google's mission to destroy the web.
I agree with your overall ideal of free access to information but I disagree that harassment is a necessary or even effective option to push against this. I think the harassment puts us in a category of ineffective, bitter malcontents and that’s not what we are.
We are capable of going to elsewhere to free and open access to information, and we would be better off spending our energy on positively influencing others to follow us in that direction. They can’t take away tcp, http, ftp, irc and all the other protocols that these megaliths have built their empires on, and we can still use those tools even if it’s a demoralizing regression to move back to the basics. Giants like google, Amazon and others depend on our unwillingness to rebuild. Let’s use our efforts and our ingenuity to show them that they’ve underestimated us.
We have the tools, we have the knowledge. Let’s be builders instead of petty complainers.
We’ve been doing that for years, larata_media. Decades, even.
And what do we have to show for it? Our tools power their botnets and they flaunt the CoCs in our faces when we try to do something about it as “not constructive”.
In addition: could you please stop posting unsubstantive comments and flamebait generally? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.
It won't do anything. You don't think they've anticipated random angry outbursts going into this? Plus, the people you're harassing are simply implementing a policy that they don't have the power to change.
The only pressure that Google has been shown to consistently respond to is political. Get a couple of senators (... of the right party) to send them a mild rebuke and they will indeed retreat a little (... and try something else later). But that's a lot harder than posting angry comments until the next piece of outrageous news comes along, isn't it?
Directly sending a message to the implementers doesn't preclude involving politicians in this too, and I absolutely agree that the latter should be involved.
Tech-literate folks really should make a concerted effort to move to our own darknet, something like freenet or I2P, to recreate the internet before the advent of mass adoption of smartphones by the public. Forums, IRC, vent/TS, webrings, XHTML 1.0. No WebGL. No Canvas. No WebAssembly. No damn WEI.
Normies can f&$% off and enjoy the data-mined, DRM'd, ad-infested, CCP-propagandized, upload-your-photo-ID-to-post-here, privacy-free dump their illiteracy, careless disregard for harm, and data exhibitionism fetish has allowed the clearnet to turn into.
While I like this idea, starting from the foot of "CCP-propagandized" based on the tiktok service hosted by Oracle in the US is an amazing way to start off on a Nazi infested foot.
Anti-communism and fascism are historically in lock-step. No one is going to use the services if you basically create web4 stormfront.
China is nationalist authoritarian state capitalist, their external propaganda isn’t to spread Marxist ideology, it’s simply anything that helps China and hurts everyone else, same as any nationalism.
“What do you think the Russians talk about in their councils of state, Karl Marx? They get out their linear programming charts, statistical decision theories, minimax solutions, and compute the price-cost probabilities of their transactions and investments, just like we do.
We no longer live in a world of nations and ideologies, Mr. Beale.” Network, 1976
Further, free speech must be defended despite the modern liberal tendency to cut off the majority’s noses to spite nazi faces. If you’re gonna fight nazis, fight nazis, don’t throw out fundamental human rights. They know they can taint principles, signs, and symbols with their stench. Don’t give up essential freedoms out of guilt by association. These charlatans have no political theory, no examined ideology. It’s a power struggle and we’ve already ceded too much power.
FWIW, I'm certainly not advocating for any kind of racism, or any kind of philosophies that support the use of force to achieve any political, social, or economic goals, so fascism would be firmly out were I the webmaster.
> any kind of philosophies that support the use of force to achieve any political, social, or economic goals
> so fascism would be firmly out
This goes to prove my point, that there's a gross misunderstanding of history in the general population.
Fascism doesn't use force to get political power, it gains political power through reactionary ideas based on false assumptions that leads to a fascist regime where the violence then occurs on the "other".
It comes through ideas such as "protecting your family", "returning to tradition", and other feel good sayings that mean almost nothing. Think of the phrase "Woke", taken from black community vernacular and twisted to mean almost nothing at all. It describes everything and anything that can make a conservative person upset, from queer people to mental health professionals.
Despite meaning nothing, oh boy has it taken root. Beer is woke, tv is woke, the black guy in star wars is woke for existing. And oh man look how easy it is to take root and now millions of people live their life by the "anti-woke" lifestyle. What does that lifestyle mean? idk, buying shes just to light them on fire, i guess.
This is why communist regimes had gulags. Fascism takes root through reactionary(meaning feelz over realz) ideas, typically against change. A revolution is something hard fought, why would they allow it to be derided by some idiots who miss when they owned all their neighbors land?
What I'm trying to say is one end of the spectrum is at a huge advantage when it comes to free speech environments, for the fascist does not need to argue in good faith. Going by "philosophies that support the use of force..." will get you a lot of a certain group.
There was nothing in his comment that alluded to anti-communism sentiment. In my opinion, the parent comment was categorically anti-fascist. Current day CCP conforms to the definition of fascism far more than the definition of communism.
I'd love to hear your thoughts on how they were being anti-communist or fascist in your eyes.
It's easy in theory to say "oh anti-ccp isn't anti-communist", but in practice, do people actually understand the difference?
Consider the phrase "tankie", what was once a term used by communists to describe a militaristic member who supported the USSR sending tanks into Hungary, has become a general phrase for anyone showing critical support to any socialist project.
Socialists are essentially told they are not allowed to support any previously or currently existing project because bad things were done, are told they're doing whataboutism if they compare the actions to western actions, and are called a tankie if they decide to stop caring about what liberals and right wing people say.
China IS a socialist project, are they strictly a socialist country? No. Did they perform the most thorough and equitable land reforms in the history of Humanity? Yes. Do they wield central power for central planning economic activities? Sometimes. Are they operating on a 100% worker ownership of industry? no, but they have a non-insignificant public ownership of industry, co-opting privately owned industry to steer activities with greater control and hold certain business leaders accountable.
I'm sorry to say, but "current day CCP conforms to the definition of fascism" just isn't correct and goes to prove the point that the meaning of words is mostly ignored. Fascism != Authoritarianism. There was a massive effort post WWII through the cold war to create anti-communist propaganda that simply wasn't true. You had actual ex members of the Nazi party leading anti-communist endeavors. The black book of communism counts Nazis as deaths from communism. The Victims of Communism memorial foundation is literally a mask on far-right thinktanks such as the heritage foundation.
That being said, the West is grossly lied to about China day to day. It is in various interests to have an enemy. To the point where one man can write a report identifying a "future cultural genocide" which was simply a reduction in growth of a population due to 1 and 2 child laws being imposed on a group that was exempt prior, as an actual, in-progress genocide. If you point this out, people call you a genocide denier.
That same man is a director of China Studies, at the Victims of Communism Memorial Foundation.
I apologize for this long winded rant, but yes, if you found an internet presence on being "anti-ccp", you're starting off on a literal fascist foot. The community will deride any left leaning voice, call any voice that says "hey china did a good thing here", as a "tankie", and it will become an echo chamber for right-wing hate speech.
All they'll have to do is make a pronouncement of support for some trendy social issue and everything will be forgiven and forgotten. Virtue signaling has turned into the most effective corporate tool for manipulating society into allowing corporations to do almost anything they want. And the public's addiction is so strong that even when this is pointed out and agreed that it is happening, the addiction still must be fed, so corporate sociopathic parasitism on society continues with the joyous approval of society in general.
He came up with it more than 9 years ago, during which time no such war has been generally apparent, and if anything, the conditions for general purpose computing have improved.
That sounds entirely unhelpful. They can just close the issue tracker + people will obviously just move on. This sounds like the Reddit 'blackout' that did nothing and is already forgotten.
What we really need is for the collective browser vendors to refuse to implement this and, if Chrome pushes forward, to bring Google to court over it. Nothing short of legal intervention is going to help here.
What sort of regulation do we imagine a government putting into place to stop this? If anything, governments tend to lean in favor of identification and verification systems because they make corporate commerce run more smoothly.
It's not hard to imagine legislation around a user right to ownership of their device. For example, it could be made illegal for a website to attest that a user is not running specific software.
Legislation around device ownership rights are already present, especially in the EU.
> constantly and relentlessly shame and even harass all those involved in helping create it
If this ever helped, we wouldn't have absolutely unethical products created. Turns out people's morals have a price tag, that Google and others are willing to pay their employees.
Well at least you can increase the price tag for Google, Facebook etc by taunting their employees as bad people.
It is quite incredible actually, because it was not many years ago that working at Google had this coolness factor to it. Hopefully, it is a broader change of view, other than mine?
Multiple US states, France, Germany and the UK are going to make the web unnavigable unless you type your credit card number or scan your face for age verification in two out of every three sites.
We are going to need to at least try to create ways to secure those credentials in as zero trust model as possible.
(Note that the legislation is a disaster, but it is done. Nobody paid enough attention. It has passed or will pass in weeks.)
> Time to build a fresh web. Get me my hypercards!
A fresh web doesn't exempt you from the legal requirements unfortunately.
This year has seen the biggest state attacks by legislators on any electronic distribution of speech across most Western states for fifty years, and by and large the technology community has completely failed to even engage with that never mind stop it. We are all going to have to live with the consequences for decades.
I don't like Google's grasp on so many vital parts of the web but somehow, it seems like google is actually in trouble.
AI is going to completely change search if it hasn't already, and google is not even close to compete in this space.
Video has some massive competition from the likes of TikTok. Anyway, YouTube isn't the only option on the market.
Gmail is still popular but since google has been pressuring users to pay, it's been easier than ever to find a reason to try another service.
Chromium can always be forked and have some parts removed or added, and as we all know quite a few browsers do this, some are quite popular.
Is google also losing IOS ads like Meta? If they do, that's another reason for alarm for them.
I'm not sure google is in the best position for the future and WEI is not going to be their golden ticket either.
And, if your prediction that web will change actually comes to pass, well then it'll be just another cycle for this space that has changed countless times since the age of dialup. The web is going to change, again and again, but as long as people are still free to set up a server and let the world access it, we can still do what we like with it.
Except increasingly the world will access it via drm aware browsers because their banks require it, and the open web audience will subsequently dwindle.
The Halloween memos called this "Embrace, Extend, Extinguish". Google didn't just ignore the moves that provided M$ dominance.
To paraphrase John Maynard Keynes: Google can stay irrational a lot longer than you or I can retain our freedoms. And when the precedents have been set, a new normal has been established, and when/if Google does finally fail, the next actor will step in and keep those freedoms from us all.
And we have this crappy paradox that Mozilla is held to an impossibly high standard. People want to burn them to the ground for daring to use Google Analytics, or the Pocket acquisition, and keep using a 100% Google browser, with preferential integration with all of Google's services/protocols/APIs.
I think that's a false dichotomy. It's possible to criticize Mozilla (ideally in good faith) for both the way in which they develop Firefox and their focus/mission in general, while at the same time using Firefox, since to me it looks like the best alternative we've got.
Not every Mozilla critic is a Chrome user; I'd even expect that the most vocal critics are Firefox fans and users.
In theory, yes, but that’s what every thread about switching to Firefox gets: Lots of flames about Mozilla. But when the only sensible alternative is staying with Google, why would these people make these arguments as replies to suggestions to switch to Firefox? It is only reasonable to conclude that it’s not Firefox fans making these arguments, in those threads.
Imo, the idea that this is about selling advertising and maintaining market share is being used as a false justification. This is not about being able to drive users to ads.
The bigger picture is that Google et al are actually part of the control structure. The governance system wants deanonymised Internet. Corporate interests are how this is being promoted - government legislation would be a harder pill for the masses to accept.
But all the recent mega changes tell us (Elon buying twitter, etc) tell us that this is on the way. Apparent anonymous internet will be sandboxed. Knowing everything about everyone all the time, and having that data being crunched by ai's is an amazing, audacious goal, that seems close to being achieved.
It's even funnier with the auto-reply "Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA)."
> constantly and relentlessly shame and even harass all those involved in helping create it
Not on HN, please. I realize that you're trying to protect something you care about (and that maybe we all care about) but this leads to ugly mob behavior that we don't want and won't allow here.
Is adding a feature-flag really the same as pushing the feature into the browser immediately? It can easily just be part of a SWE needing the flag in place in order to continue work without impacting anything else, even if that thing never ever launches.
In general Google engineers don't tend to work on branches, especially long-running ones. Incremental small code reviews are the expectation. The general process would be to stick things securely behind flags and continue development without turning it on, even if it never ever launches.
Not saying this work should be done -- it shouldn't -- but code being pushed is not the same as "we're going to make this happen tomorrow, no matter what."
Yes, because a feature flag shows intent to implement it before any real discussion have taken place with privacy and non-corporate security advocates.
When was the last time you heard Google or anything Google-related backing down from getting their paws in deeper? It's no longer a fallacy when there's a sign next to the slippery slope.
> Is adding a feature-flag really the same as pushing the feature into the browser immediately? It can easily just be part of a SWE needing the flag in place in order to continue work without impacting anything else, even if that thing never ever launches.
Yes, because that's a such anti-consumer issue. It shouldn't exist in the first place, it should never be merged to master.
There's no reason to not keep it on a separate branch if you don't intend to use it.
Despite the spec's half-baked state, the blowback last week was swift – in the form of a flood of largely critical comments posted to the WEI GitHub repository, and abuse directed at the authors of the proposal. The Google devs' response was to limit comment posting to those who had previously contributed to the repo and to post a Code of Conduct document as a reminder to be civil.
Limiting posting and asking for civility is the only way for individuals to meaningfully engage with even a mere thousand others. Nothing about the human mind was meant for social internet at the scale of the internet, where there are more distinct voices than you have heartbeats in a lifetime.
My expectation is that private is worse for any public involvement in any discussion because nobody else can see it, and also likely to get them yelled at more via other channels, and also lead to the assumption that they "have something to hide".
Also worth noting that this locks reactions (thumbs up, hearts, etc.) - providing plausible deniability that "only a small number of people raised concerns about specificTopicX." Journalists should be more aware of this!
On a separate note, for journalists and others who wish to communicate with the spec's author directly, his public website (which lists a personal email) is one of the other repos on the Github profile under which the specification was published. It's painfully absurd that he wrote this sentence in 2022 [0]:
> I decided to make this an app in the end. This is where my costs started wracking up. I had to pay for a second hand macbook pro to build an iOS app. Apple’s strategy with this is obvious, and it clearly works, but it still greatly upsets me that I couldn’t just build an app with my linux laptop. If I want the app to persist for longer than a month, and to make it easy for friends to install, I had to pay $99 for a developer account. Come on Apple, I know you want people to use the app story but this is just a little cruel. I basically have to pay $99 a year now just to keep using my little app.
If this isn't the straw that breaks the camel's back, there is never going to be one.
Google needs to be broken up.
They own the browser market.
They own the web (through Adwords).
They own Search.
They own mobile.
They own most of the video sharing market with 2.5 billion monthly annual users.
They own a good chunk of email with 1.2 billion monthly annual users.
They have amassed an incomprehensible amount of power and influence over humanity and they have proven repeatedly that they are willing to use that power to the detriment of humanity and to entrench themselves further.
Google broke itself up in 2015. What are you even asking for here?
Chrome and Android are open source, and there are several forks of both thriving in the ecosystem. Yeah it would be cool if there was a decent open source alternative to GMail and Drive, but no one else seems to have figured out how to get the incentives right for something like that.
> Google's open source projects are open in name only.
The link at the top of the page is pointing to the GitHub repo, where you can see literally over a million contributions from thousands of people working at hundreds of companies: https://github.com/chromium/chromium/commits/main
I've worked on both Chrome and Android (Chromium and AOSP) professionally, and never worked at Google.
There is the OSS vs FOSS distinction which may have been unwittingly invoked. Certainly there is nothing “free” about Chromium except its price. Google is not about to switch to a fork for Chrome and any changes to Chromium which are not approved by Google are unlikely to be in any release builds.
What I should've written is that: yes, they are open source, but there's no way to influence the direction they are going. These projects are 100% Google-run, and very few (if any) decisions are public.
For most projects there's also a significant proprietary part in the actual final product
It's not the lack of open source, it's ease of use. Alternatives exist, but no company is going to run a charity case for you to store tons of data for free. Mail in particular is commonly known to be a hassle which has nothing to do with Gmail the software, as much as Gmail the provider.
Google broke itself up in 2015. What are you even asking for here?
No, it didn't, it restructured itself into Alphabet, with many subsidiaries. But, all the core businesses are still under that umbrella organization, with most web-related businesses remaining inside the current Google entity.
A forced divestment of the browser business might help. Same for the productivity products.
> No one has paid for a browser in almost 3 decades and even then few did.
Considering NCSA Mosaic’s initial release was just 30 years ago this year and it’s considered the first browser, think you might be using a bit of hyperbole there? Twenty years would’ve been more accurate.
MSIE was free, 28 years ago in late 1995, and while Netscape did take 5 years to follow suit, by 1998 Netscape was not in a healthy position because of the free competition.
As someone who worked in this space at the time (Webmaster at Spry, Inc. in 1994), and we sold a web browser in the 1994-ish timeframe https://en.wikipedia.org/wiki/IBox, no, saying "almost 3 decades" isn't hyperbolic at all. 29 years is close enough.
I don't think you understand what a business is. Google pays Firefox a lot of money to be the default search which means there is a lot of money in browsers. Google Search conceptually pays Google Chrome to be the default Search engine on Chrome. Except since they're both under the same company they will never take an outside offer which is why it's a monopoly. No different from any other vertically integrated company.
Sure, but on the positive side, the Chrome Company has its own incentives.
Today, Google can provide Chrome as a loss-leader, making up for the "free" browser with ad revenue.
The new Chrome Company can't operate that way. It needs to make money on its own. Perhaps MS Bing offers more money. Or they build their own ad system. Or pivot into some other business area.
Anyway, I don't think anybody is arguing Google/Alphabet must be broken up, only that it's a tool that's available in the US, should we (society) decide other regulation is insufficient.
And we still are being tracked by BigTech with the same business model that people object when Google does it.
> Or pivot into some other business area.
And what other method do you suggest for funding besides ads or people paying for the browser? The second option has never been a long term successful business for browsers?
But what does breaking up even mean? Separate companies, each publicly traded with their own C level staff, shareholders, etc?
Because to me it just feels like it might be legally separated, but still owned and directed by the same handful of people. And it being separated makes it safer, in that they can't forward e.g. large fines to the parent company.
Disclaimer: I don't know anything about large corporations. or economy. or governments.
Yes, breaking up a company means divesting some business units. The new businesses would have their own BoD, leadership, shareholders, etc.
The US did this with Standard Oil in 1911, Bell/AT&T in 1983. And the same laws were used against Microsoft in 2001, though the company was able to avoid a break-up.
Breaking up Google might not be the best option. Perhaps more rigorous regulation by the government would be better, similar to Microsoft. But a break up should be an option.
PrivacyPass is an extension that lets you pre-solve CloudFlare CAPTCHAs if you're on a VPN. However, that was too frustrating, so CloudFlare partnered with Apple to integrate PrivacyPass into Safari.
How did they do this? Simple: iOS provides cryptographic attestation that your browser isn't a bot and isn't hacked, and CloudFlare takes that as your CAPTCHA solution. This works exactly the same way that Google proposes Web Environment Integrity work.
My former business bank actually did this. They insisted their web app "was compatible with all modern browsers, but more compatible with Chrome" - I couldn't make transfers to other accounts with Firefox, it just hung indefinitely.
> was compatible with all modern browsers, but more compatible with Chrome
Is Animal Farm not required reading in Orwell's home country? Or was that a misquote, or maybe just something from a random support worker? It's almost too on the nose for that statement to be written by someone familiar with that book.
I was wondering the exact same thing with that wording. Maybe someone, somewhere was required to put in a notice like that (or worse, make it so that it does work better in Chrome for whatever reason) and decided to word it like that to fly under the radar. Unlikely, but I like that imaginary world.
If this proposal becomes standard in Chrome, You can be sure Microsoft and Apple will follow Google's lead with the same or their own similar implementations.
See Microsoft Pluton and Apple's Private Access Tokens. Or read this article which provides an excellent overview of these developments. https://news.ycombinator.com/item?id=32282305
Make no mistake. If this becomes standard on Chrome, this is going to be standard on the web.
I didn’t specifically try to De-Googlefy my life for some moral reason. I think most of Google’s products are second rate - including their search page unless you use an Ad blocker. But I do find myself using ChatGPT more and Google less for coding questions since it does a better job of giving me exact answers to my problems and code is easy to verify for correctness.
As far as YouTube, I think I only use it for AWS ReInvent videos. I can’t stand ads and there are no ads interrupting the video.
I don't have a Google account and don't use any Google service, still think that this libertarian message is bullshit, how do you do the free will if the web starts deciding which OS/Browser are authorised to do something? I am not sure we are talking about free will or useful idiots
I think it’s kind of naive to think a company that gets 80% of its funding from Google is going to go out of its way to protect you from the same company or that it won’t implement the same proposed DRM standard when it already implemented the older one.
But if firefox is full of tech to prevent privacy leaks? They incorporated a vpn, strict mode, containers, third party cookie block, dnt, etc.. what the fucking hell are you talking about?
To make it explicit: the only way this happens is by Americans voting for it. The FTC has been more active on anti-trust issues in the past two years than at any time in the past 30. That's a direct result of the 2020 election. Elections matter.
Citation? FTC against Google doesn't produce much results on Google (kind of an irony :))
Have seen FTC going against Amazon because the FTC chair had published prior work against Amazon's practices. Not defending Amazon but FB/Google are a much bigger threat than Amazon.
Citation for what, increased anti-trust activity from the FTC over the last two years? Sure, here's one article:
> Private equity deals and transactions in the healthcare and technology sectors continue to attract heightened antitrust scrutiny...
> The US agencies have also demonstrated an increased interest in challenging vertical transactions.
> In January 2022, for example, the FTC sued to block Lockheed Martin's US$4.4 billion proposed acquisition of Aerojet, which the parties subsequently abandoned.
> Increased enforcement, combined with the agencies' reluctance to approve remedies, has created an uncertain environment where commercial parties should be increasingly prepared to litigate mergers.
> The ramping up of antitrust enforcement in 2022...
> Since 2020, the Federal Trade Commission (FTC) and U.S. Department of Justice (DOJ) have filed multiple lawsuits against major tech companies...
> "The agencies have started laying the foundations for a more interventionist stance over the last two years, and this year is when we'll start to see some of those efforts come to fruition -- or be stopped in their tracks by the courts," Kass said.
And I think the biggest blow may actually come about because of the SEC lawsuit that will be heard this upcoming term at SCOTUS: https://www.reuters.com/legal/us-supreme-court-decide-legali..., which will likely heavily reign in the power of administrator judges and the ability for an agency to keep initial fights in-house (blocking litigants from taking fights to the normal courts).
Yeah. You can't expect every swing to be a home run, but you also miss every swing you don't take. My point is at least they're trying to do something now, unlike previous decades. It will take some time and effort to bring the agency back around to being effective after decades of inactivity. That's not going to happen if future administrations put the FTC back on the bench.
n.b. I've found a lot of comfort by conciously rolling away from any subject that leads me to do "They"-ing, i.e. name an enormously large group, then talk about them as a unit. The more I avoid it, the more I realize how prevalent it became and drives how a lot of us feel society shifted.
>The FTC has been more active on anti-trust issues in the past two years than at any time in the past 30.... That's a direct result of the 2020 election.
Active against Google though? Remember, Google can help a certain political party in tough times (e.g. rollout of healthcare.gov).
Wake me up with they actually do something instead of making announcements of looking into the possibility of perhaps one day sending a strongly worded letter asking their tech buddies to calm down a little bit, if they're so inclined. Until then, this is campaign fodder and nothing else.
"The Federal Trade Commission sued Amazon today, claiming the online giant violated US law by tricking consumers into signing up for the $14.99-per-month Amazon Prime subscription service and making it annoyingly difficult to cancel."
"Microsoft will pay $20 million to settle an FTC complaint that its Xbox platform illegally collected and retained information about children without their parents' consent"
Yes, but Google has a strong existing relationship, the D party owes them for that one and some other favours. Can you find a link for any recent FTC action against Google (not against Google's competitors or some tiny subsidiary of Google)? I hope I'm wrong here.
I don't see anything significant from the FTC specifically regarding Google, but there is an ongoing DOJ lawsuit. Possibly they don't want to step on that? I admit I don't really understand the roles of the DOJ versus the FTC regarding anti-trust enforcement. https://www.justice.gov/opa/pr/justice-department-sues-googl...
How much of that involves the tech industry? Are you seriously claiming that Silicon Valley and Donald Trump were besties while the Democrats and tech hate each other?
A lot. Here's a link where you can read about some recent activity in the tech industry (change it to sort by Date, I couldn't figure out how to do that in the URL): https://arstechnica.com/search/?ie=UTF-8&q=ftc You can probably find more on Google (or perhaps Duck Duck Go? :) ).
I think they're alluding to Waymo. I feel much better about Google tracking my taxi rides than I do with Uber, Lyft, random taxi company, my cell phone company, etc.
Why should the US break up an asset like Google? Would be completely self defeating. This isn't like standard oil or at&t, that mostly had influence and market share inside the US. It would basically be handing power to foreign competitors who would pounce at the opportunity
And I'm not American so it's not even some sort of patriotic comment. If Europe , or anywhere else, had a Google sized Behemoth, they wouldn't mess with it no matter how "anti tech" they might seem now. If anything they are anti tech because they don't want foreign big tech to have massive influence over them. You'd bet they wouldn't cripple big tech if they were European. On the other hand, as long as they are American that massive power is a feature, not a bug for the US government.
The reaction to Tiktok is a good example of how nationalism/geopolitics shape the reaction to big tech, which is why google is probably safe.
But anti-trust stalled Microsoft's efforts at a critical time and allowed Firefox and Safari (like Gecko) to restore a standards-based web from an IE-based web. It's not a cure all but it worked. IE had 95% marketshare in 2002 and Firefox took a third of that from them in a few years thanks to anti-trust and the consent decree it forced on MS.
Chrome has nowhere near 95% market share so it would be hard to make the same case against them.
Given that it's open-source and anyone can roll and distribute a tweaked version of Chromium (and many have, notably Microsoft), it's really hard to see an argument here that Google is acting anti-competitively. If anything it's very pro-competitive to give away your secret sauce to your competitors.
Just because their browser is more popular than you would like, and you don't like a feature they're adding, doesn't mean a judge is going to stop them from adding it.
> Why should the US break up an asset like Google?
I'm also European and I think almost pretty much 100% as you think on this, but to play devil's advocate, and how I think this should have worked in theory in a free-market economy, is that the US, by allowing companies like Google to do their nefarious and frankly evil things right now and in the near future is also, at the same time, not allowing future potential companies, more innovative than Google is now, to take Google's place.
But what happens is that the US is focusing on having a strong and national security-enhancing company (Google) on its side now and in the near future, versus having an even stronger and, potentially, even more national-security enhancing company (the one that would have taken Google's place had the free market been allowed to do its thing) in the medium to long future.
On the face of it this compromise of security now and in the near future vs security in the medium to long future looks like a decent bet, the problem is that evil colossuses like Google are actively getting rotten from the inside, and at some point in the medium to long future they'll fall almost in an instant, with no company to take their place. That will leave the US highly vulnerable at that point in the future.
> Why should the US break up an asset like Google? Would be completely self defeating.
Because in the short term it would disrupt a major company (ala Standard Oil), but in the long term it would allow the US to remain competitive in the global market.
If we allow Google to continue abusing its monopoly power in the US, that guarantees that the US will not be the home of the future technologies of the world. Innovations will be sucked up and killed as acquisitions. Enormous energy will be focused on blatant moat-building like WEI instead of developments that benefit the world. etc.
In which case foreign governments, the EU and the like who collectively represent the interests of the other 7+ billion people, should start levying taxes, penalties and fines on Google and haul it and the US in front of international agencies like the WTO for unfair trade practices.
That would be a desirable action but look what happen in the end of 90s to Microsoft. It was about to be broken up and in the very end it didn't. They become dormant and polite only to strike back some 10 years ago with Windows 10, its telemetry, ads and cloud services which are being pushed onto users whether they like or not. And somehow, no regulators decided to step in to clean up this company's behavior - everyone seems to be ok with what MS is doing. Whether it's the US or EU. I take that the business and lobbing goes extremely well in both markets.
And because of this, I don't believe that the US is able to break Google or the other flagship companies despite of reasons existing for such action.
Not going to happen. Rationally there should be broad political consensus about cutting Google back to size: from rabid libertarians worshiping the miraculous abundance generated by "competition and free markets" to bleeding-heart socialists keen on pushing back corporate power as the root of all evil.
Alas, these political categories no longer have any meaning. The US political system has mutated into something else (the messenger being a horned man) which will probably require some time to properly characterize and name using terminology that is appropriate to use in good company.
So the fate of Google will be more shaped by actions of external entities than as part of US regulatory efforts. Powerful countries that antagonize the US are simply degoogling and creating their own copycat panopticons.
The question is what will be the course of action of powerful countries that are alies of the US (i.e. Europe and a few others). Will they accept that their digital society will be feudal in nature because the broken US political system cannot deliver on even basic responsibilities?
> Will they accept that their digital society will be feudal in nature because the broken US political system cannot deliver on even basic responsibilities?
The Germans, British, Australians and French are also attempting to build their own panopticons.
Who has been mismanaged for at least a decade and depends on Google to pay their bills..
I'm a FF user since the early 00's and Firefox will mostly not go away because Google has an interest in using it against monopoly accusations but the reality is bleak..
And the reality is these people ( Google in this case ) are so far removed from any moral compass about the Web ( at least what most people here think of "the Web" ) that it's near impossible to do anything about it. These companies are huge and from top to bottom there are certain groups that are hired guns to do a job, no matter what "job" it is, they'll do it, achieve those KPIs, get promoted, get paid. Even for their own detriment in the future, it doesn't matter. Big money now, screw the rest.
Btw, this is how every big company operated since forever, the only "news" here is the disproportionate impact their acts do to the World due to their huge size and influence.
I hear Firefox is mismanaged all the time, but it seems to be a perfectly fine browser for the most part. I hear all about sites that won’t render in comments on this website, but they must all be internal tools or something because I never encounter them.
Some Google services I regularly depend on (like YouTube and Google Meet) don't work as well on Firefox as they do on Chrome, in ways that actually matter. Besides that I think most websites work fine.
TBF YouTube has gotten better (see sibling comment), but Google Meet is really what matters here for me. There's also offline mode in Google Docs, which I use regularly because I'm not guaranteed a good-enough connection wherever I go.
Firefox does some things better (like PiP video playback on most websites, like YouTube!) but others are so poorly done (like Profiles) compared to Chrome that it overall makes Chrome my first choice browser.
I never used Firefox profiles, but Firefox container tabs work really well IMO. I much prefer them to Chrome's profiles for managing work vs personal logins.
I haven't noticed any issues on YouTube after subscribing. Before that it used to glitch once in a while possibly to penalize the ad blocking. But that may have been the behaviour in Chrome too for all I know.
Google Meet does have some key features missing on Firefox such as blurring / changing video background.
Jitsi is super easy to use, and I still can't get older people to use it. They just hear "Zoom" on CNN so they think, "I'm supposed to use Zoom. Other things are weird." So much behavior is just driven by anxiety and habituation.
He provides a nice piece of anecdata there: for one-on-one meetings, you can just send people a link and usually they just join. Even if they've sent a link to Zoom or Meet or whatever, you still can say “hey, join this instead” and it will work. I haven't tried this yet, but sounds plausible to me.
I believe google has intentionally made google maps near unusable in firefox. It's been consistently working worse and worse every year. I feel like about 8 years ago there used to be parity between them.
Its really bad, it takes almost a minute for the site to "stabilize", and even then, default text in the search bar is overlaid with whatever you're typing, a good 30 seconds to load a destination.
A chrome browser on the same device has maps behave almost instantaneously.
I am using it regularly without issues on firefox so I am not sure what you are talking about and definitely not in the "unusable realm". Can you be more specific?
I think this example is weirdly informative to me.
I mostly use maps via an app (Apple or Google, they seem to be the same for basic use). Usually if I’m using a map, I’ll be using it in my car for navigation, so Firefox doesn’t even come to mind.
I suspect, on top of the “maybe it is internal apps” thing I mentioned at first, some of the really bad sites are the really interactive ones, I probably just use the app without even thinking of it.
I sparingly run into sites that don't render properly on Firefox but they do exist. As an example, Ticketmaster's account page has problems on Firefox that I don't get on Chromium.
Maybe so, but asking somebody to not go to shows of their favorite bands anymore as a form of protest against Ticketmaster and/or Google is a bit much. Unfortunately, some venues seem to be Ticketmaster only at this point. Sometimes you’ve got to choose your battles.
No but appart from festivals (which were not relying on ticket master) I haven't seen tickets sold by only one company. Usually there are different ones and also some plain old in person in ticket office of department stores.
There are venues that are Ticketmaster specific because Ticketmaster's parent company owns the venue and some acts just use Ticketmaster because they are the most popular ticketing service. If I want to go to UFC 292 for example, I have to get my tickets through Ticketmaster. UFC isn't using some service that shows up on indiehacker
Ticketmaster is the only company selling tickets to several venues, there is no choice of who to buy from available there.
The only choice is to boycott your favorite artist because their record label made a deal with the wrong company. That's too many layers of indirection, for many fans.
I have the same - not sure if its related to many privacy plugins in my Firefox but e.g. google maps still doesn't render as sharp as in Chromium browsers - seems like using rasterized tiles.
This is going to be a problem which compounds more as Google gains more ground. “Oh, I love internet freedom, but I really need to visit website X.” As more and more websites adopt Chrome’s standards, Chrome will be the only browser that works.
The Mozilla Foundation is arguably mismanaged. Firefox does ok, but could go further if the Foundation invested more in FF development and less on… other things.
I'm surprised not to see more love for Librewolf here on HN.
It's just the latest Firefox release, recompiled without all the Mozilla telemetry, and with all the settings flipped to more secure/private defaults so all the tracking features are opt-in instead of opt-out.
Honestly I think the name of the project might be limiting its adoption. It’s sometimes annoying for the more technically inclined among us, but branding matters a lot. You need a name that’s snappy and memorable, which “Librewolf” is not.
Firefox is actually a pretty good example of good branding. It’s short, rolls off the tongue, has pleasant alliteration, and evokes mental imagery.
It's behind by some weeks on major, contributing new features is difficult because most dev effort seems to be on integrating upstream. It is a great easy path for the less technical to 'more privacy', but pretty much if you are a developer just harden it yourself IMO.
I've been using FF as my default browser on desktop and mobile for at least 4 years. I've had zero issues. In fact, if I need to use their dev tools, I find them superior to chrome. I don't understand the shade Mozilla gets thrown at them.
You’re gonna have to swallow your pride and use the best option here. If you are American you already have lifelong training in this dynamic and you know if you don’t, it just gets so much worse.
Who has been mismanaged for at least a decade and depends on Google to pay their bills..
I don't see how this matters, it's an open source project, if people find enough value, it will be forked and improved by community or a new organization will form around it. This is the beauty of open source, you must embrace.
I'm not really seeing the dilemma here. Would you choose a browser from a mismanaged organisation, or a browser from a corp actively subverting the very basic idea of having a web client you can control, which has a chance of forever changing how we get to interact with businesses online? (In likely the worst way possible)
Seriously, how is this a question? (Unless you want to go with another independent option, then sure)
None of that should prevent anyone from using Firefox.
There are no alternatives, nearly all other browsers are built on Chromium.
Making FF more prominent will not give Google more power, it will give Mozilla more power to negotiate better deals with Google and Bing to become the default search engine, because in the world of browsers, that's what pays the bills.
Giving more power to Mozilla hinges on them having a larger user-base so their voice is heard on these technical issues.
I'm tired of people complaining about how much better they could do "if only" this, or that FF was % slower on some tasks 10 years ago.
Firefox is a better alternative. It's the only alternative, and we can make more demand on its direction if we actually use it.
It doesn't mean that we shouldn't hold Mozilla to higher standards, but if we keep waiting for them to be perfect before we will consider using and pushing FF, we're just going to lose the only alternative not controlled by Google or Microsoft.
It's Firefox here and now. There probably won't be a tomorrow otherwise. Google is making that very clear.
Exactly. Also, if some anecdata can help change a mind: Firefox is a really good browser these days. I use it quite heavily, and it hasn’t disappointed in the last three or so years since I switched from Chrome.
About the only use case I still need Chrome for is for sites requiring experimental web APIs not supported by Firefox, such as Web USB or Web Bluetooth. Site compatibility for everything else, including very heavy web apps, is just fine.
History sync is encrypted, which is what made me switch over in the first place (Chrome deactivates history sync when activating end-to-end encryption – go figure…)
I switched to Firefox for the idealogical reasons above and was pleasantly surprised to find that it was a net improvement.
The only site I have compatibility issues with on desktop is MS Teams and even then it's only for voice/video calls, everything else works fine.
Firefox Android is a slightly less happy place. The password manager doesn't work very well (am moving away from the built-in one) and I can't log in on Amazon (which is important because I can't buy Kindle books in the app because of the Play Store).
Interesting. Firefox android works great for me, but Firefox windows gets very slow on my machine. I don't use their password manager on either, though, so I can't attest to that.
> but Firefox windows gets very slow on my machine.
This is why I don't use FF (although I'm on Linux). It's unusably slow for me. My experience is not the most common one (indicating that there's something about my ecosystem that FF hates), but I haven't been able to make FF work in any of the releases starting a couple of years back, I think.
I don't browse on my phone at all, so I won't be using FF there purely for that reason.
This is just more anecdata, but I'm exclusively using Firefox on Android and have never had issues with The Guardian. In fact, at this very moment there is a Guardian article linked on the front page, and I've visited it without an issue.
I don't doubt your experience, but it's clearly not universal.
The same thing can be said about the opposite stance you are taking. The question is: do we already know things, and how easy are the things we don't already know to look up?
Regardless, I have Googled this for you: please return the favor by helping others learn to use search engines in the future before leaving comments insinuating that they are lying.
The tldr (as you'll probably insist on that also) is that Firefox finds Mozilla, not the other way around, as the latter is a non-profit while the former is a FOR-profit, so Mozilla actually can't directly fund Firefox.
Much of it goes to policy issues like this very one, and to government education about these kinds of things, and to other important efforts closely aligned with this exact issue. Mozilla does both "advocacy" and "product" and that two pronged fork exists to serve people and the web, not massive ad companies.
One has a browser that has +60% market share, the other went from ~55% to 3%.
One company dominates "the Web" and pulls these shenanigans all every other year, the other one is totally dependent of the former to pay their bills.
So yeah, Google has been better managed than Mozilla. That doesn't invalidate Google's execs are a bunch of lizards on the now common SV ego trip and screw up all the time, but they can and ensure they can continue to do so, Mozilla is not in the same position and part of blame must be attributed to them.
Dwindling market share of firefox is pretty much not related to how the mozilla foundation is managed. They had 55% of the market when the only competition was:
- ie6 which was a security nightmare for everybody
- browsers like Opera developed by very small companies against which competition was more based on merit
The only way for Mozilla have been able to maintain its market share against chrome would have to manage to reach both these requirements:
- build the #1 smartphone OS in the market in term of market share to have it preinstalled everywhere
- build the #1 search engine in term of market share to advertise using it everytime the user search for something.
Both feats requiring:
- financial means that were out of reach from the Mozilla foundation at any moment in time regardless of its management.
- giving up on mozilla ethics and values to be on same level as the definitely evil competitor.
If a website doesn’t work in Firefox (due to a bug in Firefox or the website or because the website blocks Firefox), please file a bug report on https://webcompat.com/
Mozilla developers will then try to reach out to the website’s owners, add a fix or workaround in Firefox, or (as a last resort) spoof Chrome’s User-Agent string to bypass the website’s Firefox block.
I use firefox for everything. The only site I know that doesn’t work is an internal app at my work that was written in FileMaker pro. I just use Edge/Safari for that one.
Is your firefox rendering google maps the same sharp (vectorized) as in chromium? In my firefox it seems not so sharp and rasterized (tiles?), but might be related to some privacy plugins/settings I'm using.
I very occasionally run into these, and keep Chrome as a backup browser. I suspect it's as often to do with adblocking though - I have no content blockers on Chrome.
Firefox performs way better and is a more pleasant experience. (This is a fair comparison because my ad-laden Chrome experience is internet as Google intends!)
Firefox is my daily driver on all my computers and smartphones. There are some hiccups, often with obscure websites and airlines. Most of them better be avoided anyways. However, Slack and Microsoft Teams don't function properly in Firefox.
It will be annoying if bank sites and other companies that are hard to avoid drop Firefox support (I mean I can switch banks I guess but it is a long term customer relationship, I don’t really want to).
Most websites aren’t bank websites. If a website doesn’t support Firefox, leave. If a website doesn’t support good old HTML, it is probably made by some kind of dummy who is trying to replace lack of content with glitz, this sort of person shouldn’t be listened to.
It would be much less likely if we could get the market share back to 2010 levels.
Is that a realistic goal? I don't know, maybe not, but it seems like there's little will even in tech to try.
There was a time when tech was the biggest driver of alternate browser adoption, and even managed to make serious inroads into the mainstream. It's a huge shame that this attitude seems long gone.
(As someone writing this in FF, being a Mosaic/Netscape/FF user for ~30 years)
No that ship has sailed.
It would mean focusing on developing the best browser and spending money on marketing so people download and install the best browser. Cut every other expense. Take FF from the politics of Mozilla and make it a real open source project.
If I look at Opera marketing, they seem to aim for young people with themes and video integration.
I do think FF has no vision and no clear strategy to get back market share, even it this is the only way to save the web. Perhaps market share isn't even their goal, I have no clue what they want.
> There was a time when tech was the biggest driver of alternate browser adoption, and even managed to make serious inroads into the mainstream. It's a huge shame that this attitude seems long gone.
I think that was just a side effect of browsers like Phoenix/Firebird/Firefox and Opera offering numerous tangible benefits over IE and the other browsers of that era.
They offered things like better functionality, better security, better extensibility, better performance, better ad blocking, and so on.
There were many compelling reasons to switch to them, and many compelling reasons to suggest them to others.
I could easily show less-technical users how those browsers could make their lives better in many ways.
For a while now, though, that just hasn't been the case. Using Firefox today, for example, doesn't really leave most people any better off, but it does come with its own set of new problems. I can't bring myself to recommend it.
I never have any real issues with Firefox, and when I do I simply don't use that site. I have my girlfriend and mother using Firefox as main browser on desktop and mobile, with uBlock Origin and they've never complained.
I did have issues during an interview in Microsoft Teams refusing to play my video. "Your browser is not supported", yeah fuck you it's not supported. I explain why, ask if we can switch to Hangouts and send a link.
Works fine, if more people had the balls to do the same we wouldn't be in this situation today. It's our duty to educate people instead of conforming to the path of least resistance.
Brave runs on Chromium; I am sure if WEI helped some crypto scheme for attention token it would be embraced there. But not as relevant as this relates to the "on by default" nature of these tools to validate web viewers.
Exactly. I use Firefox for everything. It renders all the pages fine and is speedy enough so that I never question its performance. But even if it had some issues, those were minor compared to the danger the web is in now.
Firefox' killer feature on mobile is that it supports uBlock Origin, while Chrome doesn't. Browsing the web without it is horrible -- the screen covered in popups with tiny Xes. There's a decent fraction of the time that you can't even read the content underneath. Firefox solves all that.
However.
Try opening any article from The Guardian on Firefox mobile. Even a good phone will start feeling sluggish and laggy and weird. An old phone will just go catatonic, get hot, and OOM the whole browser.
Surely this is partly The Guardian's fault. (Should it surprise me that the paper that poses "left" for the upper middle class is also incompatible with any but corporate software from Big Tech?)
But it's also definitely Firefox' fault too. Something is wrong with the implementation. If Chrome can render these sites smoothly, Firefox should be able to.
Firefox would only have an excuse if Google had some special APIs on Android, or were doing something to actively sabotage the Firefox experience. I'm not willing to get quite that paranoid yet.
There are some other browsers, but who the hell wrote them? How much of what you see in the app store is legitimate open source, and how much is OSS that some opportunist put their own trackers into? I'd love a good alternative, but I don't see a lot worth trusting.
So it's Firefox for most things, and Chrome when Firefox gets all slow and laggy. Or, Firefox for news articles, and Chrome for businesses' websites.
This is a crisis of our own making. You don't want Google taking decisions for the web at large? Then don't let them own 85% of the browser market share. When that's the case they don't need W3C or anything to implement whatever they want, they effectively control the client-side internet.
It's proven that mass marketing works. Tell me how a minority of informed and caring users can avoid on their own that a single large scale bad actor pours millions over millions of dollars to convince the uninformed masses about whatever they want. It even happens in actual elections when some factions use misinformation campaigns to alter the average voter's perception! So not an easy task to solve without help.
Totally. In most things, you need to have the ability to trust that users will make (or at least see) the right choice even over multi-million marketing initiatives. Given today's people and today's marketing, I'd say we're properly fucked.
>Tell me how a minority of informed and caring users can avoid on their own that a single large scale bad actor pours millions over millions of dollars to convince the uninformed masses about whatever they want.
Firefox.
No, not Firefox of today; I'm talking about Firefox 20 years ago that defeated IE6 by sheer force of nerds alone.
Of course, the landscape is vastly different now and Firefox today is about the most not-nerd thing next to Chrome. If there's a a browser here to save us anywhere, I'm not seeing it.
> Firefox 20 years ago that defeated IE6 by sheer force of nerds alone.
Firefox was significantly better than IE though: it was faster, had more features, and things like that. This is what made Firefox popular, not "sheer force of nerds".
Chrome, when released, also had some significant improvements to Firefox. In particular, it was loads faster. This changed with "Firefox Quantum" (59 IIRC), but "too little, too late" I guess.
Firefox was better than IE6, but it was the sheer force of nerds that dragged it across the finish line because neither the enterprise nor the general population otherwise cared.
People used Firefox because it was installed on their computers by the neighborhood nerd. Something similar must happen now. People have to cease using gmail, google search and google maps.
People used Firefox because their nerd friend or family member helped them download and install it. We got to 100 million downloads almost exclusively on word of mouth. It's not enough to have a better product, people have to learn about it and we did that with SpreadFirefox and other efforts I helped initiate so I'm very familiar with this. You don't have to trust my appeal to my own authority here, but I doubt you've got anyone closer to Firefox's early growth than me so maybe worth listening.
Firefox was not faster than IE. We lost on pageload, cold and warm start, new window, pretty much everything.
Firefox was better because it had tabbed browsing, integrated search, pop-up blocking, and extensions, but I was responsible for monitoring our perf back then and I can say for certain that we were not faster.
One of the things that led to Google's current dominance is folks like us (certainly me, at least) pushing folks to replace their default IE installation with Chrome as soon as they set up a new computer.
I hope, pragmatically, something similar might happen with this: say that Brave (my daily driver) disables WEI in their Chromium build, and a new Chromium-derived browser surges in popularity... like judo, using their own power against them.
In the last few years (or in the first few), not much. But there was a time where Firefox was difficult to recommend for performance reasons - I think it's right when they switched XUL iirc. To me that's what afforded the then-competition (Opera, Safari, Chrome) to start to eat the market share. It's why I switched to Chrome for a while (before everything was Chrome).
Since Google controls the implementation and the featureset of this API, they are effectively controlling the entire chain of access.
Having open source implementions does not make a difference, because a Google, or implementing website, server will control whether the content is served. Having the mechanism of access open sourced makes no difference in this situation.
It is the same situation with the "latent" passkey attestation mechanism. Apple and Google have general guidelines that the feature will not be used, but that only true currently. This should not be part of the browser for the same as with passkeys, it gives corporations final say in what you are allowed to use.
I was watching a video about nesting in CSS and how it's just in Chrome and comments were all about how cool it is and how they can't wait to use it, and so on, and so forth. I think it's quite a representative example: we can do that much better with SASS today, but I guess Google needs to keep features pushing at full speed so no one else can keep up.
We developers are so gullible. Just give us some shiny things and we don't even realize they're heating up the pan.
I hovered over the green box for Firefox 117 and it said “Released”. I see now that for browser versions that have actually been released, it says “Released <release date>” and it’s just a very misleading bug because all unreleased browser versions will just say “Released”.
This is the bait to make it sound reasonable. Of course this hold-back feature will be quietly disabled at some point in the future. The whole proposal is full of weaselly half truths and misrepresentation about their real plans
> this hold-back feature will be quietly disabled at some point in the future.
Will it though? Googles main reason for WEI I assume is to combat ad-fraud. Ie. to prevent someone making a bot farm to click ads to earn money from advertising or exhaust competitors ad budgets or manipulate search engine user ranking signals.
With WEI, all ad clicks without WEI could just be ignored (ie. not billed to advertisers, ignored when calculating statistics and signals). If 10% of clients have WEI 'cloaking', you just inflate the final advertising bill by 10% to account for those users - the end result is the same as billing for all real users and no bots.
WEI still achieves all of Googles goals even with cloaking.
As the middle man Google benefits from ad-fraud and has few incentives to really stop it. Ad-blocking is a real problem for them however, and they have huge incentives to prevent that. Ignore what they say - that's what WEI is actually about.
Googles main business is ads on google search. Here they aren't a middle man.
Companies give google $X, and hopefully sell Y extra products. X/Y is the cost per sale. Google competes with other advert forms (eg. TV/radio/newspaper ads) on that X/Y number.
If there is ad fraud, that Y number gets decreased (budget is used up on fraud that doesn't translate to sales), and their revenue decreases as advertisers spend their ad budget on other mediums.
>Will it though? Googles main reason for WEI I assume is to combat ad-fraud. Ie. to prevent someone making a bot farm to click ads to earn money from advertising or exhaust competitors ad budgets or manipulate search engine user ranking signals.
Right. And so I ask this question: Why should I be forced to donate my data, CPU cycles, network bandwidth and privacy to one of the largest corporations in the world so they can address an issue (ad fraud) between them and their customers?
I'd note that I am not a customer of Google or their advertisers. Because advertisers are the only real customers of Google.
That’s a silly proposal that will eventually be turned off as it causes issues. Users will complain that sometime websites are broken for no reason and the first proposed fix would be to turn the failure probability to zero. Then the zero failure setting will become the default.
Also if Netflix or Twitter decide to require device authentication they can give you an error message and instruct you how to turn the holdback feature off
The attitude from Google towards this has changed significantly over the last few days (unsurprisingly).
From the "explainer": "we are evaluating whether attestation signals must sometimes be held back [...] However, a holdback also has significant drawbacks [...] a deterministic but limited-entropy attestation [i.e. no holdback] would obviate the need for invasive fingerprinting".
From the Google worker's most recent comment on the issue: 'WEI prevents ecosystem lock-in through hold-backs [...] This is designed to prevent WEI from becoming “DRM for the web”'
So, in other words, WEI could be used to prevent fingerprinting, but won't be able to if holdback is introduced -- 5-10% of clients would still get fingerprinted.
Looking at the list of "scenarios where users depend on client trust", all of them would be impacted by a holdback mechanism:
- Preventing ad fraud: not for the holdback group
- Bot and sockpuppet accounts on social media: not for the holdback group
- Preventing cheating in games: not for the holdback group -- and thus not for anyone playing against someone in the holdback group
- Preventing malicious software that imitates a banking app: not for the holdback group
In other words, if there was holdback, WEI would require places which currently fingerprint to retain and maintain the fingerprinting code and apply it to fewer users, in the best case, or would be completely useless in the worst case (for things like games).
However, it's also quite interesting to look at the implications of successfully attesting a browser which supports arbitrary extensions:
- Preventing ad fraud: install an automation extension
- Bot and sockpuppet accounts: as above
- Cheating in games: install an extension which allows cheating
- Malicious software which imitates a banking app: a malicious browser extension could do this easily.
In other words, unless you attest the browser with its extensions, none of the trust scenarios outlined in the explainer are actually helped by WEI. It's not obvious whether the Google employee who wrote this deliberately didn't think about these things, or whether the 'explainer' is just a collection of unconnected ideas, but it doesn't appear to hold together.
It is not surprising that the first target of WEI -- Chrome on Android -- does not support extensions.
That's currently just an idea in the 'Open questions' section of the spec, but there is already pushback against it from others closely involved in the spec & discussion around this (https://github.com/RupertBenWiser/Web-Environment-Integrity/...) and notably the attestation feature Google already shipped on Android for native apps in the same situation does _not_ do this.
The antifraud company that worked with Google on the WEI proposal is already calling for the removal of holdouts from the spec[0], because:
- Attestation does not work as an antifraud signal unless it is mandatory - fraudsters will just pretend to be a browser doing random holdout otherwise.
- The banks that want attestation do not want you using niche browsers to login to their services.
If you have 50% of people having adblock then websites loosing 10% of traffic because of WEI probabilistically fail it still seems like win for big tech if they force user to their approved unmodified OS/browser.
I guess they could un-cherrypick this 'feature', but that doesn't mitigate google or publishers requiring a response from this API, in order to serve a request.
Not a lawyer but this seems ripe for antitrust action. Microsoft got sued back in the 2000's for simply bundling IE with their operating system. The behavior of Google (and quite frankly Microsoft with Edge) seems way way worse than whatever MS was doing when they got sued.
I'm sick of these guys trying to break the web. From now on it's personal. We need to make sure that Google gets very hurt, and ideally they are wiped out from our industry.
And somehow this barely registers on HN, there have been over thousand comments on WEI this week, this was mentioned maybe in 5 (few of them mine - yes I'm repeating this point because it is important).
Attestation bad. Chrome is just catching up to what Safari is already doing, with in fairness more open standard.
All of the major tech companies are in on this. Google and Apple already deployed it for their phone and desktop platforms (iOS, Android, macOS, ChromeOS, all support attestation already). Microsoft is getting there with Windows 11, and all new devices shipping since ~2015 have the hardware support. Google is now closing the gap on desktop browsers.
Soon the percentage of people supporting it will be high enough to make it mandatory - the last 5% can just get a new device or something like that. They'll do it when their bank website tells them so.
The day Cloudflare flips the switch to require it for all connections is the day the open web dies.
And if they prohibit it, Google will just pay a several billion dollar fine. At the end of the day, it's just a cost of doing business. Something like an extra 2% tax raise or something. Whatever. Dividend time.
I am a bit confused. This sounds a bit stupid. If this is DRM for web content, then what would non chrome browsers like FF for web pages that ask for such authentication? Refusing to work with other browsers than chrome seems like a lawsuit waiting to happen.
It looks like they do not care if they have consensus or approval for WEI, they are implementing it regardless.
Wherever you live, you should contact your government representatives and regulators and put a spotlight on this issue for what it is--monopoly abuse of power.
Grassroots efforts are great and it is good to let your friends, family, and associates know what they are doing and why it is wrong. However, government regulation of this abuse is needed to stop it by force of law.
Why do you think they don't have consensus or approval from all the people that matter? This is far too big for that. Google, Apple, Microsoft, Cloudflare, etc, are all working together on this. Governments will like it for "security", and 99% of users won't care.
Perhaps this specific proposal is only Google's doing, but the concept in general, absolutely.
For example, these provide essentially the same attestation service for native apps consuming APIs, validating that the phone is not rooted, and the OS and app are unmodified:
Of course that will be hooked up to Google's new thing as soon as possible!
Microsoft has also been preparing it with the whole TPM integration in Windows 11 and mandatory inclusion of such hardware in all prebuilt PCs since ~2015. That's what the Chromium integration builds on - Google can't actually do the foundation for this themselves on Windows.
You can absolutely bet that all of these companies are on board with whatever Google is doing.
I know about the Safari captcha system (the only one of those that's truly analogous to WEI). Nobody cared about it because Safari's market share is very small. I would care if those companies jumped on the Google proposal because Google has the market share to force this through and make it ubiquitous, which is why I was wondering whether those companies had come out in support of this specific proposal. If they had/will, that would make WEI totally inevitable.
The web stopped being open when W3C accepted EME. Now that effectively Google IS the web, they don't even have fake attempting to convince anybody and will just turn the web into another proprietary technology.
> The web was more open when to play those videos you had to use a proprietary Flash or Silverlight plugin?
That's what you are claiming with your sarcasm hidden behind a rhetorical question, I've never said anything about Flash or Silverlight in the comment you've answered to.
There is absolutely no difference from a conceptual perspective between EME implementation and proprietary plugins, EME is necessarily based on a proprietary spyware, but you can't fathom that fact apparently.
Flash wasn't just DRM though. Incorporating video and animations into the web proper through browser was a win for the web despite the bitter pill of not ridding ourselves of DRM.
> Flash wasn't just DRM though. Incorporating video and animations into the web proper through browser was a win for the web despite the bitter pill of not ridding ourselves of DRM.
DRM as implemented by EME is necessarily a closed source, proprietary plugin just like Flash, I never said that Flash was just a DRM. Flash could be used as DRM system, in fact its video format FLV supported DRM.
You said the web stopped be open when EME was accepted.
But as you just noted there is no conceptual difference between EME and the proprietary plugins that it replaced (Flash based and Silverlight based video players).
So how does replacing something with something else that is conceptually not different change that status of the web from open to not open?
875 comments
[ 2.9 ms ] story [ 344 ms ] threadI'm recommending Mozilla Firefox to all friends and family.
Both users can keep Chrome installed as a fallback - that will help with convincing too.
At least there is Adguard.
That's only applicable to Apple users, though.
The last time I checked, multiple profiles support is somehow half-baked.
Add to Mozilla's perceived not-very-good management and you have a death spiral on your hands, and more power to Google and Apple to shape the Web towards their interests.
FWIW, first-class profiles support matters a lot: https://medium.com/sort-of-like-a-tech-diary/profiles-the-on...
This itself is one issue; there are also all sorts of adventures they decide to go for little to not at all related to the browser development, and which are conducted to convince people all around the world that they're a good humane corporation that cares. Igh.
Also check out firefox containers which is to profiles what docker is to virtual machines.
With profiles I can have different bookmarks, extensions, and even a different theme so I'm aware I'm on my personal profile, not on a work profile. Since switching profiles on Firefox + macOS is a pain in the butt, I use 2 different Firefox channels (stable + dev).
Anyway, containers are nice, but they're not a replacement for profiles.
This, so much. Anytime I've brought up profiles on Firefox, I'm told about this alternative that isn't a replacement for the feature.
Safari is (finally) bringing this, so maybe the folks at FF will begin to see this as a feature worth investing in. First-class profiles support is one of the main reasons I stick to Chrome, despite trying to switch.
The support for profiles is there, it's just hard to use in the context of a GUI desktop.
That's part of the "problem" with Firefox's support of profiles. It feels more like an afterthought and less like a primary use case the product wants to surface. To approximate the functionality Chrome has, I had to bookmark "about:profiles" and make it my home page.
Chrome also added this nifty feature that lets you open links as a Profile, making it easy to switch.
These may seem like small issues, but the end up mattering.
Go to Settings, and search for Autoplay (or in the left navigation, select Privacy and Security and scroll to Permissions).
Click the Settings button next to Autoplay, and set the default to whatever you like (amongst them "Block Audio").
She's now happily using Firefox with a non-hobbled version of uBlock Origin.
Because I could say chrome always works for me (which would be true in my experience), but that doesn’t mean it always does.
I wish Google could and would make Chrome closed source. It would at least give all those rebranded Chromiums (Opera, Vivaldi, Brave) a strong reason to reconsider their choice of engine, or at least maybe work together on a more divergent fork of it that stays away from Google's evil stuff.
I imagine it's hard to push back against it even internally. Not to be jaded, but one or two people raising a stink about it will only achieve them screwing up their career prospects within Google.
Google is an ad company. They're not a browser company.
Whatever someone may think of Google or even of ads, it’s smart to keep that important thing in mind and remember their alignment is and must always be toward maximizing and improving advertising.
The same technology could easily be applied to simply blocking anyone who isn't verified (in the name of stopping spam, DDoS, bank security, you name it), meaning anyone not using an approved install of Windows/macOS/Android/iOS is shut out from the internet.
In the long term, in the name of "banking security", they're likely to add a mode that also lets you ensure your pages aren't tampered with by extensions, and there go all the ad blockers.
Sounds like a great way to enforce censorship:
- websites can deny access to unverified web browsers / web clients
- WEI-enforcing web browsers / web clients can refuse to go to unverified websites (not a stated goal, but it is a logical next step to boost website adoption of WEI APIs once a critical mass of clients is reached)
Google wants to build a wall around the Web and have their own walled garden:
https://youtu.be/Ag1AKIl_2GM?t=57
That one is in the category of things that is little more than a nuisance in practice since it’s so easy to circumvent, but that’s a hardware thing and therefore it’s easier to plug something in that is unauthorized. Things are getting so tightened up on the software side with secure boot, Apple’s read-only system partition and by-default App Store Only policy on the Mac, etc. that I suspect this type of thing will be a pain for normal people, though actual at-scale bad actors will probably figure it out.
Reddit wanted to control how users consumed content on their site. To control the experience (i.e. monetize with ads), they had to shut down third-party clients, since those could remove ads.
Google appears to be doing the same thing, but for the entire web. WEI is a way for sites that want to monetize with Google ads to prevent folks from accessing their site unless they can cryptographically assure that the user's browser will follow all the rules Google sets. We don't yet know exactly what all those rules will be, but it isn't hard to guess that they'll be along the lines of whatever makes Google the most money.
This applies to desktop browsers, but also affects automated tools like wget and curl. It could kill web scraping altogether.
The problem was that if you used a third-party client, Reddit would have to coordinate with them to launch whatever new stupid cryptocurrency scam they wanted to push that week. On a web browser they can just push new code into it[0], and their first-party mobile clients can be updated ahead-of-time with support for the feature. But third-party clients would have to spend their own development time adding stupid "click here to get your Snoovatar[1]" links. They could slow-walk that, or just not implement that, and Reddit would have to spend time and money kicking users off that third-party app.
This, incidentally, is why every other major social media platform bans third-party clients. Third-party clients are user agents, not platform agents.
[0] Which, incidentally, makes web browsers not user agents
[1] An NFT scam Reddit tried to pull
Now it's almost impossible to access websites in an automated way -- the CTO posted you can just email him (https://news.ycombinator.com/item?id=34639212) and he'll sort it. Because that scales.
edit: Mispoke about the CTO, said he would approve you, I was wrong. Apologies.
Their DNS is "privacy focused", but they provide "aggregated results" of domains. How is that privacy focused?
Cloudflare came from the approach of being a developers friend ("Look! SSL is now free!") but was given the internet on a silver platter.
Whatever you may think of Kiwifarms, we all saw how that narrative unfolded from a technical perspective.
Remember that moderators can be abusive not just in terms of removing content that shouldn't be removed, but also by forcing you to accept things that harm you. Moderation is a trust relationship because I'm delegating my own personal decision to accept or block traffic/content/etc to someone else. Cloudflare is not trustworthy.
Cloudflare also used to be a big pain in the ass for Tor/VPN users because competent DDoS protection requires some kind of traceable identity. Their solution was Privacy Pass - an extension that let you pre-solve their CAPTCHAs. However, this wasn't good enough, so their next solution... was to literally partner with Apple to implement Web Environment Integrity, years before Google even proposed it. Nobody noticed this - not even me - because it was sold as a way to make CAPTCHAs less annoying. It was literally the trojan horse Google could only dream of building.
[0] https://forums.malwarebytes.com/topic/108447-my-site-using-c...
It was this thread, where you mentioned emailing: https://news.ycombinator.com/item?id=34639212
I'm having trouble grasping how WEI works, providing examples of what would and could happen and what to ask/tell the EU specifically.
From my limited understanding it would mean the lockout of people with non-compliant hardware/software, greatly increase the fingerprinting of web browser users and further vendor lock in to Google as a company?
This implements device level verification of the code running your browser. If the device identifies as something Google, or other implementing websites, don't approve, you'll get an error similar to how you see 404 errors for missing/wrong links.
The infrastructure to do signed OS loading is already in place, and on some operating systems (e.g. Android), the OS attestation service is already in place. So everything is mostly in place already to have your browser attest that it is official Google chrome on Google Android on an approved device with a hardware chip that verifies a Google approved boot signature. That hardware chip contains a Google approved private key (a key that's signed by a manufacturer that Google has in turn approved/signed) that can't be extracted, and that's the key that makes the attestation. Replace the hardware boot verify chip with one that will verify software you want, and you lose your attestation key.
They could also make the OS service reach out to a web service to get an attestation that the attestation key hasn't been revoked, so even if someone did physically extract the key from hardware and share it, it could be revoked (assuming each device gets its own key).
In effect, wide use of this kind of thing means that open source software is no longer free since even if you can look at the code, you must be part of the anointed class (i.e. working within our approved by a major corporation) to edit it and run your edits.
[0] An ARM exception level that sits above hypervisors and is specifically intended to support trusted execution modes for isolated mini-operating-systems that do this sort of shit
Because that thing basically describes a proprietary plugin like Activex, Silverlight or Flash before it, so a third party browser which doesn't have that proprietary tech can't fake it, under pretense of "standard". The code of that plugin will not be open source, worse, it will act as a spyware on people's computers at the OS level.
It's like EME before and these proprietary techs have no place in a open standard spec.
It's permanently blocked to prevent piracy, or something, mumble, mumble...
The temporary nature of any licensing deals behind these services and the resulting lack of reliable long-term access to content have become more and more obvious.
Increasingly the streaming services seem to be so paranoid about piracy that they are blocking "unapproved" players from getting the highest quality versions of the content - as if anyone who wants to pirate any blockbuster movie can't already find a way to get it in 4K somewhere else if they really want to. Meanwhile you can't watch your 4K movie on a service you're literally paying to provide that movie. IIRC Amazon Prime Video still won't even let you have HD content if you're on Linux.
It feels like the commercial incentives for tech firms to create walled gardens and a culture of never owning anything permanently are going largely unchecked and by now the governments who are supposed to act in the interests of their people should really be stepping in with regulation to counter those negative trends.
Apple and Google only just now implemented this kind of web DRM, which absolutely can have further restrictions added to it. Careful with your absolutes.
Surveillance is possibly the worst of the bunch. They say it’s just to do a better job of serving ads, but that’s only the tip of the iceberg. Governments could easily use it to know and track everything you do online. Just wait till the next elected nut job wants a list of everybody that has ever looked at or searched for a certain type of information, maybe they don’t like that you looked up info on abortions or lgbt info, now they can know the full extent of what you saw and when.
Ads will be worse. You think YouTube ads are bad now, just wait till you can’t visit any page without the mandatory viewing of their ads. They can require a cam installed to make sure your eyes are on the ad, helpfully pausing the video when you look away.
https://imgur.com/dgGvgKF
[0]- https://en.wikipedia.org/wiki/Tivoization
There are already various services that require proprietary applications to be installed, most of which are closed-source with dubious security track record. Replacing those propriety apps with a common web browser is not necessarily a bad outcome.
Personally I am voting with my money and just avoid services that are user-hostile, independent of which user-agent I use to access those services.
The only way around the dystopia this will lead to is to constantly and relentlessly shame and even harass all those involved in helping create it. The scolding in the issue tracker of that wretched "project" shall flow like a river, until the spirit of those pursuing it breaks, and the effort is disbanded.
And once the corporate hydra has regrown its head, repeat. Hopefully, enough practise makes those fighting the dystopia effective enough to one day topple over sponsoring and enabling organisations as a whole, instead of only their little initiatives leading down that path.
Not a pretty thing, but necessary.
Is EFF still the place to send money?
It’s very likely governments will make this mandatory if they have the chance to regulate over this.
"At the same time, Schmidt has been appointed to numerous White House advisory positions, giving him privileged insight into the administration’s policies in technology, science and military defense, as well as unusual access to top policymakers."
https://www.techtransparencyproject.org/articles/eric-schmid...
A quick Google of "eric schmidt obama" brings up a lot of articles discussing their close political relationship.
It could be said that Schmidt disproportionately influenced important decisions in the tech realm, to a degree nearly equal to executive authority, because it presumably (and greatly) outweighs the opinions of the other heads of Big Tech, so long as Obama was naive enough to agree with him on key issues he didn't fully understand.
This is especially damning in light of the NSA / Prism scandal during Obama's term, and Big Tech's involvement and compliance with that.
Of course, anyone could assert this about an advisor to a President depending on the President's level of knowledge and outright willingness to apply their advice, even if in spite of fairness (competition), rights, laws, or precedents.
There have been many questionable advisor appointments by previous presidents. Including the last president.
The other side to this issue is despite the scrutiny towards big tech, they can still lobby and make any regulatory actions seem effective, when in practice, they've already gotten their fingers into influencing policy in such a way that doesn't ultimately address the consumers' concerns.
"An owner of this repository has limited the ability to comment to users that have contributed to this repository in the past."
Ben Wiser ( https://benwiser.com ) turned off comments altogether.
The Open Web. Creators: TBL et al, Destroyed-By: Google et al.
- Sergey Brin and Lawrence Page, The Anatomy of a Large-Scale Hypertextual Web Search Engine
for a personal blog it has quite a lot of PR speak
Consider incentives from Google's standpoint. They want to provide users a safe and secure experience. They want to simplify maintenance of software and provide developers the ability to simplify maintenance of software (a problem simplified by chopping the unbounded set of possible user agents down to a blessed, vetted subset). They have the resources to make their site screen-reader compatible, so they're not concerned about damage that could be done to screen-readers because they'll just bless one and support it. And, of course, they implicitly trust themselves to do all this.
In that ecosystem, Weiss's viewpoint is completely reasonable. The old model of the web is old, and led to gestures broadly at all the bad things about the web today... fraud, users getting owned, CP, botnets, misinformation factories. I can definitely see the viewpoint where someone concludes "It's time for a new model, and this company has the resources to do it."
I don't agree with him (and in fact I think the idea will fail; I think Google actually overestimates its ability to provide an equivalently-good user experience to what we have now if they aren't leveraging the unpaid labor of other vendors putting the effort into making their own houses work with Google's house without Google even being aware of their work). But I think it's useful to wrap our heads around how one gets into that headspace without thinking oneself a monster.
Nothing in the proposal requires the third party be Google. The proposal does decrease the control the user has over their own hardware, in the sense that it provides a channel for a site to decide the user-agent / hardware stack is the wrong pedigree to serve; that's not universally considered evil either (few people really get bent out of shape that you need a Nintendo Switch to use Nintendo Switch Online services).
Google sells ads. They want to kill ad blockers. This is how.
> Weiss's viewpoint is completely reasonable
Chasing diversions around in circles is not neutral. Someone wins by default. Diversions exist and they exist to tempt you into poor attention allocation decisions. This is not about safety, security, and providing an excellent experience. It's about ads and making sure you can't stop them.
Ockham's Razor doesn't apply in an adversarial situation.
"Google is an advertising company and does whatever leads to more profitable advertisements" does a much better job of explaining Google's actions than "Google just wants to build the best possible browser", so it should be preferred even though it is a more complicated explanation.
https://news.ycombinator.com/item?id=36857676
85 points by KoftaBob 1 day ago | flag | hide | past | favorite | 109 comments
Edit: I suppose I need to add—no, we're not pro-$MegaCorp or pro-$web-destroying-dystopia. We're just trying to have an internet forum that doesn't suck, and you guys need to make your substantive points without degenerating into mob behavior.
https://news.ycombinator.com/newsguidelines.html
Here.
The problem is that the proposal has not yet been brought to W3C.
Please don't do this here. It's not what this site is for, and destroys what it is for.
Edit: I suppose I need to add—no, we're not pro-$MegaCorp or pro-$web-destroying-dystopia. We're just trying to have an internet forum that doesn't suck, and you guys need to make your substantive points without degenerating into mob behavior.
https://news.ycombinator.com/newsguidelines.html
We are capable of going to elsewhere to free and open access to information, and we would be better off spending our energy on positively influencing others to follow us in that direction. They can’t take away tcp, http, ftp, irc and all the other protocols that these megaliths have built their empires on, and we can still use those tools even if it’s a demoralizing regression to move back to the basics. Giants like google, Amazon and others depend on our unwillingness to rebuild. Let’s use our efforts and our ingenuity to show them that they’ve underestimated us.
We have the tools, we have the knowledge. Let’s be builders instead of petty complainers.
And what do we have to show for it? Our tools power their botnets and they flaunt the CoCs in our faces when we try to do something about it as “not constructive”.
More explanation:
https://news.ycombinator.com/item?id=36881929
https://news.ycombinator.com/item?id=36881081
https://news.ycombinator.com/item?id=36881034
In addition: could you please stop posting unsubstantive comments and flamebait generally? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
Therefore, one of the most efficient ways to kill a dangerous new standard is to endlessly harass anyone who works on it.
Sorry, the poor individual can not hide from their responsibility.
More explanation:
https://news.ycombinator.com/item?id=36881929
https://news.ycombinator.com/item?id=36881081
https://news.ycombinator.com/item?id=36881034
There are enough top voted people demanding harassment in this and other threads to say that well, maybe that's what HN is, actually.
The only pressure that Google has been shown to consistently respond to is political. Get a couple of senators (... of the right party) to send them a mild rebuke and they will indeed retreat a little (... and try something else later). But that's a lot harder than posting angry comments until the next piece of outrageous news comes along, isn't it?
I'm not on board with harassing people (sad that I have to include this disclaimer).
That said, the people are not simply implementing this. They're actively and publicly justifying and defending it.
let it burn
focus on building something new, new protocols, new networks, new browsers
Normies can f&$% off and enjoy the data-mined, DRM'd, ad-infested, CCP-propagandized, upload-your-photo-ID-to-post-here, privacy-free dump their illiteracy, careless disregard for harm, and data exhibitionism fetish has allowed the clearnet to turn into.
Anti-communism and fascism are historically in lock-step. No one is going to use the services if you basically create web4 stormfront.
“What do you think the Russians talk about in their councils of state, Karl Marx? They get out their linear programming charts, statistical decision theories, minimax solutions, and compute the price-cost probabilities of their transactions and investments, just like we do. We no longer live in a world of nations and ideologies, Mr. Beale.” Network, 1976
Further, free speech must be defended despite the modern liberal tendency to cut off the majority’s noses to spite nazi faces. If you’re gonna fight nazis, fight nazis, don’t throw out fundamental human rights. They know they can taint principles, signs, and symbols with their stench. Don’t give up essential freedoms out of guilt by association. These charlatans have no political theory, no examined ideology. It’s a power struggle and we’ve already ceded too much power.
> so fascism would be firmly out
This goes to prove my point, that there's a gross misunderstanding of history in the general population.
Fascism doesn't use force to get political power, it gains political power through reactionary ideas based on false assumptions that leads to a fascist regime where the violence then occurs on the "other".
It comes through ideas such as "protecting your family", "returning to tradition", and other feel good sayings that mean almost nothing. Think of the phrase "Woke", taken from black community vernacular and twisted to mean almost nothing at all. It describes everything and anything that can make a conservative person upset, from queer people to mental health professionals.
Despite meaning nothing, oh boy has it taken root. Beer is woke, tv is woke, the black guy in star wars is woke for existing. And oh man look how easy it is to take root and now millions of people live their life by the "anti-woke" lifestyle. What does that lifestyle mean? idk, buying shes just to light them on fire, i guess.
This is why communist regimes had gulags. Fascism takes root through reactionary(meaning feelz over realz) ideas, typically against change. A revolution is something hard fought, why would they allow it to be derided by some idiots who miss when they owned all their neighbors land?
What I'm trying to say is one end of the spectrum is at a huge advantage when it comes to free speech environments, for the fascist does not need to argue in good faith. Going by "philosophies that support the use of force..." will get you a lot of a certain group.
I'd love to hear your thoughts on how they were being anti-communist or fascist in your eyes.
Consider the phrase "tankie", what was once a term used by communists to describe a militaristic member who supported the USSR sending tanks into Hungary, has become a general phrase for anyone showing critical support to any socialist project.
Socialists are essentially told they are not allowed to support any previously or currently existing project because bad things were done, are told they're doing whataboutism if they compare the actions to western actions, and are called a tankie if they decide to stop caring about what liberals and right wing people say.
China IS a socialist project, are they strictly a socialist country? No. Did they perform the most thorough and equitable land reforms in the history of Humanity? Yes. Do they wield central power for central planning economic activities? Sometimes. Are they operating on a 100% worker ownership of industry? no, but they have a non-insignificant public ownership of industry, co-opting privately owned industry to steer activities with greater control and hold certain business leaders accountable.
I'm sorry to say, but "current day CCP conforms to the definition of fascism" just isn't correct and goes to prove the point that the meaning of words is mostly ignored. Fascism != Authoritarianism. There was a massive effort post WWII through the cold war to create anti-communist propaganda that simply wasn't true. You had actual ex members of the Nazi party leading anti-communist endeavors. The black book of communism counts Nazis as deaths from communism. The Victims of Communism memorial foundation is literally a mask on far-right thinktanks such as the heritage foundation.
That being said, the West is grossly lied to about China day to day. It is in various interests to have an enemy. To the point where one man can write a report identifying a "future cultural genocide" which was simply a reduction in growth of a population due to 1 and 2 child laws being imposed on a group that was exempt prior, as an actual, in-progress genocide. If you point this out, people call you a genocide denier.
That same man is a director of China Studies, at the Victims of Communism Memorial Foundation.
I apologize for this long winded rant, but yes, if you found an internet presence on being "anti-ccp", you're starting off on a literal fascist foot. The community will deride any left leaning voice, call any voice that says "hey china did a good thing here", as a "tankie", and it will become an echo chamber for right-wing hate speech.
Cory Doctorow came up with the phrase "The War on General-Purpose Computing", which describes the situation perfectly.
What we really need is for the collective browser vendors to refuse to implement this and, if Chrome pushes forward, to bring Google to court over it. Nothing short of legal intervention is going to help here.
Legislation around device ownership rights are already present, especially in the EU.
If this ever helped, we wouldn't have absolutely unethical products created. Turns out people's morals have a price tag, that Google and others are willing to pay their employees.
It is quite incredible actually, because it was not many years ago that working at Google had this coolness factor to it. Hopefully, it is a broader change of view, other than mine?
https://news.ycombinator.com/newsguidelines.html
Multiple US states, France, Germany and the UK are going to make the web unnavigable unless you type your credit card number or scan your face for age verification in two out of every three sites.
We are going to need to at least try to create ways to secure those credentials in as zero trust model as possible.
(Note that the legislation is a disaster, but it is done. Nobody paid enough attention. It has passed or will pass in weeks.)
A fresh web doesn't exempt you from the legal requirements unfortunately.
This year has seen the biggest state attacks by legislators on any electronic distribution of speech across most Western states for fifty years, and by and large the technology community has completely failed to even engage with that never mind stop it. We are all going to have to live with the consequences for decades.
AI is going to completely change search if it hasn't already, and google is not even close to compete in this space.
Video has some massive competition from the likes of TikTok. Anyway, YouTube isn't the only option on the market.
Gmail is still popular but since google has been pressuring users to pay, it's been easier than ever to find a reason to try another service.
Chromium can always be forked and have some parts removed or added, and as we all know quite a few browsers do this, some are quite popular.
Is google also losing IOS ads like Meta? If they do, that's another reason for alarm for them.
I'm not sure google is in the best position for the future and WEI is not going to be their golden ticket either.
And, if your prediction that web will change actually comes to pass, well then it'll be just another cycle for this space that has changed countless times since the age of dialup. The web is going to change, again and again, but as long as people are still free to set up a server and let the world access it, we can still do what we like with it.
The Halloween memos called this "Embrace, Extend, Extinguish". Google didn't just ignore the moves that provided M$ dominance.
The only way to stop Google from treating the Web as their own OS is to take that power away from them, by switching to other browser engines.
Not every Mozilla critic is a Chrome user; I'd even expect that the most vocal critics are Firefox fans and users.
The bigger picture is that Google et al are actually part of the control structure. The governance system wants deanonymised Internet. Corporate interests are how this is being promoted - government legislation would be a harder pill for the masses to accept.
But all the recent mega changes tell us (Elon buying twitter, etc) tell us that this is on the way. Apparent anonymous internet will be sandboxed. Knowing everything about everyone all the time, and having that data being crunched by ai's is an amazing, audacious goal, that seems close to being achieved.
It's even funnier with the auto-reply "Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA)."
Not on HN, please. I realize that you're trying to protect something you care about (and that maybe we all care about) but this leads to ugly mob behavior that we don't want and won't allow here.
https://news.ycombinator.com/newsguidelines.html
In general Google engineers don't tend to work on branches, especially long-running ones. Incremental small code reviews are the expectation. The general process would be to stick things securely behind flags and continue development without turning it on, even if it never ever launches.
Not saying this work should be done -- it shouldn't -- but code being pushed is not the same as "we're going to make this happen tomorrow, no matter what."
"Don't mind me guys, I'm barely boiling the frog."
We can add www to the list.
Yes, because that's a such anti-consumer issue. It shouldn't exist in the first place, it should never be merged to master. There's no reason to not keep it on a separate branch if you don't intend to use it.
My point is that at some other company (e.g. Apple) it would be done in secret on a branch somewhere, then big-bang merged later.
Google's process doesn't tend to work that way.
And can we retire this inane content-less quip already?
Also I'm old enough that even my children aren't children anymore. How I would dearly love for your statement to be true.
Don't underestimate how much money they have to burn and how incompetent upper management is at making hard decisions and planning.
https://www.theregister.com/2023/07/25/google_web_environmen...
Despite the spec's half-baked state, the blowback last week was swift – in the form of a flood of largely critical comments posted to the WEI GitHub repository, and abuse directed at the authors of the proposal. The Google devs' response was to limit comment posting to those who had previously contributed to the repo and to post a Code of Conduct document as a reminder to be civil.
The usual way to deal with opposition these days.
Quotable!
On a separate note, for journalists and others who wish to communicate with the spec's author directly, his public website (which lists a personal email) is one of the other repos on the Github profile under which the specification was published. It's painfully absurd that he wrote this sentence in 2022 [0]:
> I decided to make this an app in the end. This is where my costs started wracking up. I had to pay for a second hand macbook pro to build an iOS app. Apple’s strategy with this is obvious, and it clearly works, but it still greatly upsets me that I couldn’t just build an app with my linux laptop. If I want the app to persist for longer than a month, and to make it easy for friends to install, I had to pay $99 for a developer account. Come on Apple, I know you want people to use the app story but this is just a little cruel. I basically have to pay $99 a year now just to keep using my little app.
[0] https://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-my-...
Google needs to be broken up.
They own the browser market. They own the web (through Adwords). They own Search. They own mobile. They own most of the video sharing market with 2.5 billion monthly annual users. They own a good chunk of email with 1.2 billion monthly annual users.
They have amassed an incomprehensible amount of power and influence over humanity and they have proven repeatedly that they are willing to use that power to the detriment of humanity and to entrench themselves further.
Google needs to be broken up.
Chrome and Android are open source, and there are several forks of both thriving in the ecosystem. Yeah it would be cool if there was a decent open source alternative to GMail and Drive, but no one else seems to have figured out how to get the incentives right for something like that.
Google's open source projects are open in name only.
The link at the top of the page is pointing to the GitHub repo, where you can see literally over a million contributions from thousands of people working at hundreds of companies: https://github.com/chromium/chromium/commits/main
I've worked on both Chrome and Android (Chromium and AOSP) professionally, and never worked at Google.
What I should've written is that: yes, they are open source, but there's no way to influence the direction they are going. These projects are 100% Google-run, and very few (if any) decisions are public.
For most projects there's also a significant proprietary part in the actual final product
No, it didn't, it restructured itself into Alphabet, with many subsidiaries. But, all the core businesses are still under that umbrella organization, with most web-related businesses remaining inside the current Google entity.
A forced divestment of the browser business might help. Same for the productivity products.
No one has paid for a browser in almost 3 decades and even then few did.
Considering NCSA Mosaic’s initial release was just 30 years ago this year and it’s considered the first browser, think you might be using a bit of hyperbole there? Twenty years would’ve been more accurate.
edit: Safari as well.
Meet the new boss…
Today, Google can provide Chrome as a loss-leader, making up for the "free" browser with ad revenue.
The new Chrome Company can't operate that way. It needs to make money on its own. Perhaps MS Bing offers more money. Or they build their own ad system. Or pivot into some other business area.
Anyway, I don't think anybody is arguing Google/Alphabet must be broken up, only that it's a tool that's available in the US, should we (society) decide other regulation is insufficient.
> Or they build their own ad system.
And we still are being tracked by BigTech with the same business model that people object when Google does it.
> Or pivot into some other business area.
And what other method do you suggest for funding besides ads or people paying for the browser? The second option has never been a long term successful business for browsers?
Just because they don't sell floppies in a box like it's 1994 doesn't mean these aren't businesses.
Because to me it just feels like it might be legally separated, but still owned and directed by the same handful of people. And it being separated makes it safer, in that they can't forward e.g. large fines to the parent company.
Disclaimer: I don't know anything about large corporations. or economy. or governments.
The US did this with Standard Oil in 1911, Bell/AT&T in 1983. And the same laws were used against Microsoft in 2001, though the company was able to avoid a break-up.
Breaking up Google might not be the best option. Perhaps more rigorous regulation by the government would be better, similar to Microsoft. But a break up should be an option.
How did they do this? Simple: iOS provides cryptographic attestation that your browser isn't a bot and isn't hacked, and CloudFlare takes that as your CAPTCHA solution. This works exactly the same way that Google proposes Web Environment Integrity work.
Virgin Money, UK - https://uk.virginmoney.com/
Is Animal Farm not required reading in Orwell's home country? Or was that a misquote, or maybe just something from a random support worker? It's almost too on the nose for that statement to be written by someone familiar with that book.
And then they are all probably going to implement “sign in with Google”.
Yes, win. I'd rather be in a number of smaller businesses database than in the one last company's.
If this proposal becomes standard in Chrome, You can be sure Microsoft and Apple will follow Google's lead with the same or their own similar implementations.
See Microsoft Pluton and Apple's Private Access Tokens. Or read this article which provides an excellent overview of these developments. https://news.ycombinator.com/item?id=32282305
Make no mistake. If this becomes standard on Chrome, this is going to be standard on the web.
As far as YouTube, I think I only use it for AWS ReInvent videos. I can’t stand ads and there are no ads interrupting the video.
Besides, I can’t remember the last time I actually sent a personal email to anyone besides forwarding something from another business.
Now google has both the need to show ads, and direct power on what people use to see those ads
How is Firefox funded today.
One thing is funding, keeeping independence, another is controlling
And Firefox already supports Google’s WideVine DRM
https://support.mozilla.org/en-US/kb/enable-drm
What makes you think they won’t support this?
If you think that Firefox won’t include DRM because of “freedum”, there is an existence proof that they will - they support WideVine.
How can Firefox be “independent” of Google when 80% of their funding comes from Google?
To make it explicit: the only way this happens is by Americans voting for it. The FTC has been more active on anti-trust issues in the past two years than at any time in the past 30. That's a direct result of the 2020 election. Elections matter.
Have seen FTC going against Amazon because the FTC chair had published prior work against Amazon's practices. Not defending Amazon but FB/Google are a much bigger threat than Amazon.
> Private equity deals and transactions in the healthcare and technology sectors continue to attract heightened antitrust scrutiny...
> The US agencies have also demonstrated an increased interest in challenging vertical transactions.
> In January 2022, for example, the FTC sued to block Lockheed Martin's US$4.4 billion proposed acquisition of Aerojet, which the parties subsequently abandoned.
> Increased enforcement, combined with the agencies' reluctance to approve remedies, has created an uncertain environment where commercial parties should be increasingly prepared to litigate mergers.
> The ramping up of antitrust enforcement in 2022...
https://www.whitecase.com/insight-our-thinking/us-ma-fy-2022...
Here's another:
> Since 2020, the Federal Trade Commission (FTC) and U.S. Department of Justice (DOJ) have filed multiple lawsuits against major tech companies...
> "The agencies have started laying the foundations for a more interventionist stance over the last two years, and this year is when we'll start to see some of those efforts come to fruition -- or be stopped in their tracks by the courts," Kass said.
https://www.techtarget.com/searchcio/news/252528606/FTC-push...
I'm sure you can find more.
https://www.reuters.com/legal/us-appeals-court-opens-docket-...
Or Judges fast-tracking lawsuits to allow those being prosecuted by the FTC to get things over quicker, ex: https://www.reuters.com/legal/illumina-wins-fast-track-appea...
And I think the biggest blow may actually come about because of the SEC lawsuit that will be heard this upcoming term at SCOTUS: https://www.reuters.com/legal/us-supreme-court-decide-legali..., which will likely heavily reign in the power of administrator judges and the ability for an agency to keep initial fights in-house (blocking litigants from taking fights to the normal courts).
>The FTC has been more active on anti-trust issues in the past two years than at any time in the past 30
FTC being more active in past two years over previous 30 is a strong statement.
https://www.opensecrets.org/orgs/alphabet-inc/recipients?id=...
Here is them lobbying specifically around antitrust reform legislation: https://www.opensecrets.org/federal-lobbying/bills/specific_...
https://www.opensecrets.org/orgs/amazon-com/recipients?id=D0...
and Microsoft:
https://www.opensecrets.org/orgs/microsoft-inc/recipients?id...
And yet we see high profile activity against them from the current FTC.
And Intuit: https://www.opensecrets.org/orgs/intuit-inc/recipients?id=D0..., https://www.ftc.gov/legal-library/browse/cases-proceedings/1...
And Epic: https://www.opensecrets.org/orgs/epic-systems/recipients?id=..., https://www.ftc.gov/legal-library/browse/cases-proceedings/1...
etc. etc.
https://www.nytimes.com/2023/01/24/technology/google-ads-law...
n.b. I've found a lot of comfort by conciously rolling away from any subject that leads me to do "They"-ing, i.e. name an enormously large group, then talk about them as a unit. The more I avoid it, the more I realize how prevalent it became and drives how a lot of us feel society shifted.
It's a simple observation. They don't have the interest to make it pass but they still have to do it to save face.
FTC is on a losing streak, with the latest fiasco being the Microsoft Activision acquisition fiasco.
Active against Google though? Remember, Google can help a certain political party in tough times (e.g. rollout of healthcare.gov).
"FTC rewrites rules on Big Tech mergers with aim to ease monopoly-busting"
https://arstechnica.com/tech-policy/2023/07/ftc-rewrites-rul...
"FTC prepares “the big one,” a major lawsuit targeting Amazon’s core business"
https://arstechnica.com/tech-policy/2023/06/ftc-prepares-the...
"The Federal Trade Commission sued Amazon today, claiming the online giant violated US law by tricking consumers into signing up for the $14.99-per-month Amazon Prime subscription service and making it annoyingly difficult to cancel."
https://arstechnica.com/tech-policy/2023/06/ftc-sues-amazon-...
"FTC files to block Microsoft’s $69B Activision Blizzard acquisition"
https://arstechnica.com/gaming/2023/06/report-ftc-will-file-...
"A Federal Trade Commission lawsuit filed yesterday accused Ring, the home security camera company owned by Amazon, of invading users' privacy"
https://arstechnica.com/tech-policy/2023/06/ftc-amazon-ring-...
"Microsoft will pay $20 million to settle an FTC complaint that its Xbox platform illegally collected and retained information about children without their parents' consent"
https://arstechnica.com/gaming/2023/06/xbox-coppa-violations...
And that's all just from one news source, in the last three months.
A lot. Here's a link where you can read about some recent activity in the tech industry (change it to sort by Date, I couldn't figure out how to do that in the URL): https://arstechnica.com/search/?ie=UTF-8&q=ftc You can probably find more on Google (or perhaps Duck Duck Go? :) ).
And I'm not American so it's not even some sort of patriotic comment. If Europe , or anywhere else, had a Google sized Behemoth, they wouldn't mess with it no matter how "anti tech" they might seem now. If anything they are anti tech because they don't want foreign big tech to have massive influence over them. You'd bet they wouldn't cripple big tech if they were European. On the other hand, as long as they are American that massive power is a feature, not a bug for the US government.
The reaction to Tiktok is a good example of how nationalism/geopolitics shape the reaction to big tech, which is why google is probably safe.
Given that it's open-source and anyone can roll and distribute a tweaked version of Chromium (and many have, notably Microsoft), it's really hard to see an argument here that Google is acting anti-competitively. If anything it's very pro-competitive to give away your secret sauce to your competitors.
Just because their browser is more popular than you would like, and you don't like a feature they're adding, doesn't mean a judge is going to stop them from adding it.
I'm also European and I think almost pretty much 100% as you think on this, but to play devil's advocate, and how I think this should have worked in theory in a free-market economy, is that the US, by allowing companies like Google to do their nefarious and frankly evil things right now and in the near future is also, at the same time, not allowing future potential companies, more innovative than Google is now, to take Google's place.
But what happens is that the US is focusing on having a strong and national security-enhancing company (Google) on its side now and in the near future, versus having an even stronger and, potentially, even more national-security enhancing company (the one that would have taken Google's place had the free market been allowed to do its thing) in the medium to long future.
On the face of it this compromise of security now and in the near future vs security in the medium to long future looks like a decent bet, the problem is that evil colossuses like Google are actively getting rotten from the inside, and at some point in the medium to long future they'll fall almost in an instant, with no company to take their place. That will leave the US highly vulnerable at that point in the future.
Because in the short term it would disrupt a major company (ala Standard Oil), but in the long term it would allow the US to remain competitive in the global market.
If we allow Google to continue abusing its monopoly power in the US, that guarantees that the US will not be the home of the future technologies of the world. Innovations will be sucked up and killed as acquisitions. Enormous energy will be focused on blatant moat-building like WEI instead of developments that benefit the world. etc.
Any successful US-based tech post-breakup would be acquired by larger international players, like Tiktok was.
And because of this, I don't believe that the US is able to break Google or the other flagship companies despite of reasons existing for such action.
Not going to happen. Rationally there should be broad political consensus about cutting Google back to size: from rabid libertarians worshiping the miraculous abundance generated by "competition and free markets" to bleeding-heart socialists keen on pushing back corporate power as the root of all evil.
Alas, these political categories no longer have any meaning. The US political system has mutated into something else (the messenger being a horned man) which will probably require some time to properly characterize and name using terminology that is appropriate to use in good company.
So the fate of Google will be more shaped by actions of external entities than as part of US regulatory efforts. Powerful countries that antagonize the US are simply degoogling and creating their own copycat panopticons.
The question is what will be the course of action of powerful countries that are alies of the US (i.e. Europe and a few others). Will they accept that their digital society will be feudal in nature because the broken US political system cannot deliver on even basic responsibilities?
The Germans, British, Australians and French are also attempting to build their own panopticons.
I'm a FF user since the early 00's and Firefox will mostly not go away because Google has an interest in using it against monopoly accusations but the reality is bleak..
And the reality is these people ( Google in this case ) are so far removed from any moral compass about the Web ( at least what most people here think of "the Web" ) that it's near impossible to do anything about it. These companies are huge and from top to bottom there are certain groups that are hired guns to do a job, no matter what "job" it is, they'll do it, achieve those KPIs, get promoted, get paid. Even for their own detriment in the future, it doesn't matter. Big money now, screw the rest.
Btw, this is how every big company operated since forever, the only "news" here is the disproportionate impact their acts do to the World due to their huge size and influence.
Firefox does some things better (like PiP video playback on most websites, like YouTube!) but others are so poorly done (like Profiles) compared to Chrome that it overall makes Chrome my first choice browser.
Google Meet does have some key features missing on Firefox such as blurring / changing video background.
Which sort of underscores the monopoly point. There’s no universal free/cheap alternative to Meet, further entrenching Chromium.
It's free and open source, works everywhere, has stuff like background replacement, and doesn't require signup at all.
He provides a nice piece of anecdata there: for one-on-one meetings, you can just send people a link and usually they just join. Even if they've sent a link to Zoom or Meet or whatever, you still can say “hey, join this instead” and it will work. I haven't tried this yet, but sounds plausible to me.
A chrome browser on the same device has maps behave almost instantaneously.
I mostly use maps via an app (Apple or Google, they seem to be the same for basic use). Usually if I’m using a map, I’ll be using it in my car for navigation, so Firefox doesn’t even come to mind.
I suspect, on top of the “maybe it is internal apps” thing I mentioned at first, some of the really bad sites are the really interactive ones, I probably just use the app without even thinking of it.
So its a regular drag for me. If I really need to move quick to find something, I'll begrudgingly open chrome.
Live Nation is the name.
The only choice is to boycott your favorite artist because their record label made a deal with the wrong company. That's too many layers of indirection, for many fans.
It's just the latest Firefox release, recompiled without all the Mozilla telemetry, and with all the settings flipped to more secure/private defaults so all the tracking features are opt-in instead of opt-out.
Firefox is actually a pretty good example of good branding. It’s short, rolls off the tongue, has pleasant alliteration, and evokes mental imagery.
I don't see how this matters, it's an open source project, if people find enough value, it will be forked and improved by community or a new organization will form around it. This is the beauty of open source, you must embrace.
Seriously, how is this a question? (Unless you want to go with another independent option, then sure)
Making FF more prominent will not give Google more power, it will give Mozilla more power to negotiate better deals with Google and Bing to become the default search engine, because in the world of browsers, that's what pays the bills.
Giving more power to Mozilla hinges on them having a larger user-base so their voice is heard on these technical issues.
I'm tired of people complaining about how much better they could do "if only" this, or that FF was % slower on some tasks 10 years ago.
Firefox is a better alternative. It's the only alternative, and we can make more demand on its direction if we actually use it.
It doesn't mean that we shouldn't hold Mozilla to higher standards, but if we keep waiting for them to be perfect before we will consider using and pushing FF, we're just going to lose the only alternative not controlled by Google or Microsoft.
It's Firefox here and now. There probably won't be a tomorrow otherwise. Google is making that very clear.
About the only use case I still need Chrome for is for sites requiring experimental web APIs not supported by Firefox, such as Web USB or Web Bluetooth. Site compatibility for everything else, including very heavy web apps, is just fine.
History sync is encrypted, which is what made me switch over in the first place (Chrome deactivates history sync when activating end-to-end encryption – go figure…)
The only site I have compatibility issues with on desktop is MS Teams and even then it's only for voice/video calls, everything else works fine.
Firefox Android is a slightly less happy place. The password manager doesn't work very well (am moving away from the built-in one) and I can't log in on Amazon (which is important because I can't buy Kindle books in the app because of the Play Store).
This is why I don't use FF (although I'm on Linux). It's unusably slow for me. My experience is not the most common one (indicating that there's something about my ecosystem that FF hates), but I haven't been able to make FF work in any of the releases starting a couple of years back, I think.
I don't browse on my phone at all, so I won't be using FF there purely for that reason.
<https://news.ycombinator.com/item?id=35458746>
I don't doubt your experience, but it's clearly not universal.
https://foundation.mozilla.org/en/who-we-are/
Regardless, I have Googled this for you: please return the favor by helping others learn to use search engines in the future before leaving comments insinuating that they are lying.
The tldr (as you'll probably insist on that also) is that Firefox finds Mozilla, not the other way around, as the latter is a non-profit while the former is a FOR-profit, so Mozilla actually can't directly fund Firefox.
https://www.reddit.com/r/firefox/comments/ow9k0y/is_there_a_...
https://www.reddit.com/r/firefox/comments/a98gmi/donations_t...
https://news.ycombinator.com/item?id=24200395
Do you think Google is better managed?
One company dominates "the Web" and pulls these shenanigans all every other year, the other one is totally dependent of the former to pay their bills.
So yeah, Google has been better managed than Mozilla. That doesn't invalidate Google's execs are a bunch of lizards on the now common SV ego trip and screw up all the time, but they can and ensure they can continue to do so, Mozilla is not in the same position and part of blame must be attributed to them.
- ie6 which was a security nightmare for everybody
- browsers like Opera developed by very small companies against which competition was more based on merit
The only way for Mozilla have been able to maintain its market share against chrome would have to manage to reach both these requirements:
- build the #1 smartphone OS in the market in term of market share to have it preinstalled everywhere
- build the #1 search engine in term of market share to advertise using it everytime the user search for something.
Both feats requiring:
- financial means that were out of reach from the Mozilla foundation at any moment in time regardless of its management.
- giving up on mozilla ethics and values to be on same level as the definitely evil competitor.
Mozilla developers will then try to reach out to the website’s owners, add a fix or workaround in Firefox, or (as a last resort) spoof Chrome’s User-Agent string to bypass the website’s Firefox block.
Firefox performs way better and is a more pleasant experience. (This is a fair comparison because my ad-laden Chrome experience is internet as Google intends!)
Most websites aren’t bank websites. If a website doesn’t support Firefox, leave. If a website doesn’t support good old HTML, it is probably made by some kind of dummy who is trying to replace lack of content with glitz, this sort of person shouldn’t be listened to.
Is that a realistic goal? I don't know, maybe not, but it seems like there's little will even in tech to try.
There was a time when tech was the biggest driver of alternate browser adoption, and even managed to make serious inroads into the mainstream. It's a huge shame that this attitude seems long gone.
No that ship has sailed.
It would mean focusing on developing the best browser and spending money on marketing so people download and install the best browser. Cut every other expense. Take FF from the politics of Mozilla and make it a real open source project.
If I look at Opera marketing, they seem to aim for young people with themes and video integration.
I do think FF has no vision and no clear strategy to get back market share, even it this is the only way to save the web. Perhaps market share isn't even their goal, I have no clue what they want.
I think that was just a side effect of browsers like Phoenix/Firebird/Firefox and Opera offering numerous tangible benefits over IE and the other browsers of that era.
They offered things like better functionality, better security, better extensibility, better performance, better ad blocking, and so on.
There were many compelling reasons to switch to them, and many compelling reasons to suggest them to others.
I could easily show less-technical users how those browsers could make their lives better in many ways.
For a while now, though, that just hasn't been the case. Using Firefox today, for example, doesn't really leave most people any better off, but it does come with its own set of new problems. I can't bring myself to recommend it.
The second best time is today.
Maybe it's too late, maybe it's not, but it's literally the only option we have if we want an open web.
At this point, anybody who runs Chromium is just enabling Google and has become part of the problem.
I did have issues during an interview in Microsoft Teams refusing to play my video. "Your browser is not supported", yeah fuck you it's not supported. I explain why, ask if we can switch to Hangouts and send a link.
Works fine, if more people had the balls to do the same we wouldn't be in this situation today. It's our duty to educate people instead of conforming to the path of least resistance.
When the usage metrics drop for Chrome based browsers they would need to start respecting other users, instead of just ignoring them.
Currently they can just ignore the users and continue as they do. As the rest would not hint a dent on their bottom line.
However.
Try opening any article from The Guardian on Firefox mobile. Even a good phone will start feeling sluggish and laggy and weird. An old phone will just go catatonic, get hot, and OOM the whole browser.
Surely this is partly The Guardian's fault. (Should it surprise me that the paper that poses "left" for the upper middle class is also incompatible with any but corporate software from Big Tech?)
But it's also definitely Firefox' fault too. Something is wrong with the implementation. If Chrome can render these sites smoothly, Firefox should be able to.
Firefox would only have an excuse if Google had some special APIs on Android, or were doing something to actively sabotage the Firefox experience. I'm not willing to get quite that paranoid yet.
There are some other browsers, but who the hell wrote them? How much of what you see in the app store is legitimate open source, and how much is OSS that some opportunist put their own trackers into? I'd love a good alternative, but I don't see a lot worth trusting.
So it's Firefox for most things, and Chrome when Firefox gets all slow and laggy. Or, Firefox for news articles, and Chrome for businesses' websites.
Firefox.
No, not Firefox of today; I'm talking about Firefox 20 years ago that defeated IE6 by sheer force of nerds alone.
Of course, the landscape is vastly different now and Firefox today is about the most not-nerd thing next to Chrome. If there's a a browser here to save us anywhere, I'm not seeing it.
Firefox was significantly better than IE though: it was faster, had more features, and things like that. This is what made Firefox popular, not "sheer force of nerds".
Chrome, when released, also had some significant improvements to Firefox. In particular, it was loads faster. This changed with "Firefox Quantum" (59 IIRC), but "too little, too late" I guess.
Alternatives need to be built and advertised.
Firefox was better because it had tabbed browsing, integrated search, pop-up blocking, and extensions, but I was responsible for monitoring our perf back then and I can say for certain that we were not faster.
I hope, pragmatically, something similar might happen with this: say that Brave (my daily driver) disables WEI in their Chromium build, and a new Chromium-derived browser surges in popularity... like judo, using their own power against them.
Having open source implementions does not make a difference, because a Google, or implementing website, server will control whether the content is served. Having the mechanism of access open sourced makes no difference in this situation.
It is the same situation with the "latent" passkey attestation mechanism. Apple and Google have general guidelines that the feature will not be used, but that only true currently. This should not be part of the browser for the same as with passkeys, it gives corporations final say in what you are allowed to use.
We developers are so gullible. Just give us some shiny things and we don't even realize they're heating up the pan.
Nested CSS is supported in the latest version of all major browsers.
https://caniuse.com/css-nesting
The center row of versions with the gold border is how caniuse indicates the current release.
I hovered over the green box for Firefox 117 and it said “Released”. I see now that for browser versions that have actually been released, it says “Released <release date>” and it’s just a very misleading bug because all unreleased browser versions will just say “Released”.
Ie. on a given device, for 10% of websites, WEI pretends to be unsupported.
That means websites can't deny service where WEI is unsupported. Yet it still allows statistical analysis across bulk user accounts.
If WEI was implemented like this, I would support it as being good for the web ecosystem.
Will it though? Googles main reason for WEI I assume is to combat ad-fraud. Ie. to prevent someone making a bot farm to click ads to earn money from advertising or exhaust competitors ad budgets or manipulate search engine user ranking signals.
With WEI, all ad clicks without WEI could just be ignored (ie. not billed to advertisers, ignored when calculating statistics and signals). If 10% of clients have WEI 'cloaking', you just inflate the final advertising bill by 10% to account for those users - the end result is the same as billing for all real users and no bots.
WEI still achieves all of Googles goals even with cloaking.
Companies give google $X, and hopefully sell Y extra products. X/Y is the cost per sale. Google competes with other advert forms (eg. TV/radio/newspaper ads) on that X/Y number.
If there is ad fraud, that Y number gets decreased (budget is used up on fraud that doesn't translate to sales), and their revenue decreases as advertisers spend their ad budget on other mediums.
Right. And so I ask this question: Why should I be forced to donate my data, CPU cycles, network bandwidth and privacy to one of the largest corporations in the world so they can address an issue (ad fraud) between them and their customers?
I'd note that I am not a customer of Google or their advertisers. Because advertisers are the only real customers of Google.
Edit: Clarified my point.
Except for Google's pinky swear, I mean.
From the "explainer": "we are evaluating whether attestation signals must sometimes be held back [...] However, a holdback also has significant drawbacks [...] a deterministic but limited-entropy attestation [i.e. no holdback] would obviate the need for invasive fingerprinting".
From the Google worker's most recent comment on the issue: 'WEI prevents ecosystem lock-in through hold-backs [...] This is designed to prevent WEI from becoming “DRM for the web”'
So, in other words, WEI could be used to prevent fingerprinting, but won't be able to if holdback is introduced -- 5-10% of clients would still get fingerprinted.
Looking at the list of "scenarios where users depend on client trust", all of them would be impacted by a holdback mechanism:
- Preventing ad fraud: not for the holdback group
- Bot and sockpuppet accounts on social media: not for the holdback group
- Preventing cheating in games: not for the holdback group -- and thus not for anyone playing against someone in the holdback group
- Preventing malicious software that imitates a banking app: not for the holdback group
In other words, if there was holdback, WEI would require places which currently fingerprint to retain and maintain the fingerprinting code and apply it to fewer users, in the best case, or would be completely useless in the worst case (for things like games).
However, it's also quite interesting to look at the implications of successfully attesting a browser which supports arbitrary extensions:
- Preventing ad fraud: install an automation extension
- Bot and sockpuppet accounts: as above
- Cheating in games: install an extension which allows cheating
- Malicious software which imitates a banking app: a malicious browser extension could do this easily.
In other words, unless you attest the browser with its extensions, none of the trust scenarios outlined in the explainer are actually helped by WEI. It's not obvious whether the Google employee who wrote this deliberately didn't think about these things, or whether the 'explainer' is just a collection of unconnected ideas, but it doesn't appear to hold together.
It is not surprising that the first target of WEI -- Chrome on Android -- does not support extensions.
WEI randomly fails, website sees it, has never implemented any error checking (or fails on purpose without WEI), WEI becomes effectively mandatory.
Google is a gun manufacturer telling people on the other end of it "don't worry, every one in 20 bullets doesn't fire".
- Attestation does not work as an antifraud signal unless it is mandatory - fraudsters will just pretend to be a browser doing random holdout otherwise.
- The banks that want attestation do not want you using niche browsers to login to their services.
[0] https://github.com/RupertBenWiser/Web-Environment-Integrity/...
Edit: the Register article linked elsewhere looks as good as it gets for now https://www.theregister.com/2023/07/25/google_web_environmen...
https://news.ycombinator.com/item?id=36862494
Attestation bad. Chrome is just catching up to what Safari is already doing, with in fairness more open standard.
We need to kill both.
Soon the percentage of people supporting it will be high enough to make it mandatory - the last 5% can just get a new device or something like that. They'll do it when their bank website tells them so.
The day Cloudflare flips the switch to require it for all connections is the day the open web dies.
> They'll do it when their bank website tells them so.
Right.
> The day Cloudflare flips the switch to require it for all connections is the day the open web dies.
Makes sense and unfortunately seems realistic.
[1]https://arstechnica.com/gadgets/2023/07/googles-web-integrit...
Wherever you live, you should contact your government representatives and regulators and put a spotlight on this issue for what it is--monopoly abuse of power.
Grassroots efforts are great and it is good to let your friends, family, and associates know what they are doing and why it is wrong. However, government regulation of this abuse is needed to stop it by force of law.
Are they? Is there any evidence those companies support the proposal? I haven't seen any statements to that effect, but I might have missed something.
For example, these provide essentially the same attestation service for native apps consuming APIs, validating that the phone is not rooted, and the OS and app are unmodified:
https://developer.android.com/google/play/integrity
https://developer.apple.com/documentation/devicecheck/
Apple and Cloudflare combined to take it to the browser last year and basically no one noticed:
https://blog.cloudflare.com/eliminating-captchas-on-iphones-...
Of course that will be hooked up to Google's new thing as soon as possible!
Microsoft has also been preparing it with the whole TPM integration in Windows 11 and mandatory inclusion of such hardware in all prebuilt PCs since ~2015. That's what the Chromium integration builds on - Google can't actually do the foundation for this themselves on Windows.
You can absolutely bet that all of these companies are on board with whatever Google is doing.
The web was more open when to play those videos you had to use a proprietary Flash or Silverlight plugin?
That's what you are claiming with your sarcasm hidden behind a rhetorical question, I've never said anything about Flash or Silverlight in the comment you've answered to.
There is absolutely no difference from a conceptual perspective between EME implementation and proprietary plugins, EME is necessarily based on a proprietary spyware, but you can't fathom that fact apparently.
DRM as implemented by EME is necessarily a closed source, proprietary plugin just like Flash, I never said that Flash was just a DRM. Flash could be used as DRM system, in fact its video format FLV supported DRM.
But as you just noted there is no conceptual difference between EME and the proprietary plugins that it replaced (Flash based and Silverlight based video players).
So how does replacing something with something else that is conceptually not different change that status of the web from open to not open?
Neither Flash or Silverlight were ever web standards. Flash was never accepted as a web standard. EME is a web standard.
EME is as bad as Flash or Silverlight from a conceptual perspective. EME has no place in web standards, no more than flash.
Again, it's you who brought up Flash and Co, I never brought it up.