875 comments

[ 2.9 ms ] story [ 344 ms ] thread
Disappointing to see such a 180 on 'don't be evil'.

I'm recommending Mozilla Firefox to all friends and family.

I do, and I keep having those tiring conversations, but it's really hard to get the point across in layman's terms. I have enough friends in tech who stick with Chrome out of convenience instead of just falling back on it in case something actually doesn't work in Firefox. how do I convince tech illiterate people of doing this?
It's faster. The same old justification that was used to switch to Chrome can now be used for Firefox.
For the tech illiterate recommend Safari. For tech people, appeal to their privileged position and the importance of defending the web by choosing any other browser (or Safari).

Both users can keep Chrome installed as a fallback - that will help with convincing too.

And drop my Ublock origin, bypass paywall clean, etc? Hell no.
> Ublock origin

At least there is Adguard.

> For the tech illiterate recommend Safari.

That's only applicable to Apple users, though.

Tech illiterate people should be using MacOS anyway. Windows just gets worse every year. MacOS is actually more like classic Windows than Windows 11 is so it's actually easier to use for tech illiterate people.
Didn't Apple implement this same type of thing in Safari a year or so ago?
You can’t, realistically. I don’t think there’s any repeatable or effective way to make non-nerds (AKA most people) care about this sort of thing.
Start referring to them as "Chrome developers" -- what's this "web" thing you keep talking about?
Whenever a new device needs to be setup for my parents, I just install whatever I use (Firefox in this case). Then I show them the things they need on a day by day basis. The problem are people who did grow up with tech. They will say things like it will take too long. In cases like this you need to manipulate them based on their personality.
Unfortunately Firefox doesn't have a good UI/UX after all.

The last time I checked, multiple profiles support is somehow half-baked.

Not sure why you're getting downvoted, but this is a big deal IMO. We're here because Chrome has been the better product for a long time. Firefox not doing things people want well enough will hurt its adoption, which will impact its capacity to influence the Web.

Add to Mozilla's perceived not-very-good management and you have a death spiral on your hands, and more power to Google and Apple to shape the Web towards their interests.

FWIW, first-class profiles support matters a lot: https://medium.com/sort-of-like-a-tech-diary/profiles-the-on...

Mozilla in the past ignored the criticism users had regarding UI/UX changes and went with deploying this bulky mobile-oriented interface for desktops. And here we are.

This itself is one issue; there are also all sorts of adventures they decide to go for little to not at all related to the browser development, and which are conducted to convince people all around the world that they're a good humane corporation that cares. Igh.

Multiple profiles is fully supported. It's just hidden behind a clunky UX.

Also check out firefox containers which is to profiles what docker is to virtual machines.

Containers are useful, but it's like having a few similar terminal windows open. Eventually you'll type something on the wrong window... at least I found myself searching for personal stuff on my work Google container.

With profiles I can have different bookmarks, extensions, and even a different theme so I'm aware I'm on my personal profile, not on a work profile. Since switching profiles on Firefox + macOS is a pain in the butt, I use 2 different Firefox channels (stable + dev).

Anyway, containers are nice, but they're not a replacement for profiles.

> Anyway, containers are nice, but they're not a replacement for profiles.

This, so much. Anytime I've brought up profiles on Firefox, I'm told about this alternative that isn't a replacement for the feature.

Safari is (finally) bringing this, so maybe the folks at FF will begin to see this as a feature worth investing in. First-class profiles support is one of the main reasons I stick to Chrome, despite trying to switch.

Yeah, AFAIK to setup profiles you have to run:

    firefox --ProfileManager
And then to use them you have to start firefox e.g. :

    firefox -P <profile-name>
Very few casual users (nor even most technical users) start Firefox from a command line, and setting up shortcuts for these is also a step that most users won't do.

The support for profiles is there, it's just hard to use in the context of a GUI desktop.

> It's just hidden behind a clunky UX.

That's part of the "problem" with Firefox's support of profiles. It feels more like an afterthought and less like a primary use case the product wants to surface. To approximate the functionality Chrome has, I had to bookmark "about:profiles" and make it my home page.

Chrome also added this nifty feature that lets you open links as a Profile, making it easy to switch.

These may seem like small issues, but the end up mattering.

Firefox is also missing a don't allow any website to play audio unless explicitly enabled setting (mute tabs by default, except on allowed sites), as far as I can tell.
I think it has?

Go to Settings, and search for Autoplay (or in the left navigation, select Privacy and Security and scroll to Permissions).

Click the Settings button next to Autoplay, and set the default to whatever you like (amongst them "Block Audio").

That's not the same thing. Chrome's setting can force audio to be muted regardless of user interactions or manually started playback, until the website settings are changed to allow sound.
I was just able to finally move my wife back to Firefox. Chrome just stopped working on her Mac. Wouldn't pull up a page. Everything else worked.

She's now happily using Firefox with a non-hobbled version of uBlock Origin.

I don’t think this indicative of chrome being bad on Mac. What did you try to resolve the issue?

Because I could say chrome always works for me (which would be true in my experience), but that doesn’t mean it always does.

Clearing all state (all saved data and cookies), Incognito mode, disabling the few extensions she was running. When it got to the point where the only thing left to do was reinstall Chrome, we installed Firefox instead.
this is where you should vote with your wallet and feet. and I think it's not really a stretch to ask Google's engineers who work on chrome/ium to get a job somewhere else.
I think it would be interesting to get their views on it. I wouldn't be surprised if a lot think this is a good idea. Not that I agree, but I think it's unlikely that everyone sees it the same way as those outside the organisation.
Obviously, if you get paid to implement this you don't want the cognitive dissonance of knowingly doing something bad, so I'm sure those folks have already laid out their justification for this technology.

I wish Google could and would make Chrome closed source. It would at least give all those rebranded Chromiums (Opera, Vivaldi, Brave) a strong reason to reconsider their choice of engine, or at least maybe work together on a more divergent fork of it that stays away from Google's evil stuff.

"It is difficult to get a man to understand something, when his salary depends upon his not understanding it".

I imagine it's hard to push back against it even internally. Not to be jaded, but one or two people raising a stink about it will only achieve them screwing up their career prospects within Google.

A cynic might observe that the tech sector - and US big tech in particular - has just seen the biggest round of layoffs that many of the developers in that market will remember. Many of those same developers might have been thinking even 18 months ago that their extremely high compensation was guaranteed because finding another extremely well compensated job was easy. Now they know better and I'm sure a lot of people are scared. Seems like a good time for management to push bad ideas that their remaining employees might not like.
Can somebody explain what are the practical implications of this?
If adopted by publishers, the web will be closed to everyone but allowed browsers on allowed OSes on allowed hardware. No ad blockers, no extensions, no customizations beyond what the few chosen browsers allow explicitly.
I have a website so I guess that makes me a publisher. Say I wanted to block Chrome on Windows and Firefox on Debian? How would I use this?
The browser would provide an api which returns a signed token which will be confirmed by an atestation authority.
You'll need an "approved" browser and potentially "approved" hardware to access the web. Since Cloudflare is on this too, most of the web will be locked for anyone who doesn't use mainstream hardware.
But why do they care so much about this? Is it only for DRM on media playback?
No, this is for DRM on web pages. End game is probably to force ads down your throat.
It's so that you don't modify their precious page content (ads and trackers) with "unwanted" software hacks.
They can finally, finally get rid of those pesky ad blockers.

Google is an ad company. They're not a browser company.

Indeed. Nor a search company, nor a phone operating system company, nor a maps company, nor an email provider, nor a business software company.

Whatever someone may think of Google or even of ads, it’s smart to keep that important thing in mind and remember their alignment is and must always be toward maximizing and improving advertising.

It’s far worse. If you go back to to the html and http protocols, they are extremely open and friendly. I would say extremely elegant and helped build the web we know today. But google has been iterating away from open and accessible standards in favour of controlling experiences (see amp, WEI, etc). I’m all in favour of secure boot chains with options for unlocking because of the security benefits. There’s absolutely no good user reason to apply this to web resources though.
I know it's not exactly what you mean, but this is why I dislike HTTP2 and 3 (both also heavily pushed by Google but also others). While open, they are the opposite of "welcoming and friendly".
The stated reason is to stop bots from being counted as ad views and make sure that all ad views are done by actual humans. This is likely even honest reasoning from the people developing it.

The same technology could easily be applied to simply blocking anyone who isn't verified (in the name of stopping spam, DDoS, bank security, you name it), meaning anyone not using an approved install of Windows/macOS/Android/iOS is shut out from the internet.

In the long term, in the name of "banking security", they're likely to add a mode that also lets you ensure your pages aren't tampered with by extensions, and there go all the ad blockers.

>> The same technology could easily be applied to simply blocking anyone who isn't verified

Sounds like a great way to enforce censorship:

- websites can deny access to unverified web browsers / web clients

- WEI-enforcing web browsers / web clients can refuse to go to unverified websites (not a stated goal, but it is a logical next step to boost website adoption of WEI APIs once a critical mass of clients is reached)

Google wants to build a wall around the Web and have their own walled garden:

https://youtu.be/Ag1AKIl_2GM?t=57

(comment deleted)
Oh, so it’s like the HDMI DRM that attempts to let displays certify “I’m a real honest-to-goodness TV, not a capture card.”

That one is in the category of things that is little more than a nuisance in practice since it’s so easy to circumvent, but that’s a hardware thing and therefore it’s easier to plug something in that is unauthorized. Things are getting so tightened up on the software side with secure boot, Apple’s read-only system partition and by-default App Store Only policy on the Mac, etc. that I suspect this type of thing will be a pain for normal people, though actual at-scale bad actors will probably figure it out.

I think there are a lot of parallels with what Reddit did.

Reddit wanted to control how users consumed content on their site. To control the experience (i.e. monetize with ads), they had to shut down third-party clients, since those could remove ads.

Google appears to be doing the same thing, but for the entire web. WEI is a way for sites that want to monetize with Google ads to prevent folks from accessing their site unless they can cryptographically assure that the user's browser will follow all the rules Google sets. We don't yet know exactly what all those rules will be, but it isn't hard to guess that they'll be along the lines of whatever makes Google the most money.

This applies to desktop browsers, but also affects automated tools like wget and curl. It could kill web scraping altogether.

Third-party clients could have been made to display ads, or they could have gated third-party client access behind Reddit Gold. That wasn't the problem.

The problem was that if you used a third-party client, Reddit would have to coordinate with them to launch whatever new stupid cryptocurrency scam they wanted to push that week. On a web browser they can just push new code into it[0], and their first-party mobile clients can be updated ahead-of-time with support for the feature. But third-party clients would have to spend their own development time adding stupid "click here to get your Snoovatar[1]" links. They could slow-walk that, or just not implement that, and Reddit would have to spend time and money kicking users off that third-party app.

This, incidentally, is why every other major social media platform bans third-party clients. Third-party clients are user agents, not platform agents.

[0] Which, incidentally, makes web browsers not user agents

[1] An NFT scam Reddit tried to pull

Cloudflare want to be the internets backbone. And they've honestly succeeded.

Now it's almost impossible to access websites in an automated way -- the CTO posted you can just email him (https://news.ycombinator.com/item?id=34639212) and he'll sort it. Because that scales.

edit: Mispoke about the CTO, said he would approve you, I was wrong. Apologies.

Their DNS is "privacy focused", but they provide "aggregated results" of domains. How is that privacy focused?

Cloudflare came from the approach of being a developers friend ("Look! SSL is now free!") but was given the internet on a silver platter.

Also remember, Cloudflare is de-facto the moderator of the internet.

Whatever you may think of Kiwifarms, we all saw how that narrative unfolded from a technical perspective.

Yes. Cloudflare was irresponsible in fighting to keep 8chan, Daily Stormer, and Kiwifarms up as long as they did. Every other ISP with a competent abuse desk dropped them. If you don't think that's bad, then let me remind you that back in 2012, Malwarebytes actually had a policy of blocking all Cloudflare services specifically because they were hosting malware and refused to remove it[0]. The excuse Cloudflare used for not removing malware from their network was the same language used to justify keeping the aforementioned sites operational. If Cloudflare was paid to run the Great Firewall of China they'd bend over backwards to try and claim it was to protect Xi Jinping's freedom of speech.

Remember that moderators can be abusive not just in terms of removing content that shouldn't be removed, but also by forcing you to accept things that harm you. Moderation is a trust relationship because I'm delegating my own personal decision to accept or block traffic/content/etc to someone else. Cloudflare is not trustworthy.

Cloudflare also used to be a big pain in the ass for Tor/VPN users because competent DDoS protection requires some kind of traceable identity. Their solution was Privacy Pass - an extension that let you pre-solve their CAPTCHAs. However, this wasn't good enough, so their next solution... was to literally partner with Apple to implement Web Environment Integrity, years before Google even proposed it. Nobody noticed this - not even me - because it was sold as a way to make CAPTCHAs less annoying. It was literally the trojan horse Google could only dream of building.

[0] https://forums.malwarebytes.com/topic/108447-my-site-using-c...

Kiwifarms did not have to use Cloudflare.
I've never understood why so many tech oriented people have turned a blind eye to Cloudflare.
I don't have a mechanism to "approve you". We don't have any clue who people are and so even if I wanted to "approve you" I couldn't.
Sorry, this was wrong. I was a fool to post that without providing context and I apologise. I have updated my comment. I sometimes forget there are real people on the other side of the computer sometimes.

It was this thread, where you mentioned emailing: https://news.ycombinator.com/item?id=34639212

Ah. Makes sense now. I did wonder what you were talking about.
Don't worry, Gmail is breaking email too and the CTO will never see your non-google email.
This needs to get to the European Parliament, we need legislation to protect web interoperability ASAP.
Have at it: https://european-union.europa.eu/contact-eu/write-us_en

I'm having trouble grasping how WEI works, providing examples of what would and could happen and what to ask/tell the EU specifically.

From my limited understanding it would mean the lockout of people with non-compliant hardware/software, greatly increase the fingerprinting of web browser users and further vendor lock in to Google as a company?

From a very top level view, this gives Google, and other websites, the ability to block requests from devices/browsers they don't approve.

This implements device level verification of the code running your browser. If the device identifies as something Google, or other implementing websites, don't approve, you'll get an error similar to how you see 404 errors for missing/wrong links.

(comment deleted)
The Browser application needs to pass a binary image check, and if the browser hash doesn't match Google database, you cannot proceed to the website (since your browser may be corrupted). A major big deal for non main-stream browser, and for non Google browser developers, extension developers (eg. AdBlock), etc. In summary, some websites (like banks, Netflix, etc) will no longer be available for non mainstream browser users. Also, even if you're using Google Chrome, you may need to run the latest version to satisfy the hash check. Every day, the number of broken websites will continue growing until all non Google Chrome users have a blocked internet.
Can you please explain why a third party browser can’t lie about its hash, just like it can lie about it’s user agent?
The idea is that an operating system service provides the attestation. In turn, the OS is signed, with the bootloader verifying the signature. The bootloader is also signed, with a hardware chip verifying the signature.

The infrastructure to do signed OS loading is already in place, and on some operating systems (e.g. Android), the OS attestation service is already in place. So everything is mostly in place already to have your browser attest that it is official Google chrome on Google Android on an approved device with a hardware chip that verifies a Google approved boot signature. That hardware chip contains a Google approved private key (a key that's signed by a manufacturer that Google has in turn approved/signed) that can't be extracted, and that's the key that makes the attestation. Replace the hardware boot verify chip with one that will verify software you want, and you lose your attestation key.

They could also make the OS service reach out to a web service to get an attestation that the attestation key hasn't been revoked, so even if someone did physically extract the key from hardware and share it, it could be revoked (assuming each device gets its own key).

In effect, wide use of this kind of thing means that open source software is no longer free since even if you can look at the code, you must be part of the anointed class (i.e. working within our approved by a major corporation) to edit it and run your edits.

Because the encryption key you need to sign the hash lives in EL3[0] and only Google and ARM can load code there. In order to lie about your hash, you have to break ARM TrustZone, and if you do that you can be sued under section 1201 for trafficking in copy protection circumvention tools. In other words, the law that prohibits you from selling DVD copiers can be used to give literally any bullshit the backing of law.

[0] An ARM exception level that sits above hypervisors and is specifically intended to support trusted execution modes for isolated mini-operating-systems that do this sort of shit

> Can you please explain why a third party browser can’t lie about its hash, just like it can lie about it’s user agent?

Because that thing basically describes a proprietary plugin like Activex, Silverlight or Flash before it, so a third party browser which doesn't have that proprietary tech can't fake it, under pretense of "standard". The code of that plugin will not be open source, worse, it will act as a spyware on people's computers at the OS level.

It's like EME before and these proprietary techs have no place in a open standard spec.

Because the website is not just asking your browser to attest, the attestation process requires the OS to send verification.
Nothing will happen. People have been making the same complaints about every new crypto standard for decades, and yet here we are. TPMs are a thing, EME has been around for over a decade now, DRM on the web is as pervasive as it's ever going to get, and yet no one's user experience is any worse than it was before these technologies existed.
Yes, and I am still unable to play 4K Netflix on a PC that has been able to play 4K videos for about 7 years now.

It's permanently blocked to prevent piracy, or something, mumble, mumble...

There are several ways to play 4k Netflix videos on any platform you want, because nothing they are doing actually prevents piracy.
It's not about preventing, it's about controlling. Making everything as an appliance is the backbone of consumerism.
It really does feel like something is fundamentally wrong when we're trending towards getting our video and audio content via online streaming but the streaming services are trending towards being gatekeepers more than facilitators.

The temporary nature of any licensing deals behind these services and the resulting lack of reliable long-term access to content have become more and more obvious.

Increasingly the streaming services seem to be so paranoid about piracy that they are blocking "unapproved" players from getting the highest quality versions of the content - as if anyone who wants to pirate any blockbuster movie can't already find a way to get it in 4K somewhere else if they really want to. Meanwhile you can't watch your 4K movie on a service you're literally paying to provide that movie. IIRC Amazon Prime Video still won't even let you have HD content if you're on Linux.

It feels like the commercial incentives for tech firms to create walled gardens and a culture of never owning anything permanently are going largely unchecked and by now the governments who are supposed to act in the interests of their people should really be stepping in with regulation to counter those negative trends.

So, no 4K Netflix on Linux (and not even 1080p without light hacks), presumably because of some incompatibility with the DRM. Still handily beats the situation that existed before. "Similar to video DRM" doesn't scare me. Mass surveillance is scarier.
>DRM on the web is as pervasive as it's ever going to get...

Apple and Google only just now implemented this kind of web DRM, which absolutely can have further restrictions added to it. Careful with your absolutes.

(comment deleted)
Unblockable ads, sites can serve you data that you can’t manipulate or copy, micropayments can exist, invasive surveillance.

Surveillance is possibly the worst of the bunch. They say it’s just to do a better job of serving ads, but that’s only the tip of the iceberg. Governments could easily use it to know and track everything you do online. Just wait till the next elected nut job wants a list of everybody that has ever looked at or searched for a certain type of information, maybe they don’t like that you looked up info on abortions or lgbt info, now they can know the full extent of what you saw and when.

Ads will be worse. You think YouTube ads are bad now, just wait till you can’t visit any page without the mandatory viewing of their ads. They can require a cam installed to make sure your eyes are on the ad, helpfully pausing the video when you look away.

ENORMOUS fingerprinting potential and capability to disrupt the user's ability to block content. Or access it.
This is essentially a backdoor attempt to TiVoize[0] web browsers. The only difference is that, instead of directly using hardware to prevent you from running a modified browser, the intent is to use network effects to accomplish the same thing.

[0]- https://en.wikipedia.org/wiki/Tivoization

To turn your browser (an agent acting on your behalf) into a proprietary application (an agent acting on behalf of a website) -- i.e. the equivalent of forcing you to install a proprietary application in order to visit a website.
If websites wanted this feature, and the choice is between Chrome implementing it versus me installing proprietary software, I would rather choose Chrome, especially since Chrome is implementing it in the open.

There are already various services that require proprietary applications to be installed, most of which are closed-source with dubious security track record. Replacing those propriety apps with a common web browser is not necessarily a bad outcome.

Personally I am voting with my money and just avoid services that are user-hostile, independent of which user-agent I use to access those services.

I feel like I have to repeat this, since so much is at stake here, where it is about the preservation of the web as we know it today, at the peril of having it turned into yet another walled garden:

The only way around the dystopia this will lead to is to constantly and relentlessly shame and even harass all those involved in helping create it. The scolding in the issue tracker of that wretched "project" shall flow like a river, until the spirit of those pursuing it breaks, and the effort is disbanded.

And once the corporate hydra has regrown its head, repeat. Hopefully, enough practise makes those fighting the dystopia effective enough to one day topple over sponsoring and enabling organisations as a whole, instead of only their little initiatives leading down that path.

Not a pretty thing, but necessary.

Yeah, financial and social pressure is basically the only weapons we have against corporations when regulations don't exist. And honestly, financial pressure doesn't work at this scale or in this case.
Regulation is just social pressure enforced by guns.
Yes, but this will be an uphill battle. Every campaign must be financed, so every politician must effectively be vetted by monied interests. The same monied interests that we see here on a strategic offensive against the rest of us. Regulators will tend to be sympathetic to them, not us, until things get really bad.

Is EFF still the place to send money?

I think so. I don't know of any better.
Are they actively pursuing WEI? Is there anyone who is?
> when regulations don't exist

It’s very likely governments will make this mandatory if they have the chance to regulate over this.

[flagged]
Which executive orders, federal appointments, and other executive branch actions, would you attribute to Eric Schmidt?
From this article:

"At the same time, Schmidt has been appointed to numerous White House advisory positions, giving him privileged insight into the administration’s policies in technology, science and military defense, as well as unusual access to top policymakers."

https://www.techtransparencyproject.org/articles/eric-schmid...

A quick Google of "eric schmidt obama" brings up a lot of articles discussing their close political relationship.

And that makes him “shadow president” how? Was he the one with the most access as opposed to, says, David Axelrod?
I don't want to put words into the OP's mouth with regards to his assertion about Schmidt, but given the loose wording: "basically shadow president", it's fair to say it isn't meant literally, and it usually comes with a negative connotation and to imply that Schmidt was so deeply involved, from a standpoint of strong biases in favor of Google and the obvious potential for corruption in participating as an advisor to someone (Obama) who doesn't have the same grasp on technology — and the extent and length of Schmidt's involvement throughout Obama's terms.

It could be said that Schmidt disproportionately influenced important decisions in the tech realm, to a degree nearly equal to executive authority, because it presumably (and greatly) outweighs the opinions of the other heads of Big Tech, so long as Obama was naive enough to agree with him on key issues he didn't fully understand.

This is especially damning in light of the NSA / Prism scandal during Obama's term, and Big Tech's involvement and compliance with that.

Of course, anyone could assert this about an advisor to a President depending on the President's level of knowledge and outright willingness to apply their advice, even if in spite of fairness (competition), rights, laws, or precedents.

I appreciate the link - but "Schmidt has been appointed to numerous White House advisory positions" != "basically a shadow president".

There have been many questionable advisor appointments by previous presidents. Including the last president.

Speaking of regulations, I think an angle that can help spread awareness to the general public is casting this as essentially being the equivalent of SOPA/PIPA but being pushed by Big Tech rather than Big Gov.
If you live in a representative democracy, and Google has a presence there, contact the offices of those representatives. These things don't always seem like they matter, but sometimes they do. Big tech generally (and Google specifically) is a pretty popular target right now -- seemingly worldwide and across most ideological divisions.
This is true, but I think the main issue is whether people are quick enough to call for congressional hearings and decisive actions / lawmaking that would have any impact before it's too late. It's a race to the finish, and big tech companies always have the advantage. Of course, that doesn't mean regulation couldn't call for a reversal on what's been implemented.

The other side to this issue is despite the scrutiny towards big tech, they can still lobby and make any regulatory actions seem effective, when in practice, they've already gotten their fingers into influencing policy in such a way that doesn't ultimately address the consumers' concerns.

Financial pressure won't work because you are not Google's customer. Google's customers are its advertisers.
And you are the customers of those companies advertising. That's leverage, too.
Financial and social pressure are the only ways you convince anybody to do anything that isn't biological.
Attempting to open an issue yields this message:

"An owner of this repository has limited the ability to comment to users that have contributed to this repository in the past."

You can still report it as malware (which it actually is)
If only they had some sort of attestation scheme to root out dissent at the source.
(comment deleted)
Yoav Weiss is closing concern threads, calling them "spam."

Ben Wiser ( https://benwiser.com ) turned off comments altogether.

May their names reach eternal infamy on Wikipedia.

The Open Web. Creators: TBL et al, Destroyed-By: Google et al.

> The goals of the advertising business model do not always correspond to providing quality search to users.

- Sergey Brin and Lawrence Page, The Anatomy of a Large-Scale Hypertextual Web Search Engine

Yoav Weiss has a blog post from 6 days ago on his website. https://blog.yoav.ws/

for a personal blog it has quite a lot of PR speak

Oof. It does check, though, that the guy CoC-blocking all the github comments would have blog posts like the Professor Umbridge of the W3C.
I think people like to take the easy way out of declaring those with a different mindset "evil." Everyone is the hero of their own story, and honestly there are multiple incompatible-but-internally-consistent models of how technologies can and should work. I think it's more useful to recognize these things than to write off a competing mindset (especially when the competing mindset is in a position of power).

Consider incentives from Google's standpoint. They want to provide users a safe and secure experience. They want to simplify maintenance of software and provide developers the ability to simplify maintenance of software (a problem simplified by chopping the unbounded set of possible user agents down to a blessed, vetted subset). They have the resources to make their site screen-reader compatible, so they're not concerned about damage that could be done to screen-readers because they'll just bless one and support it. And, of course, they implicitly trust themselves to do all this.

In that ecosystem, Weiss's viewpoint is completely reasonable. The old model of the web is old, and led to gestures broadly at all the bad things about the web today... fraud, users getting owned, CP, botnets, misinformation factories. I can definitely see the viewpoint where someone concludes "It's time for a new model, and this company has the resources to do it."

I don't agree with him (and in fact I think the idea will fail; I think Google actually overestimates its ability to provide an equivalently-good user experience to what we have now if they aren't leveraging the unpaid labor of other vendors putting the effort into making their own houses work with Google's house without Google even being aware of their work). But I think it's useful to wrap our heads around how one gets into that headspace without thinking oneself a monster.

As they say: "the road to hell is paved with good intentions". Wanting to fix the world by taking complete control of it is one of the most trivial examples of a plan that should be immediately labeled "evil", as, if nothing else, "absolute power corrupts absolutely".
This plan doesn't take complete control. It provides a mechanism for a web site to delegate trust on UA configuration authenticity to a third party, or even to itself via side-channel.

Nothing in the proposal requires the third party be Google. The proposal does decrease the control the user has over their own hardware, in the sense that it provides a channel for a site to decide the user-agent / hardware stack is the wrong pedigree to serve; that's not universally considered evil either (few people really get bent out of shape that you need a Nintendo Switch to use Nintendo Switch Online services).

> Consider incentives from Google's standpoint.

Google sells ads. They want to kill ad blockers. This is how.

> Weiss's viewpoint is completely reasonable

Chasing diversions around in circles is not neutral. Someone wins by default. Diversions exist and they exist to tempt you into poor attention allocation decisions. This is not about safety, security, and providing an excellent experience. It's about ads and making sure you can't stop them.

It's extremely likely it's about both. It can be both about making it hard to skip ads on YouTube and about making it hard for somebody to replace human users with automated devices.
> When thinking about a new proposal, it's often safe to assume that Occam's razor is applicable and the reason it is being proposed is that the team proposing it is trying to tackle the use cases the proposal handles.

Ockham's Razor doesn't apply in an adversarial situation.

Yep. You'll cut yourself on Ockham's Razor if you bring it to a fight.
It is also for when you are comparing two explanations that do an equally good job of explaining empirical data.

"Google is an advertising company and does whatever leads to more profitable advertisements" does a much better job of explaining Google's actions than "Google just wants to build the best possible browser", so it should be preferred even though it is a more complicated explanation.

Please don't do this here. It's not what this site is for, and destroys what it is for.

Edit: I suppose I need to add—no, we're not pro-$MegaCorp or pro-$web-destroying-dystopia. We're just trying to have an internet forum that doesn't suck, and you guys need to make your substantive points without degenerating into mob behavior.

https://news.ycombinator.com/newsguidelines.html

> the best place to shame?

Please don't do this here. It's not what this site is for, and destroys what it is for.

Edit: I suppose I need to add—no, we're not pro-$MegaCorp or pro-$web-destroying-dystopia. We're just trying to have an internet forum that doesn't suck, and you guys need to make your substantive points without degenerating into mob behavior.

https://news.ycombinator.com/newsguidelines.html

Understood. Sorry about that. Shoulda known better.
Appreciated!
I agree with your overall ideal of free access to information but I disagree that harassment is a necessary or even effective option to push against this. I think the harassment puts us in a category of ineffective, bitter malcontents and that’s not what we are.

We are capable of going to elsewhere to free and open access to information, and we would be better off spending our energy on positively influencing others to follow us in that direction. They can’t take away tcp, http, ftp, irc and all the other protocols that these megaliths have built their empires on, and we can still use those tools even if it’s a demoralizing regression to move back to the basics. Giants like google, Amazon and others depend on our unwillingness to rebuild. Let’s use our efforts and our ingenuity to show them that they’ve underestimated us.

We have the tools, we have the knowledge. Let’s be builders instead of petty complainers.

We’ve been doing that for years, larata_media. Decades, even.

And what do we have to show for it? Our tools power their botnets and they flaunt the CoCs in our faces when we try to do something about it as “not constructive”.

(comment deleted)
We must believe in ourselves. We are too quick to be cynical about the future of the web - too quick to forget our ingenuity in the face of adversity.
Well we can build something too but first we need to get rid of these people.
Please don't do this here.

More explanation:

https://news.ycombinator.com/item?id=36881929

https://news.ycombinator.com/item?id=36881081

https://news.ycombinator.com/item?id=36881034

In addition: could you please stop posting unsubstantive comments and flamebait generally? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.

If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.

Every time you see someone abandon an open source project, one of the biggest reasons is people suck and ask too much, harass, etc.

Therefore, one of the most efficient ways to kill a dangerous new standard is to endlessly harass anyone who works on it.

Sorry, the poor individual can not hide from their responsibility.

> a category of ineffective, bitter malcontents and that’s not what we are

There are enough top voted people demanding harassment in this and other threads to say that well, maybe that's what HN is, actually.

It won't do anything. You don't think they've anticipated random angry outbursts going into this? Plus, the people you're harassing are simply implementing a policy that they don't have the power to change.

The only pressure that Google has been shown to consistently respond to is political. Get a couple of senators (... of the right party) to send them a mild rebuke and they will indeed retreat a little (... and try something else later). But that's a lot harder than posting angry comments until the next piece of outrageous news comes along, isn't it?

I was just following orders!
Directly sending a message to the implementers doesn't preclude involving politicians in this too, and I absolutely agree that the latter should be involved.
> the people you're harassing are simply implementing a policy that they don't have the power to change.

I'm not on board with harassing people (sad that I have to include this disclaimer).

That said, the people are not simply implementing this. They're actively and publicly justifying and defending it.

what exactly do you want to preserve from the web as we know it today?

let it burn

focus on building something new, new protocols, new networks, new browsers

Something that isn't dependent upon the whims of princes.
Tiktok is literally controlled by the CCP. If consumers don't care about that, they aren't going to care about DRM.
Tech-literate folks really should make a concerted effort to move to our own darknet, something like freenet or I2P, to recreate the internet before the advent of mass adoption of smartphones by the public. Forums, IRC, vent/TS, webrings, XHTML 1.0. No WebGL. No Canvas. No WebAssembly. No damn WEI.

Normies can f&$% off and enjoy the data-mined, DRM'd, ad-infested, CCP-propagandized, upload-your-photo-ID-to-post-here, privacy-free dump their illiteracy, careless disregard for harm, and data exhibitionism fetish has allowed the clearnet to turn into.

While I like this idea, starting from the foot of "CCP-propagandized" based on the tiktok service hosted by Oracle in the US is an amazing way to start off on a Nazi infested foot.

Anti-communism and fascism are historically in lock-step. No one is going to use the services if you basically create web4 stormfront.

China is nationalist authoritarian state capitalist, their external propaganda isn’t to spread Marxist ideology, it’s simply anything that helps China and hurts everyone else, same as any nationalism.

“What do you think the Russians talk about in their councils of state, Karl Marx? They get out their linear programming charts, statistical decision theories, minimax solutions, and compute the price-cost probabilities of their transactions and investments, just like we do. We no longer live in a world of nations and ideologies, Mr. Beale.” Network, 1976

Further, free speech must be defended despite the modern liberal tendency to cut off the majority’s noses to spite nazi faces. If you’re gonna fight nazis, fight nazis, don’t throw out fundamental human rights. They know they can taint principles, signs, and symbols with their stench. Don’t give up essential freedoms out of guilt by association. These charlatans have no political theory, no examined ideology. It’s a power struggle and we’ve already ceded too much power.

FWIW, I'm certainly not advocating for any kind of racism, or any kind of philosophies that support the use of force to achieve any political, social, or economic goals, so fascism would be firmly out were I the webmaster.
> any kind of philosophies that support the use of force to achieve any political, social, or economic goals

> so fascism would be firmly out

This goes to prove my point, that there's a gross misunderstanding of history in the general population.

Fascism doesn't use force to get political power, it gains political power through reactionary ideas based on false assumptions that leads to a fascist regime where the violence then occurs on the "other".

It comes through ideas such as "protecting your family", "returning to tradition", and other feel good sayings that mean almost nothing. Think of the phrase "Woke", taken from black community vernacular and twisted to mean almost nothing at all. It describes everything and anything that can make a conservative person upset, from queer people to mental health professionals.

Despite meaning nothing, oh boy has it taken root. Beer is woke, tv is woke, the black guy in star wars is woke for existing. And oh man look how easy it is to take root and now millions of people live their life by the "anti-woke" lifestyle. What does that lifestyle mean? idk, buying shes just to light them on fire, i guess.

This is why communist regimes had gulags. Fascism takes root through reactionary(meaning feelz over realz) ideas, typically against change. A revolution is something hard fought, why would they allow it to be derided by some idiots who miss when they owned all their neighbors land?

What I'm trying to say is one end of the spectrum is at a huge advantage when it comes to free speech environments, for the fascist does not need to argue in good faith. Going by "philosophies that support the use of force..." will get you a lot of a certain group.

There was nothing in his comment that alluded to anti-communism sentiment. In my opinion, the parent comment was categorically anti-fascist. Current day CCP conforms to the definition of fascism far more than the definition of communism.

I'd love to hear your thoughts on how they were being anti-communist or fascist in your eyes.

It's easy in theory to say "oh anti-ccp isn't anti-communist", but in practice, do people actually understand the difference?

Consider the phrase "tankie", what was once a term used by communists to describe a militaristic member who supported the USSR sending tanks into Hungary, has become a general phrase for anyone showing critical support to any socialist project.

Socialists are essentially told they are not allowed to support any previously or currently existing project because bad things were done, are told they're doing whataboutism if they compare the actions to western actions, and are called a tankie if they decide to stop caring about what liberals and right wing people say.

China IS a socialist project, are they strictly a socialist country? No. Did they perform the most thorough and equitable land reforms in the history of Humanity? Yes. Do they wield central power for central planning economic activities? Sometimes. Are they operating on a 100% worker ownership of industry? no, but they have a non-insignificant public ownership of industry, co-opting privately owned industry to steer activities with greater control and hold certain business leaders accountable.

I'm sorry to say, but "current day CCP conforms to the definition of fascism" just isn't correct and goes to prove the point that the meaning of words is mostly ignored. Fascism != Authoritarianism. There was a massive effort post WWII through the cold war to create anti-communist propaganda that simply wasn't true. You had actual ex members of the Nazi party leading anti-communist endeavors. The black book of communism counts Nazis as deaths from communism. The Victims of Communism memorial foundation is literally a mask on far-right thinktanks such as the heritage foundation.

That being said, the West is grossly lied to about China day to day. It is in various interests to have an enemy. To the point where one man can write a report identifying a "future cultural genocide" which was simply a reduction in growth of a population due to 1 and 2 child laws being imposed on a group that was exempt prior, as an actual, in-progress genocide. If you point this out, people call you a genocide denier.

That same man is a director of China Studies, at the Victims of Communism Memorial Foundation.

I apologize for this long winded rant, but yes, if you found an internet presence on being "anti-ccp", you're starting off on a literal fascist foot. The community will deride any left leaning voice, call any voice that says "hey china did a good thing here", as a "tankie", and it will become an echo chamber for right-wing hate speech.

All they'll have to do is make a pronouncement of support for some trendy social issue and everything will be forgiven and forgotten. Virtue signaling has turned into the most effective corporate tool for manipulating society into allowing corporations to do almost anything they want. And the public's addiction is so strong that even when this is pointed out and agreed that it is happening, the addiction still must be fed, so corporate sociopathic parasitism on society continues with the joyous approval of society in general.
Yeah. I won't be surprised if the marketing for this misfeature pivots to "it will prevent harassment of marginalized groups".
Indeed. Negotiations have already turned out to be completely ineffective. The next step is war.

Cory Doctorow came up with the phrase "The War on General-Purpose Computing", which describes the situation perfectly.

He came up with it more than 9 years ago, during which time no such war has been generally apparent, and if anything, the conditions for general purpose computing have improved.
That sounds entirely unhelpful. They can just close the issue tracker + people will obviously just move on. This sounds like the Reddit 'blackout' that did nothing and is already forgotten.

What we really need is for the collective browser vendors to refuse to implement this and, if Chrome pushes forward, to bring Google to court over it. Nothing short of legal intervention is going to help here.

What sort of regulation do we imagine a government putting into place to stop this? If anything, governments tend to lean in favor of identification and verification systems because they make corporate commerce run more smoothly.
It's not hard to imagine legislation around a user right to ownership of their device. For example, it could be made illegal for a website to attest that a user is not running specific software.

Legislation around device ownership rights are already present, especially in the EU.

Or we could show Chrome users what the future will look like for alternative browsers - by blocking Chrome now.
OK? That has nothing to do with what the parent said, which is that the issue tracker should be flooded.
> constantly and relentlessly shame and even harass all those involved in helping create it

If this ever helped, we wouldn't have absolutely unethical products created. Turns out people's morals have a price tag, that Google and others are willing to pay their employees.

Well at least you can increase the price tag for Google, Facebook etc by taunting their employees as bad people.

It is quite incredible actually, because it was not many years ago that working at Google had this coolness factor to it. Hopefully, it is a broader change of view, other than mine?

The battle is already lost legislatively.

Multiple US states, France, Germany and the UK are going to make the web unnavigable unless you type your credit card number or scan your face for age verification in two out of every three sites.

We are going to need to at least try to create ways to secure those credentials in as zero trust model as possible.

(Note that the legislation is a disaster, but it is done. Nobody paid enough attention. It has passed or will pass in weeks.)

Time to build a fresh web. Get me my hypercards!
> Time to build a fresh web. Get me my hypercards!

A fresh web doesn't exempt you from the legal requirements unfortunately.

This year has seen the biggest state attacks by legislators on any electronic distribution of speech across most Western states for fifty years, and by and large the technology community has completely failed to even engage with that never mind stop it. We are all going to have to live with the consequences for decades.

I don't like Google's grasp on so many vital parts of the web but somehow, it seems like google is actually in trouble.

AI is going to completely change search if it hasn't already, and google is not even close to compete in this space.

Video has some massive competition from the likes of TikTok. Anyway, YouTube isn't the only option on the market.

Gmail is still popular but since google has been pressuring users to pay, it's been easier than ever to find a reason to try another service.

Chromium can always be forked and have some parts removed or added, and as we all know quite a few browsers do this, some are quite popular.

Is google also losing IOS ads like Meta? If they do, that's another reason for alarm for them.

I'm not sure google is in the best position for the future and WEI is not going to be their golden ticket either.

And, if your prediction that web will change actually comes to pass, well then it'll be just another cycle for this space that has changed countless times since the age of dialup. The web is going to change, again and again, but as long as people are still free to set up a server and let the world access it, we can still do what we like with it.

Except increasingly the world will access it via drm aware browsers because their banks require it, and the open web audience will subsequently dwindle.

The Halloween memos called this "Embrace, Extend, Extinguish". Google didn't just ignore the moves that provided M$ dominance.

To paraphrase John Maynard Keynes: Google can stay irrational a lot longer than you or I can retain our freedoms. And when the precedents have been set, a new normal has been established, and when/if Google does finally fail, the next actor will step in and keep those freedoms from us all.
Corporations will dismiss all of that as asshole Luddites, and do it anyway. You're not Google's customer. The advertisers are.

The only way to stop Google from treating the Web as their own OS is to take that power away from them, by switching to other browser engines.

And we have this crappy paradox that Mozilla is held to an impossibly high standard. People want to burn them to the ground for daring to use Google Analytics, or the Pocket acquisition, and keep using a 100% Google browser, with preferential integration with all of Google's services/protocols/APIs.
I think that's a false dichotomy. It's possible to criticize Mozilla (ideally in good faith) for both the way in which they develop Firefox and their focus/mission in general, while at the same time using Firefox, since to me it looks like the best alternative we've got.

Not every Mozilla critic is a Chrome user; I'd even expect that the most vocal critics are Firefox fans and users.

In theory, yes, but that’s what every thread about switching to Firefox gets: Lots of flames about Mozilla. But when the only sensible alternative is staying with Google, why would these people make these arguments as replies to suggestions to switch to Firefox? It is only reasonable to conclude that it’s not Firefox fans making these arguments, in those threads.
Ah yes. The "Uncle Ted" approach, but a bit more mild. At what point do we go full Ted?
Imo, the idea that this is about selling advertising and maintaining market share is being used as a false justification. This is not about being able to drive users to ads.

The bigger picture is that Google et al are actually part of the control structure. The governance system wants deanonymised Internet. Corporate interests are how this is being promoted - government legislation would be a harder pill for the masses to accept.

But all the recent mega changes tell us (Elon buying twitter, etc) tell us that this is on the way. Apparent anonymous internet will be sandboxed. Knowing everything about everyone all the time, and having that data being crunched by ai's is an amazing, audacious goal, that seems close to being achieved.

Just saw https://github.com/chromium/chromium/pull/187/files

It's even funnier with the auto-reply "Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA)."

Oh but that would be against the respective projects' code of conduct. /s
> constantly and relentlessly shame and even harass all those involved in helping create it

Not on HN, please. I realize that you're trying to protect something you care about (and that maybe we all care about) but this leads to ugly mob behavior that we don't want and won't allow here.

https://news.ycombinator.com/newsguidelines.html

Is adding a feature-flag really the same as pushing the feature into the browser immediately? It can easily just be part of a SWE needing the flag in place in order to continue work without impacting anything else, even if that thing never ever launches.

In general Google engineers don't tend to work on branches, especially long-running ones. Incremental small code reviews are the expectation. The general process would be to stick things securely behind flags and continue development without turning it on, even if it never ever launches.

Not saying this work should be done -- it shouldn't -- but code being pushed is not the same as "we're going to make this happen tomorrow, no matter what."

Yes, because a feature flag shows intent to implement it before any real discussion have taken place with privacy and non-corporate security advocates.
> Is adding a feature-flag really the same as pushing the feature into the browser immediately?

"Don't mind me guys, I'm barely boiling the frog."

When was the last time you heard Google or anything Google-related backing down from getting their paws in deeper? It's no longer a fallacy when there's a sign next to the slippery slope.
I worked in that code base. Things were feature flagged then murdered all the time.
> Is adding a feature-flag really the same as pushing the feature into the browser immediately? It can easily just be part of a SWE needing the flag in place in order to continue work without impacting anything else, even if that thing never ever launches.

Yes, because that's a such anti-consumer issue. It shouldn't exist in the first place, it should never be merged to master. There's no reason to not keep it on a separate branch if you don't intend to use it.

Honestly, if the work is going to be done (again it should not be done), I'd rather have it out in the open.
Companies don't usually make a habit of having their employees work on something they don't intend to pursue.
I wish that were true in corporate America! Think of all of the waste that would eliminate.
Yeah but then you also have to think about all the jobs that would be lost.
Yes, they actually do. Or rather, there is no "company", there are thousands of different decision makers.

My point is that at some other company (e.g. Apple) it would be done in secret on a branch somewhere, then big-bang merged later.

Google's process doesn't tend to work that way.

[flagged]
Do you or did you work at Google? Because I did, for 10 years.

And can we retire this inane content-less quip already?

Also I'm old enough that even my children aren't children anymore. How I would dearly love for your statement to be true.

What you think they push the flag without the intention to make it happen?
Because I worked at Google. People get tasked on working on things that get killed later all the time.

Don't underestimate how much money they have to burn and how incompetent upper management is at making hard decisions and planning.

Another tame article in The Register:

https://www.theregister.com/2023/07/25/google_web_environmen...

Despite the spec's half-baked state, the blowback last week was swift – in the form of a flood of largely critical comments posted to the WEI GitHub repository, and abuse directed at the authors of the proposal. The Google devs' response was to limit comment posting to those who had previously contributed to the repo and to post a Code of Conduct document as a reminder to be civil.

The usual way to deal with opposition these days.

Limiting posting and asking for civility is the only way for individuals to meaningfully engage with even a mere thousand others. Nothing about the human mind was meant for social internet at the scale of the internet, where there are more distinct voices than you have heartbeats in a lifetime.
> more distinct voices than you have heartbeats in a lifetime

Quotable!

Yes, and the response should be to make the repo private. Only allowing interactions from previous contributors to a public repo is disingenuous.
My expectation is that private is worse for any public involvement in any discussion because nobody else can see it, and also likely to get them yelled at more via other channels, and also lead to the assumption that they "have something to hide".
Also worth noting that this locks reactions (thumbs up, hearts, etc.) - providing plausible deniability that "only a small number of people raised concerns about specificTopicX." Journalists should be more aware of this!

On a separate note, for journalists and others who wish to communicate with the spec's author directly, his public website (which lists a personal email) is one of the other repos on the Github profile under which the specification was published. It's painfully absurd that he wrote this sentence in 2022 [0]:

> I decided to make this an app in the end. This is where my costs started wracking up. I had to pay for a second hand macbook pro to build an iOS app. Apple’s strategy with this is obvious, and it clearly works, but it still greatly upsets me that I couldn’t just build an app with my linux laptop. If I want the app to persist for longer than a month, and to make it easy for friends to install, I had to pay $99 for a developer account. Come on Apple, I know you want people to use the app story but this is just a little cruel. I basically have to pay $99 a year now just to keep using my little app.

[0] https://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-my-...

If you want to protest the knife we're driving into your stomach, you can do so, but we need to see credentials and civility.
And limit your protesting to technical critiques about how the knife is made, not whether it should be in your stomach.
“Please be civil while we destroy the web as we know it. We also put earplugs in, just in case.”
(comment deleted)
If this isn't the straw that breaks the camel's back, there is never going to be one.

Google needs to be broken up.

They own the browser market. They own the web (through Adwords). They own Search. They own mobile. They own most of the video sharing market with 2.5 billion monthly annual users. They own a good chunk of email with 1.2 billion monthly annual users.

They have amassed an incomprehensible amount of power and influence over humanity and they have proven repeatedly that they are willing to use that power to the detriment of humanity and to entrench themselves further.

Google needs to be broken up.

Google broke itself up in 2015. What are you even asking for here?

Chrome and Android are open source, and there are several forks of both thriving in the ecosystem. Yeah it would be cool if there was a decent open source alternative to GMail and Drive, but no one else seems to have figured out how to get the incentives right for something like that.

That "incentive" for Google is "80% of our revenue comes from ads".

Google's open source projects are open in name only.

> Google's open source projects are open in name only.

The link at the top of the page is pointing to the GitHub repo, where you can see literally over a million contributions from thousands of people working at hundreds of companies: https://github.com/chromium/chromium/commits/main

I've worked on both Chrome and Android (Chromium and AOSP) professionally, and never worked at Google.

You and GP both can be right depending on definition used for “open source”.
There is the OSS vs FOSS distinction which may have been unwittingly invoked. Certainly there is nothing “free” about Chromium except its price. Google is not about to switch to a fork for Chrome and any changes to Chromium which are not approved by Google are unlikely to be in any release builds.
Well, true :)

What I should've written is that: yes, they are open source, but there's no way to influence the direction they are going. These projects are 100% Google-run, and very few (if any) decisions are public.

For most projects there's also a significant proprietary part in the actual final product

It's not the lack of open source, it's ease of use. Alternatives exist, but no company is going to run a charity case for you to store tons of data for free. Mail in particular is commonly known to be a hassle which has nothing to do with Gmail the software, as much as Gmail the provider.
Google broke itself up in 2015. What are you even asking for here?

No, it didn't, it restructured itself into Alphabet, with many subsidiaries. But, all the core businesses are still under that umbrella organization, with most web-related businesses remaining inside the current Google entity.

A forced divestment of the browser business might help. Same for the productivity products.

What browser “business”? Chrome makes no money. Don’t you think they are going to fund themselves the same way that Firefox does - via Google ads?

No one has paid for a browser in almost 3 decades and even then few did.

> No one has paid for a browser in almost 3 decades and even then few did.

Considering NCSA Mosaic’s initial release was just 30 years ago this year and it’s considered the first browser, think you might be using a bit of hyperbole there? Twenty years would’ve been more accurate.

MSIE was free, 28 years ago in late 1995, and while Netscape did take 5 years to follow suit, by 1998 Netscape was not in a healthy position because of the free competition.
And to a first approximation. No one paid for Netscape then. I first downloaded it free in 1996 from their ftp server.
As someone who worked in this space at the time (Webmaster at Spry, Inc. in 1994), and we sold a web browser in the 1994-ish timeframe https://en.wikipedia.org/wiki/IBox, no, saying "almost 3 decades" isn't hyperbolic at all. 29 years is close enough.
I don't think you understand what a business is. Google pays Firefox a lot of money to be the default search which means there is a lot of money in browsers. Google Search conceptually pays Google Chrome to be the default Search engine on Chrome. Except since they're both under the same company they will never take an outside offer which is why it's a monopoly. No different from any other vertically integrated company.
I understand that perfectly, how do you think the theoretical Chrome business would make money?
The same way the non-theoretical Firefox business makes money.

edit: Safari as well.

By showing ads from the “AdSense Company” and sending your personal information to them?

Meet the new boss…

Sure, but on the positive side, the Chrome Company has its own incentives.

Today, Google can provide Chrome as a loss-leader, making up for the "free" browser with ad revenue.

The new Chrome Company can't operate that way. It needs to make money on its own. Perhaps MS Bing offers more money. Or they build their own ad system. Or pivot into some other business area.

Anyway, I don't think anybody is arguing Google/Alphabet must be broken up, only that it's a tool that's available in the US, should we (society) decide other regulation is insufficient.

> Perhaps MS Bing offers more money.

> Or they build their own ad system.

And we still are being tracked by BigTech with the same business model that people object when Google does it.

> Or pivot into some other business area.

And what other method do you suggest for funding besides ads or people paying for the browser? The second option has never been a long term successful business for browsers?

Chromebooks are literally a browser that you pay for, and they are heavily embedded in the US education system.

Just because they don't sell floppies in a box like it's 1994 doesn't mean these aren't businesses.

Yes, you just pay for the browser and not the hardware. Are ChromeBooks also a “keyboard you pay for”?
But what does breaking up even mean? Separate companies, each publicly traded with their own C level staff, shareholders, etc?

Because to me it just feels like it might be legally separated, but still owned and directed by the same handful of people. And it being separated makes it safer, in that they can't forward e.g. large fines to the parent company.

Disclaimer: I don't know anything about large corporations. or economy. or governments.

Yes, breaking up a company means divesting some business units. The new businesses would have their own BoD, leadership, shareholders, etc.

The US did this with Standard Oil in 1911, Bell/AT&T in 1983. And the same laws were used against Microsoft in 2001, though the company was able to avoid a break-up.

Breaking up Google might not be the best option. Perhaps more rigorous regulation by the government would be better, similar to Microsoft. But a break up should be an option.

[flagged]
Wait until your bank requires you to use it to pay your bills and tax preparation websites require it to pay for taxes.
I’m sure they are all going to block iOS users from using their services.
iOS already implemented this stuff
Not only did iOS implement this, but everyone either sleep-walked on it, or worse, praised it, because Apple sold it as a CAPTCHA bypass instead of a DRM scheme: https://mastodon.delroth.net/@delroth/110775677023220850
How is PrivacyPass related to iOS?
PrivacyPass is an extension that lets you pre-solve CloudFlare CAPTCHAs if you're on a VPN. However, that was too frustrating, so CloudFlare partnered with Apple to integrate PrivacyPass into Safari.

How did they do this? Simple: iOS provides cryptographic attestation that your browser isn't a bot and isn't hacked, and CloudFlare takes that as your CAPTCHA solution. This works exactly the same way that Google proposes Web Environment Integrity work.

My former business bank actually did this. They insisted their web app "was compatible with all modern browsers, but more compatible with Chrome" - I couldn't make transfers to other accounts with Firefox, it just hung indefinitely.

Virgin Money, UK - https://uk.virginmoney.com/

> was compatible with all modern browsers, but more compatible with Chrome

Is Animal Farm not required reading in Orwell's home country? Or was that a misquote, or maybe just something from a random support worker? It's almost too on the nose for that statement to be written by someone familiar with that book.

I was wondering the exact same thing with that wording. Maybe someone, somewhere was required to put in a notice like that (or worse, make it so that it does work better in Chrome for whatever reason) and decided to word it like that to fly under the radar. Unlikely, but I like that imaginary world.
I use Virgin Bank and Firefox works OK for me.
This was Virgin Money Business specifically, and it's a year since I left so it might have been fixed.
(comment deleted)
It’s bad enough google captcha is broken on Firefox with all the privacy extensions on.
It is not broken. They are punishing you for not wanting to be tracked, profiled and manipulated.
And yet, you are probably somewhere in Google's databases.
And if they are broken up, now you’re in 5 companies’ databases, win?

And then they are all probably going to implement “sign in with Google”.

>And if they are broken up, now you’re in 5 companies’ databases, win?

Yes, win. I'd rather be in a number of smaller businesses database than in the one last company's.

Isn’t that the opposite of privacy?
The opposite of privacy in this context is 1 or more companies having your data. Note the 1.
Google Search is notably absent in your list.

If this proposal becomes standard in Chrome, You can be sure Microsoft and Apple will follow Google's lead with the same or their own similar implementations.

See Microsoft Pluton and Apple's Private Access Tokens. Or read this article which provides an excellent overview of these developments. https://news.ycombinator.com/item?id=32282305

Make no mistake. If this becomes standard on Chrome, this is going to be standard on the web.

Youtube is absent as well. Maybe OP is not as de-Googled as they think.
I didn’t specifically try to De-Googlefy my life for some moral reason. I think most of Google’s products are second rate - including their search page unless you use an Ad blocker. But I do find myself using ChatGPT more and Google less for coding questions since it does a better job of giving me exact answers to my problems and code is easy to verify for correctness.

As far as YouTube, I think I only use it for AWS ReInvent videos. I can’t stand ads and there are no ads interrupting the video.

You may not use Gmail, but every email you send and receive goes through Google infrastructure.
I might need to tell my corporate IT department that our emails are going through Gmail.

Besides, I can’t remember the last time I actually sent a personal email to anyone besides forwarding something from another business.

I don't have a Google account and don't use any Google service, still think that this libertarian message is bullshit, how do you do the free will if the web starts deciding which OS/Browser are authorised to do something? I am not sure we are talking about free will or useful idiots
And how will “breaking up Google” help if the “Chrome company” is still implementing DRM?
Because you break the interest of showing ads from google search/adwords, to the interest of surfinh web freely of those who would work on chrome

Now google has both the need to show ads, and direct power on what people use to see those ads

How do you think the “Chrome company” would be funded?

How is Firefox funded today.

Is Firefox consistently trying to find ways to show you ads? Are they working on technology that helps profiling you?

One thing is funding, keeeping independence, another is controlling

They get 80% of their funding from Google. Do you think they are going to change to a “privacy first” search engine?

And Firefox already supports Google’s WideVine DRM

https://support.mozilla.org/en-US/kb/enable-drm

What makes you think they won’t support this?

Are you sealioning me?
I think it’s kind of naive to think a company that gets 80% of its funding from Google is going to go out of its way to protect you from the same company or that it won’t implement the same proposed DRM standard when it already implemented the older one.
But if firefox is full of tech to prevent privacy leaks? They incorporated a vpn, strict mode, containers, third party cookie block, dnt, etc.. what the fucking hell are you talking about?
They are sending you to Google for searches. Everything else is irrelevant if you are concerned about Google getting information about you.

If you think that Firefox won’t include DRM because of “freedum”, there is an existence proof that they will - they support WideVine.

How can Firefox be “independent” of Google when 80% of their funding comes from Google?

> Google needs to be broken up.

To make it explicit: the only way this happens is by Americans voting for it. The FTC has been more active on anti-trust issues in the past two years than at any time in the past 30. That's a direct result of the 2020 election. Elections matter.

Citation? FTC against Google doesn't produce much results on Google (kind of an irony :))

Have seen FTC going against Amazon because the FTC chair had published prior work against Amazon's practices. Not defending Amazon but FB/Google are a much bigger threat than Amazon.

Citation for what, increased anti-trust activity from the FTC over the last two years? Sure, here's one article:

> Private equity deals and transactions in the healthcare and technology sectors continue to attract heightened antitrust scrutiny...

> The US agencies have also demonstrated an increased interest in challenging vertical transactions.

> In January 2022, for example, the FTC sued to block Lockheed Martin's US$4.4 billion proposed acquisition of Aerojet, which the parties subsequently abandoned.

> Increased enforcement, combined with the agencies' reluctance to approve remedies, has created an uncertain environment where commercial parties should be increasingly prepared to litigate mergers.

> The ramping up of antitrust enforcement in 2022...

https://www.whitecase.com/insight-our-thinking/us-ma-fy-2022...

Here's another:

> Since 2020, the Federal Trade Commission (FTC) and U.S. Department of Justice (DOJ) have filed multiple lawsuits against major tech companies...

> "The agencies have started laying the foundations for a more interventionist stance over the last two years, and this year is when we'll start to see some of those efforts come to fruition -- or be stopped in their tracks by the courts," Kass said.

https://www.techtarget.com/searchcio/news/252528606/FTC-push...

I'm sure you can find more.

Except they keep losing cases. ex:

https://www.reuters.com/legal/us-appeals-court-opens-docket-...

Or Judges fast-tracking lawsuits to allow those being prosecuted by the FTC to get things over quicker, ex: https://www.reuters.com/legal/illumina-wins-fast-track-appea...

And I think the biggest blow may actually come about because of the SEC lawsuit that will be heard this upcoming term at SCOTUS: https://www.reuters.com/legal/us-supreme-court-decide-legali..., which will likely heavily reign in the power of administrator judges and the ability for an agency to keep initial fights in-house (blocking litigants from taking fights to the normal courts).

Yeah. You can't expect every swing to be a home run, but you also miss every swing you don't take. My point is at least they're trying to do something now, unlike previous decades. It will take some time and effort to bring the agency back around to being effective after decades of inactivity. That's not going to happen if future administrations put the FTC back on the bench.
Citation for this statement.

>The FTC has been more active on anti-trust issues in the past two years than at any time in the past 30

FTC being more active in past two years over previous 30 is a strong statement.

The FTC isn't going to do anything as Google/Alphabet is a big donor to the Democrats.

https://www.opensecrets.org/orgs/alphabet-inc/recipients?id=...

Here is them lobbying specifically around antitrust reform legislation: https://www.opensecrets.org/federal-lobbying/bills/specific_...

So are Amazon:

https://www.opensecrets.org/orgs/amazon-com/recipients?id=D0...

and Microsoft:

https://www.opensecrets.org/orgs/microsoft-inc/recipients?id...

And yet we see high profile activity against them from the current FTC.

? This is provably false. FTC filed 6 months ago.

https://www.nytimes.com/2023/01/24/technology/google-ads-law...

n.b. I've found a lot of comfort by conciously rolling away from any subject that leads me to do "They"-ing, i.e. name an enormously large group, then talk about them as a unit. The more I avoid it, the more I realize how prevalent it became and drives how a lot of us feel society shifted.

It's called saving appearances.
So your position is, they'll never do it, and if they did, it's fake. Sounds like self-peasantization.
The people working at the FTC have been involved in revolving doors in the very industries they're trying to break up.

It's a simple observation. They don't have the interest to make it pass but they still have to do it to save face.

(comment deleted)
(comment deleted)
You're right, but not because of politics.

FTC is on a losing streak, with the latest fiasco being the Microsoft Activision acquisition fiasco.

Republicans control the house. That's who would have to pass any legislation. FTC is non-partisan.
>The FTC has been more active on anti-trust issues in the past two years than at any time in the past 30.... That's a direct result of the 2020 election.

Active against Google though? Remember, Google can help a certain political party in tough times (e.g. rollout of healthcare.gov).

So can Microsoft and Amazon, surely? Yet they're getting a lot of scrutiny from the FTC right now.
Wake me up with they actually do something instead of making announcements of looking into the possibility of perhaps one day sending a strongly worded letter asking their tech buddies to calm down a little bit, if they're so inclined. Until then, this is campaign fodder and nothing else.
Okay, here's your alarm clock going off:

"FTC rewrites rules on Big Tech mergers with aim to ease monopoly-busting"

https://arstechnica.com/tech-policy/2023/07/ftc-rewrites-rul...

"FTC prepares “the big one,” a major lawsuit targeting Amazon’s core business"

https://arstechnica.com/tech-policy/2023/06/ftc-prepares-the...

"The Federal Trade Commission sued Amazon today, claiming the online giant violated US law by tricking consumers into signing up for the $14.99-per-month Amazon Prime subscription service and making it annoyingly difficult to cancel."

https://arstechnica.com/tech-policy/2023/06/ftc-sues-amazon-...

"FTC files to block Microsoft’s $69B Activision Blizzard acquisition"

https://arstechnica.com/gaming/2023/06/report-ftc-will-file-...

"A Federal Trade Commission lawsuit filed yesterday accused Ring, the home security camera company owned by Amazon, of invading users' privacy"

https://arstechnica.com/tech-policy/2023/06/ftc-amazon-ring-...

"Microsoft will pay $20 million to settle an FTC complaint that its Xbox platform illegally collected and retained information about children without their parents' consent"

https://arstechnica.com/gaming/2023/06/xbox-coppa-violations...

And that's all just from one news source, in the last three months.

Yes, but Google has a strong existing relationship, the D party owes them for that one and some other favours. Can you find a link for any recent FTC action against Google (not against Google's competitors or some tiny subsidiary of Google)? I hope I'm wrong here.
How much of that involves the tech industry? Are you seriously claiming that Silicon Valley and Donald Trump were besties while the Democrats and tech hate each other?
> How much of that involves the tech industry?

A lot. Here's a link where you can read about some recent activity in the tech industry (change it to sort by Date, I couldn't figure out how to do that in the URL): https://arstechnica.com/search/?ie=UTF-8&q=ftc You can probably find more on Google (or perhaps Duck Duck Go? :) ).

Don't forget, increasingly transport, you won't be able to get a taxi in SF soon without being monitored / tracked by Google.
How so? Are they requiring request of taxis via a site with Google analytics?
I think they're alluding to Waymo. I feel much better about Google tracking my taxi rides than I do with Uber, Lyft, random taxi company, my cell phone company, etc.
Why should the US break up an asset like Google? Would be completely self defeating. This isn't like standard oil or at&t, that mostly had influence and market share inside the US. It would basically be handing power to foreign competitors who would pounce at the opportunity

And I'm not American so it's not even some sort of patriotic comment. If Europe , or anywhere else, had a Google sized Behemoth, they wouldn't mess with it no matter how "anti tech" they might seem now. If anything they are anti tech because they don't want foreign big tech to have massive influence over them. You'd bet they wouldn't cripple big tech if they were European. On the other hand, as long as they are American that massive power is a feature, not a bug for the US government.

The reaction to Tiktok is a good example of how nationalism/geopolitics shape the reaction to big tech, which is why google is probably safe.

One thing comes to mind: antitrust! It happened to Microsoft as well!!
...and Microsoft has more power than Google at the moment
But anti-trust stalled Microsoft's efforts at a critical time and allowed Firefox and Safari (like Gecko) to restore a standards-based web from an IE-based web. It's not a cure all but it worked. IE had 95% marketshare in 2002 and Firefox took a third of that from them in a few years thanks to anti-trust and the consent decree it forced on MS.
Chrome has nowhere near 95% market share so it would be hard to make the same case against them.

Given that it's open-source and anyone can roll and distribute a tweaked version of Chromium (and many have, notably Microsoft), it's really hard to see an argument here that Google is acting anti-competitively. If anything it's very pro-competitive to give away your secret sauce to your competitors.

Just because their browser is more popular than you would like, and you don't like a feature they're adding, doesn't mean a judge is going to stop them from adding it.

> Why should the US break up an asset like Google?

I'm also European and I think almost pretty much 100% as you think on this, but to play devil's advocate, and how I think this should have worked in theory in a free-market economy, is that the US, by allowing companies like Google to do their nefarious and frankly evil things right now and in the near future is also, at the same time, not allowing future potential companies, more innovative than Google is now, to take Google's place.

But what happens is that the US is focusing on having a strong and national security-enhancing company (Google) on its side now and in the near future, versus having an even stronger and, potentially, even more national-security enhancing company (the one that would have taken Google's place had the free market been allowed to do its thing) in the medium to long future.

On the face of it this compromise of security now and in the near future vs security in the medium to long future looks like a decent bet, the problem is that evil colossuses like Google are actively getting rotten from the inside, and at some point in the medium to long future they'll fall almost in an instant, with no company to take their place. That will leave the US highly vulnerable at that point in the future.

> Why should the US break up an asset like Google? Would be completely self defeating.

Because in the short term it would disrupt a major company (ala Standard Oil), but in the long term it would allow the US to remain competitive in the global market.

If we allow Google to continue abusing its monopoly power in the US, that guarantees that the US will not be the home of the future technologies of the world. Innovations will be sucked up and killed as acquisitions. Enormous energy will be focused on blatant moat-building like WEI instead of developments that benefit the world. etc.

Tech competitiveness relies on network effects. Breaking up tech would just cede marketshare to companies like ByteDance and Baidu.

Any successful US-based tech post-breakup would be acquired by larger international players, like Tiktok was.

In which case foreign governments, the EU and the like who collectively represent the interests of the other 7+ billion people, should start levying taxes, penalties and fines on Google and haul it and the US in front of international agencies like the WTO for unfair trade practices.
What would it mean for Chrome to be spun-off into a separate business? How would it survive?
Google Ads and Search would have to pay Chrome for search placement. Just like they do to Mozilla right now.
ideally, it wouldnt survive.
the ideal scenario is that 65% of users' favorite browser is no longer available? why is that ideal?
It's ideal that monolithic spyware dies.
That would be a desirable action but look what happen in the end of 90s to Microsoft. It was about to be broken up and in the very end it didn't. They become dormant and polite only to strike back some 10 years ago with Windows 10, its telemetry, ads and cloud services which are being pushed onto users whether they like or not. And somehow, no regulators decided to step in to clean up this company's behavior - everyone seems to be ok with what MS is doing. Whether it's the US or EU. I take that the business and lobbing goes extremely well in both markets.

And because of this, I don't believe that the US is able to break Google or the other flagship companies despite of reasons existing for such action.

> Google needs to be broken up.

Not going to happen. Rationally there should be broad political consensus about cutting Google back to size: from rabid libertarians worshiping the miraculous abundance generated by "competition and free markets" to bleeding-heart socialists keen on pushing back corporate power as the root of all evil.

Alas, these political categories no longer have any meaning. The US political system has mutated into something else (the messenger being a horned man) which will probably require some time to properly characterize and name using terminology that is appropriate to use in good company.

So the fate of Google will be more shaped by actions of external entities than as part of US regulatory efforts. Powerful countries that antagonize the US are simply degoogling and creating their own copycat panopticons.

The question is what will be the course of action of powerful countries that are alies of the US (i.e. Europe and a few others). Will they accept that their digital society will be feudal in nature because the broken US political system cannot deliver on even basic responsibilities?

> Will they accept that their digital society will be feudal in nature because the broken US political system cannot deliver on even basic responsibilities?

The Germans, British, Australians and French are also attempting to build their own panopticons.

And also, to switch back to Firefox
Who has been mismanaged for at least a decade and depends on Google to pay their bills..

I'm a FF user since the early 00's and Firefox will mostly not go away because Google has an interest in using it against monopoly accusations but the reality is bleak..

And the reality is these people ( Google in this case ) are so far removed from any moral compass about the Web ( at least what most people here think of "the Web" ) that it's near impossible to do anything about it. These companies are huge and from top to bottom there are certain groups that are hired guns to do a job, no matter what "job" it is, they'll do it, achieve those KPIs, get promoted, get paid. Even for their own detriment in the future, it doesn't matter. Big money now, screw the rest.

Btw, this is how every big company operated since forever, the only "news" here is the disproportionate impact their acts do to the World due to their huge size and influence.

I hear Firefox is mismanaged all the time, but it seems to be a perfectly fine browser for the most part. I hear all about sites that won’t render in comments on this website, but they must all be internal tools or something because I never encounter them.
Some Google services I regularly depend on (like YouTube and Google Meet) don't work as well on Firefox as they do on Chrome, in ways that actually matter. Besides that I think most websites work fine.
What's wrong with Youtube? I haven't noticed anything.
TBF YouTube has gotten better (see sibling comment), but Google Meet is really what matters here for me. There's also offline mode in Google Docs, which I use regularly because I'm not guaranteed a good-enough connection wherever I go.

Firefox does some things better (like PiP video playback on most websites, like YouTube!) but others are so poorly done (like Profiles) compared to Chrome that it overall makes Chrome my first choice browser.

I never used Firefox profiles, but Firefox container tabs work really well IMO. I much prefer them to Chrome's profiles for managing work vs personal logins.
I haven't noticed any issues on YouTube after subscribing. Before that it used to glitch once in a while possibly to penalize the ad blocking. But that may have been the behaviour in Chrome too for all I know.

Google Meet does have some key features missing on Firefox such as blurring / changing video background.

Yes. Google uses chrome-only APIs in a few of its own products and falls back not so gracefully.

Which sort of underscores the monopoly point. There’s no universal free/cheap alternative to Meet, further entrenching Chromium.

How about Jitsi? https://meet.jit.si/

It's free and open source, works everywhere, has stuff like background replacement, and doesn't require signup at all.

Jitsi is super easy to use, and I still can't get older people to use it. They just hear "Zoom" on CNN so they think, "I'm supposed to use Zoom. Other things are weird." So much behavior is just driven by anxiety and habituation.
Well Zoom also isn't Meet, so for the purposes of this conversation that seems like an advantage actually?
I've watched Louis Rossmann's video on Jitsi a couple weeks ago: https://www.youtube.com/watch?v=Nzt0tzsaWDE

He provides a nice piece of anecdata there: for one-on-one meetings, you can just send people a link and usually they just join. Even if they've sent a link to Zoom or Meet or whatever, you still can say “hey, join this instead” and it will work. I haven't tried this yet, but sounds plausible to me.

I believe google has intentionally made google maps near unusable in firefox. It's been consistently working worse and worse every year. I feel like about 8 years ago there used to be parity between them.
I rarely use google maps so haven't noticed. Only thing I really miss from OSM based services is street-view.
Its really bad, it takes almost a minute for the site to "stabilize", and even then, default text in the search bar is overlaid with whatever you're typing, a good 30 seconds to load a destination.

A chrome browser on the same device has maps behave almost instantaneously.

That really sounds like intentional.
I am using it regularly without issues on firefox so I am not sure what you are talking about and definitely not in the "unusable realm". Can you be more specific?
I think this example is weirdly informative to me.

I mostly use maps via an app (Apple or Google, they seem to be the same for basic use). Usually if I’m using a map, I’ll be using it in my car for navigation, so Firefox doesn’t even come to mind.

I suspect, on top of the “maybe it is internal apps” thing I mentioned at first, some of the really bad sites are the really interactive ones, I probably just use the app without even thinking of it.

I like to explore maps a lot, and its simply better on a full desktop screen compared to a phone.

So its a regular drag for me. If I really need to move quick to find something, I'll begrudgingly open chrome.

I sparingly run into sites that don't render properly on Firefox but they do exist. As an example, Ticketmaster's account page has problems on Firefox that I don't get on Chromium.
Firefox is helping you, Ticketmaster is evil.
Maybe so, but asking somebody to not go to shows of their favorite bands anymore as a form of protest against Ticketmaster and/or Google is a bit much. Unfortunately, some venues seem to be Ticketmaster only at this point. Sometimes you’ve got to choose your battles.
Yes, because the ones who owns the venues also own Ticketmaster.

Live Nation is the name.

I never used ticketmaster and it is not a monopoly. Choose the right company to sell you tickets.
Surely you've been to shows at every possible venue to be able to extrapolate that bold of a claim from your personal experience?
No but appart from festivals (which were not relying on ticket master) I haven't seen tickets sold by only one company. Usually there are different ones and also some plain old in person in ticket office of department stores.
There are venues that are Ticketmaster specific because Ticketmaster's parent company owns the venue and some acts just use Ticketmaster because they are the most popular ticketing service. If I want to go to UFC 292 for example, I have to get my tickets through Ticketmaster. UFC isn't using some service that shows up on indiehacker
A fraction of a fraction of a fraction of all tickets/venues available. So hard to boycott.
Ticketmaster is the only company selling tickets to several venues, there is no choice of who to buy from available there.

The only choice is to boycott your favorite artist because their record label made a deal with the wrong company. That's too many layers of indirection, for many fans.

I have the same - not sure if its related to many privacy plugins in my Firefox but e.g. google maps still doesn't render as sharp as in Chromium browsers - seems like using rasterized tiles.
This is going to be a problem which compounds more as Google gains more ground. “Oh, I love internet freedom, but I really need to visit website X.” As more and more websites adopt Chrome’s standards, Chrome will be the only browser that works.
The Mozilla Foundation is arguably mismanaged. Firefox does ok, but could go further if the Foundation invested more in FF development and less on… other things.
I'm surprised not to see more love for Librewolf here on HN.

It's just the latest Firefox release, recompiled without all the Mozilla telemetry, and with all the settings flipped to more secure/private defaults so all the tracking features are opt-in instead of opt-out.

Honestly I think the name of the project might be limiting its adoption. It’s sometimes annoying for the more technically inclined among us, but branding matters a lot. You need a name that’s snappy and memorable, which “Librewolf” is not.

Firefox is actually a pretty good example of good branding. It’s short, rolls off the tongue, has pleasant alliteration, and evokes mental imagery.

I wonder how those ‘use GNU IceCat’ conversations went, if they ever happened.
Unfortunately on the whole techies are absolutely poor at marketing, which is a skill all by itself.
It's behind by some weeks on major, contributing new features is difficult because most dev effort seems to be on integrating upstream. It is a great easy path for the less technical to 'more privacy', but pretty much if you are a developer just harden it yourself IMO.
I've been using FF as my default browser on desktop and mobile for at least 4 years. I've had zero issues. In fact, if I need to use their dev tools, I find them superior to chrome. I don't understand the shade Mozilla gets thrown at them.
You’re gonna have to swallow your pride and use the best option here. If you are American you already have lifelong training in this dynamic and you know if you don’t, it just gets so much worse.
Who has been mismanaged for at least a decade and depends on Google to pay their bills..

I don't see how this matters, it's an open source project, if people find enough value, it will be forked and improved by community or a new organization will form around it. This is the beauty of open source, you must embrace.

I'm not really seeing the dilemma here. Would you choose a browser from a mismanaged organisation, or a browser from a corp actively subverting the very basic idea of having a web client you can control, which has a chance of forever changing how we get to interact with businesses online? (In likely the worst way possible)

Seriously, how is this a question? (Unless you want to go with another independent option, then sure)

None of that should prevent anyone from using Firefox. There are no alternatives, nearly all other browsers are built on Chromium.

Making FF more prominent will not give Google more power, it will give Mozilla more power to negotiate better deals with Google and Bing to become the default search engine, because in the world of browsers, that's what pays the bills.

Giving more power to Mozilla hinges on them having a larger user-base so their voice is heard on these technical issues.

I'm tired of people complaining about how much better they could do "if only" this, or that FF was % slower on some tasks 10 years ago.

Firefox is a better alternative. It's the only alternative, and we can make more demand on its direction if we actually use it.

It doesn't mean that we shouldn't hold Mozilla to higher standards, but if we keep waiting for them to be perfect before we will consider using and pushing FF, we're just going to lose the only alternative not controlled by Google or Microsoft.

It's Firefox here and now. There probably won't be a tomorrow otherwise. Google is making that very clear.

Exactly. Also, if some anecdata can help change a mind: Firefox is a really good browser these days. I use it quite heavily, and it hasn’t disappointed in the last three or so years since I switched from Chrome.

About the only use case I still need Chrome for is for sites requiring experimental web APIs not supported by Firefox, such as Web USB or Web Bluetooth. Site compatibility for everything else, including very heavy web apps, is just fine.

History sync is encrypted, which is what made me switch over in the first place (Chrome deactivates history sync when activating end-to-end encryption – go figure…)

I switched to Firefox for the idealogical reasons above and was pleasantly surprised to find that it was a net improvement.

The only site I have compatibility issues with on desktop is MS Teams and even then it's only for voice/video calls, everything else works fine.

Firefox Android is a slightly less happy place. The password manager doesn't work very well (am moving away from the built-in one) and I can't log in on Amazon (which is important because I can't buy Kindle books in the app because of the Play Store).

Interesting. Firefox android works great for me, but Firefox windows gets very slow on my machine. I don't use their password manager on either, though, so I can't attest to that.
> but Firefox windows gets very slow on my machine.

This is why I don't use FF (although I'm on Linux). It's unusably slow for me. My experience is not the most common one (indicating that there's something about my ecosystem that FF hates), but I haven't been able to make FF work in any of the releases starting a couple of years back, I think.

I don't browse on my phone at all, so I won't be using FF there purely for that reason.

Firefox Android OOMs whenever it sees an article from The Guardian.
This is just more anecdata, but I'm exclusively using Firefox on Android and have never had issues with The Guardian. In fact, at this very moment there is a Guardian article linked on the front page, and I've visited it without an issue.

I don't doubt your experience, but it's clearly not universal.

In addition to just using Firefox, people can donate to the Mozilla Foundation. I give a few bucks every month.

https://foundation.mozilla.org/en/who-we-are/

Almost none of that money goes to the development of Firefox though.
That which is claimed without evidence can be dismissed without analysis.
The same thing can be said about the opposite stance you are taking. The question is: do we already know things, and how easy are the things we don't already know to look up?

Regardless, I have Googled this for you: please return the favor by helping others learn to use search engines in the future before leaving comments insinuating that they are lying.

The tldr (as you'll probably insist on that also) is that Firefox finds Mozilla, not the other way around, as the latter is a non-profit while the former is a FOR-profit, so Mozilla actually can't directly fund Firefox.

https://www.reddit.com/r/firefox/comments/ow9k0y/is_there_a_...

https://www.reddit.com/r/firefox/comments/a98gmi/donations_t...

https://news.ycombinator.com/item?id=24200395

Much of it goes to policy issues like this very one, and to government education about these kinds of things, and to other important efforts closely aligned with this exact issue. Mozilla does both "advocacy" and "product" and that two pronged fork exists to serve people and the web, not massive ad companies.
Sad that the broader message of this post was ignored in favor of “but you should use Firefox” replies.
> Who has been mismanaged for at least a decade

Do you think Google is better managed?

One has a browser that has +60% market share, the other went from ~55% to 3%.

One company dominates "the Web" and pulls these shenanigans all every other year, the other one is totally dependent of the former to pay their bills.

So yeah, Google has been better managed than Mozilla. That doesn't invalidate Google's execs are a bunch of lizards on the now common SV ego trip and screw up all the time, but they can and ensure they can continue to do so, Mozilla is not in the same position and part of blame must be attributed to them.

Dwindling market share of firefox is pretty much not related to how the mozilla foundation is managed. They had 55% of the market when the only competition was:

- ie6 which was a security nightmare for everybody

- browsers like Opera developed by very small companies against which competition was more based on merit

The only way for Mozilla have been able to maintain its market share against chrome would have to manage to reach both these requirements:

- build the #1 smartphone OS in the market in term of market share to have it preinstalled everywhere

- build the #1 search engine in term of market share to advertise using it everytime the user search for something.

Both feats requiring:

- financial means that were out of reach from the Mozilla foundation at any moment in time regardless of its management.

- giving up on mozilla ethics and values to be on same level as the definitely evil competitor.

And what happens when website owners decide supporting Firefox is not worth it?
So many sites don't work correctly in Firefox. Chrome is the new IE6.
Such as? Everything I care about works fine. I've no idea what people are referring to when they say sites don't.
I have had a couple of banking websites, I want to say wellsfargo corporate card login in, as well as video conference sites.
If a website doesn’t work in Firefox (due to a bug in Firefox or the website or because the website blocks Firefox), please file a bug report on https://webcompat.com/

Mozilla developers will then try to reach out to the website’s owners, add a fix or workaround in Firefox, or (as a last resort) spoof Chrome’s User-Agent string to bypass the website’s Firefox block.

In some sense, doesn't the existence of that site kind of strongly indicate that the GP's point is correct. That there are spotty incompatibilities?
Yes, but incompatibilities can’t be fixed if they’re not reported.
I use firefox for everything. The only site I know that doesn’t work is an internal app at my work that was written in FileMaker pro. I just use Edge/Safari for that one.
I use Firefox as a daily driver. And I never encounter these sites. Perhaps we are not surfin on the same pages? Do you have a list of these pages?
Is your firefox rendering google maps the same sharp (vectorized) as in chromium? In my firefox it seems not so sharp and rasterized (tiles?), but might be related to some privacy plugins/settings I'm using.
I didn't compare or realize that. So if you are right and most probably you are, I suppose I am not that interested in that sharpness.
I very occasionally run into these, and keep Chrome as a backup browser. I suspect it's as often to do with adblocking though - I have no content blockers on Chrome.

Firefox performs way better and is a more pleasant experience. (This is a fair comparison because my ad-laden Chrome experience is internet as Google intends!)

Firefox is my daily driver on all my computers and smartphones. There are some hiccups, often with obscure websites and airlines. Most of them better be avoided anyways. However, Slack and Microsoft Teams don't function properly in Firefox.
The same that happened to the ones who decided to stick with powered by IE.
It will be annoying if bank sites and other companies that are hard to avoid drop Firefox support (I mean I can switch banks I guess but it is a long term customer relationship, I don’t really want to).

Most websites aren’t bank websites. If a website doesn’t support Firefox, leave. If a website doesn’t support good old HTML, it is probably made by some kind of dummy who is trying to replace lack of content with glitz, this sort of person shouldn’t be listened to.

It would be much less likely if we could get the market share back to 2010 levels.

Is that a realistic goal? I don't know, maybe not, but it seems like there's little will even in tech to try.

There was a time when tech was the biggest driver of alternate browser adoption, and even managed to make serious inroads into the mainstream. It's a huge shame that this attitude seems long gone.

(As someone writing this in FF, being a Mosaic/Netscape/FF user for ~30 years)

No that ship has sailed.

It would mean focusing on developing the best browser and spending money on marketing so people download and install the best browser. Cut every other expense. Take FF from the politics of Mozilla and make it a real open source project.

If I look at Opera marketing, they seem to aim for young people with themes and video integration.

I do think FF has no vision and no clear strategy to get back market share, even it this is the only way to save the web. Perhaps market share isn't even their goal, I have no clue what they want.

(comment deleted)
> There was a time when tech was the biggest driver of alternate browser adoption, and even managed to make serious inroads into the mainstream. It's a huge shame that this attitude seems long gone.

I think that was just a side effect of browsers like Phoenix/Firebird/Firefox and Opera offering numerous tangible benefits over IE and the other browsers of that era.

They offered things like better functionality, better security, better extensibility, better performance, better ad blocking, and so on.

There were many compelling reasons to switch to them, and many compelling reasons to suggest them to others.

I could easily show less-technical users how those browsers could make their lives better in many ways.

For a while now, though, that just hasn't been the case. Using Firefox today, for example, doesn't really leave most people any better off, but it does come with its own set of new problems. I can't bring myself to recommend it.

The best time to switch back to Firefox was 10 years ago.

The second best time is today.

Maybe it's too late, maybe it's not, but it's literally the only option we have if we want an open web.

At this point, anybody who runs Chromium is just enabling Google and has become part of the problem.

I never have any real issues with Firefox, and when I do I simply don't use that site. I have my girlfriend and mother using Firefox as main browser on desktop and mobile, with uBlock Origin and they've never complained.

I did have issues during an interview in Microsoft Teams refusing to play my video. "Your browser is not supported", yeah fuck you it's not supported. I explain why, ask if we can switch to Hangouts and send a link.

Works fine, if more people had the balls to do the same we wouldn't be in this situation today. It's our duty to educate people instead of conforming to the path of least resistance.

Then Firefox users decide visiting those websites is not worth it
You mean Brave
Brave runs on Chromium; I am sure if WEI helped some crypto scheme for attention token it would be embraced there. But not as relevant as this relates to the "on by default" nature of these tools to validate web viewers.
[flagged]
(comment deleted)
I suppose this is more important.

When the usage metrics drop for Chrome based browsers they would need to start respecting other users, instead of just ignoring them.

Currently they can just ignore the users and continue as they do. As the rest would not hint a dent on their bottom line.

Exactly. I use Firefox for everything. It renders all the pages fine and is speedy enough so that I never question its performance. But even if it had some issues, those were minor compared to the danger the web is in now.
Firefox' killer feature on mobile is that it supports uBlock Origin, while Chrome doesn't. Browsing the web without it is horrible -- the screen covered in popups with tiny Xes. There's a decent fraction of the time that you can't even read the content underneath. Firefox solves all that.

However.

Try opening any article from The Guardian on Firefox mobile. Even a good phone will start feeling sluggish and laggy and weird. An old phone will just go catatonic, get hot, and OOM the whole browser.

Surely this is partly The Guardian's fault. (Should it surprise me that the paper that poses "left" for the upper middle class is also incompatible with any but corporate software from Big Tech?)

But it's also definitely Firefox' fault too. Something is wrong with the implementation. If Chrome can render these sites smoothly, Firefox should be able to.

Firefox would only have an excuse if Google had some special APIs on Android, or were doing something to actively sabotage the Firefox experience. I'm not willing to get quite that paranoid yet.

There are some other browsers, but who the hell wrote them? How much of what you see in the app store is legitimate open source, and how much is OSS that some opportunist put their own trackers into? I'd love a good alternative, but I don't see a lot worth trusting.

So it's Firefox for most things, and Chrome when Firefox gets all slow and laggy. Or, Firefox for news articles, and Chrome for businesses' websites.

Firefox mobile on Android, ublock origin and darkreader installed. No lag on guardian articles on a pixel 6a.
Obligatory mention of WebKit/Safari.
Is it just me or does this sound a lot like the DPOS solutions offered by many scammy ponzis under the name of a blockchain/cryptocurrency?
This is a crisis of our own making. You don't want Google taking decisions for the web at large? Then don't let them own 85% of the browser market share. When that's the case they don't need W3C or anything to implement whatever they want, they effectively control the client-side internet.
It's proven that mass marketing works. Tell me how a minority of informed and caring users can avoid on their own that a single large scale bad actor pours millions over millions of dollars to convince the uninformed masses about whatever they want. It even happens in actual elections when some factions use misinformation campaigns to alter the average voter's perception! So not an easy task to solve without help.
Totally. In most things, you need to have the ability to trust that users will make (or at least see) the right choice even over multi-million marketing initiatives. Given today's people and today's marketing, I'd say we're properly fucked.
>Tell me how a minority of informed and caring users can avoid on their own that a single large scale bad actor pours millions over millions of dollars to convince the uninformed masses about whatever they want.

Firefox.

No, not Firefox of today; I'm talking about Firefox 20 years ago that defeated IE6 by sheer force of nerds alone.

Of course, the landscape is vastly different now and Firefox today is about the most not-nerd thing next to Chrome. If there's a a browser here to save us anywhere, I'm not seeing it.

> Firefox 20 years ago that defeated IE6 by sheer force of nerds alone.

Firefox was significantly better than IE though: it was faster, had more features, and things like that. This is what made Firefox popular, not "sheer force of nerds".

Chrome, when released, also had some significant improvements to Firefox. In particular, it was loads faster. This changed with "Firefox Quantum" (59 IIRC), but "too little, too late" I guess.

Firefox was better than IE6, but it was the sheer force of nerds that dragged it across the finish line because neither the enterprise nor the general population otherwise cared.
What does that even mean? People used Firefox because it was better. It's that simple. No one forced anyone to use anything.
People used Firefox because it was installed on their computers by the neighborhood nerd. Something similar must happen now. People have to cease using gmail, google search and google maps.

Alternatives need to be built and advertised.

People used Firefox because their nerd friend or family member helped them download and install it. We got to 100 million downloads almost exclusively on word of mouth. It's not enough to have a better product, people have to learn about it and we did that with SpreadFirefox and other efforts I helped initiate so I'm very familiar with this. You don't have to trust my appeal to my own authority here, but I doubt you've got anyone closer to Firefox's early growth than me so maybe worth listening.
Firefox was not faster than IE. We lost on pageload, cold and warm start, new window, pretty much everything.

Firefox was better because it had tabbed browsing, integrated search, pop-up blocking, and extensions, but I was responsible for monitoring our perf back then and I can say for certain that we were not faster.

One of the things that led to Google's current dominance is folks like us (certainly me, at least) pushing folks to replace their default IE installation with Chrome as soon as they set up a new computer.

I hope, pragmatically, something similar might happen with this: say that Brave (my daily driver) disables WEI in their Chromium build, and a new Chromium-derived browser surges in popularity... like judo, using their own power against them.

What's wrong with Firefox?
In the last few years (or in the first few), not much. But there was a time where Firefox was difficult to recommend for performance reasons - I think it's right when they switched XUL iirc. To me that's what afforded the then-competition (Opera, Safari, Chrome) to start to eat the market share. It's why I switched to Chrome for a while (before everything was Chrome).
Since Google controls the implementation and the featureset of this API, they are effectively controlling the entire chain of access.

Having open source implementions does not make a difference, because a Google, or implementing website, server will control whether the content is served. Having the mechanism of access open sourced makes no difference in this situation.

It is the same situation with the "latent" passkey attestation mechanism. Apple and Google have general guidelines that the feature will not be used, but that only true currently. This should not be part of the browser for the same as with passkeys, it gives corporations final say in what you are allowed to use.

I was watching a video about nesting in CSS and how it's just in Chrome and comments were all about how cool it is and how they can't wait to use it, and so on, and so forth. I think it's quite a representative example: we can do that much better with SASS today, but I guess Google needs to keep features pushing at full speed so no one else can keep up.

We developers are so gullible. Just give us some shiny things and we don't even realize they're heating up the pan.

> I was watching a video about nesting in CSS and how it's just in Chrome

Nested CSS is supported in the latest version of all major browsers.

https://caniuse.com/css-nesting

It will be supported in Firefox 117, the latest release is 115 and needs you to manually enable a feature flag.

The center row of versions with the gold border is how caniuse indicates the current release.

Thanks for the correction!

I hovered over the green box for Firefox 117 and it said “Released”. I see now that for browser versions that have actually been released, it says “Released <release date>” and it’s just a very misleading bug because all unreleased browser versions will just say “Released”.

One of the proposals for WEI is to make it probabilistically fail.

Ie. on a given device, for 10% of websites, WEI pretends to be unsupported.

That means websites can't deny service where WEI is unsupported. Yet it still allows statistical analysis across bulk user accounts.

If WEI was implemented like this, I would support it as being good for the web ecosystem.

This is the bait to make it sound reasonable. Of course this hold-back feature will be quietly disabled at some point in the future. The whole proposal is full of weaselly half truths and misrepresentation about their real plans
> this hold-back feature will be quietly disabled at some point in the future.

Will it though? Googles main reason for WEI I assume is to combat ad-fraud. Ie. to prevent someone making a bot farm to click ads to earn money from advertising or exhaust competitors ad budgets or manipulate search engine user ranking signals.

With WEI, all ad clicks without WEI could just be ignored (ie. not billed to advertisers, ignored when calculating statistics and signals). If 10% of clients have WEI 'cloaking', you just inflate the final advertising bill by 10% to account for those users - the end result is the same as billing for all real users and no bots.

WEI still achieves all of Googles goals even with cloaking.

As the middle man Google benefits from ad-fraud and has few incentives to really stop it. Ad-blocking is a real problem for them however, and they have huge incentives to prevent that. Ignore what they say - that's what WEI is actually about.
Googles main business is ads on google search. Here they aren't a middle man.

Companies give google $X, and hopefully sell Y extra products. X/Y is the cost per sale. Google competes with other advert forms (eg. TV/radio/newspaper ads) on that X/Y number.

If there is ad fraud, that Y number gets decreased (budget is used up on fraud that doesn't translate to sales), and their revenue decreases as advertisers spend their ad budget on other mediums.

>Will it though? Googles main reason for WEI I assume is to combat ad-fraud. Ie. to prevent someone making a bot farm to click ads to earn money from advertising or exhaust competitors ad budgets or manipulate search engine user ranking signals.

Right. And so I ask this question: Why should I be forced to donate my data, CPU cycles, network bandwidth and privacy to one of the largest corporations in the world so they can address an issue (ad fraud) between them and their customers?

I'd note that I am not a customer of Google or their advertisers. Because advertisers are the only real customers of Google.

Edit: Clarified my point.

That’s a silly proposal that will eventually be turned off as it causes issues. Users will complain that sometime websites are broken for no reason and the first proposed fix would be to turn the failure probability to zero. Then the zero failure setting will become the default.
Also if Netflix or Twitter decide to require device authentication they can give you an error message and instruct you how to turn the holdback feature off
And what guarantees do you have that the probabilistic failure rate won't be turned to 0 at some point in the future?

Except for Google's pinky swear, I mean.

Workaround: check WEI across 4 domains, P(failure) = 0.000001%
The attitude from Google towards this has changed significantly over the last few days (unsurprisingly).

From the "explainer": "we are evaluating whether attestation signals must sometimes be held back [...] However, a holdback also has significant drawbacks [...] a deterministic but limited-entropy attestation [i.e. no holdback] would obviate the need for invasive fingerprinting".

From the Google worker's most recent comment on the issue: 'WEI prevents ecosystem lock-in through hold-backs [...] This is designed to prevent WEI from becoming “DRM for the web”'

So, in other words, WEI could be used to prevent fingerprinting, but won't be able to if holdback is introduced -- 5-10% of clients would still get fingerprinted.

Looking at the list of "scenarios where users depend on client trust", all of them would be impacted by a holdback mechanism:

- Preventing ad fraud: not for the holdback group

- Bot and sockpuppet accounts on social media: not for the holdback group

- Preventing cheating in games: not for the holdback group -- and thus not for anyone playing against someone in the holdback group

- Preventing malicious software that imitates a banking app: not for the holdback group

In other words, if there was holdback, WEI would require places which currently fingerprint to retain and maintain the fingerprinting code and apply it to fewer users, in the best case, or would be completely useless in the worst case (for things like games).

However, it's also quite interesting to look at the implications of successfully attesting a browser which supports arbitrary extensions:

- Preventing ad fraud: install an automation extension

- Bot and sockpuppet accounts: as above

- Cheating in games: install an extension which allows cheating

- Malicious software which imitates a banking app: a malicious browser extension could do this easily.

In other words, unless you attest the browser with its extensions, none of the trust scenarios outlined in the explainer are actually helped by WEI. It's not obvious whether the Google employee who wrote this deliberately didn't think about these things, or whether the 'explainer' is just a collection of unconnected ideas, but it doesn't appear to hold together.

It is not surprising that the first target of WEI -- Chrome on Android -- does not support extensions.

Here's how this goes:

WEI randomly fails, website sees it, has never implemented any error checking (or fails on purpose without WEI), WEI becomes effectively mandatory.

Google is a gun manufacturer telling people on the other end of it "don't worry, every one in 20 bullets doesn't fire".

That's currently just an idea in the 'Open questions' section of the spec, but there is already pushback against it from others closely involved in the spec & discussion around this (https://github.com/RupertBenWiser/Web-Environment-Integrity/...) and notably the attestation feature Google already shipped on Android for native apps in the same situation does _not_ do this.
The antifraud company that worked with Google on the WEI proposal is already calling for the removal of holdouts from the spec[0], because:

- Attestation does not work as an antifraud signal unless it is mandatory - fraudsters will just pretend to be a browser doing random holdout otherwise.

- The banks that want attestation do not want you using niche browsers to login to their services.

[0] https://github.com/RupertBenWiser/Web-Environment-Integrity/...

If you have 50% of people having adblock then websites loosing 10% of traffic because of WEI probabilistically fail it still seems like win for big tech if they force user to their approved unmodified OS/browser.
Is Brave browser safe from this considering it uses Chromium?
I guess they could un-cherrypick this 'feature', but that doesn't mitigate google or publishers requiring a response from this API, in order to serve a request.
Not a lawyer but this seems ripe for antitrust action. Microsoft got sued back in the 2000's for simply bundling IE with their operating system. The behavior of Google (and quite frankly Microsoft with Edge) seems way way worse than whatever MS was doing when they got sued.
But MS still bundles IE, and they've gotten more pushy about it lately.
(comment deleted)
I'm sick of these guys trying to break the web. From now on it's personal. We need to make sure that Google gets very hurt, and ideally they are wiped out from our industry.
Apple would be in the position to fight this.
"Apple already shipped attestation on the web, and we barely noticed"

https://news.ycombinator.com/item?id=36862494

And somehow this barely registers on HN, there have been over thousand comments on WEI this week, this was mentioned maybe in 5 (few of them mine - yes I'm repeating this point because it is important).

Attestation bad. Chrome is just catching up to what Safari is already doing, with in fairness more open standard.

We need to kill both.

All of the major tech companies are in on this. Google and Apple already deployed it for their phone and desktop platforms (iOS, Android, macOS, ChromeOS, all support attestation already). Microsoft is getting there with Windows 11, and all new devices shipping since ~2015 have the hardware support. Google is now closing the gap on desktop browsers.

Soon the percentage of people supporting it will be high enough to make it mandatory - the last 5% can just get a new device or something like that. They'll do it when their bank website tells them so.

The day Cloudflare flips the switch to require it for all connections is the day the open web dies.

Thanks for the info, i wasn't aware of that at all.

> They'll do it when their bank website tells them so.

Right.

> The day Cloudflare flips the switch to require it for all connections is the day the open web dies.

Makes sense and unfortunately seems realistic.

apple is one of the bad guys before the bad guys know they're bad guys..they already implemented this stuff
This is googles answer to the threat LLM pose to their search engine - cement their ad business into the core protocols.
Is there no EU regulation against this?
Careful, with the right arguments from Google the EU might just make this mandatory in the name of "security".
And if they prohibit it, Google will just pay a several billion dollar fine. At the end of the day, it's just a cost of doing business. Something like an extra 2% tax raise or something. Whatever. Dividend time.
The EU is at the forefront of wanting only "real people" online. So no, if anything digital identity is squarely within what would appease the EU
It looks like they do not care if they have consensus or approval for WEI, they are implementing it regardless.

Wherever you live, you should contact your government representatives and regulators and put a spotlight on this issue for what it is--monopoly abuse of power.

Grassroots efforts are great and it is good to let your friends, family, and associates know what they are doing and why it is wrong. However, government regulation of this abuse is needed to stop it by force of law.

Why do you think they don't have consensus or approval from all the people that matter? This is far too big for that. Google, Apple, Microsoft, Cloudflare, etc, are all working together on this. Governments will like it for "security", and 99% of users won't care.
That looks an awful lot like a cartel.
No, this is how industries work. The slaughterhouse industry body does not ask the cows for their opinion.
> Google, Apple, Microsoft, Cloudflare, etc, are all working together on this.

Are they? Is there any evidence those companies support the proposal? I haven't seen any statements to that effect, but I might have missed something.

Perhaps this specific proposal is only Google's doing, but the concept in general, absolutely.

For example, these provide essentially the same attestation service for native apps consuming APIs, validating that the phone is not rooted, and the OS and app are unmodified:

https://developer.android.com/google/play/integrity

https://developer.apple.com/documentation/devicecheck/

Apple and Cloudflare combined to take it to the browser last year and basically no one noticed:

https://blog.cloudflare.com/eliminating-captchas-on-iphones-...

Of course that will be hooked up to Google's new thing as soon as possible!

Microsoft has also been preparing it with the whole TPM integration in Windows 11 and mandatory inclusion of such hardware in all prebuilt PCs since ~2015. That's what the Chromium integration builds on - Google can't actually do the foundation for this themselves on Windows.

You can absolutely bet that all of these companies are on board with whatever Google is doing.

I know about the Safari captcha system (the only one of those that's truly analogous to WEI). Nobody cared about it because Safari's market share is very small. I would care if those companies jumped on the Google proposal because Google has the market share to force this through and make it ubiquitous, which is why I was wondering whether those companies had come out in support of this specific proposal. If they had/will, that would make WEI totally inevitable.
I imagine we'll seem them "come out in support" by quietly deploying the feature in their browsers.
Apparently the proposal is working its way through the W3C, so they'll have to take official and public positions on it eventually.
Interesting, I'll have to follow that.
The web stopped being open when W3C accepted EME. Now that effectively Google IS the web, they don't even have fake attempting to convince anybody and will just turn the web into another proprietary technology.
> The web stopped being open when W3C accepted EME

The web was more open when to play those videos you had to use a proprietary Flash or Silverlight plugin?

> The web was more open when to play those videos you had to use a proprietary Flash or Silverlight plugin?

That's what you are claiming with your sarcasm hidden behind a rhetorical question, I've never said anything about Flash or Silverlight in the comment you've answered to.

There is absolutely no difference from a conceptual perspective between EME implementation and proprietary plugins, EME is necessarily based on a proprietary spyware, but you can't fathom that fact apparently.

Flash wasn't just DRM though. Incorporating video and animations into the web proper through browser was a win for the web despite the bitter pill of not ridding ourselves of DRM.
> Flash wasn't just DRM though. Incorporating video and animations into the web proper through browser was a win for the web despite the bitter pill of not ridding ourselves of DRM.

DRM as implemented by EME is necessarily a closed source, proprietary plugin just like Flash, I never said that Flash was just a DRM. Flash could be used as DRM system, in fact its video format FLV supported DRM.

You said the web stopped be open when EME was accepted.

But as you just noted there is no conceptual difference between EME and the proprietary plugins that it replaced (Flash based and Silverlight based video players).

So how does replacing something with something else that is conceptually not different change that status of the web from open to not open?

> You said the web stopped be open when EME was accepted.

Neither Flash or Silverlight were ever web standards. Flash was never accepted as a web standard. EME is a web standard.

EME is as bad as Flash or Silverlight from a conceptual perspective. EME has no place in web standards, no more than flash.

Again, it's you who brought up Flash and Co, I never brought it up.