In recent news, Google has put forth a proposal known as the "Web Environment Integrity Explainer", authored by four of its engineers. On the surface, it
Actually, they are controlling your graphics driver. If you’re using a custom driver you’ll fail attestation because you have untrusted code in your kernel and/or browser process. I expect this will also fail if you’re using an old driver with known vulnerabilities that allow you to use your own device in unexpected ways.
Ads need to be blocked at a higher level. Get as many as possible to vow to never buy a thing advertised on a webpage. You see an ad, that thing advertised gets a no-buy stamp.
It’s still very much a thing and works fairly well to protect high quality DRM content. People forgot it’s a thing because a regular person is rarely in a situation where it would prevent them from doing something.
Why can’t it? I’m sure Windows allows non-admin processes to get information about active drivers, secure their own memory, and provide attestation that they are secured, provided TPM and secure boot are enabled.
Your TPM unit in the motherboard has more privileges than you do. It attests to the integrity of the kernel, graphics driver included, and the kernel attests to the integrity of the browser and any peripherals.
The major point is not so much whether your browser could block ads - your point regarding the browser ultimately having to render each element is true. The problem is that if the web server gets a request from an unattested browser (such as an old version, or one that has an ad blocker installed), it will refuse to serve any content, not just ads.
Regular people will inevitably get frustrated and we end up in scenarios like “<x browser>is bad, it doesn’t work with <y site>” because of this proposal, and more and more people end up switching until you have to use a compliant (Chromium-based) browser to do anything at all on the internet, and Google’s strangehold on web standards solidifies even further.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
deleted by creator
The browser could just refuse to attest if you’ve got an ad blocker enabled. That’s the whole point of this.
deleted by creator
Actually, they are controlling your graphics driver. If you’re using a custom driver you’ll fail attestation because you have untrusted code in your kernel and/or browser process. I expect this will also fail if you’re using an old driver with known vulnerabilities that allow you to use your own device in unexpected ways.
Ads need to be blocked at a higher level. Get as many as possible to vow to never buy a thing advertised on a webpage. You see an ad, that thing advertised gets a no-buy stamp.
That’s not how people’s minds work, even if you managed to convince everyone to do it.
deleted by creator
It’s still very much a thing and works fairly well to protect high quality DRM content. People forgot it’s a thing because a regular person is rarely in a situation where it would prevent them from doing something.
I’m pretty sure overlay mode was always about performance, not preventing screenshots.
deleted by creator
Why can’t it? I’m sure Windows allows non-admin processes to get information about active drivers, secure their own memory, and provide attestation that they are secured, provided TPM and secure boot are enabled.
https://www.microsoft.com/en-us/security/blog/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/
deleted by creator
You said “Google isn’t controlling your graphics driver”
deleted by creator
Your TPM unit in the motherboard has more privileges than you do. It attests to the integrity of the kernel, graphics driver included, and the kernel attests to the integrity of the browser and any peripherals.
deleted by creator
It’s possible but not particularly plausible.
Someone always finds a way.
The major point is not so much whether your browser could block ads - your point regarding the browser ultimately having to render each element is true. The problem is that if the web server gets a request from an unattested browser (such as an old version, or one that has an ad blocker installed), it will refuse to serve any content, not just ads.
Regular people will inevitably get frustrated and we end up in scenarios like “<x browser>is bad, it doesn’t work with <y site>” because of this proposal, and more and more people end up switching until you have to use a compliant (Chromium-based) browser to do anything at all on the internet, and Google’s strangehold on web standards solidifies even further.