45 votes

Unpacking Google’s new “dangerous” Web-Environment-Integrity specification

12 comments

  1. [7]
    AboyBboy
    Link
    Good article but some of this seems weird coming from Vivaldi given that their browser is chromium based.

    Good article but some of this seems weird coming from Vivaldi given that their browser is chromium based.

    10 votes
    1. [6]
      scherlock
      Link Parent
      Chromium is open source . Yeah it's backed by Google, but it is still open source. Loads of browsers are built off Chromium. Browsers built off Chromium still have complete control over the...

      Chromium is open source . Yeah it's backed by Google, but it is still open source. Loads of browsers are built off Chromium. Browsers built off Chromium still have complete control over the runtime behavior of Chromium.

      10 votes
      1. [5]
        vord
        Link Parent
        The point though is that if Google decides to push a massive feature though on Chromium that does things like ban adblockers, forks are going to have an increasingly hard time maintaining a diff...

        The point though is that if Google decides to push a massive feature though on Chromium that does things like ban adblockers, forks are going to have an increasingly hard time maintaining a diff that doesn't do that.

        Chrome is an IE6 situation. I've full-blown got websites recently that don't support anything but Chrome. And I consider browsers based on Chromium to be little more than those UI wrappers we had for IE6 back in the day.

        14 votes
        1. [3]
          ComicSans72
          Link Parent
          And by using it they're supporting the same hegemony they're complaining about here. "We can't afford a web controlled by one company, also were using a rendering engine for our product that's...

          And by using it they're supporting the same hegemony they're complaining about here. "We can't afford a web controlled by one company, also were using a rendering engine for our product that's entirely controlled by one company".

          12 votes
          1. [2]
            vord
            Link Parent
            I don't disagree. I don't use Chrome skins for that reason. But also, there's little point to Chromium being open if this isn't possible either..is it?

            I don't disagree. I don't use Chrome skins for that reason.

            But also, there's little point to Chromium being open if this isn't possible either..is it?

            4 votes
            1. cutmetal
              Link Parent
              I think the normal response to that is: Chromium is open source because Google once cared about being seen as a company with an open-source browser. They got (and still get, to a lesser extent)...

              I think the normal response to that is: Chromium is open source because Google once cared about being seen as a company with an open-source browser. They got (and still get, to a lesser extent) buy-in from folks like us who care about that sort of thing.

              3 votes
        2. raze2012
          Link Parent
          But that's the advantage of open source: Google does something that unpopular and some other major browsers will simply fork to not include that to advertise as a feature. But Google has no reason...

          But that's the advantage of open source: Google does something that unpopular and some other major browsers will simply fork to not include that to advertise as a feature. But Google has no reason to bother with that given that it's the current market leader.

          With all that said Firefox has been my main browser for all of 2023 and I've yet to find a web page that struggles to open. Only issue is some Samsung page that does not like my beta mobile version of the app. The only thing keeping me from making a full transition is the lack of translation add on for mobile (FF mobile still misses most add-ons outside of privacy trackers/ad blockers without some 10 step workaround that may or may not work in the long term).

          6 votes
  2. UP8
    Link
    Important topic but a poor article, I think.

    Important topic but a poor article, I think.

    6 votes
  3. [4]
    PlasticMonkey
    Link
    I do agree, Google isn't the most trustworthy company out there, but I also take anything from a competitor or company in the same space, with a pinch of salt. It's easy to throw negative news on...

    I do agree, Google isn't the most trustworthy company out there, but I also take anything from a competitor or company in the same space, with a pinch of salt. It's easy to throw negative news on the competition if it makes you look better. I'm not saying they're blowing it out of proportion (I use DuckDuckGo myself), but I'm getting a bit tired of the "whoo-ha everyone is out to get you" messages out there.

    1 vote
    1. vord
      Link Parent
      Yea but when the primary driver of the browser development is dependent on ad revenue, its quite clear to see where this is headed. Pushing for a standard like this will insure only big player...

      Yea but when the primary driver of the browser development is dependent on ad revenue, its quite clear to see where this is headed.

      Pushing for a standard like this will insure only big player browsers (Chrome, Edge, Safari, Firefox maybe) get certified. Uncertified browsers will be considered insecure, and thus support for most media playback (because that's what this is about) will fall off. Probably banks and other security-sensitive sites too will require this. Also ad-dependant sites because you can bet all the major ad players will hop on this instantly.

      It is absolutely threat to an open web, it's literally walling off the creation of a browser for any platform. Good luck getting marketshare if Youtube doesn't work because Google won't sign your browser.

      Vivaldi in particular has good reason to be concerned, as they'd be a prime target to be excluded from being authorized.

      16 votes
    2. tibpoe
      Link Parent
      I work in technology, although not in web browsers, and I think this article is well-written & has a good assessment of the risks, regardless of who wrote it. This really is that bad. If you'd...

      I work in technology, although not in web browsers, and I think this article is well-written & has a good assessment of the risks, regardless of who wrote it. This really is that bad.

      If you'd like to avoid any bias, the primary source is linked to right at the top of the page: https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

      There's also lots of feedback on this proposal in the github issues, although the author has disabled discussion.

      13 votes
    3. raze2012
      Link Parent
      It may be tiresome but it is true. The degree to how much you care about what software grabs from you will vary from person to person, though.

      but I'm getting a bit tired of the "whoo-ha everyone is out to get you" messages out there.

      It may be tiresome but it is true. The degree to how much you care about what software grabs from you will vary from person to person, though.

      7 votes