30 votes

Google to block embedded browser frameworks starting January 4, 2021; likely includes non-Safari WebKit

37 comments

  1. tindall
    Link
    My reading of this is that Google wants to narrow down browser competition further. They are disallowing browsers with any of the following features: That's a large swathe of the non-Chromium,...

    Google will attempt to block logins from "CEF-based apps and
    other non-supported browsers." Presumably "non-supported browsers"
    likely includes non-Safari WebKit, considering how much time I spend
    trying to develop user agent quirks to suppress Google's unsupported
    browser warnings on Gmail, Google Docs, etc. I guess we will find out
    on January 4.

    My reading of this is that Google wants to narrow down browser competition further. They are disallowing browsers with any of the following features:

    Server-side rendering, HTTPS proxy, Replay requests, Rewrite HTTP headers, Headless browsers, Node.js, Text-based browsers

    That's a large swathe of the non-Chromium, non-Firefox browsers out there. Safari, of course, has enough market share to survive, and while this is a real security measure, it's being implemented in the most hostile possible way, including a notification e-mail to the maintainers of WebKit basically saying "your browser (except in the Apple implementation, which we can't get rid of) will be banned from using the most popular webapps around and there's nothing you can do about it."

    The proprietarization of the web marches on.

    35 votes
  2. [26]
    Adys
    Link
    Comments on HN here, and I do recommend reading them. Here is Google's justification, announced in April of 2019. In summary: Google will block sign ins to their site from embedded browsers. I...

    Comments on HN here, and I do recommend reading them. Here is Google's justification, announced in April of 2019.

    In summary: Google will block sign ins to their site from embedded browsers.

    I don't really like the way some people are trying to frame this; there's legitimate potential concerns to be had wrt. smaller third-party browsers, and they're sure to be drowned out in misinformation such as "You need Chrome to use Google". The idea that it's a "proprietarization of the web" (@tindall) is far-fetched. This isn't "the web", it's "Google".

    Like, this isn't even a new thing; it used to be pretty common to just throw a "we're not letting you log in because we don't trust you based on your user agent" type page to some apps.

    The way I see it, personally: My Google account's authentication safeguards a ton of extremely valuable information. I have four companies behind GSuite auth, and a 13-ish year old personal account behind it as well. Lots of the services I use are using Google as oauth provider. This is one of those cases where, yeah, I'll take security pragmatism over purism.

    7 votes
    1. [13]
      tindall
      (edited )
      Link Parent
      Tell me with a straight face that this won't have a huge negative effect on smaller browsers, just as mentioned in the mailing list. Seriously. As I mentioned, there are a million ways they could...
      • Exemplary

      Tell me with a straight face that this won't have a huge negative effect on smaller browsers, just as mentioned in the mailing list. Seriously. As I mentioned, there are a million ways they could have done this that are less hostile, less damaging to legitimate users, and less abrasive.

      it used to be pretty common to just throw a "we're not letting you log in because we don't trust you based on your user agent" type page to some apps

      I take it you haven't used Firefox on Linux in a while. This is very common, and it sucks. But Google is not some random web app. It's very important to a lot of people; it may not be "the Web" but it's a big part of it for many.

      Edit: looking through the HN replies as suggested, and seeing things like this:

      My default browser is one I built, and it hasn't worked with Google auth since they disallowed auth from CEF. Not warned, put captchas in front of, etc but disallowed.

      Breaks my heart. Why? How does this make your account safer than just forcing 2FA on all accounts, or other security measures? No. Even if this isn't about narrowing down workable browsers in the market, that is what it will do.

      27 votes
      1. [6]
        Deimos
        Link Parent
        I use Firefox on Linux as my primary browser, and spend far too much time on the web. I can't think of a single site that's blocked me because of it. Can you list three examples?

        I use Firefox on Linux as my primary browser, and spend far too much time on the web. I can't think of a single site that's blocked me because of it. Can you list three examples?

        14 votes
        1. tindall
          (edited )
          Link Parent
          In recent memory: my school's student portal (had to change my UA for that to work), Turbotax (changed to just a nag screen recently, so that's improvement I guess), and my old credit union. Edit:...

          In recent memory: my school's student portal (had to change my UA for that to work), Turbotax (changed to just a nag screen recently, so that's improvement I guess), and my old credit union.

          Edit: also lots of stuff, line Namecheap, only recently realized that U2F exists in Firefox, despite it being a thing since at least 2018

          18 votes
        2. stu2b50
          Link Parent
          Pearson myLab or eduLab or whatever it was called only works on Chrome (unless they changed it in the last few years which I highly doubt).

          Pearson myLab or eduLab or whatever it was called only works on Chrome (unless they changed it in the last few years which I highly doubt).

          13 votes
        3. tan
          Link Parent
          Vieple, a web-based video-interviewing platform, refused to let me through with Firefox recently, but allowed Chromium.

          Vieple, a web-based video-interviewing platform, refused to let me through with Firefox recently, but allowed Chromium.

          6 votes
        4. frostycakes
          Link Parent
          I've had problems with Appfolio-based leasing portals recently-- I was unable to download my lease PDF or finish my application for an apartment in Firefox, both on Linux and Android. Even...

          I've had problems with Appfolio-based leasing portals recently-- I was unable to download my lease PDF or finish my application for an apartment in Firefox, both on Linux and Android. Even changing useragents didn't work in this case, had to use Chrome/ium.

          4 votes
        5. teaearlgraycold
          Link Parent
          I don’t think any site has outright blocked me, but a bunch just don’t work.

          I don’t think any site has outright blocked me, but a bunch just don’t work.

          3 votes
      2. [2]
        petrichor
        Link Parent
        For what it's worth, unless the web has drastically shifted in the past six months, I can only remember a single time in my ~3 years of using Firefox on Linux that a website disallowed...

        I take it you haven't used Firefox on Linux in a while. This is very common, and it sucks.

        For what it's worth, unless the web has drastically shifted in the past six months, I can only remember a single time in my ~3 years of using Firefox on Linux that a website disallowed non-Chromium-based browsers (IIRC, some open-source video thing?) - and their users were up in arms over it.

        Now nag screens, sure. Reddit dot com on mobile prompted you to use Chrome (or their app, bleh) for a good long while, the College Board's recent AP test administration gave an extra check to Chrome, but still, nothing too egregious.

        5 votes
        1. tindall
          Link Parent
          I'm glad you had that experience. I may have just been unlucky, though I've heard that others have similar frustrations.

          I'm glad you had that experience. I may have just been unlucky, though I've heard that others have similar frustrations.

          5 votes
      3. [4]
        Adys
        Link Parent
        I do use Firefox on Linux; it's not my primary browser but I use it regularly. I find that captchas are more annoying and that's about it.

        I do use Firefox on Linux; it's not my primary browser but I use it regularly. I find that captchas are more annoying and that's about it.

        1 vote
        1. [3]
          tindall
          Link Parent
          I'm glad that's the only issue you have. That hasn't been my experience. But... Let's say someone was in the same situation as you, in terms of having a lot of stuff behind google auth, and had an...

          I'm glad that's the only issue you have. That hasn't been my experience.

          But... Let's say someone was in the same situation as you, in terms of having a lot of stuff behind google auth, and had an old computer. Say a T430s, my favorite ever laptop. Used Epiphany, because it's quite good on low powered machines.

          Now, to access any of those things behind google auth, they have to deal with slowness or get a new computer, because google Says So ™️. How is that okay?

          8 votes
          1. [2]
            Adys
            Link Parent
            It sounds like Epiphany is supported, though; the problem actually being with in-app embedded browsers (not just merely "browsers built on gtkwebkit"). I gave more context to my line of thinking...

            It sounds like Epiphany is supported, though; the problem actually being with in-app embedded browsers (not just merely "browsers built on gtkwebkit"). I gave more context to my line of thinking lower down the thread if you're curious.

            3 votes
            1. tindall
              (edited )
              Link Parent
              I see where you're coming from, but I just don't trust Google to add any new browsers - say, for instance, Elementary OS's excellent built in browser - to their allowlist. And, as the email says,...

              I see where you're coming from, but I just don't trust Google to add any new browsers - say, for instance, Elementary OS's excellent built in browser - to their allowlist. And, as the email says, it'll be hard to distinguish by user agent.

              3 votes
    2. [6]
      petrichor
      (edited )
      Link Parent
      What I'm seeing in the mailing list, the article, and in about 50% of the HN comments is that Google will block sign ins from embedded browsers and other non-supported browsers. Blocking sign ins...

      In summary: Google will block sign ins to their site from embedded browsers.

      What I'm seeing in the mailing list, the article, and in about 50% of the HN comments is that Google will block sign ins from embedded browsers and other non-supported browsers.

      Blocking sign ins from embedded browsers seems pretty clearly targeted at phishing Android apps. What concerns me is if this Chromium Embedded Framework is used by something like Midori, a GTK based browser. What concerns me much more is that "other non-supported browsers" (very) presumably includes unique or uncommon browsers like NetSurf, or Links, or any non-Chromium non-Gecko based browser competitor. This screams antitrust to me, but it seems likely that any such case against Google related to browsers won't be brought up for years with the current state of the DOJ, and that's scary.

      I get that email - and Gmail in particular, with it commonly being used for OAuth - is for most people, myself included, a single point of failure for their online identity, and that every effort should be made to keep it safe and secure. Blocking embedded browsers, provided it reasonably excludes actual browsers based on WebKit, makes sense, but excluding "other non-supported browsers" provides no legitimate security benefit in my eyes.

      7 votes
      1. [5]
        tindall
        Link Parent
        That won't be the case, I don't think - CEF is a browser engine, like WebKit - but they'll almost certainly be blocking the browsers you're concerned about.

        a GTK / WebKit based browser uses this Chromium Embedded Framework

        That won't be the case, I don't think - CEF is a browser engine, like WebKit - but they'll almost certainly be blocking the browsers you're concerned about.

        2 votes
        1. [4]
          frostycakes
          Link Parent
          I thought CEF was more like Electron in that it was a full Chromium engine implementation instead of just a fork? Isn't that what Spotify and Steam use for their desktop clients?

          I thought CEF was more like Electron in that it was a full Chromium engine implementation instead of just a fork? Isn't that what Spotify and Steam use for their desktop clients?

          1. [3]
            tindall
            Link Parent
            It's neither - it's an SDK for embedding regular, upstream Chromium in your application. Things that use WebKit don't use Chromium, because WebKit and Chromium solve the same problem.

            It's neither - it's an SDK for embedding regular, upstream Chromium in your application. Things that use WebKit don't use Chromium, because WebKit and Chromium solve the same problem.

            1. [2]
              frostycakes
              Link Parent
              If it's regular upstream Chromium being embedded, wouldn't it be somewhat trivial to spoof an application using CEF as just plain Chromium to get around Google's blocking of it? I mean, it's...

              If it's regular upstream Chromium being embedded, wouldn't it be somewhat trivial to spoof an application using CEF as just plain Chromium to get around Google's blocking of it?

              I mean, it's frustrating that developers would have to do that in the first place, but it seems like a simple workaround?

              1. tindall
                Link Parent
                Google specifically says that you're not allowed to do that. I'm pretty sure they'll be doing something more involved than just checking the User-Agent string.

                Google specifically says that you're not allowed to do that. I'm pretty sure they'll be doing something more involved than just checking the User-Agent string.

                1 vote
    3. [6]
      Diff
      Link Parent
      Can't say whether other people are blowing it out of proportions in discussions, I haven't dropped by the HN thread you've linked yet, but at least in the OP link they seem to be evaluating it...

      Can't say whether other people are blowing it out of proportions in discussions, I haven't dropped by the HN thread you've linked yet, but at least in the OP link they seem to be evaluating it properly. Any browser that can't sign into Google services can only see quite limited adoption for quite limited purposes. It can't be used by much of the general population for general internet browsing. Later in the email thread, it appears that they managed to test the new changes and confirm that Epiphany is unaffected for now, but this is still a troubling stance for Google to be taking. They aren't The Web, but they're a part of it that a great many people use. The web should be universal, if a browser can't access a part of it, it takes the blame, not the website.

      3 votes
      1. [5]
        Adys
        Link Parent
        I don't think that's true, to be honest. This comment on HN reflects your argument I believe: But I don't believe they do. All the currently popular web browsers started from fairly major...

        Any browser that can't sign into Google services can only see quite limited adoption for quite limited purposes.

        I don't think that's true, to be honest. This comment on HN reflects your argument I believe:

        Every new browser, by definition, starts out as a self-compiled project.

        But I don't believe they do. All the currently popular web browsers started from fairly major predecessors. Sure, if you track down their ancestry, you'll find Mosaic, or for the most recent example you'll find KHTML. But take the newest mildly popular browser Brave: It's based on Chromium. Servo is one of the first "from-scratch" browsers in a LONG time, and it has to have massive backing from an existing internet corporation because nobody can build this stuff from scratch.

        And if they do, by the time "signing into Google" becomes an actual blocker for the browser, they'll already be popular enough to be included by Google in that whitelist (I mean, if Epiphany today is included…).

        I don't want to defend Google too much on this, they deserve a lot of the heat just from their past behaviour, but this actually sounds like a non-issue, one they warned about a year and half in advance.

        1 vote
        1. Diff
          Link Parent
          I'm not sure I understand the point you're making. If a new web browser project comes into existence, it's only used by the people developing it. Maybe some technical users start using it because...

          I'm not sure I understand the point you're making. If a new web browser project comes into existence, it's only used by the people developing it. Maybe some technical users start using it because it fits their needs. Maybe a few general-purpose users pick it up because it works for them and doesn't break the things they need to not break. But it can't make much progress in the general population if there's something pervasive lurking in there preventing a majority of people from using it for at least one purpose.

          Epiphany already suffers from this a bit. Epiphany is nice, and I use it on my laptop. But on my desktop I use Firefox, because it's my desktop I consume my media on, and Epiphany doesn't support Widevine. People don't switch around web browsers for different purposes, they pick one that works and they stick with it until it stops working for them. "Signing into Google" or "watching Netflix" or "accessing a random obscure website that only works on IE6" is a blocker as soon as one person is turned away from the project because they can't do what they want with their web browser.

          7 votes
        2. [3]
          tindall
          Link Parent
          And decisions like this are exactly why that's true! That Mozilla backing is as much political as technical, especially regarding evolution of standards.

          it has to have massive backing from an existing internet corporation because nobody can build this stuff from scratch.

          And decisions like this are exactly why that's true! That Mozilla backing is as much political as technical, especially regarding evolution of standards.

          5 votes
          1. [2]
            Adys
            Link Parent
            Nah. There's billions of websites out there. HTML and CSS are behemoths, and JS is behemoth squared. Browsers are operating systems right now. If you build a new operating system from scratch,...

            Nah. There's billions of websites out there. HTML and CSS are behemoths, and JS is behemoth squared.

            Browsers are operating systems right now. If you build a new operating system from scratch, "popular HP printers do a weird proprietary thing that only works with Windows" will not be what prevents you from getting popularity.

            It takes so much work to get to the state where things work that, by the time you do, you're bound to be popular: Either it took you decades of work and it's an inhuman achievement that will make itself known by sheer curiosity (and be highly marketable, etc), or it's a massive project that has marketing behind it anyway.

            1 vote
            1. tindall
              Link Parent
              What about my previous example: Elementary OS's browser, which is webkit based and wonderful? It's not from scratch, not hugely popular, but it's a "new browser" from Google's perspective, and to...

              It takes so much work to get to the state where things work that, by the time you do, you're bound to be popular.

              What about my previous example: Elementary OS's browser, which is webkit based and wonderful? It's not from scratch, not hugely popular, but it's a "new browser" from Google's perspective, and to the server, indistinguishable from embedded WebKit outside of the user agent string.

              5 votes
  3. HoolaBoola
    Link
    To me, this is a bit worrying, but not too different from the way DRM blocks most browsers from viewing some content. For example, I can't build a browser and watch Netflix on it because of the...

    To me, this is a bit worrying, but not too different from the way DRM blocks most browsers from viewing some content. For example, I can't build a browser and watch Netflix on it because of the proprietary DRM crap. And multiply this for every one of those hundreds(?) of websites that Mozilla, Google and Apple have agreements with to allow displaying of their content on their browsers. Basically impossible for any smaller browser to accomplish.

    6 votes
  4. Akir
    Link
    I am worried that this might mean they end up blocking WebPositive, the only actively developed native browser for Haiku. Alternative operating systems already have enough of a hard time without...

    I am worried that this might mean they end up blocking WebPositive, the only actively developed native browser for Haiku. Alternative operating systems already have enough of a hard time without being blacklisted by Google.

    5 votes
  5. [8]
    skybrian
    Link
    It seems like this problem could mostly be solved if Google accounts had a “developer mode” that you could turn on that disables some security checks? (Don’t get hung up on the name. Maybe it...

    It seems like this problem could mostly be solved if Google accounts had a “developer mode” that you could turn on that disables some security checks? (Don’t get hung up on the name. Maybe it could be “experimental mode” or “the yolo flag.”)

    The problem is that some Google accounts are much more important than others. Somehow losing my main account would be catastrophic. But I could create a throwaway account, set it to developer mode, and then use that to fool around with experimental browsers.

    How can Google know whether I consider an account to be throwaway or not? They can’t. This really needs to be left up to the user.

    It doesn’t solve all problems, since at some point someone has to decide whether a new browser is finished enough and has a good enough track record for fixing security bugs promptly that unsophisticated users could use it with their main account. But it would make it less frustrating for more-technical users.

    For the list of “trusted” browsers, there is the larger issue of who decides. If you don’t trust Google then this is yet another decision that they shouldn’t be trusted with. But what entity do you trust more than Google to make critical technical decisions like this? I can imagine a government regulator doing it, but I can also imagine them doing it badly. It’s not like the FCC is always right. Many FCC commissioners don’t have a good track record.

    One model that sort of works is the one for certificate authorities. Browser and OS vendors decide who the trusted certificate authorities are, which isn’t great in some ways but at least they are somewhat disinterested and seem to make decisions about which certificate authorities to trust or distrust on bureaucratic, technical grounds. Certificate transparency gives them the insight into a CA’s operations to regulate them effectively. It also helps that one of the organizations making the decisions is Firefox, and there are multiple organizations that loosely collaborate and generally agree on the list.

    It would sort of make sense for big, trusted websites like banks to decide which browsers are on the high-trust list, but this would only be in a world where they are more developer-friendly, technically competent, and transparent about their decision-making. Banks don’t have the track record for this.

    It is similar to how someone competent needs to decide which mobile apps are malware, and ideally there would be a separate organization doing this, but in practice, Apple and Google do it. This lack of a separate organization to do it means we end up second-guessing big tech’s decisions.

    2 votes
    1. [7]
      tindall
      Link Parent
      This really isn't it. Truly. The problem isn't that I want to "try out experimental browsers"; it's that, if it weren't for nonsense like this being so prevalent, my main browser would probably...

      It seems like this problem could mostly be solved if Google accounts had a “developer mode” that you could turn on that disables some security checks? (Don’t get hung up on the name. Maybe it could be “experimental mode” or “the yolo flag.”)

      This really isn't it. Truly. The problem isn't that I want to "try out experimental browsers"; it's that, if it weren't for nonsense like this being so prevalent, my main browser would probably not be either Chrome or Firefox.

      One model that sort of works is the one for certificate authorities.

      Sort of is the operative phrase here. It works so poorly that LetsEncrypt had to come in and essentially put lower-end CAs out of business because they were so predatory and corrupt. I agree that it's better to have more parties working on the list - but that's not even a little bit what's happening here.

      This is one of many chicken-and-egg problems that are constantly screwing over new or different operating systems, browsers, computer vendors, etc. It's the same as the Gatekeeper conversation we had last week - if you aren't popular or well-resourced, you're assumed to be a bad actor, which is a huge barrier in the way to becoming popular and well-resourced. Same with "we don't compile our proprietary software for Linux because it has a small market share". Yeah, I wonder why that is? Probably at least partly because popular proprietary software isn't available!

      All of these issues are commonly painted as not mattering at all because it's "just technical users" who care about them, but the reason that's true is that it's such a pain in the ass to use anything that isn't in the top 2 or 3 in terms of market share! It doesn't matter how good the UX is on free desktops because decisions like this screw us over every single time. I mean, come on, you can't tell me with a straight face that Windows has better UX than, say, Elementary OS in the parts of the system where you're not interacting with proprietary software or nonsense like this.

      3 votes
      1. [6]
        skybrian
        Link Parent
        I think you’re passing lightly over the problem to be solved, though. Like, malware exists, crappy software exists, shady businesses exist, and the average person has no idea how to evaluate the...

        I think you’re passing lightly over the problem to be solved, though. Like, malware exists, crappy software exists, shady businesses exist, and the average person has no idea how to evaluate the risks themselves. Amateur work is more risky. Trusting everyone by default doesn’t work.

        It’s not ideal that LetsEncrypt had hoops to jump through, but they did eventually get through it and became trusted, and it’s good that they could become trusted without trusting every shady person who wants to set up a CA. There needs to be some filter, and nobody knows how to do this gatekeeping in a way that’s not messy. There are just better and worse ways of doing it.

        Carve outs for experiments (like for experimental aircraft) are one way the regulators try to avoid crushing amateurs entirely while still somewhat protecting the safety of the masses.

        I think it would be good to figure out how to advocate for less regulation while still acknowledging that, crappy as they may be at it, the regulators have an important job? And in some cases we have the wrong organizations doing the gatekeeping because if they don’t do it, nobody will, and getting a better organization off the ground is non-trivial.

        5 votes
        1. [5]
          tindall
          Link Parent
          You're conflating "amateur work" and malware. How does me using a browser you think is "amateur work" or somehow shoddy expose you to more risk? My browser usage doesn't affect you. This is also...

          I think you’re passing lightly over the problem to be solved, though. Like, malware exists, crappy software exists, shady businesses exist, and the average person has no idea how to evaluate the risks themselves. Amateur work is more risky. Trusting everyone by default doesn’t work.

          You're conflating "amateur work" and malware. How does me using a browser you think is "amateur work" or somehow shoddy expose you to more risk? My browser usage doesn't affect you.

          This is also "passing lightly over" the fact that the example I used, the Elementary OS flavor of Epiphany, is maintained by professionals employed by Elementary. It is not "amateur work" or "malware" or "crappy". It does a perfectly good job of being a browser, according to web standards, and while it's not maintained by a megacorporation... should that really be our standard for acceptable software?

          Again, you're framing this all as if it's just some tiny niche that doesn't really matter when, in fact, there are quite a few people out there who do not use mainstream software. In terms of percentages it's not big, but that's only because literal billions of people use computers every day.

          3 votes
          1. [4]
            skybrian
            (edited )
            Link Parent
            I'm not very familiar with Elementary so I can't judge. I do think there needs to be some kind of organization that evaluates browsers and comes up with the list of the ones that are trustworthy...

            I'm not very familiar with Elementary so I can't judge. I do think there needs to be some kind of organization that evaluates browsers and comes up with the list of the ones that are trustworthy enough for things like banking. Letting each large website choose based on unknown and probably arbitrary internal criteria doesn't work very well.

            As for how shoddy work can make you insecure, you are aware of all the experts saying you shouldn't roll your own crypto and all the companies that do? But you're right, it's not really an amateur vs. professional thing.

            2 votes
            1. [3]
              tindall
              Link Parent
              I'm sorry, are you suggesting that I shouldn't be able to access my bank with a spec-compliant browser that's not on "the list"? I'm also aware that the most capable and popular and heavily...

              I'm sorry, are you suggesting that I shouldn't be able to access my bank with a spec-compliant browser that's not on "the list"?

              As for how shoddy work can make you insecure, you are aware of all the experts saying you shouldn't roll your own crypto and all the companies that do?

              I'm also aware that the most capable and popular and heavily audited crypto libraries in the world are open source, and in practice, all of these "shoddy" browsers use them.

              Even if I was persistent and naive enough to write my own SSL library as well as my own browser - which would definitely be a security risk for me - in what way does it help you to ban me from using that for my own accounts?

              3 votes
              1. [2]
                skybrian
                Link Parent
                For you, maybe it doesn't? That's why there should be a developer switch. But for consumers buying stuff off Amazon, if there are no standards then random chinese gadgets will have browsers in...

                For you, maybe it doesn't? That's why there should be a developer switch.

                But for consumers buying stuff off Amazon, if there are no standards then random chinese gadgets will have browsers in them ("Internet of shit") and if there is no organization pushing back, there are no standards, and it's a race to the bottom.

                (Or they will just download random binaries, which the software equivalent.)

                Someone has to vouch for them being compliant with the relevant specs, and some of this is about process compliance, things like regular security updates.

                1. tindall
                  Link Parent
                  Even if you genuinely think that that's what "internet of shit" means, and that the right solution to that problem is to only allow certain blessed software access Google services, this is a job...

                  But for consumers buying stuff off Amazon, if there are no standards then random chinese gadgets will have browsers in them ("Internet of shit") and if there is no organization pushing back, there are no standards, and it's a race to the bottom.

                  Even if you genuinely think that that's what "internet of shit" means, and that the right solution to that problem is to only allow certain blessed software access Google services, this is a job for the FTC or some other party that is at least theoretically neutral, not Google.

                  I'm not going to continue arguing about this; we're obviously coming from completely different places, and it's not going to change anything for us to continue to talk past each other.

                  5 votes