Google employee responds to all the negative feedback WEI, (google drm the web)

KoboldCoterie, 10 months ago

WEI’s goal is to make the web more private and safe The WEI experiment is part of a larger goal to keep the web safe and open

(Emphasis mine)

They contradict themselves in the span of 2 sentences. Great look, folks.

exscape, 10 months ago

How is that a contradiction?

The Open Internet (OI) is a fundamental network (net) neutrality concept in which information across the World Wide Web (WWW) is equally free and available without variables that depend on the financial motives of Internet Service Providers (ISP).

Open is not the opposite of private. You can have an open internet where your information is not shared with third parties, i.e. private.

mimic_kry, 10 months ago

The web is currently a communal well. We all drink from it because people before us paid the foundations.

Google aims to be the owner of that well. Like the land and oil barons before them, they wish to monetize every last second of web access.

That same corporation, to spew such vile, ignorant nonsense is…well, I guess it shouldn’t be much of a surprise, should it?

conditional_soup, 10 months ago

My big concern with this and the new digital standard for images that they’re proposing is that it looks to make the internet less anonymous than even in-person interactions. To me, that’s a complete destruction of one of the most valuable features of the internet. To some extent, anonymity is a shield against tyranny; a government can’t exactly come and drag you off for re-education if they can’t tell who made the image mocking the dear leader. No matter who you are or how you identify politically, we should be able to throw our tomatoes anonymously if we do choose, without threat of Google telling the Chinese or American governments who threw them.

bdesk, 10 months ago

This is Troll Trace

argv_minus_one, 10 months ago

New digital standard for images?

Evergreen5970, 10 months ago

I just want to post my little comments online without having it tied to my identity. Why? More people see what I say than in real life, some of them could be crazies. I don’t want my real identity right there for the SWATting the second I say I like to knit because it’s a craft of Satan and his ilk or something. Or more likely, that I support LGBTQ+ rights so blacklist me, and kill me for not following the laws of your religion that considers this a bad thing. I want this hidden behind Evergreen5970 so if you want to hurt me you at least have to put some work in to find me, which is a wonderful deterrent for this behavior.

ozoned, 10 months ago (edited 10 months ago)

This is the part that caught my attention:

Privacy features like user-agent reduction, IP reduction, preventing cross-site storage, and fingerprint randomization make it more difficult to distinguish or reidentify individual clients, which is great for privacy, but makes fighting fraud more difficult.

And we do those things, not because we’re fraudsters, but because we’re trying to protect ourselves from the likez of YOU!

YOU did this, change your model and maybe it’ll be better? Oh! But! Mooooooooney! I forgot. Stupid me.

This is the fucking bully telling the nerd that if he doesn’t just HAND OVER his lunch money, that he’ll get beat. It’s YOUR fault! Not OURS!

Edit: Formatting and added about bully

Edit 2: fixing the formatting of the formatting edit. :-D lol

PenguinTD, 10 months ago

Look at the steps we have to go through? Firefox container tabs just for google products, have to switch to DDG as default after every update, have to keep the browser extensions updated, have to use vpn, tried to not use google open auth when register on 3rd party sites, have to clean the cookies regularly, have to click through those cookie settings visiting a site. Oh, and have to go around the amp link when trying to share a searched image/page result.

ozoned, 10 months ago

lol are you on my machine? :-D

Bipta, 10 months ago

Just wait until tomorrow, next week, next year...

millie, 10 months ago

You know who the least trusted party is here? Not privacy-focused users, not even malicious users and bots. You are the least trusted party here. The greatest point of security vulnerability is giving greater control of what does and doesn’t get seen to a company that’s proven itself to be a bad actor.

Megacorps that feed on our data are the danger. Not just to network security, but to humanity. We don’t want or need you limiting our access to information and to one another so that you can further lock down your pilfering of our personal data and your force-feeding of ads and toxic cultural forces.

The abuse of this responsibility has already caused untold damage to our individual lives, the functioning of our societies, and our actual planet itself. It’s led to the mass promotion of some of the worst ideas in human history, and the diminishment of good will, social cohesion, and personal autonomy. The last thing we need is more overreach.

Leave the internet alone. Go make a game or something.

Melody, 10 months ago

WEI’s goal is to make the web more private and safe

Bull. Fucking. Shit. You do not get to pick and choose who you treat differently based on software level indications. You absolutely cannot justify this technology with fraud-prevention; as your fraud prevention should be baked in elsewhere in your logic chain and service delivery anyways. Developers do not need yet another magic number. Your typical fraudster is going to be an Authenticated Human anyways; and will easily bypass this attestation if this is actually implemented as intended. Because of that fact; this will drive desperate developers to implement this in consumer-hostile and privacy-hostile manners. You cannot simply say “That’s not how it’s intended to be used” and expect those devs to play along with it!

TL;DR: We must not give developers tools that can be abused in ways that run counter to the open internet

WEI is not designed to single out browsers or extensions

Wrong!

You absolutely ARE singling out browsers; particularly ones that may be older or “Un-attestable” for other arbitrary reasons. This will impact a large number of people in the disabled community who may use specific, webpage modifying extensions in order to make the web more usable for themselves.

WEI prevents ecosystem lock-in through hold-backs

This won’t work; your devs will just write other server backend code that is forked off of yours that won’t “hold back”. This is a ridiculously tiny band-aid for a gaping wound that needs stitches;

WEI does not disadvantage browsers that spoof their identity

Wrong again! You cannot trust developers and companies with financial motivations and interests to not mark spoofed browsers as fraudulent; nor can you obligate them to treat them exactly the same as a properly attested browser agent.

Let’s work together on finding the right path

This proposal is not working together! This is a blatant attempt by Google and Alphabet to further bully it’s dominance over standards for the financial gain of itself and it’s partners. Please don’t pretend otherwise.

Zyansheep, 10 months ago

your devs will just write other server backend code that is forked off of yours that won’t “hold back”.

Isn’t it the client (i.e. the browser) that holds back randomly? The server for any service can’t force clients to send an attestation.

Sandra, 9 months ago

Right.

Instead, the worry is that devs will write other server backend code that won't respect browser back-holds, that will demand compliance.

badarmor, 10 months ago

making the web more private without providing new APIs to developers could lead to… significantly reducing privacy.

Lol

DarthYoshiBoy, 10 months ago

Any sites that attempted to restrict browser access based on WEI signals alone would have also restricted access to a significant enough proportion of attestable devices to disincentivize this behavior.

If it's actually a "significant enough proportion of attestable devices to disincentivize this behavior" why would anyone want to rely on this mechanism? I have a means to check if a device should be trusted, but it fails enough of the time that I shouldn't depend on it... Why would I ever depend on it? What use case allows for an expected 10% failure rate?

shrugal, 10 months ago

I guess something like: Skip capture if it succeeds, show capture if it fails. It would allow people to skip capture checks most of the time.

To be clear, this doesn’t make it ok!

DarthYoshiBoy, 10 months ago

I guess I'm just the sort of guy who'd rather have to do a CAPTCHA every time than have some invisible (to me) test determining whether I measure up to their standards or not and have no means of understanding why I failed when/if I do. I hate CAPTCHAS, but I hate impermeable black boxes 1000000x more, and I hate this WEI nonsense far more than that.

vinhill, 10 months ago

I guess this is much less about captcha V2, i.e. the ones everyone sees but more about V3 that works in the background or other such scripts using fingerprinting, collecting lots of data about the user to determine their validity.

shrugal, 10 months ago (edited 10 months ago)

Same. But I also worked as a dev for an online advertising company, and conversions are everything to them! If this causes 5% more users to not close the tab because of a captcha check, then every last one of them will want to have this.

Although if there was an alternative and easier way to prove that I’m human on the internet, without harming my privacy or allowing someone to arbitrarily block legitimate users (like this proposal), then I would be all for it. The problem here is that the checking standards and process would be in the hands of a few companies, so they could check for much more than just that.

DarthYoshiBoy, 10 months ago

The objective of WEI is to provide a signal that a device can be trusted

This is exactly the opposite of everything anyone would learn in CompSci 101.

NEVER TRUST THE CLIENT. CLIENTS CANNOT BE TRUSTED. CLIENTS ARE NOT SANE. THAR BE DRAGONS THERE. (Maybe that last one is pirate treasure maps, but I think it holds.)

Anyone who is buying this guy's argument that they're trying to make it so you can trust clients, should immediately be removed from any computers they are in possession of and be "invited" by men in black suits to go live on a nice agrarian farm where the only computer available is an air-gapped Tandy TRS-80 MC-10. They can rejoin humanity when they've relearned the lessons of the last 40 years and understand why this is just patently insane.

El_Rocha, 10 months ago

In this case, I believe that the clients will be signed by the big companies (Apple, Google Microsoft, etc) and these signatures are what will be trusted.

For instance, if you download Chrome, it will be signed by Google. But if you try to alter it in anyway, the signature will not be valid and the website won’t trust you anymore.

shrugal, 10 months ago

I think your and their definition of “trusted” is a bit different. They mean trusted as in “very likely a real human”. That’s not enough to allow any privileged access, but it should help when trying to block bots heuristically while preserving a good experience for real users. “Trusted” devices could skip capture checks for example.

Of course this doesn’t make this proposal any better, it’s still extremely dangerous and misguided imo!

Bowen, 10 months ago

Anyone who’s played an online game in the past 30+ years knows that nothing is secure on a client machine. You have to rotate offsets and encryption keys constantly, and even then you buy yourself a few days at the most. You’d think google would have actual good engineers, what are they paying all that money for?

LiveLM, 10 months ago

we are looking for a better forum and will update when we have found one.

The only acceptable forum for this garbage is the deepest pits of hell. Fuck off forever.

Goronmon, 10 months ago

WEI prevents ecosystem lock-in through hold-backs
We had proposed a hold-back to prevent lock-in at the platform level. Essentially, some percentage of the time, say 5% or 10%, the WEI attestation would intentionally be omitted, and would look the same as if the user opted-out of WEI or the device is not supported.

This is designed to prevent WEI from becoming “DRM for the web”.

At least this acknowledges that this proposal would in fact be "DRM for the web" if the only thing from preventing it from being that is an additional measure unrelated to the core implementation.

Not to mention, what prevents a future release of the feature either turning the percentage to 0% or removing the hold-back entirely?

Zyansheep, 10 months ago

Not to mention, what prevents a future release of the feature either turning the percentage to 0% or removing the hold-back entirely?

Imo thats like the main issue here. Google tweaks chromium changing a single number and everything goes to shit. This proposal is a trojan horse!

Rentlar, 10 months ago

Yes or a “retry until attestation received” strategy by websites.

gwheel, 10 months ago

And if attestations are rate limited then a grace period until they can get enough attempts in to be confident.

If sites are expected to accept opted-out clients because they might just be randomly non-attested, why wouldn’t the hackers and fraudsters just opt out of attestation?

vinhill, 10 months ago

The idea might be websites using traditional methods such as captchas or heutistics if attestation is denied.

been_jamming, 10 months ago

I guess the idea is that the “fraudsters” would have to opt out of every attestation, so after many requests, the client can be identified as likely refusing every attestation. I agree with your first point: many sites will do everything they can to get an attestation from the client.

CyberCatBytes, 10 months ago (edited 10 months ago)

"The WEI experiment is part of a larger goal to keep the web safe and open" I'm guessing the openness they're referring to doesn't apply to everyone given that their proposal would likely negatively affect assistive technologies a lot of disabled people rely on? Haven't seen them address that

CapedStanker, 10 months ago

disabled people? bro, you think middle managers give a fuck about disabled people? what are you? compassionate?

peter, 10 months ago

How so?

CyberCatBytes, 10 months ago

Mozilla's response brings it up along with other things that'd prolly get messed up too

https://github.com/mozilla/standards-positions/issues/852#issuecomment-1648820747

style99, 10 months ago

lol

Nice internet you have there. It would be a shame if something "happened" to it.

HaiZhung, 10 months ago (edited 10 months ago)

Well, looking at these comments, one thing is clear: the discussion is not going to happen here. I don’t think there was even one comment of substance, which is unfortunate, since the explainer in OP reads sincere to me.

Maybe instead of jumping on the „google bad“ bandwagon, it would be helpful if people point out the specific issues that they are seeing with this.

As it stands, we might just take literally any commit to chromium and paste the same comments below it.

Edit: since posting this, the comments have considerably improved, I love some of the discussion. Thanks!

avidamoeba, 10 months ago

#Insightful

eth0p, 10 months ago

And here’s a concern about the decentralized-but-still-centralized nature of attesters:

From my understanding, attesting is conceptually similar to how the SSL/TLS infrastructure currently works:

• Each ultimately-trusted attester has their own key pair (e.g. root certificate) for signing.
• Some non-profit group or corporation collects all the public keys of these attesters and bundles them together.
• The requesting party (web browser for TLS, web server for WEI) checks the signature sent by the other party against public keys in the requesting party’s bundle. If it matches one of them, the other party is trusted. If it doesn’t, they are not not trusted.

This works for TLS because we have a ton of root certificates, intermediate certificates, and signing authorities. If CA Foo is prejudice against you or your domain name, you can always go to another of the hundreds of CAs.

For WEI, there isn’t such an infrastructure in place. It’s likely that we’ll have these attesters to start with:

• Microsoft
• Apple
• Google

But hey, maybe we’ll have some intermediate attesters as well:

• Canonical
• RedHat
• Mozilla
• Brave

Even with that list, though, it doesn’t bode well for FOSS software. Who’s going to attest to various browser forks, or for browsers running on different operating systems that aren’t backed by corporations?

Furthermore, if this is meant to verify the integrity of browser environments, what is that going to mean for devices that don’t support Secure Boot? Will they be considered unverified because the OS can’t ensure it wasn’t tampered with by the bootloader?

HaiZhung, 10 months ago

Great comment! I don’t understand the proposal well enough to answer that, but I still would like to commend you on taking the time to look into this and writing it up.

eth0p, 10 months ago

Adding another issue to the pile:

Even if it isn’t the intent of the spec, it’s dangerous to allow for websites to differentiate between unverified browsers, browsers attested to by party A, and browser attested to by party B. Providing a mechanism for cryptographic verification opens the door for specific browsers to be enforced for websites.

For a corporate example:

Suppose we have ExampleTechFirm, a huge investor in a private AI company, ShutAI. ExampleTechFirm happens to also make a web browser, Sledge. ExampleTechFirm could exert influence on ShutAI so that ShutAI adds rate limiting to all browsers that aren’t verified with ShutAI as the attester. Now, anyone who isn’t using Sledge is being given a degraded experience. Because attesting uses cryptographic signatures, you can’t bypass this user-hostile quality of service mechanism; you have to install Sledge.

For a political example:

Consider that I’m General Aladeen, the leader of the country Wadiya. I want to spy on my citizens and know what all of them are doing on their computers. I don’t want to start a revolt by making it illegal to own a computer without my spyware EyeOfAladeen, nor do I have the resources to do that.

Instead, I enact a law that makes it illegal for companies to operate in Wadiya unless their web services refuse access to Wadiyan citizens that aren’t using a browser attested to by the “free, non-profit” Wadiyan Web Agency. Next, I have my scientists create and release a renamed versions of Chromium and Firefox with EyeOfAladeen bundled in them. Those are the only two browsers that are attested by the Wadiyan Web Agency.

Now, all my citizens are being encouraged to unknowingly install spyware. Goal achieved!

HaiZhung, 10 months ago

Isn’t it already effectively very easy to force a specific browser on a website? The explainer touches on that, browser fingerprinting is so powerful to date that you can already easily tell individuals and their browsers apart. What’s changing with this proposal wrt your examples?

eth0p, 10 months ago

With regard to my examples, WEI provides full confidence and stability in identifying the browser.

Relying on detecting browsers by differentiating between their features and quirks involves on having a large suite of checks to run, some of which might become incorrect as browsers change over time. It’s a maintenance burden, to say the least.

trashhalo, 10 months ago

fwiw I think mozilla’s response was the most thought out response available to date. github.com/mozilla/standards-positions/…/852#issu…

style99, 10 months ago

Maybe you should listen to that response.

HaiZhung, 10 months ago

Makes sense to me!

modulartable, 10 months ago

The explainer may be sincere; however, it is clear that privacy and an open web are not in Google’s interests. They contradict that sentiment in the explainer entirely. There’s 0 reason for any one to give them the benefit of the doubt.

HaiZhung, 10 months ago

From what I can tell, out of all the big tech firms, Google goes to the greatest lengths preserving your privacy. You can even go to your profile settings right now and delete all your data. This was possible even before GDPR, so I am not sure how you get this picture.

mrmanager, 10 months ago

For a conversation to happen, there must be trust. I don’t think anyone trusts them, so there is no attempt at serious communication.

They should be treated with contempt.

HaiZhung, 10 months ago

As a counterpoint, IMHO Google has the best track record regarding privacy of all the big tech firms. Googles data was never sold, leaked, or abused by employees as far as I can tell.

This is in stark contrast to companies like meta and twitter.

Maybe Google isn’t as good communicating that fact, but what is your reason for the distrust in this particular case?

mrmanager, 10 months ago

Meta and Twitter are social media companies. They have access to peoples tweets. It’s similar to having access to these messages you and me are typing, except many people use their own names there.

It’s not too bad privacy wise, just social messages.

Google on the other hand has the private searches of billions of people. Everything you put into a search engine because you are worried, afraid, sick, or curious about something.

Google records all this private activity and saves it under your personal profile, and then uses cookies to track every web site you are visiting on the web (using not only Google search but Google analytics cookies that exists on almost every website).

They also combine this data with whatever you are doing on your android phone, or what places you go to using Google maps, or what video meetings you are having with Google meets, what emails you have in Google Mail, what video you watch on YouTube, what calendar events you are having with Google calendar… And so on.

Then they feed all this data into algorithms designed to figure out what you are likely to do next. They sell this data to advertisers so they can target you with ads. They also send this data to American agencies like nsa to be stored and analyzed.

There is a giant difference here between Google and the other companies you mentioned. Google is literally watching moments from people’s entire lives, while the others only see your social media messages.

This is why Google is completely absurdly in it’s own class of anti-privacy. No other company has this amount of data about people’s every moment awake.

Now they use their dominant position to try and take over the entire web, so it’s not possible to escape them anymore using a different browser, blocking cookies and tracking, or using another search engine.

If everyone is forced to use their browser, we have lost everything good about the web.

They should be treated like the cancer to a free web they really are.

HaiZhung, 10 months ago

Google does not sell data to advertisers, that is incorrect.

You are correct that Google cross-correlates some data for integrating features, but as I said, you can just go and delete your data, and it will continue to work just fine.

Maybe it’s also useful to remind oneself that you do get lots of services from Google for free - and considering they are free (!), imho, Google is taking about the most ethical approach it economically can. (Ie., they will use your data to tune full integration of their products and serve ads for you, BUT you can always opt out and delete it)

I fail to see how meta and twitter are so much different in the range of products they offer. Meta e.g. operates the larges private messaging app on the planet and they DID sell (or accidentally leak, however you want to put it, see Cambridge analytica) their data.

valveman, 10 months ago

None of these corporations can be trusted at all IMO, simply because they’re corporations in the first place, and WILL always choose what’s better for them rather than what’s better for the community. That’s why I advocate for open source every time I can.

And OK, everything you said is true and valid, but go ahead and try to convice the non-tech people to delete their accounts, while explaining all the little comforts they have will be taken away with it. They’ll simply laugh at you and carry on. That’s how Google and other corporations that follow this “free services” model got so big and influential, and now they’re using their size to do what corporations do: increase profits.

Another problem with this model is you can’t really tell what Google is doing with the data they collect. Can you/anybody tell Google didn’t feed their Bard AI data they collected from you? Can you/anybody tell Google ain’t using your/their data for anything except showing targeted ads? AFAIK, you can’t. Even if they update their ToS regularly, communicate you they’ve changed it and “if you continue using the service it means you agreed with the new Terms of Service”, do you really think people will actually take the time to read the same 20 page ToS every time it changes? Most people I know don’t even read it the first time!

In the end, you may say they’re being as ethical as possible, and the users are simply too lazy and everything bad that happens to them is entirely their own fault. You wouldn’t be wrong at all, but that’s not how the world works.

Also, sorry for the wall of text.

lemmyvore, 10 months ago

We already have sufficient attestation for the web. It’s called SSL/TLS. It guarantees that what the browser sees is what the server put out.

WEI is about blocking the browser from modifying the website in any way on the client side. Can it be used for good? Sure. Will the company whose income is 90% ads, spies on billions of people, and owns 90% of the browser market share use it for good? Hmm…

gencha, 10 months ago

TLS and this proposal are different though. We don’t usually use client certificates with HTTPS. They are proposing something similar though. They want a way to attest the client. There’s really a ton of bot traffic on the web, and these bots are not browsers, and which is the reason we all solve CAPTCHAs. I get the idea, but I’ll support Mozilla’s stance on the subject.

lemmyvore, 10 months ago

They want a way to attest the client.

The client’s identity or the client’s state? Because the first can already be done through various means, and the second is an obvious pro-ad move coming from Google.

Verifying client state is an interesting piece of technology but it doesn’t have a general application. Not every browser and every random person browsing random websites needs it.

It has applications for specific use cases but that’s not what Google wants.

gencha, 10 months ago

Yeah, I agree. Just wanted to say I get the idea, but Google likely can’t be trusted with implementing a solution.

HaiZhung, 10 months ago

The explainer explicitly mentions that the proposal allows browser to ignore WEI and the web is intended to work without. It even points out that there will be a continuous group of chrome users of ~5% that have the feature disabled.

If website owners rely on this feature, they are hurting chrome users just as much as other browsers.

BFrizzleFoShizzle, 10 months ago

there will be a continuous group of chrome users of ~5% that have the feature disabled

inb4 that 5% gets killedbygoogle.com

lemmyvore, 10 months ago

If you view a WEI-enabled site with Chrome you will see ads and there won’t be anything you can do about it. If you view it with a non-WEI browser you won’t see the site at all.

It creates a fundamental rift in the Web that goes beyond ads. If only one browser can see websites, it proliferates a proprietary Web.

Keep in mind that Google could achieve the same goal they want (no ad blocking in Chrome) by simply not allowing ad blockers in Chrome. But they’re sneaky cunts and want to spin it as a good thing — instead of the immediate backlash they’d get otherwise.

argv_minus_one, 10 months ago (edited 10 months ago)

Here’s a specific issue: this will obliterate all browsers other than Chrome and Safari. There will be no meaningful competition, because websites will block competing browsers as untrusted. No more Firefox, no more Brave, no more Vivaldi, no more self-built Chromium. Use the official build or be shown the door.

This is “embrace, extend, extinguish” for the web, and it’s terrifying because of how many things require the use of the web. Some banks don’t even have physical branches any more; you’ll have to use Chrome or lose your account.

Sandra, 9 months ago

no more Brave

So there’s a silver lining. But the WEI project is still overall a complete disaster that needs to rot on the vine. It’ll wreck not just browser diversity but overall hackability, adblocks, mashups, and above all: accessibility.

HaiZhung, 10 months ago

As pointed out in another comment, the proposal explicitly states that web sites have to function without this feature; and chrome itself will keep it disabled for a random 5% of users.

argv_minus_one, 10 months ago

Obviously they’re not actually going to implement it that way. Remote attestation is useless unless strictly enforced.

fox_the_apprentice, 10 months ago

Some slight additions:

Google gives their word that Chrome itself will keep it disabled for a random 5% of users at launch.

I’ve emphasized what I view to be the problems.

1. This requires you to trust that Google will actually do this at launch; and to be fair I expect they probably will. That said, it’s not a legally binding statement. Promises are cheap.
2. This requires you to trust that the ‘random 5% of users’ figure will remain a thing forever, and not be silently rolled back in a Chrome update two years from release once most of the complaints die down.

eth0p, 10 months ago

Firefox will probably survive if they bow and add WEI support.

I can’t imagine Google, Microsoft, and Apple opening themselves up to further monopolization scrutiny by trying to keep attestation restricted to their own browsers on their own operating systems.

Self-built or community forks are probably screwed, though.

argv_minus_one, 10 months ago

Here’s the trick, though: it will be websites (and maybe government regulators) who block everything other than Chrome and Safari, not Google. Google can declare innocence. “It’s not our fault that third parties have chosen to use WEI this way.”

Pleonasm, 10 months ago

Seeing as you’re having such trouble with people’s reactions to this, maybe you should be the one in this thread to point out the specific reasons why individuals should be in favour of this.

HaiZhung, 10 months ago (edited 10 months ago)

I wouldn’t necessarily agree with that. If you are outraged by something, I think it’s unrealistic to expect other people to explain to you why there is nothing to be outraged about. Otherwise you might as well just walk through life outraged by anything.

Rather, it is your responsibility to take a deep breath and ask yourself, what is it really you are concerned about? And if you deem that serious enough, convince others.

Pleonasm, 10 months ago (edited 10 months ago)

Your advice is applicable to your own original comment, so it seems you do agree with what I said, at least to some degree.

Anyway, in the interests of constructive discussion, let me ask you specifically. Do you think this WEI proposal is good for and why? Does the proposal mention at all what the downsides of this feature might be, or how it could be abused? Is it proposed in such a way that the dominant implementors can’t deviate later from the terms suggested in the proposal?

HaiZhung, 10 months ago

I do not see how my advice applies to my own comment. To me, this proposal is exactly like all other proposals, I don’t really think about it at all, and I don’t have the context or the background knowledge to judge its usefulness.

But okay, if I try to understand it: this seems to be an attempt at stopping the cat-and-mouse game between browser fingerprinting tech and browser obfuscation tech, and instead make it - optionally - possible to identify yourself as a „real“ user. You can opt out, and I sincerely doubt that Google would lock out users that will opt out or use another browser. Why? Because they would be leaving free ad money on the table, and they don’t do that.

So I don’t really see how that changes the ways of the internet, since fingerprinting is being done already, so, I guess, I don’t really care for this proposal one way or the other.

millie, 10 months ago

It’s just that with your current participation in the thread, you’re indistinguishable from a bad actor planted by Google to try to distract from the topic and make those who don’t understand what’s actually being said here think everyone else is being unreasonable. The people here are explaining what they don’t like about this, which you’re actively obfuscating.

Curious.

HaiZhung, 10 months ago

Wouldn’t it be boring if everyone just agreed on everything? :-)

Don’t get me wrong, I am the first one to criticize Google when they mess up, but recently I have observed that piling on Google is just appears to be en vogue. I think it is important to understand what you are criticizing/outraged by, otherwise you are letting yourself be manipulated somewhat too easily.

I, for instance, don’t fully penetrate the WEI proposal, I admit. All the more I am befuddled by the overwhelming news cycle this generates, and I can’t help but wonder … why?

Anyway, when I wrote the top level comment, all other comments were just “suck it google” in various flavors, and I was disappointed by the lack of depth in the discussion.

In the meantime, this has changed, see my edit.

mrmanager, 10 months ago

Google, the Internet Government.

ashtrix, 10 months ago

All roads with Google lead to tracking and advertising

sunbeam60, 10 months ago

Hey, thank you so much for the feedback on having the wolf guard the sheep. It’s clear from the discussion that there some concern around using ravenous carnivores to guard prey-animals and we want to continue this important discussion in a meaningless way so it looks like we give a shit before we make the wolf guard the sheep after “a significant time to discuss and address concerns”. We will obviously listen to take onboard feedback such as “what colour fur should the wolf have” and “should it be a male wolf or a female wolf?”. Don’t worry you’ll be able to significantly change this proposal as long as the net result is that a wolf ends up guarding the sheep. Thank you so much for all the involvement from all you sheep. Kind regards, The Wolf.

nobodyspecial, 10 months ago

Google has turned evil. Back to Microsoft, everyone!

argv_minus_one, 10 months ago

What’s the difference? Each has the same design for the web: embrace, extend, extinguish.