Google's post-cookie world could turn into DRM for the internet

Daniel Sims

Daniel Sims

Posts: 1,375   +43
Staff
The big picture: Google has been trying to implement plans to move beyond cookies for years without denying its partners the means to sell targeted ads, which form the backbone of the company's revenue. However, one recent proposal to guarantee user privacy and security could come at the cost of freedom of functionality.

Some Google employees recently authored a GitHub page describing a new API that could redefine the relationship between websites and clients. It could replace the need for controversial cookies. However, it could also restrict browsers, plugins, or extensions.

The company has been working to phase out cookies since 2020, proposing to replace them with Trust Tokens and a Privacy Sandbox system. The former would provide advertisers with limited user information while encrypting personal data so no one can see it.

Google initially planned to implement the change for its general user base by now. However, it recently proposed to switch off third-party cookies by the end of next year. The Privacy Sandbox, which utilizes various technologies to balance advertiser needs and user privacy, is currently in testing for beta users.

Click to enlarge

The new proposal details "Web Environment Integrity," which would use what sounds like Trust Tokens to ensure that the client viewing a website is a human without revealing too much about them. Google suggests the system could be an alternative to captchas and other solutions that websites utilize to block bots, online game cheaters, and other malicious actors.

However, the GitHub page admits that servers could use the tokens to block visitors based on what they're using to access a site. The result could theoretically be DRM prohibiting ad blockers, extensions, or modified operating systems.

Aside from its goal to replace cookies, Google has also harbored ambitions to stop ad blocking but has been forced to delay them repeatedly. The Web Environment Integrity proposal stresses that the company doesn't want to let websites block extensions or other plugins. However, it's too early to tell whether users should trust those assurances.

So far, the proposal hasn't appeared anywhere but GitHub, so there's no evidence that Google has or will officially implement it. Although, it could be an indicator of the general direction Google is heading with its Chrome browser.

Companies like Mozilla and Apple want to block advertisers more aggressively, prioritizing user privacy. Google has defended its stance by suggesting that attempts at total blockage would encourage advertisers to obtain personal data using sneakier tactics like fingerprinting and that it's better to meet them above board.

Permalink to story.

https://www.techspot.com/news/99540-google-post-cookie-world-could-turn-drm-internet.html

 
"A new authentication system could let websites block extensions or jailbroken devices"
LOL. No. The specification explicitly states in its non-goals section that it does not aim or indent to "Enforce or interfere with browser functionality, including plugins and extensions".

I know every outlet runs this story with false headlines similar to the one here, but this is not a DRM system. Not any more than an online purchase system requiring you to prove you're the one making a purchase by supplying your card security code, or a login system requiring your personal certificate to authenticate yourself.

"Companies like Mozilla and Apple want to block advertisers more aggressively, prioritizing user privacy. "
No, they don't want to do that. They merely want to block independent and 3rd party advertising, so, they can control the platform and also who's advertising on that. Both Mozilla and Apple have been and are running advertising programs on their platforms. 99% of Mozilla's income IS actually still from advertising.

Also, advertising per se does not endanger user privacy by any means, but is a way to finance 99% of the free web more effectively than any other solution.
 
  • Like
Reactions: TheBigT42
FF222 said:
....
I know every outlet runs this story with false headlines similar to the one here, but this is not a DRM system. Not any more than an online purchase system requiring you to prove you're the one making a purchase by supplying your card security code, or a login system requiring your personal certificate to authenticate yourself....
Click to expand...

From an actual web browser developer :

"The spec does currently specify a carveout for browser modifications and extensions, but those can make automating interactions with a website trivial. So, either the spec is useless or restrictions will eventually be applied there too. It would otherwise be trivial for an attacker to bypass the whole thing."

Source : Unpacking Google’s new “dangerous” Web-Environment-Integrity specification

So yes, the Tech spot article is pretty much on spot (pun!). This is an extremely dangerous and limiting DRM which will diminish the freedom of choice and leave out billions of devices and people locked out of walled gardens.

Edit : Use Firefox folks!
 
  • Like
Reactions: lostinlodos, Phylop, fb020997 and 3 others
I'm failing to see how this can't be spoofed like anything else digital (assuming that the browser isn't in a tightly controlled walled garden).

Of course, if it's going to be restrictive, I can't see it being mass adopted by the internet at large anyways...
Google would have better luck pitching this to the CCP lol
 
  • Like
Reactions: Eldritch
My theory : the surface web will die, killed by the big tech like google... ppl who know how much liberty we enjoyed at the start of the 2000's on the internet will try to make it back in the deep web, who will become with time the "new" surface web, then big tech will waste it too, and then ppl will go even deeper, rince and repeat...
 
  • Like
Reactions: messy
FF222 said:
"A new authentication system could let websites block extensions or jailbroken devices"
LOL. No. The specification explicitly states in its non-goals section that it does not aim or indent to "Enforce or interfere with browser functionality, including plugins and extensions".

I know every outlet runs this story with false headlines similar to the one here, but this is not a DRM system. Not any more than an online purchase system requiring you to prove you're the one making a purchase by supplying your card security code, or a login system requiring your personal certificate to authenticate yourself.

"Companies like Mozilla and Apple want to block advertisers more aggressively, prioritizing user privacy. "
No, they don't want to do that. They merely want to block independent and 3rd party advertising, so, they can control the platform and also who's advertising on that. Both Mozilla and Apple have been and are running advertising programs on their platforms. 99% of Mozilla's income IS actually still from advertising.

Also, advertising per se does not endanger user privacy by any means, but is a way to finance 99% of the free web more effectively than any other solution.
Click to expand...
Bullshit. 88% of Mozilla revenue comes from deals with web search operators - predominantly Google paying for being the default search engine out of the box, but also other companies paying for inclusion as optional search engines. These royalties were $527.6 million in 2021. Meanwhile subscriptions and advertising combined only brought $56.6 million the same year. And keep in mind that this covers not just ads, but also Pocket Premium, VPN and more to come. Subscriptions are still a rather small contribution, but they have been growing very quickly YoY and VPN alone now makes like $4 millions a year, up 450% YoY, while the whole ads and subscriptions category grew 125% YoY.

Mozilla has been trying for years to diversify its revenue streams past Google search deal (which is so dominant it has been like 80%+ of total revenue for ages) and (to a much lesser degree) ads and it seems it's finally starting to take off. But ads were never their main source of income - search royalties from Google were, with ads providing around 5-10% of total income.
 
  • Like
Reactions: GhostLegion, fb020997, Theinsanegamer and 4 others
Google still trying this cat and mouse game of trying to block ad blockers, and clearly don't understand that they block them for a reason, this us what happens when your entire company requires on money being shelled out gor advertising, and everything else is mainly just an info sink for advertising compared to the revenue it generates
 
FF222 said:
"A new authentication system could let websites block extensions or jailbroken devices"
LOL. No. The specification explicitly states in its non-goals section that it does not aim or indent to "Enforce or interfere with browser functionality, including plugins and extensions".

I know every outlet runs this story with false headlines similar to the one here, but this is not a DRM system.
Click to expand...
Because as we all know, intent is the same as law, right?

When Alfred nobel, known pacifist (you may have heard of his award, the nobel peace prize), invented dynamite, he intended for it top be used in mining. Guess what its primary use became?

If you trust big companies like google WONT try to throttle you with this, I dont know what to say to you. Enjoy being a sheep led to slaughter, I guess?
Eldritch said:
From an actual web browser developer :

"The spec does currently specify a carveout for browser modifications and extensions, but those can make automating interactions with a website trivial. So, either the spec is useless or restrictions will eventually be applied there too. It would otherwise be trivial for an attacker to bypass the whole thing."

Source : Unpacking Google’s new “dangerous” Web-Environment-Integrity specification

So yes, the Tech spot article is pretty much on spot (pun!). This is an extremely dangerous and limiting DRM which will diminish the freedom of choice and leave out billions of devices and people locked out of walled gardens.

Edit : Use Firefox folks!
Click to expand...
Mozilla has repeatedly abused its userbase and backtracked on every promise they have made. They are no better then google.
 
m4a4 said:
I'm failing to see how this can't be spoofed like anything else digital
Click to expand...
Public key cryptography. Also, it's not about something being unspoofable in the mathematical sense, just making it hard enough and costly enough so that it won't be feasible anymore.

Like if in the future someone wants to run a bot farm to send out spam or fake reviews through web forms, then faking that they're a legitimate client will cost them so much time and computing power, that - also considering the low success rate and return on such fake things - it will not make financial sense anymore to actually carry out these operations.
 
FF222 said:
Public key cryptography. Also, it's not about something being unspoofable in the mathematical sense, just making it hard enough and costly enough so that it won't be feasible anymore.

Like if in the future someone wants to run a bot farm to send out spam or fake reviews through web forms, then faking that they're a legitimate client will cost them so much time and computing power, that - also considering the low success rate and return on such fake things - it will not make financial sense anymore to actually carry out these operations.
Click to expand...
I'm talking about what the browser believes when sending/showing data. A modified chrome browser could show it's not, say, running an adblock extension....

Pretending to be an Attester would be the harder route.
 
Anyone who thinks this isn't about eliminating ad blockers is living in la-la-land, and I have a bridge to sell you.
 
m4a4 said:
I'm talking about what the browser believes when sending/showing data. A modified chrome browser could show it's not, say, running an adblock extension....
Click to expand...
The very purpose of this attestation system would be to prevent this and not allow the client to lie about its properties undetected. Which is very easy to implement (and very hard to prevent the detection to work) if the browser supports a framework created specifically for such purposes.

Also, generally nobody will run a "modified Chrome browser", because that would have to be maintained separately, and nobody will have resources for that, especially when their target group would be those freeloaders who not only don't want to pay for anything, but not even allow ads to pay for them so they don't have to.

And with extensions only having limited access and control of the browser environment, it will be even easier to prevent them from lying and hiding, than it would be otherwise.
 
mgilbert said:
Anyone who thinks this isn't about eliminating ad blockers is living in la-la-land, and I have a bridge to sell you.
Click to expand...
Anyone who thinks websites should not have the right disallow access to their services for people who neither want to pay for their services, nor allow ads to be shown alongside the websites's content, lives in lalaland, and should be forced to work for free and house strangers for free in their apartements for the rest of their lives. Or as long as until they realize that just like they, websites owners and publishers also have the right to demand compensation for their work, and blockers should not have the oppurtinity to take their content and services forcefully and against their will, for free.
 
Writing on the stall.

This is IE all over again. Remember silverlight and shockwave?
This will see sites built to Chrome. And requiring chrome. Some government fool will make some noise. Google will release an official api kit for Firefox and Safari.
That will be required for sites like YouTube and Netflix,

Goodbye open Internet and HTML5 freedom.
 
You must log in or register to reply here.

Similar threads

midian182
OpenAI transcribed over a million hours of YouTube videos to train its LLMs, Google engaged in same practice
Replies
5
Views
105
daffy duck
D
midian182
  • Locked
Microsoft issues warning on China's use of generative AI to disrupt US elections
2
Replies
41
Views
533
GodisanAtheist
GodisanAtheist
Daniel Sims
European Union set to revise cookie law, admits cookie banners are annoying
2
Replies
31
Views
725
opckieran
O

Latest posts

Back