I find the blatant gaslighting regarding this topic baffling.
> Wisner insists that “WEI is not designed to single out browsers or extensions” and that it won’t block browsers that spoof their identity.
WEI's sole purpose in life is to detect browsers that do things that Google does not like. If it does not block browsers that spoof their identity then what the hell does it do?
Sure, sure, WEI won't block them: it will just tell the web server that you are not using an approved browser. It's not Google's fault if the web server then blocks you! How could they have known?
I would find it slightly more respectable if Google just came out and said the quiet part out loud: "Our profits and the industry's profits are more important than your freedom, so shut up and take it, since you can do nothing about it."
Sneaking around like this is just an insult to our intelligence.
> Attacks and doxing make me personally MORE likely to support stronger safety features in chromium, as such acts increase my suspicion that there is significant intimidation from criminals who are afraid this feature will disrupt their illegal and/or unethical businesses, and I don't give in to criminals or bullies
They have apologized for using the word criminals & bullies in a broader context and I appreciate that. However, the initial part of the comment is very telling of how they view those who oppose.
This proposal will mainly disrupt ad-blockers, rooted devices and any one who is willing to maintain control of their own tech stack and they are considered illegal/unethical businesses.
I can't ignore the parallels with the real world here.
Authoritarian government introduces laws that restrict freedom and privacy. People oppose and protest. Government doubles down and proclaims only those who do illegal activities are protesting and they are the ones that have something to hide. Seeing how many there are, we urgently need these laws.
Further down in the response:
> the whole point of designing in the open and having public debate is to find reasonable compromises between stakeholders with very different perspectives
You can either introduce a hostile feature in one go or through a series of "compromises" which is also known as "Boiling the frog" strategy.
Unless the current one is abandoned and there's a radically different approach, I don't think there's any scope for compromise in the current proposal.
> Attacks and doxing make me personally MORE likely to support stronger safety features in chromium, as such acts increase my suspicion that there is significant intimidation from criminals who are afraid this feature will disrupt their illegal and/or unethical businesses, and I don't give in to criminals or bullies
> Kick a puppy
> Get attacked for kicking a puppy
> "These attacks make me MORE likely to keep kicking puppies, as I don't give in to intimidation from criminals and bullies that want healthy puppies for their nefarious ends."
Mr. Wisner should grow thicker skin - if this is the reaction now wait until the real roasting begins for what is probably the shittiest proposal of all time.
In a just world anyone supporting this initiative would be imprisoned in my books. It's a time bombed crime against humanity waiting to happen. They know what they are doing and got called out on it.
"Stakeholders" is just an euphemism for "the people with the money". The "stakeholders" want it this way, "finding compromises" just means figuring out how to get everyone else to accept it.
> > Wisner insists that “WEI is not designed to single out browsers or extensions” and that it won’t block browsers that spoof their identity.
Lets have Wisner, or Google, put their money where their mouth is. Lets have a serious financial penalty per instance where someone's browser is blocked due to WEI, regardless of who is doing the actual blocking. Because that is what you're promising us here. Or are you a bold-faced liar Mr. Wisner?
> If it does not block browsers that spoof their identity then what the hell does it do?
They mentioned recognizing which ads where viewed and clicked by humans.
Stood out as the thing they really want.
That's what we're getting at though: if you don't block browsers that spoof their identity, then you don't know that the browser isn't acting as a robot and clicking on ads in place of a human.
The only way this proposal is valuable for reducing ad fraud is if it blocks browser automation.
We might be talking past each other. I'm talking about what browsers Google blocks, ie what browsers don't get attestation tokens.
If Google isn't blocking extensions, ad fraud can still happen and your ad server won't recognize the browser as suspicious because it will have an attestation token. If Google isn't blocking spoofed browsers from attestation, they won't look suspicious. They'll have normal attestation tokens. Allowing a browser to spoof their identity as Chrome means there isn't really any distinction between a trusted and untrusted browser.
----
To your specific point though, let's imagine that Google does block those browsers in the sense that it marks them as untrusted, but it's up to the individual ad networks to figure out if they want to block those requests or not.
If the idea here is that ad networks will recognize that a browser is unapproved and will still serve it the content anyway but just auto-discard the data that's coming out of it, I would really strongly suggest that is not a very likely outcome.
You're telling me if I use Firefox and it doesn't implement this API, every ad company will just stop tracking me and will discard any ad numbers they get from me? If Safari ends up not implementing this API ad-clicks on Safari will just get automatically flagged as spam? No ad network is going to want to do that, especially if automatic hold-backs get involved. A policy that guaranteed lowers your monetizable impressions/clicks by at least 5-15%, even though you know for a fact that many of those clicks are coming from real users? I have a really hard time believing any ad network would accept that.
Sure, you can convince people to use Firefox and drop Chrome just like IE was dropped back in the day but back then there wasn't a strong incentive to websites to prefer one browser over another (other than convenience).
Here's what I think is gonna happen:
- First the feature is added to Chrome as it is now. As they described they add it with some kind of hold-back or limiting constraint to reduce the outrage until everything is ready.
- Then the media people (Netflix, Hulu, Disney, YouTube...), who have long been salivating for something like this, push the other browsers to implement this. You really only need to convince Safari, as Edge has such a low market share in comparison that they will be forced to fold or be irrelevant (and it's not like Microsoft hates this feature anyway). For reference, Chrome, Safari and Edge make up 89% of market share. Edge alone is only 4%.
- Once the browsers are on board it's time to get the sites onboard. Really most people tend to visit social media sites more than anything else, so as long as you get them onboard you don't need to do anything else, and WEI serves their interests as well (for example it would stop you from scraping Reddit).
- As for the rest of the sites you can just make Adsense not count views or clicks from untrusted users (after all that's the _stated goal_ of this project) and site owners _will_ find ways to get their users to switch to Chrome on their own. You can add a checkbox to Adsense to get it to block your site for untrusted users to make it extra easy if you're feeling lazy.
- The final strike will be Cloudflare. Right now they rely on CAPTCHA to block bots but now they can just use WEI instead. Since most of the web uses Cloudflare now you have a gateway between the user and most sites that will tell you to go away or eternally give you endless CAPTCHAS if you are using a "bad browser".
- At this point all that is left is getting Google to give Cloudflare an exemption to the hold-back feature "for the greater good" or just kill it off at this point because there's no need to play nice anymore.
I'm not optimistic. It was easy to install Firefox and remove the IE icon on your mom's computer back in the day. It's not that easy to tell her to stop watching Netflix, Disney, Reddit, Facebook, her favorite cooking recipe site...
The best that can happen is that the internet splits and the free portion of it stays large enough to be useful. (and it doesn't get DDOSed into the ground)
Bank and government sites can implement it for all I care (I would buy a cheapo device to interact with them). As for my job, the laptop is already theirs. Any sites that try to implement this would be just missing me. The web enabled globalism due to its free aspect. And if they want to restrict it, I'm pretty sure someone will come with an alternate protocol.
> Institutions will try to preserve the problem to which they are the solution.
Clay Shirky
Most people don't care because they view their computing devices as a utility or a tool. I save my breath in these cases because convenience trumps everything for them, including ownership and control. Most of my childhood was without the internet, I'm not unwilling to go back to a mostly offline life.
I am surprised that Google seems to underestimate the possibility of this sort of thing actually pushing people outside its reach.
I am in the same boat as you, I am not as worried as some of the doomsdayers, I would just opt out of their shitternet entirely and find other ways to live.
The web today is not the valued asset it was to me in decades past.
"If I can use a workaround to conform this I would not care if people gets affected"
This is not about you or me but Google having a high level of control over www access, and trying to cement it for good.
With this proposal if you are not conformant according to a very loosely defined, - heck not defined at all - attestation you will be kept outside of the www. The control will be adopted with big or small parties in time.
Consider a scenario where ad-networks not paying participants who does not attest via their selected attestor.. How long would it take the whole service industry to adopt "select" attestors?
> Consider a scenario where ad-networks not paying participants who does not attest via their selected attestor.. How long would it take the whole service industry to adopt "select" attestors?
Anyone showing ads to me instead of taking my money is just fooling themselves. Because I block most of them, and the unskippable ones (twitch), I mute or I move to something else. YouTube does not show ads in my country, and this is the only reason I still use it on my Apple TV. If the whole service adopts it (I don't foresee it), that means they don't want me as a customer. So unless something is essential (government services,...), I wouldn't bother with them, and the list of essential things is very short.
But I don't foresee it. Restricting your user base like this by enforcing correct browsers and platforms means doing the work for any competitor that does not.
This is Google's general strategy for dealing with any controversy surrounding web standards, not just the big ones around ad blocking. The first thing that they will always say is, "critics don't understand what we're trying to do and they're unknowledgeable about the spec and there's a lot of misinformation floating around..."
Literally any controversy about a standard that Chrome adopts, that will always be the first thing that Google says. It's just a standard pattern.
Being able to say, "I understand people's concerns and I have concerns and we need to have a conversation and iterate but it's just hard with all this misinformation floating around" allows Google to position themselves as a reasonable party while also allowing them to completely ignore any criticism that is inconvenient because they just lump it into the misinformation category.
If the gaslighting doesn't work, Google's next step will be to talk about how the debate has spiraled out of control and how everyone needs to "remember the human." If that doesn't work, they'll lock down and refuse to talk to critics and then plead with critics to be patient because "we're working on it."
Then they'll make some minor changes to the spec and claim that everyone's criticisms are outdated and go back to the gaslighting again. That's already happened here, the original spec did not mandate hold-backs, in fact it suggested that hold-backs were not a desirable solution to pursue. Now all of a sudden it's, "why is everyone so mad, don't they know we have hold-backs?"
If everything falls apart and Google has to backtrack, the closest thing that you'll get to an apology from Google is that "we need to be better about communicating with users/developers." It's not that anything was wrong, it was that the web standards teams just weren't able to communicate how right they were.
And then we'll repeat the process with whatever the next controversy is.
----
I wrote a little bit about this process back in 2018 when web audio was the controversy (a comparatively minor browser change with very few privacy implications): https://danshumway.com/blog/chrome-autoplay and I keep paying attention to how Chrome approaches controversy, and it's pretty much always following this pattern, it's wild how consistently this has played out with Manifest V3, FLOC, Topics, etc, etc...
Developers and users should get better at recognizing this stuff during debates about Google policy, and they should go into conversations with the Chromium team about web standard controversies expecting that they will play out this way.
What happens next is they implement it, and then cancel the entire project by shutting it down because the manager that championed it moved to a different department/product.
when asked why would they shut down something they were fighting nail and tooth for, they would shrug and say it's not in the okr. (and gaslight everyone again, saying they never thought it was important to begin with)
No unhinged computers for the people as predicted years ago by Cory.
Cory Doctorow has a great talk:
"The coming war on general computation" from 2011 (12 years ago) in which he argues that all general computing platforms (OS, phone OS, browser) would face challenges by governments and corporations.
This looks like another way to control content distribution and put more control in Google's hands. They've made a great strategic choice in building Chrome browser and effectively superseded Microsoft and Apple on desktops as a platform.
BTW, in the Soviet Union you couldn't have bought radios that were freely tunable to certain frequencies. The same was done in Warsaw where German occupation forces collected all radios from the people.
Future doesn't look good for freedom ... When the tools exists, people that control them would find a use. Look what's happening in the UK cryptography battle, the same trend there ...
Yeah, the future looks bleak. It just feels so hopeless. I understand the problem, I understand what needs to be done but I don't have the means or capital to do it. Free computers are a great thing and they will be destroyed by all these governments and corporations who want to control them.
> WEI can potentially be used to impose restrictions on unlawful activities on the internet, such as downloading YouTube videos and other content, ad blocking, web scraping, etc.
Since when did archiving, ad blocking, and web scraping become unlawful? This sounds like a wishlist of activities Google wishes were unlawful.
you are witnessing a corporation that is making extrajudicial laws, and a method of enforcing them. this is attempted parallel government, and is at least illegal, if not domestic terrorism.
> WEI can potentially be used to impose restrictions on unlawful activities on the internet, such as downloading YouTube videos and other content, ad blocking, web scraping, etc.
Note that every single one of those activities is legal.
It's legal to scrape websites. It's legal to download Youtube videos (copyright violation is the crime, not downloading videos, and there are plenty of videos on Youtube that can be legally downloaded). It is legal to block ads.
This article isn't bad, but it really shouldn't be playing into these tropes. That sentence caught me off-guard because it's just straight up wrong, and wrong in a harmful way that suggests that there aren't court ruling showing that these activities are legal, and that people should be somehow ashamed for doing them or that they're doing something transgressive when they scrape a website.
It is, in fact. (17 USC § 506) As with many things that are both crimes and torts, the crime is defined differently and somewhat more narrowly than the tort.
What dragonwriter wrote, but also this is the difference between a meaningful distinction and a (mildly) pedantic distinction[0].
When I say "downloading a Youtube video isn't a crime" I'm indicating a category difference that means more than "specifically the government can't convict you over it." I mean that Youtube doesn't have a legal leg to stand on to make you stop; it's not a questionably legal activity that we ignore, it's not an illegal activity that's too hard to prosecute, it's not something you should feel bad about. It's not a (generic sense) "crime".
It's not just "you won't face a specific kind of legal trouble" -- you're allowed to do it. Scraping websites is allowed, and if someone sues you over it and you fight the lawsuit with decent lawyers you will win. Copyright violation doesn't fall into that category -- you can end up facing legal consequences for violating copyright. But downloading videos from Youtube is not inherently copyright violation.
It's possible I should have been used a more generic word than "crime" to avoid that confusion.
----
[0]: To be fair, I've also made the same distinction to people about lawsuits/crimes before, so I'm not sure I really have any grounds to call you out here :)
WEI sounds awful. And it seems like yet another aspect of the ongoing war on general-purpose computing.
> Wisner insists that [...] it won’t block browsers that spoof their identity.
What exactly is holding anyone to this pinky promise? Even if you assume angels are running everything right now, why should anyone trust that that will remain the case perpetually?
Guns don't kill people. Guns are a tool for killing at a distance, yes; however it's people who sometimes misuse the tool to kill other people. Other people use guns to kill food to feed their family, or to kill or deter bad people who mean them great physical harm. Most all tools can be misused in bad ways, or used in positive ways. That responsibility all falls back upon the user, as the tool itself will usually just sit there inert without a human involved.
How much 'killing distance' do you think is involved when gun ownership is associated with 8x higher chance of suicide for men, and 35x higher chance of suicide for women?
Because in other places, there are way fewer effective methods of suicide, so people are scared into staying alive and suffering. Guns provide an almost sure way of ending your life, which is I think a way humane thing to do than forcing people to stay alive and suffer.
does owning the gun do this?
always flip the coin.
tryout elevated suicidal ideation partialy presents as possesion/purchase of a handgun.
kick that about in thought, if it seems stable that can be considered a perihypothesis
Recent history has taught us that the upside to popular gun ownerships are vanishingly thin compared to the thick wedge of accidental deaths and mass shootings.
The ability to ruin someone's life should be restricted behind more than a point and click interface.
Let’s not dance around it like Google is doing. We should not tolerate WEI. We all know the end game with this tech. Google and all the people that work on chrome should be ashamed of themselves.
They have taken a stand in the past, but right now it’s crickets…
I checked today, and it looks like the proposal is still closed to contributions. it's been that way for a week. what's an open proposal that's closed to all discourse?
I'm sure that this is done under the premise of "too charged of a topic to be productive." I wonder what happens next. Either they close it and say sorry, or they quietly open the proposal back up after the initial frenzy. Hate to assume malice here, but it seems somewhat obvious that the latter will happen.
They’ll consort with an inner circle of “industry” accomplices to “address concerns”, keeping everyone out while covering the “we consulted widely” angle. This will get pushed through under cover of darkness with enough of a fig leaf of due process to plausible deny anything other than good intent.
The implementation will be really interesting: can a VM, container, or RDP be compliant ever with WEI? To proof - or give at least a solid certainty, a runtime is direct connected to a GUI, and function calls triggered by this GUI are coming from event handler, triggered by human interactions with a keyboard or pointer device, WEI would need a separate channel to the cam.
This means the only way to make this proof is to link the current environment and interactions with a history of interactions stored by a third party (i.e. Google). This only would make WEI to a new layer on top of todays fingerprinting.
Ok, lets be completely honest about what this is. This enables Google to reliably control user-installed ad blockers, which is hurting their business.
There is no reasonable defense for this “wolf-in-sheep’s clothing” control grab.
It doesn’t benefit users to be constantly tracked and controlled and especially have one company in control of that, and this is another example of unnecessary and overly centralized meddling masquerading as security.
Google needs to get behind freedom and privacy — they are strongly heading in the wrong direction — and right before GPI. :(
Do you think high ranking people at FAANG even know what WEI is, or how web APIs work at all? Lol "Our biggest customers have told us this is important to them" is the only internal justification needed to push this through.
People are making money, and in most cases not the kind of money the decision-makers are getting. Is it unethical? maybe it is. I think it is, and in the past I have had the gumption to just quit, but that also comes from privilege. I was in a position where quitting was not going to cripple my living... some people might not be in that situation.
Oh, TechReport. Thats a name I haven't seen in awhile.
This used to be a highly regarded PC hardware site, famous for (among other things) pioneering frametime consistency testing. AMD and Nvidia are better today because of TR's relentless benchmarking.
Looks like they sold the domain to a generic tech news generator. Which circles right back around to the content of this article.
General rule of thumb: any proposal by one of the big tech companies should be considered bad and harmful for the FOSS communities or anyone who still values their privacy in the internet.
WEI seems like a nig nothing burger to me. I interpret it as just another anti bot verification service, but the incentive is simply not there for publishers to use it unless they want to lose out on every person who uses a browser other than the most up to date Chrome.
Yes, I'm sure Google cares a great deal about losing 17% [1] of its market share, or even less considering how many people with weak spines will switch if they're denied access to something based on browser and never look back.
I'm sure Google won't do something malicious like mandating anyone using google's adtech to implement this to ensure "integrity" of clickthroughs.
I'm sure Google won't use its market dominance to require this feature for every one of its products and intentionally cripple other browsers, as that's definitely not something they've done before and would be totally unprecedented in the modern tech industry.
WEI is a tool for publishers. Mandating that publishers use it to qualify for google ads will be completely suicidal for google. Most folks access google ad demand through resellers.
Then they will only implement for those impressions/clicks, the same way they switch around between a handful of anti-bot vendors today, because none of them have alignment.
Edit: Also not sure if WEI spec only calls for a page level implementation, but if not then this will just be implemented inside ad frames and publishers won't need to touch it. I think HN is overthinking this the same way everyone freaked out about AMP, the impact of which is completely negligible a couple years later.
> Wisner insists that “WEI is not designed to single out browsers or extensions” and that it won’t block browsers that spoof their identity.
WEI's sole purpose in life is to detect browsers that do things that Google does not like. If it does not block browsers that spoof their identity then what the hell does it do?
Sure, sure, WEI won't block them: it will just tell the web server that you are not using an approved browser. It's not Google's fault if the web server then blocks you! How could they have known?
I would find it slightly more respectable if Google just came out and said the quiet part out loud: "Our profits and the industry's profits are more important than your freedom, so shut up and take it, since you can do nothing about it."
Sneaking around like this is just an insult to our intelligence.