“Web Environment Integrity”: Locking Down the Web

181 点作者 edsimpson将近 2 年前

9 条评论

mrguyorama将近 2 年前

What is Brave going to do when the code for WEI becomes load bearing in the chromium code base?Still excuse after excuse after excuse to just not use Firefox. I literally don't care if you have to hold up your nose, there's only one actual alternative browser engine, and it's a matter of survival for anyone who doesn't want the whole internet controlled by google.It could be half as fast (it isn't) and use twice as much RAM (it doesn't) and ask for a damn nude photo of me and I'd still be using it right now.Using a google owned browser engine is like growing cavendish bananas while you know the neighbor's farm has the blight already. Change over and try to get good at the new strain while you have a choice, because soon you won't and it will be out of your hands what happens after that.

评论 #36962322 未加载

评论 #36962756 未加载

评论 #36962514 未加载

评论 #36962477 未加载

评论 #36963764 未加载

评论 #36962429 未加载

评论 #36962384 未加载

评论 #36962447 未加载

评论 #36971926 未加载

评论 #36963298 未加载

评论 #36962475 未加载

评论 #36964064 未加载

评论 #36962446 未加载

评论 #36962838 未加载

评论 #36962636 未加载

happytiger将近 2 年前

The faster we can build usable decentralized apps and get users onto them, the better.It should only lend urgency to leave the “old web” for those of us who are builders, makers and evangelizers.They’re after encryption, they’re attacking anonymity, they want all of finance for themselves, and they want to kill privacy too -- I for one say NO thank you.There is a level — almost a treble —- in these comments on how “it’s inevitable” or “already cooked” but only if you see these fights in isolation. It most assuredly it is not inevitable.Let’s get positively focused and make hay while the sun shines and it’s not too late. There’s so much intelligence, compassion and love for humanity in this community. Let’s use it.

评论 #36973366 未加载

renegat0x0将近 2 年前

Browsing these days is like going into jungle. I use Adblock, ghostery, noscript, pihole. To have a good experience you cannot go in unprepared. Some pages require some scripts to be running. Then I will not go in. I think it will be the same with WEI. If a page asks me for it, I will not go in. Sorry, but no. It may be harder over time, but if I cant't change the world, I van browse on my own terms. There needs to be extension that will be blocking WEI.We need a list od pages that supports it and we need to same the for their support of WEI

smoldesu将近 2 年前

I'm sure Tom Scott wouldn't mind better personal attestation options on the Web: <a href="https://www.yahoo.com/now/prominent-youtuber-claims-brave-bat-095126650.html" rel="nofollow noreferrer">https://www.yahoo.com/now/prominent-youtuber-claims-brave-ba...</a>

评论 #36962227 未加载

saurik将近 2 年前

It's nice that they are changing their marketing on this a bit now that there is a wave to ride and the evils of DRM are coming for them; but, let's not forgot that, at the end of the day, Brave is just another company that makes money on ads :(, and (thereby) has most of the same anti-user incentives.So, sure... they clearly don't want to be prevented from blocking other peoples' ads (a big part of their pitch); but, blocking their ads while still getting paid--which is, of course, extremely easy to pull off on an unrestricted computer--is an existential threat to their only actual revenue stream which they want to protect against.The ramification: Brave's product managers--and even Brendan Eich himself (whom all of the later quotes I have in this comment were taken from, directly or indirectly)--have often talked about using the very same remote attestation technology to protect their SDK and even their browser for the same reasons as Google.<a href="https://www.reddit.com/r/BATProject/comments/bw6sek/" rel="nofollow noreferrer">https://www.reddit.com/r/BATProject/comments/bw6sek/</a><a href="https://www.reddit.com/r/BATProject/comments/b7rwbx/" rel="nofollow noreferrer">https://www.reddit.com/r/BATProject/comments/b7rwbx/</a>> 1/ native C++/Rust code, no JS tags on page that have zero integrity. That means ability to use SGX/TrustZone to check integrity and develop private user score from all sensor inputs in the enclave; ...> We already have to deal w/ fraud. That is inherent in any system with users and revenue shares or grants. We do it better via C++ and (under way) SGX or TrustZone integrity checking + OS sensor APIs, vs today’s antifraud scripts that are routinely fooled.> What Brave offers that's far better than today's joke of an antifraud system for ads is as follows: 1/ integrity-checked open source native code, which cannot be fooled by other JS on page; ... (1) requires SGX or ARM equivalent, widespread on mobile.<a href="https://www.reddit.com/r/BATProject/comments/" rel="nofollow noreferrer">https://www.reddit.com/r/BATProject/comments/</a><a href="https://www.reddit.com/r/BATProject/comments/97trex/comment/e4axu6h/?context=1" rel="nofollow noreferrer">https://www.reddit.com/r/BATProject/comments/97trex/comment/...</a>> Part of the roadmap (details in update) is a BAT SDK. Obviously it would be open source, but more: we would require Secure Remote Attestation (Intel SGX broken but ARM TrustZone as used by Trustonic may be ok) to prove integrity of the SDK code in app.

评论 #36963024 未加载

gmerc将近 2 年前

Turning the browser into a foreign entity on your own PC. From the company that went from “Making the worlds knowledge accessible’ to ‘rentseeking on the collected knowledge and the trying to lock everyone else out from it’

benatkin将近 2 年前

"Brave's browsers" distributions of browsers, there ftfy

评论 #36962281 未加载

评论 #36962253 未加载

skilled将近 2 年前

Hard to listen to anything from a company that constantly:1) Doesn’t innovate on anything, social media accounts are plagued with pointing fingers at others while using a Chromium fork themselves, ignorance at its finest.2) Has been accused of selling copyrighted data for AI training and has not made a public statement.3) Has a history of making stupid decisions and only apologizing when a big news outlet calls them out.

评论 #36962251 未加载

jauntywundrkind将近 2 年前

I personally think the upsides of WebBundles are huge. There's nothing that would stop the browser from being able to filter & ignore content coming from in a WebBundle, so I'm not sure what Brave's greivance is here. The adserving topic is complicated as heck, but everyone seems to acknowledge big change is necessary & Google and Firefox both have proposals to radically overhaul the system while enhancing user privacy; Brave's own primary distinguisher at this point is their BAT tokens, their own answer here. There's complicated topics here, but I see Brave following the standard pattern of trying to be a lightning rod of discontent.It's also surprising to me how almost no one has commented on Private Access Tokens shipping for Apple. Which do the same thing. Here's them bragging about being able to avoid catchpa's since the devices are all vouched for by Apple as unmodified & controlled by Apple: <a href="https://developer.apple.com/videos/play/wwdc2022/10077/" rel="nofollow noreferrer">https://developer.apple.com/videos/play/wwdc2022/10077/</a>There was a decent submission on this recently, but not much engagement. <a href="https://www.snellman.net/blog/archive/2023-07-25-web-integrity-api-vs-private-access-tokens/" rel="nofollow noreferrer">https://www.snellman.net/blog/archive/2023-07-25-web-integri...</a> <a href="https://news.ycombinator.com/item?id=36866355">https://news.ycombinator.com/item?id=36866355</a>I think this is absolutely the worst shit, almost as bad as MV3 being a utterly neutered shitty hell hole version of what web extensions were. But it's notable to me that both Google didn't start this particular trend, Apple did, and more broadly - I have such a hard time picking words here - it feels like the stark polemics have been on overdrive to create a reality distortion field, where Chrome is purely bad/evil/awful/no-good everywhere. We should be upset & mad! But I feel like we're pretty far into losing our minds territory, and slipping into strokes of broadsweeping public madness.