The reason we can still run Linux on our desktops and laptops today, is that Linux was already popular enough back when Secure Boot was specified, so that Microsoft could be convinced to allow Secure Boot to be disabled and/or user-specified keys to be enrolled (and also to sign the bootloader for Linux distributions which follow a specific set of criteria when Secure Boot is enabled). Had desktop Linux not been popular enough, Microsoft would have required all OEMs to not allow disabling Secure Boot or enrolling user-specified keys (as they later tried to do with ARM laptops).
In the present day, are alternative browsers popular enough that we can avoid the worst-case scenario? Do enough people compile these alternative browsers from source code (meaning each binary is slightly different) to make a difference?
I think Microsoft made it mandatory to allow disabling secureboot because they wanted their older OSs to work, didn't want devices getting bricked when a vendor poorly implemented it, and didn't want to get hit with another anti-trust suit. not necessarily in that order.
I've read that Surface ARM hardware had a secure boot that could not be disabled. This would make a lot sense; there was no legacy Windows for ARM to keep backwards compatibility for.
The first use case they mention is restricting ad fraud (and, presumably, ad blocking):
> Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they're human, sometimes through tasks like challenges or logins.
So if this goes forward, websites will be able to call the web environment integrity API to check you are a proper ad-watching human before serving content.
"Your contract with the network when you get the show is, you're going to watch the spots. Otherwise you couldn't get the show on an ad-supported basis. Anytime you skip a commercial or watch the button you're actually stealing programming."
Jamie Kellner's words still ring true today. When corporations make content available supported by advertisements, they are assuming a moral obligation on your part to see those advertisements. Violating that obligation is felony contempt of business model.
Jesus, I thought this was satire, but this guy is for real.
Not a lawyer, but in my understanding, the core property of a contract is that both sides are aware of it, in particular of their obligations in the contract. There must also be a defined moment the contract is concluded.
This is specifically not the case with ads: Ad-supported services are frequently advertised as "for free", not in the sense that ads are the "payment". Even if they were, they would be unlike any other business transaction as the service provider is free to change the "price" (i.e. amount of ads shown) at any time.
That's not even considering all the situations where you're subjected to ads without receiving any kind of service - or where something that you paid money for suddenly starts to show you ads too.
Felony contempt of business model indeed, as well as theft of assumed future profits!
But why should I care about the contract when the providers violates it as well? When you provide your services in the country I reside in but refuse to follow our national laws, you have violated the contract as well.
I live in Norway, and even "serious" advertisers shows me alcohol and gambling advertisiments. This is strictly forbidden by norwegian law, yet I have seen multiple advertisements of this kind from Google, Facebook and Discovery. Discovery in particular has just recently agreed to follow the law for television broadcasts, to be fair.
GDPR is also violated a lot, especially by advertising corporations. I have never consented to the vast amount of tracking that I'm subjected to when browsing the internet, even though I have that right.
It's not like they are obligated to provide services to my country either. If european laws are too strict, they can always leave instead of violating our rights.
You don't have a contract with the network. The advertisers do. The network is committed to deliver audiences to the advertisers in return for money. The way they do this is by showing content that the audience wants to watch. You don't owe neither of them nowt.
I would love to know the personal motivations and moral feelings of those who work on features like this. Are they naive about how these features will be used? Do they not care? Do they not have a personal sense of responsibility for contributing to the end of open, free computing? It's been a while since I took a Big Tech paycheck, but I don't remember being this willing to go build nightmare tech when I was getting one.
Google marketing exec: "We need to lock down web browsers so we can make more money by showing ads."
"Ad blockers need to be prevented. The new WEIE APIs will ensure that ad blockers aren't running and that no DRM is being compromised."
"We also want to prevent ad fraud. With WEIE we can ensure that ad clicks are legit and that people are watching the ads we show. If we can't control the operating system like we can on Chromebooks and Android phones, then we need to control the web browser with cryptographic certainty."
Will anybody be able to do anything about it? This is not API for you and me. This is API for the big tech, for corporations, for Banks. They will use it, they will honour it. You may not use it, but because corporations will use it, it will become a standard. Three is no leeway. You have no control over big business. You will scream, they will do what they want.
So, in short: Google and other companies shamelessly polluted the web with ads and personalized ad driven content, and since regular folks use ad blockers, and ad manipulating people abuse the very system those companies fostered, there is now a supposed need to get the house in order... ...by force feeding us ads and trackers, bypassing whatever still allows people to browse sanely.
Readit News
In the present day, are alternative browsers popular enough that we can avoid the worst-case scenario? Do enough people compile these alternative browsers from source code (meaning each binary is slightly different) to make a difference?
> Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they're human, sometimes through tasks like challenges or logins.
So if this goes forward, websites will be able to call the web environment integrity API to check you are a proper ad-watching human before serving content.
Jamie Kellner's words still ring true today. When corporations make content available supported by advertisements, they are assuming a moral obligation on your part to see those advertisements. Violating that obligation is felony contempt of business model.
Not a lawyer, but in my understanding, the core property of a contract is that both sides are aware of it, in particular of their obligations in the contract. There must also be a defined moment the contract is concluded.
This is specifically not the case with ads: Ad-supported services are frequently advertised as "for free", not in the sense that ads are the "payment". Even if they were, they would be unlike any other business transaction as the service provider is free to change the "price" (i.e. amount of ads shown) at any time.
That's not even considering all the situations where you're subjected to ads without receiving any kind of service - or where something that you paid money for suddenly starts to show you ads too.
Felony contempt of business model indeed, as well as theft of assumed future profits!
I live in Norway, and even "serious" advertisers shows me alcohol and gambling advertisiments. This is strictly forbidden by norwegian law, yet I have seen multiple advertisements of this kind from Google, Facebook and Discovery. Discovery in particular has just recently agreed to follow the law for television broadcasts, to be fair.
GDPR is also violated a lot, especially by advertising corporations. I have never consented to the vast amount of tracking that I'm subjected to when browsing the internet, even though I have that right.
It's not like they are obligated to provide services to my country either. If european laws are too strict, they can always leave instead of violating our rights.
Deleted Comment
https://hnrankings.info/36778999/
I don't like you cause you contradicted me the last time, therefore I'm going to mod you into oblivion :]
"Ad blockers need to be prevented. The new WEIE APIs will ensure that ad blockers aren't running and that no DRM is being compromised."
"We also want to prevent ad fraud. With WEIE we can ensure that ad clicks are legit and that people are watching the ads we show. If we can't control the operating system like we can on Chromebooks and Android phones, then we need to control the web browser with cryptographic certainty."
What about all the people who have an outdated browser and don't know how to update it?
edit: One of the goals addresses this[0]:
Continue to allow web browsers to browse the Web without attestation