this post was submitted on 12 Oct 2023
817 points (100.0% liked)
196
16493 readers
1889 users here now
Be sure to follow the rule before you head out.
Rule: You must post before you leave.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
From my understanding, it allows a website to check if youβre running a Chromium browser, and block your access to the site or to features of the site if you arenβt
Well then I am a chromium browser. At least as long you need to think that.
What technology they are using I can't fake on a Firefox?
It's the API itself, it's a little more complicated than just checking if you have a chromium browser. What it's looking for is special tokens generated by google within chromium browsers. Google is selling this idea as a way to help verify identity of the end user and thus block bots. That's concerning, because it suggests that google will have some verification method likely involving ID and generate a unique token with that info associated with it. This is a real concern for web privacy for like a million reasons, obviously, and ideally should not be adopted by anyone. If other tech gatekeepers adopt it (and they would love to) it will block giant swathes of the internet from people refusing to use the tech and further googles monopoly over general consumer browser use. Now, could the token be fudged? Possibly. But it will take time to figure out.
And what's really fucking infuriating about this is that it honestly has nothing to do with making the internet a better place to be or improving the safety of the internet or protecting children or anything like that.
It's about ads.
They're literally trying to fuck the entire internet in broad daylight so that they have a way to guarantee to their advertisers that they are targeting you with the ads the advertisers want you to see.
"integrity"
π€ So what happens if you look up porn on a chromium browser and then try to run for office years later? Couldn't they in principle blackmail whoever they wanted?
This is why google wanted to deprecate the User-Agent header.
god that'll make it impossible to do a bunch of frontend work for anything but their browser. which is another reason they want to do it, i'm sure
They deprecated it as in it always is set to the same value regardless of the chrome version.
... Oh. Sorry friend, they're using TEE, trusted execution environment, aka the place where a key is put by the manufacturer and not available to the user without an exploit or taking apart the processor. Faking it isn't going to be like changing the user agent
Fun how companies came up with a way to run code on our hardware at home without our ability to modify it
Well then I won't use it and maybe cut my access to their Services
Yeah... That's about where I'm at. I figure I'll keep an old computer set up to deal with things I have to use, but the corporate Internet is really starting to suck. When Reddit went down, I started the long and painful process of finding a better way... It's going to involve quite a lot of custom solutions, but at least it starts off crappy and quickly improves instead of the opposite