Multiple billionaires have answerd the question, “when is it enough?” With the reply: “when I own everything.”

many talks

In the same way it’s not anti-competitive for Apple to require Safari on iOS.

Oh wait. It is. But only google and microsoft get in trouble and apple always gets a free pass.

Thanks! Here’s the message without all the BBC quotes to make it easier to copy for app users:

Dear FTC,

Google has proposed a new Web Environment Integrity standard, outlined here: https://github.com/RupertBenWiser/Web-Environment-Integrity/…

This standard would allow Google applications to block users who are not using Google products like Chrome or Android, and encourages other web developers to do the same, with the goal of eliminating ad blockers and competing web browsers.

Google has already begun implementing this in their browser here: https://github.com/chromium/chromium/commit/6f47a22906b28994…

Basic facts:

Google is a developer of popular websites such as google.com and youtube.com (currently the two most popular websites in the world according to SimilarWeb) Google is the developer of the most popular browser in the world, Chrome, with around 65% of market share. Most other popular browsers are based on Chromium, also developed primarily by Google. Google is the developer of the most popular mobile operating system in the world, Android, with around 70% of market share.

Currently, Google’s websites can be viewed on any web-standards-compliant browser on a device made by any manufacturer. This WEI proposal would allow Google websites to reject users that are not running a Google-approved browser on a Google-approved device. For example, Google could require that Youtube or Google Search can only be viewed using an official Android app or the Chrome browser, thereby noncompetitively locking consumers into using Google products while providing no benefit to those consumers.

Google is also primarily an ad company, with the majority of its revenue coming from ads. Google’s business model is challenged by browsers that do not show ads the way Google intends. This proposal would encourage any web developer using Google’s ad services to reject users that are not running a verified Google-approved version of Chrome, to ensure ads are viewed the way the advertiser wishes. This is not a hypothetical hidden agenda, it is explicitly stated in the proposal:

“Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they’re human, sometimes through tasks like challenges or logins.”

The proposed solution here is to allow web developers to reject any user that cannot prove they have viewed Google-served ads with their own human eyes.

It is essential to combat this proposal now, while it is still in an early stage. Once this is rolled out into Chrome and deployed around the world, it will be extremely difficult to rollback. It may be impossible to prevent this proposal if Google is allowed to continue owning the entire stack of website, browser, operating system, and hardware.

Thank you for your consideration of this important issue.

FYI, the two web links in the example email seem to be cut off, as they end in ellipses. ?

Someone needs to make a button on the Internet that sends the email from you.

Thank you, sent. While I’m crossing my fingers that someone reads/notices this, I am just as doubtful that any valuable action will be taken before it is too late. Democratic governments are simply too slow.

I really cant put it into words how much I hate google right now… Capitalism at its finest

Abandon Chrome and Chromium en masse and this will go away. But normies suck.

I am not an expert, but it’s likely signed and cryptographically secured. Change a single byte in the be Browser executable and your browser goes on the naughty list. This is total lockdown of the browser, and in principle you can extend certification of both software and hardware all the way down through the OS into the hardware.

Attestation depends on a few things:

1. The website has to choose to trust a given attestation provider. If Open Source Browser Attestation Provider X is known for freely handing out attestations then websites will just ignore them
2. The browser’s self-attestation. This is tricky part to implement. I haven’t looked at the WEI spec to see how this works, but ultimately it depends on code running on your machine identifying when it’s been modified. In theory, you can modify the browser however you want, but it’s likely that this code will be thoroughly obfuscated and regularly changing to make it hard to reverse engineer. In addition, there are CPU level systems like Intel SGX that provide secure enclaves to run code and a remote entity can verify that the code that ran in SGX was the same code that the remote entity intended to run.

If you’re on iOS or Android, there’s already strong OS level protections that a browser attestation can plugin to (like SafetyNet.)

WebChain of trust, the site only trusts certain attesters (yes this would be really bad for Linux).

EDIT: Used the wrong “of trust”