Your choice of browser matters — Google’s Web DRM and the open internet
https://grafcube.codeberg.page/blog/2023/08/06/web-drm-api.html
I wrote this blog post to inform the people I know who aren’t as tech savvy or otherwise don’t put any thought into their choice of browser. Another goal is to help get enough awareness on the topic and make sure it fails.
@opensource @privacy #webintegrityapi #WEI #google #mozilla #chrome #firefox #chromium #foss #opensource #OpenWeb #privacy #drm #nodrm #drmfree #freesoftware #browser
@grafcube @opensource @privacy
> But why do you use Chrome?
I can tell why I do. I used to use Firefox but had to move to Chromium long time ago for several reasons:
-
It was nicer on RAM on a very small machine I had at the time. I think Firefox got better in that sense since then.
-
Many web apps don’t work quite well (or don’t work at all) on anything but Chrome. That’s a sin many lazy web developers make, and it forces their choice on the users.
The first point is no longer true. The second point is, sadly, quite relevant.
To the second point, as a avid firefox user, I noticed that some Webapps seem to not depend on the Browser alone.
Even in safe mode, some Webapps sometimes work better on different systems than on others using the same Firefox version.
For instance youtube streaming seem to work better on my Linux laptop then on my Windows desktop, where it becomes stuttery. In Chromium there it works as well as Firefox on my Laptop.
What I want to say is that browsers and all the systems around this are very complicated. So your milage with the same browser will vary, and you might blame the wrong thing.
By just changing user agent string you can make the site work on Firefox too!
This new invention from Google has nothing to do with the browser you use. It is an API incorporated into, with Google affiliates and its own, web pages, which allows these pages to block any browser “for security reasons”, when it does not have a Google Token incorporated, that accredits it as secure. That is, it is then Google itself who decides which browser is worthy to access the web. It doesn’t matter which browser you use, or incorporate this Token in it, or forget about a large part of the internet and anyway about any Google page or service (Gmail, YouTube, GDrive, GoogleMaps, …). This is the danger that the free internet faces, that Google decides which browser is worth using and which is not, being able to allow only Chrome itself as the only valid browser to access half of the pages on the network, and Game over for everyone else, Chromium, Gecko, WebKit or any other, without Google Token in it no internet, except if some geek comes up with some Fake Token which can be used (complicated)🤬.
For the downvoters, also Firefox and forks need to insert this Google Token in the Browser or die. Because of this Mozilla, Vivaldi and several others have started a protest before the legislator to prevent this crap. In the EU there is already a debate whether or not this is compatible with GDPR and user rights. We’ll see what comes of this. It is legitimate that Google provides tools to web pages to protect against entries from bots and insecure browsers, but it is not legitimate that the decision which browser is secure and which is not, depends on this company, only a certificate from an independent technical institution can be valid on technical grounds and not by Google itself for possible commercial reasons.
I am fairly tech savvy and I willingly avoid using Firefox because I despise Mozilla. Thank you for your concerns.
I don’t really like Mozilla, but how is Google any better? And those are the two options, unfortunately.
And those are the two options, unfortunately.
Exactly. Mozilla is better but not that much. What we really need is a 100% community-developed browser engine sponsored by several large companies that are independent from each other. But seems like it’s too late, we’re boiled frogs at this point. Although maybe these are the circumstances under which such an initiative could finally emerge.
Developing a community based browser engine that remains up to date with all the updates to the html, css, and javascript standards would require an immense amount of infrastructure and monetary backing. Essentially Firefox’s Spidermonkey is the closest we have.
I’d be curious if Mozilla could somehow get enough funding without Google or Microsoft or any other big tech corporate funding/influence and still keep up to date with new features and security patches. Doesn’t seem likely though.
Librewolf on Linux Desktop with NoScript, Chameleon, etc. Mull on Android mobile with similar. (Both are firefox based).
I’m on Graphene OS for mobile though, which necessitates the use of Google’s Pixel and uses a hardened Chromium based browser called Vanadium. Main dev has criticized Firefox for being insecure in the past, but still use Mull anyway…
@grafcube @opensource @privacy So mostly, I agree with what you said, but except the things you got wrong, which I already, mentioned there some other things I wanted to say: You critized Brave for including it’s crypto stuff, which is fair, but you said it like it would make it less trustworthy or bad for privacy which isn’t true, also u just can disable it and it has also the posetive effect that people who like this crypto stuff, start using a privacy respecting browser instead of the others
@grafcube @opensource @privacy Which I also wanted to say, the only Ads Brave allow are Ads in Search Results as far ik, I never seen any other ads so far while using Brave on Android (on Desktop I have uBO on top), you also said that Firefox has the superior Fingerprinting Protections which isn’t rly true, Brave’s approach to defend fingerprinting by randomization (giving every website a unique fingerprint every new session, etc.) is pretty effective. While Vivaldi has almost no fingepriting1/2
@grafcube @opensource @privacy 2/2 protections which make it a lot weaker compared too Brave. I wouldn’t never recommend Vilvadi over Brave, if it’s about privacy.
@grafcube @opensource @privacy I will make some comments to it, when I finished reading. I just want to say u already got some points wrong, Brave plans to continue supporting MV2 too, same for Vivaldi as far ik. Also DuckDuckGo’s Browser are not chromium based too, they use the Systems Webview.
Edit: removed the info that Brave will not support WEI, since it got later mentioned in the blog post
The WebView on Android at least is Chromium based though, but I agree its probably best to make that distinction.
@Skimmer I guess, there are still some differences to a normal chromium based browser if a browser operates with the systems webview Integration, which u can also change.
@hevov It’s basically a system component which display web content. Android, Windows and other OS has this.
So you mean DuckDuckGo is just using the default browser engine?
Windows is probably using Edge/Chromium Mac OS is using WebKit.
That what you mean? I only found an Android app of a browser engine called System Engine.
