Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday August 29 2020, @11:35PM   Printer-friendly
from the my-computer-my-choice dept.

Brave takes brave stand against Google's plan to turn websites into ad-blocker-thwarting Web Bundles:

A proposed Google web specification threatens to turn websites into inscrutable digital blobs that resist content blocking and code scrutiny, according to Peter Snyder, senior privacy researcher at Brave Software.

On Tuesday, Snyder published a memo warning that Web Bundles threaten user agency and web code observability. He raised this issue back in February, noting that Web Bundles would prevent ad blockers from blocking unwanted subresources. He said at the time he was trying to work with the spec's authors to address concerns but evidently not much progress has been made.

His company makes the Brave web browser, which is based on Google's open-source Chromium project though implements privacy protections, by addition or omission, not available in Google's commercial incarnation of Chromium, known as Chrome.

[...] The Web Bundles API is a Google-backed web specification for bundling the multitude of files that make up a website into a single .wbn file, which can then be shared or delivered from a content delivery network node rather than a more distant server. It's one of several related specifications for packaging websites.

The problem, as Snyder sees it, is that Web Bundles takes away the very essence of the web, the URL.

"At root, what makes the web different, more open, more user-centric than other application systems, is the URL," he wrote. "Because URLs (generally) point to one thing, researchers and activists can measure, analyze and reason about those URLs in advance; other users can then use this information to make decisions about whether, and in what way, they'd like to load the thing the URL points to."

An individual concerned about security or privacy, for example, can examine a JavaScript file associated with a particular URL and take action if it looks abusive. That becomes difficult when the file isn't easily teased out of a larger whole. Web Bundles set up private namespaces for URLs, so privacy tools that rely on URLs don't work.

"The concern is that by making URLs not meaningful, like just these arbitrary indexes into a package, the websites will become things like .SWF files or PDF files, just a big blob that you can't reason about independently, and it'll become an all or nothing deal," Snyder explained in a phone interview with The Register.

Separately, Google has been working to hide full URLs in the Chrome omnibox.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by fakefuck39 on Sunday August 30 2020, @12:57AM (4 children)

    by fakefuck39 (6620) on Sunday August 30 2020, @12:57AM (#1044018)

    A packaged webpage as one file has existed since the early days of IE on windows 95. You could save a webpage as a single file archive, and all the URLs were replaced with relative paths. What idiot thinks a filter doesn't work on relative paths. This idiot researcher, who is just trying to push his anti-google agenda using made up strawman shit.

    There's plenty of bad things about google - there's no need to make shit up. Packaging up all resources in a single file that can be delivered at a network exit point physically close to you speeds up your load times and decreases overall internet traffic by reducing hops.

    It's the same BS as people spread about AMP. Which is just a nice simple version of the shitty unreadable original website. While at the same time complaining about unusable complex and cluttered websites.

    I'm google-free - always have been. My pixel that I got for free doesn't run google's android, I never had gmail, and working at VARs, I've never once put GCP in a solution. They haven't had a dollar from me in my life, and they've lost tens of millions because of me because I refuse to sell their solutions and give the business to their competition. But spreading bs like this guy just dilutes the issues and make them not seem as bad. It's like the protesters constantly attacking regular people. This guy is accomplishing the opposite of what he's trying to do.

    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  

    Total Score:   4  
  • (Score: 3, Interesting) by krishnoid on Sunday August 30 2020, @01:13AM (1 child)

    by krishnoid (1156) on Sunday August 30 2020, @01:13AM (#1044024)

    Lots of people don't pay for any Google services -- especially people in developing nations who aren't the one-percenters with iPhones.

    In this context, who are their competitors that you send business to? Just curious.

    • (Score: 4, Interesting) by fakefuck39 on Sunday August 30 2020, @03:22AM

      by fakefuck39 (6620) on Sunday August 30 2020, @03:22AM (#1044060)

      Not giving google money does not mean not paying for services. It means not using google products or selling google products. About 8mil per year of tech solutions I sell run in or DR to cloud. There are only 2 competitors to GCP. Azure and AWS. Those are the only ones that go into my proposed solutions that my customers buy.

      Now, the reason for this is not a personal vendetta against google. They did me no wrong - it's simply that they don't offer a single thing I am interested in, nor do they provide a good enough solution for me sell. This is not for technical superiority or functional reasons. It's for reasons of what they are as a company. With google, there is bad support, getting your whole company screwed up, and google not lifting a finger to resolve the issue. Google's products are inferior to the competition, so I don't sell them.

      Over the last 5 years, I'd say google has lost at least $200mil in gross because of me and fellow solutions architects at the 3 companies I've worked for. We'd never risk losing a customer because we put in a GCP solution for them and google dropped the ball.

  • (Score: -1, Offtopic) by Anonymous Coward on Sunday August 30 2020, @03:59AM (1 child)

    by Anonymous Coward on Sunday August 30 2020, @03:59AM (#1044078)

    [...] It's like the protesters constantly attacking regular people. [...]

    The 'protesters' and 'regular' people were financially-compensated by the US government for participating in fake protests and riots. The american media is a shitshow of trolling for presumptive criminals and suspects.

    • (Score: 0, Flamebait) by fakefuck39 on Sunday August 30 2020, @10:50AM

      by fakefuck39 (6620) on Sunday August 30 2020, @10:50AM (#1044136)

      ok there china troll. financially compensated doesn't need a "-" - try google translate for better results. oh, you can't since it's blocked where you are.

      the protesters are a bunch of looting niggers and a middle-class suburban teenagers and 20-somethings who just moved into a condo paid for by their dentist trump-voting parents, whom they are rebelling against. No one paid them. I'm in Chicago, smack in the middle of this shit. You, you're autistic and forgot to take your pills.