Stories
Slash Boxes
Comments

SoylentNews is people

Brave Takes Brave Stand Against Google's Plan to Turn Websites Into Ad-Blocker-Thwarting Web Bundles

posted by janrinok on Saturday August 29 2020, @11:35PM   Printer-friendly
from the my-computer-my-choice dept.

upstart writes in with an IRC submission:

Brave takes brave stand against Google's plan to turn websites into ad-blocker-thwarting Web Bundles:

A proposed Google web specification threatens to turn websites into inscrutable digital blobs that resist content blocking and code scrutiny, according to Peter Snyder, senior privacy researcher at Brave Software.

On Tuesday, Snyder published a memo warning that Web Bundles threaten user agency and web code observability. He raised this issue back in February, noting that Web Bundles would prevent ad blockers from blocking unwanted subresources. He said at the time he was trying to work with the spec's authors to address concerns but evidently not much progress has been made.

His company makes the Brave web browser, which is based on Google's open-source Chromium project though implements privacy protections, by addition or omission, not available in Google's commercial incarnation of Chromium, known as Chrome.

[...] The Web Bundles API is a Google-backed web specification for bundling the multitude of files that make up a website into a single .wbn file, which can then be shared or delivered from a content delivery network node rather than a more distant server. It's one of several related specifications for packaging websites.

The problem, as Snyder sees it, is that Web Bundles takes away the very essence of the web, the URL.

"At root, what makes the web different, more open, more user-centric than other application systems, is the URL," he wrote. "Because URLs (generally) point to one thing, researchers and activists can measure, analyze and reason about those URLs in advance; other users can then use this information to make decisions about whether, and in what way, they'd like to load the thing the URL points to."

An individual concerned about security or privacy, for example, can examine a JavaScript file associated with a particular URL and take action if it looks abusive. That becomes difficult when the file isn't easily teased out of a larger whole. Web Bundles set up private namespaces for URLs, so privacy tools that rely on URLs don't work.

"The concern is that by making URLs not meaningful, like just these arbitrary indexes into a package, the websites will become things like .SWF files or PDF files, just a big blob that you can't reason about independently, and it'll become an all or nothing deal," Snyder explained in a phone interview with The Register.

Separately, Google has been working to hide full URLs in the Chrome omnibox.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Brave Takes Brave Stand Against Google's Plan to Turn Websites Into Ad-Blocker-Thwarting Web Bundles | Log In/Create an Account | Top | 65 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday August 30 2020, @07:14AM (1 child)

    by Anonymous Coward on Sunday August 30 2020, @07:14AM (#1044104)

    Hence the line :

    "I'd probably pay $5 a month for that service, IFF I trusted the provider."

    If this becomes ubiquitous I might up that to $20. There is definitely at least a niche market there. The problem would be establishing trust.

  • (Score: 0) by Anonymous Coward on Sunday August 30 2020, @10:03AM

    by Anonymous Coward on Sunday August 30 2020, @10:03AM (#1044126)

    no, the silly-OP's problem is not Trust, i mean it is Trust, but there's more to it.

    As soon as poor sod pays for this selfincrimination-as-a-service, he realistically notarially signed that the packets, endpoint and metadata (as defined by FVEYS) are owned by him, buy the virtue of using his credit card once.

    So pay with bitcoin/xmr/other crypto someone would say, wouldnt they?
    It requires godlike devotion to opsec and presents all the same set of problems as the regular banking system.

    "Need an anonymous endpoint, must pay anonymously for it online" is a catch22.
    Given traffic analysis and knowledge of overall packet flows, ugh.
    And then someday you forget to change/use wrong vpn/proxychain/anon remailer chain/courier with usb key with data gets intercepted before transmit/owner of endpoint gets summoned to the Camera stellata, or you authenticate plaintext (due to lack of https redirect lacking, or to an ssl intercepted datacenter or they trojan your endpoint)
    and the whole of you is fucked.

    There is no market solution to this problem. There is no technical solution. There is no social solution either.

    The networks are like that because it provides an evolutionary advantage to the enemy of everything that is good and decent, us the people.

    From the crooked tree of humanity, no straight thing can ever be made.

    One should still try.