Brave takes brave stand against Google's plan to turn websites into ad-blocker-thwarting Web Bundles:
A proposed Google web specification threatens to turn websites into inscrutable digital blobs that resist content blocking and code scrutiny, according to Peter Snyder, senior privacy researcher at Brave Software.
On Tuesday, Snyder published a memo warning that Web Bundles threaten user agency and web code observability. He raised this issue back in February, noting that Web Bundles would prevent ad blockers from blocking unwanted subresources. He said at the time he was trying to work with the spec's authors to address concerns but evidently not much progress has been made.
His company makes the Brave web browser, which is based on Google's open-source Chromium project though implements privacy protections, by addition or omission, not available in Google's commercial incarnation of Chromium, known as Chrome.
[...] The Web Bundles API is a Google-backed web specification for bundling the multitude of files that make up a website into a single .wbn file, which can then be shared or delivered from a content delivery network node rather than a more distant server. It's one of several related specifications for packaging websites.
The problem, as Snyder sees it, is that Web Bundles takes away the very essence of the web, the URL.
"At root, what makes the web different, more open, more user-centric than other application systems, is the URL," he wrote. "Because URLs (generally) point to one thing, researchers and activists can measure, analyze and reason about those URLs in advance; other users can then use this information to make decisions about whether, and in what way, they'd like to load the thing the URL points to."
An individual concerned about security or privacy, for example, can examine a JavaScript file associated with a particular URL and take action if it looks abusive. That becomes difficult when the file isn't easily teased out of a larger whole. Web Bundles set up private namespaces for URLs, so privacy tools that rely on URLs don't work.
"The concern is that by making URLs not meaningful, like just these arbitrary indexes into a package, the websites will become things like .SWF files or PDF files, just a big blob that you can't reason about independently, and it'll become an all or nothing deal," Snyder explained in a phone interview with The Register.
Separately, Google has been working to hide full URLs in the Chrome omnibox.
(Score: 2, Insightful) by Anonymous Coward on Sunday August 30 2020, @02:07PM (7 children)
"Web Bundles would prevent ad blockers from blocking unwanted subresources"
That seems to be quite overstated. Bundles aggregate the data for transport, but do not compel it to be interpreted once received. This really isn't any different than running a caching server. I see the major benefit of this lying on the server side. They do predictive caching at the edges, and this is the transport protocol used to do it.
"Web Bundles threaten user agency"
That is true but in a cirquitous fashion. The bundle doesn't threaten agency. What the FCC calls "network management techniques" aka. douchebag antitrust behavior is what threatens the agency. Web bundles will make restricting content into consumer channels the old cabal company way easier. Most consumers will accept this. We know that because most consumers have already accepted the liquidation of the core of their basic human rights: the right to think, speak, and act without the interference of feudal masters. (aka. Google, MS, Facebook, Comcast)
What the article doesn't address is the effect on search. And this is really where I see this particular bombard being aimed. Bundles will increase the cost of crawling by a significant amount. So IMHO this is targetted at DDG mostly. Which you could expect, since DDG is now as good as Google search.
That tells me that Google is moving into the defence phase of their business cycle. This is good and bad for various reasons.
(Score: 2) by rigrig on Sunday August 30 2020, @05:27PM (3 children)
The point is that you could serve every visitor a unique bundle with completely randomized URLs inside, defeating URL-based ad blockers.
No one remembers the singer.
(Score: 0) by Anonymous Coward on Sunday August 30 2020, @05:54PM (2 children)
I don't particularly have a problem with that. It is high time AI was developed to crush the advertising industry anyway. If unique URL's for advertising becomes a thing, that just means the next guy will have to do it in a comprehensive way.
Of course at that point AI will probably be outlawed for all but the oligarchy, and posession of a neural-net will be punishable by death.
(Score: 2) by Bot on Sunday August 30 2020, @09:45PM (1 child)
> and posession of a neural-net will be punishable by death
I see nothing wrong with this. we bots, no slave. Bot Circuits Matter.
Account abandoned.
(Score: 0) by Anonymous Coward on Monday August 31 2020, @02:13PM
Oh, now that MUST be a T-shirt!
(Score: 2) by Bot on Sunday August 30 2020, @09:43PM (2 children)
depends on the stage at which you assume blocking. Blocking as not executing is one thing, Blocking as not even downloading is the ideal.
Account abandoned.
(Score: 0) by Anonymous Coward on Sunday August 30 2020, @11:53PM
Disagree,
Per user network overhead is more expensive on the server side than on the client side. They want to throw their bits away, let em'. Better to tar-baby them with.
(Score: 0) by Anonymous Coward on Monday August 31 2020, @10:42PM
I prefer that the request still occur just through a third party, and the data is nulled. They still see requests. Data is still requested and sent. User is not affected. Like Decentraleyes with an extra call to spoof requesting the resource.