💾 Archived View for tilde.club › ~winter › gemlog › 2023 › 8-02.gmi captured on 2024-05-26 at 14:53:46. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
The last job I worked at, I did some web development. It wasn't my choice. I got re-org'd away from my previous team, lead a web team where a lot of my responsibilities were webapp development. Older stuff (Java and Struts), newer stuff (React, node.js), plus traditional stuff - HTML, CSS, JavaScript. I administered servers, worked with our automation, learned the ins and outs of a CMS that is, to be polite, not exactly in a Gartner Magic Quadrant.
I did it because it was my job, but it was never something I loved. Every time I worked with the (excellent) UI/UX developers, I was reminded of how far the web had shifted from when it was young and open. HTML these days is a big mess, and I feel like I'd have needed to do this for many years to feel comfortable. That said, it was always a big mess, it's just that back then, JavaScript was used to make sweet mouse effects and scrolling text, not serve massive amounts of advertising and tracking so that brand communication specialists could track monthly metrics and ask you to prioritize Jiras that they think will drive higher NPS.
(I still remember these terms. I want to forget these terms.)
Hacker News: Web Environment Integrity API Proposal
reddit: google's new "web environment integrity" (read: drm for web browsers) proposal
The web sucks these days and I hate it. Not a groundbreaking statement: I mean, I'm writing it here, right? But I loathe that we now have a just handful of rendering engines. That the web has been so complicated that just to think about starting a new such engine from scratch would require a Herculean effort, a crack team, a lot of money, the desire to take on Google. So formidable that nobody will start. I miss the days when browsers were kind of shit and half worked, because at least at that point, corporations, to borrow a phrase from Black Adder, couldn't tell their ass from their elbow.
The latest salvo against regular users is Web Environment Integrity, a proposal by, who else, Google. Or, at least, a bunch of people who just happen to work at Google. The title of this gemlog entry is taken from Ginsberg's "Howl", and it came to mind immediately because years ago, and I can't remember where, and I can't search for it anymore, I read something to the effect of, "the best minds of my generation are focused on increasing ad revenue and KPIs."
GitHub: RupertBenWiser / Web-Environment-Integrity
Web-Environment-Integrity: explainer.md
Web Environment Integrity is essentially browser DRM, a way of defining an allowable stack, not just of the browser but of the operating system and its applications as well. This sort of thing will, for the majority of people, be invisible, and fine. They bought an iPhone or Android device. They didn't install their own OS, sideload any apps. They can still use Instagram and search Google. What's the big deal?
But for those of us who grew up with the notion of a general purpose computer, and the web as a collection of open sites accessible by well-understood (or at least well-defined) protocols, this is an attack, an attempt to close off portions of the web. If I'm being cynical, and I am being cynical, it's another tool for corporations to ensure their users are actually people. That therefore the data associated with them is valuable. Can be aggregated, parcelled, analyzed and sold. In a generous sense, it's a way of fighting bots and scrapers. But at its core it's a way for companies to protect the data they claim as their own.
With the web environment integrity API, websites will be able to request a token that attests key facts about the environment their client code is running in.
Why should a website know anything about the environment of the requester? Gemini had it right, not allowing things like user agent strings. Those were bad enough; this will be used to ensure that things like ad blockers are not installed. Over the years people have been wising up, and sites now regularly have pages that detect ad blockers and beg you to turn them off, provide an exception.
The obvious next step is to provide recommended guidelines, trusted guidelines (as they come from Google), that require an ad-blocker free setup, or else the web goes dark.
(It is amazing, truly amazing, how much more advertising we see in our day to day life versus 30 years ago, but that's a post for someone smarter than me -)
Websites will ultimately decide if they trust the verdict returned from the attester.
I hate this so fucking much. The idea of an open web is dying. In its place we get a web that only runs on trusted devices, a web of corporate interests, a web that's deeply hostile to actual people.
And I hate this because Chrome is, for all intents and purposes, the de facto window to the web, and Google controls every aspect of Chrome. I use Firefox and have since it was just Mozilla, but I'm in a tiny minority. The web is dying. It's not enough that Google-the-search engine is garbage, but now Chrome, too? And every other browser that scrambles to implement this due to its feeling of inevitability?
In an ideal world, people would shift to something else, but I don't think that happens. What Google wants, Google gets. Just look at how Lighthouse controls how people develop websites; how hard would it be to add something like this, give a site low ratings, suggest a trusted site setup? Look at what Google did with PNG and webp. There are many ways to drive adoption, and a compelling technical case doesn't have to be one of them.
Technical users will do what they do - vent their spleen in GitHub issues, post on Hacker News/Reddit/gemlogs - but regular users will go along with this, and probably not even wonder what the big deal is. If history's shown us anything, it's that people will just keep doing what they know, and keep letting Google do what they want. There will be a whole generation of people just coming online who won't know any better. And for the rest of us, most people will just continue with their day, maybe thinking about how things aren't as fun as they used to be, how the internet's less exciting, not having the full breadth of experience to think about why, the technical expertise to explore alternatives.