Hacker News new | past | comments | ask | show | jobs | submit login

There is zero point debating this in technical detail because the proposal itself is evil. Don't get distracted by tone policing and how they scream you must be civil and whatnot.

Our best hope is kicking up a huge fuss so legislators and media will notice, so Google will be under pressure. It won't make them cancel the feature but don't forget to remember that they aren't above anti-trust law. There is a significant chance that some competition authority will step in if the issue doesn't die down. Our job is to make sure it won't be forgotten really quickly.




Yes, we need to protest. And I don't mean protest by slamming Google's github repositories with comments. That's not a protest. Go tell the media. Go tell your elected officials.

I also think web developers getting together like we did with SOPA/PIPA and raising awareness on our web properties can also help. How do we organize that?


There are some ways ranging from mellow to outright cuntish. These can be applied to websites or social media profiles (depending on the method):

- Display a small text or a link to raise awareness about WEI

- Display a "Works best with Firefox, a browser which respects you and your privacy" banner in a similar way to the chrome nagging popups.

- Display a fullscreen modal (just like the SOPA/PIPA ones) with a detailed write-up of the problem

- Subtly degrade the website's experience on chromium (just check window.chrome)

- Outright block chromium, and explain why.


Blocking Chromium altogether isn't as big of a deal as it seems, either (unless you're a truly huge website). It's so easy to switch to Firefox these days. Probably takes a few minutes. For technical blogs with useful content on them I suspect people's desire to see the content will override the inertia of switching browsers.


It absolutely takes just a few minutes. I did it today on my work laptop, installed Firefox, import from chrome, and I was back to work in less than 5


Does not blocking Chromium devolve in behavior to a comparable level as WEI? Seems like the same problem is introduced: breaking the web.


> Does not blocking Chromium devolve in behavior to a comparable level as WEI? Seems like the same problem is introduced: breaking the web.

Not really, for two reasons.

First, is that it can be bypassed, for instance with an extension which hides the relevant JS property and/or switches the user agent, or even on-the-fly edits the site's Javascript. The whole point of WEI is that it cannot be bypassed.

Second, is that just blocking Chromium does not prevent the development and use of new web browsers and/or operating systems, while a predictable consequence of WEI is making them non-viable in practice (they'd have to first convince Google that both the browser and operating system is DRM-ed enough that the user does not have enough control over the browser to make it do everything the user wants, and only then the browser would be allowed to access WEI-walled content).


I wrote to some senators today about this and also filed an FTC complaint against Google.

Talked to a few friends inside Google as well and they are also against it.

Firefox is going to be my default moving forward.

There is no reason or way to discuss it with technical merits anyway. Nobody can create a new issue on that repo, nor can they create a PR. Comments on reviews are also disabled.

Many of us are at technical spots that can do this. We need to bring back "Works best with Mozilla Firefox" pop-overs.


I think we should make a POPA/SIPA style explainer/protest popup JS script that webdevs can drop in just like before.


Yes. I would put this on my website if someone made it.


Here is a copy of a letter I have sent out https://news.ycombinator.com/item?id=36889971

Basically my arguments were it's anti-competitive, against the open web, and a risk to country's security agencies. The latter while a valid argument is to hopefully rattle politicians and government agencies.



They won't appear from the repo itself.


Also protest by stopping use of google products.


Boycott 100%.


Use Rumble instead of YouTube? Even if it's more ethical, do I want to see Russell Brand and Jim Jordan on the home page?

Edit: Ah, here's something about it from a degoogling perspective: https://www.reddit.com/r/degoogle/comments/x1610t/what_are_y...


Getting the internet archive onboard would be a good start. They have a legitimate interest in automating crawling of sites.

It could also hinder pentesters hired to test the owners website, but they already have to contend with WAFs.


I can see it being useful to have a feature which could validate if another user on a website is a human. e.g: on reddit or twitter, the user you're talking to has a little checkmark (not the blue checkmark) next to their name if they've been WEI validated. Rather than refusing to let a user use the platform, just letting other users know that the person you're talking to isn't a bot


WEI doesn't check whether they are a bot though.... they can trivially use a "trusted" browser setup and just automate it with Selenium or whatever. Or in a worst-case scenario, a $5 robot arm, with a perfectly attested browser.

The whole "this will block bots" part of the spec is complete bollocks and a red herring to distract from the real purpose - to block adblockers and competition from new browsers. And DRM, of course.


I guess it depends how far the certification goes.

If even extensions can be detected, why wouldn't selenium be detected? Granted, I don't know how it works exactly.

In addition to the 5$ robot arm you need to add 200$ for the device it is operating. Drastically raising the cost to run a bot farm is key. You can't fully eliminate inauthentic behavior, but you can make a lot of it unprofitable.


You don't have to use selenium. You can use any software that can read video memory and act as a mouse and keyboard. It doesn't have to be an extension. The browser isn't directly involved, so vetting the browser or hardware does no good.


If McDonald's required 12 year-olds to use an ordering app because their banknotes might be stolen, would that be a reasonable compromise? Foreclosing the possibility of children not being tracked (which is illegal, btw) in exchange for some marginal benefit for big tech?


Funnily enough, the McDonalds app has been claimed to require Safety Net verification on Android.


> It won't make them cancel the feature but don't forget to remember that they aren't above anti-trust law.

They can buy government many times over with their vast resources. This may be too late for that. What ideally should happen is that corporations this big should be split until each of the new entities meet the definition of SME. That's what is broken in the current iteration of capitalism. There is no real competition any more, so it no longer works.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: