I see what you’re saying. I read it as implying the browser would fake the attestation token. I don’t know the answer, but if their (stated) goal is to stop bots and scrapers, I have to assume it wouldn’t be so simple. After all, a lot of bots and scrapers are literally running an instance of Chrome.
Search engines like DDG should really begin maintaining their own index, and they should exclude sites that use the tech from the index.
If this gets implemented, it would ruin the ability for competitor search engines (such as DDG) to exist. If Google convinces site operators to require attestation, then suddenly automated crawlers and indexers will not function. Google could say to site operators that if they wish to run ads via Google’s ad network they must require attestation; then, any third-party search indexer or crawler would be blocked from those sites. Google’s ad network is used on about 98.8% of all sites which have advertising, and about 49.5% of all websites.
Isn’t someone just going to fork Chromium, take out this stuff,
Yes, upstream Chromium forks will likely try to remove this functionality, but
put in something that spoofs the DRM to the sites so that adblocking still works?
This is the part that is not possible. The browser is not doing the attestation; it’s a third party who serves as Attestor. All the browser does is makes the request to the attestor, and passes the attestor’s results to the server you’re talking to. There is no way a change in the browser could thwart this if the server you’re talking to expects attestation.
It may be dead to its users anyway depending on how forceful Google is with this. If Brave doesn’t work on 98.8% of all websites with advertising or indeed on 49.5% of all websites (approximately Google’s ad network’s reach), it becomes as niche as lynx.
Brave is built on Chromium. So, by default, no they are not safe from this. Without extra effort, Brave will have this feature. I don’t know if its feasible but there’s a chance the Brave devs can remove the code from their distribution, but that’s the best case scenario and just puts them in the same position as Firefox: they get locked out because they refuse to implement the spec.
Not surprising unfortunately. There’s no accountability or transparency; they can deny any application they want for any reason, and don’t have to tell you why. As long as they don’t come out and say it’s due to being a member of a protected class (which they can act on indirectly, just can’t say it out loud), they can get away with any reasoning.
Oh it’s vile.
Lots of people list a property, take loads of applications, each with a nonrefundable application fee (often $100+), then close the listing and pretend it was leased out. They wait a bit and repeat the play. They can rake in thousands of dollars for literally making a posting on a website, and repeat this often. And it’s often desperate people victimized too: not only are these people renting so they’re already in a vulnerable situation, the people willing to pay high application fees typically are desperate to get a lease.
I’ve also seen places that make you pay an application fee, and as part of the screening process they run a credit check; if they aren’t satisfied with your credit score, they’ll deny you and of course keep the application fee. What’s more nefarious about this though is that they don’t give you a score cutoff; you don’t know if your score meets their criteria until after you’ve paid a nonrefundable fee.
Someone correct me if I’m wrong but my first guess is: you pronounce is like the moderately common name Simone.
Indeed. See my edit on the parent comment–I noticed that the website provides commands to the user to run, which makes it ripe for MITM attacks: if the user is copying-and-pasting commands to run into their shell, those need to be served over HTTPS.
It’s definitely not the case that it’s useless. A MITM can embed malware into the page it returns if you aren’t being served over HTTPS. It’s not just about snooping on sensitive data going one or both ways, it’s about being sure that what you’re receiving is from who you actually think you’re receiving it from.
(Edit to add:) I actually went to look at some of the rest of the site and it confirms what I suspected: not using HTTPS here puts the reader at risk. Because this website provides code snippets and command line snippets that the user is to run, by not presenting it over HTTPS, it becomes susceptible to malicious MITM editing of the content.
For example, this line on the site:
- Install Homebrew (ruby -e “$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)”)
Could be intercepted, since it’s not being served HTTPS, and be replaced with utf-8 lookalike characters that really downloads and runs a malicious ruby script! Even easier, perhaps, they could just insert an item into the bulleted list that has the user run a malicious command.
HTTPS is not just for security of personal or private information. It is also for verifiable authenticity and security in contexts like this.
Liberalism in the USA is a right-wing ideology.
In the USA there’s due process required for authorities to gain access to your private data
This is only the case when the data is being obtained by traditional means. As we’ve seen recently, authorities buying data from data brokers completely circumvents any sense of due process on a technicality.
Yeah, always invoke your right to remain silent. […] It baffles me how criminals will sit there and let police interrogate them until they confess. Maybe it’s because they think they can talk their way out of it, but then why confess.
Oh absolutely. Even if you are entirely innocent, the police use psycological manipulation as routine part of interrogation. They’d sometimes rather you get confused as to whether you actually may have done something wrong, and eventually admit to something you didn’t do, than to let you go as innocent. There is absolutely nothing good that can come out of “cooperating” (such a loaded and innacurate word in this context), whether you’re innocent or guilty.
I can’t speak to phrenology per se, but phrenology’s modern analogue is, in my opinion, the “genetics” argument. Whereas phrenology was some attempt to “explain” how the apparent shape was indicative of underlying brain structure, contemporary “scientific” racists will use genetic differences to “explain” whatever behavior they want to attribute to it.
Proposed incentives could include shorter workdays, making the trade-off beneficial for both employees and the organization.
Oh, how nice it must be to be so naive. Just as every other technological advancement that increases worker productivity has not led to the worker working less (only producing more in the same time, for no added benefit to the worker), this won’t benefit the worker either. It’s nice to say you could make the workday shorter, but your saying so makes it hurt all the more when you don’t make it shorter because more wealth can be stolen by keeping it the same.
On a similar note, I wouldn’t disclose my use to my employer for the reason that they’ll see increased productivity and do what always happens to more productive employees: punish them with more work. The more productive you are the more work you’re given to do. Hard work is not rewarded, it’s punished–with more work.
The phrase “boost global labor productivity” always disgusts me when it’s just a thin veil over “quicken wealth extraction through exploitation”.
I really like that you can hide scores on posts and comments altogether. I don’t like seeing the upvotes or downvotes. I don’t want to base my opinion on a comment or post on what other people have felt about it, and so just not seeing their reaction to it at all helps prevent that. I don’t think popularity is necessarily a useful factor to consider in judging a post or comment. This is one complaint I have about the Jerboa app right now, is that it doesn’t respect the Hide Scores preference.
That doesn’t make sense. If it was my browser cache it should (a) show my username, and (b) show the same username every time. I did do forced refreshes (without browser cache), as well as used an incognito window (where the same exact behavior happened).
I see, thanks for the clarification. I wasn’t sure about the specifics of how they produce their product from the upstream source.