2y ago

Your choice of browser matters — Google's Web DRM and the open internet

https://grafcube.codeberg.page/blog/2023/08/06/web-drm-api.html

I wrote this blog post to inform the people I know who aren't as tech savvy or otherwise don't put any thought into their choice of browser. Another goal is to help get enough awareness on the topic and make sure it fails.

@opensource @privacy #webintegrityapi #WEI #google #mozilla #chrome #firefox #chromium #foss #opensource #OpenWeb #privacy #drm #nodrm #drmfree #freesoftware #browser

83 comments

I've been using Firefox as my primary on both desktop and mobile for about 6 years now, and it's usually pretty great. Desktop rarely has problems. On mobile there are a good number of sites with issues though, because devs don't usually test against it as has had a low number of users. But hopefully this revitalized movement to switch will make them have to care. And that said, 99% of the time these sites are still mostly usable, unless the broken thing is important like say a login screen 😅
- I've only had like 1 issue on desktop in the last like 5 years. Mobile I've bumped into a few hiccups with forms, sliders, and other elements not working properly. If I can't resolve the issue by requesting the desktop site I go to my computer or Chrome in an absolute emergency.
  That said, I'd take a (waaay) sub-1% failure rate any day in exchange for having the joy of uBlock Origin on my phone. If you're on Android, I can't recommend Firefox enough thanks to the add-on support.
- The opposite is true. A friend tells me some site is not working for them and they're using Chrome. I open it on Firefox and yup, works fine.
  Of course, it's way more serious when the site doesn't work on FF.
- @ZephyrXero Interesting. I've personally never had any problems on Android. I use Iceraven since it has more extensions and the only issue so far has been that initial load is often slow (because of the extensions I use).
  
  Iceraven?
  
  I have been using fennec and yeah the load is slow only when i have all the extentions enabled but overall a great browser
- I have been using in desktop for about a year and it's been great. I had tried mobile a while back and had some issues but with Google's proposals I'm willing to try again.

I have been using Firefox since the release of Firefox 57 aka Firefox Quantum in 2017. I love the browser and most of sites run well in firefox. But there have been a few cases where I had to use a chromium based browser.
Firefox + Ublock origin is a great and awesome combo.
I also use Firefox on android. It is okay, but I sometimes feel it is slow at loading some sites. But it is not a big deal.
- Oh, also Firefox is the only mainstream browser on Android that supports installing extensions.
  
  This. I switched to Firefox on Android, because of extensions. At the same time I switched to Firefox on Windows. And I never looked back. The only problem I have is native support for PWA on Firefox for desktops (we can add support with 3rd party app), and backgorund notifications doesn't work on PWAs on Firefox for Android
- I could never browse the internet without mobile firefox and ublock origin.
- @BearPear @grafcube
  firefox on android is very slow, especially when a page is reloaded, partial site loading is used, or you scroll in "long" pages. For certain pages I don't use firefox anymore, because it's really annoying. Same pages, same phone, other browser - no problems.
  @mozilla

Unfortunately this is coming and a majority of people are going to happily step on to the train.
Think of it like this: 99% of all apps could have been just web apps in a mobile browser (Hell, a majority essentially are just a wrapped web app) but because of companies offering more/better functionality people choose to use the app.
All that needs to happen is sites starting require DRM functionality for "security reasons" so that the end user can enjoy more features.
A majority of end users don't understand the implications when making choices like these.
- @Mindlight but it hasn't happened yet. Getting everyone to switch away from Chrome isn't going to help anyone and that's why there needs to be legal action.
  
  It will because websites will not drop support for 20% of users, they might if it is 3%. This is how product owners make decisions on browser support.
  
  I think its bit late for awareness campaigns now , google will eventually bring the web integrity api , I am very scared about if we will even be able to use new OSes , but i guess a new web with less dependancy may develop !

I was in dehi recently. Poverty is kinda nuts there, but I noticed everyone had phones, even people who obviously had no home. I assume kinda shitty phones, but it makes you realize a bit how important access is. If someone releases an iOS only app with no web version, they're basically saying fuck you to all those people.
Same same for this though. Googles saying "as long as you use our stuff you'll be fine, and why wouldn't you use our stuff because it's free! (Sometimes kinda sorta). And if you're stuck with something else for some reason, fuck you."

"Sure, Chromiums code is available and you can modify and redistribute it. But if you want to send your changes to the main project so that more people may benefit from it, it is ultimately Google’s decision. This is the problem with projects that are not community-run."
Google is asshole. This shows than NOT all open source codes are free as in freedom. Stallman is right.

@grafcube it's very important to push back against google's browser hegenomy just like we did back in the day with microsoft because now it's not just about one company controllin the software to access the majority of the web but the privacy of it.

Fuck google.

This new invention from Google has nothing to do with the browser you use. It is an API incorporated into, with Google affiliates and its own, web pages, which allows these pages to block any browser "for security reasons", when it does not have a Google Token incorporated, that accredits it as secure. That is, it is then Google itself who decides which browser is worthy to access the web. It doesn't matter which browser you use, or incorporate this Token in it, or forget about a large part of the internet and anyway about any Google page or service (Gmail, YouTube, GDrive, GoogleMaps, ....). This is the danger that the free internet faces, that Google decides which browser is worth using and which is not, being able to allow only Chrome itself as the only valid browser to access half of the pages on the network, and Game over for everyone else, Chromium, Gecko, WebKit or any other, without Google Token in it no internet, except if some geek comes up with some Fake Token which can be used (complicated)🤬.
- For the downvoters, also Firefox and forks need to insert this Google Token in the Browser or die. Because of this Mozilla, Vivaldi and several others have started a protest before the legislator to prevent this crap. In the EU there is already a debate whether or not this is compatible with GDPR and user rights. We'll see what comes of this. It is legitimate that Google provides tools to web pages to protect against entries from bots and insecure browsers, but it is not legitimate that the decision which browser is secure and which is not, depends on this company, only a certificate from an independent technical institution can be valid on technical grounds and not by Google itself for possible commercial reasons.

Seamonkey (Mozilla browser/email/news suite) still exists! https://www.seamonkey-project.org/dev/
And there's even still a build of uBlock Origin for it! https://github.com/gorhill/uBlock/
There is still hope, if we keep the open tools alive...
Posted from freshly-installed Seamonkey browser with uBlock Origin :)

@grafcube @opensource @privacy
Yaaay, time to really push that SearX/alternative-search-engine crusade, because there is more reason for a user to say "fuck you" to the hungry machine.
- I was using Brave's engine for awhile but I feel like its results were getting worse. Went back to my own SearXNG instance, it's pretty polished these days.
  
  Did they change stuff ? I was running an instance on my home server , but the server ceashed and didnt get time to reinstate it !

Yeah I'm completely over to firefox now. I can't help but notice firefox mobile is still a bit sluggish though but eh
- Really, Firefox on Android feels much better then Chrome for me. But maybe thats because of ublock.
- Try Fennec
  
  I just switched to Fennec from Firefox Nightly when I found out it also supports custom add-on collections. Works great!
- Honestly the only issue I have with mobile firefox is how it refreshes when you app switch but I think that's more of an android thing :(

There is no internet without Firefox. There is an internet without Google.

Good article actually! I think non-tech-savvy people will also appreciate some kind of TL;DR
Edit: didn't know Codeberg can host static sites, definitely migrating mine there from Guthib!

@grafcube @opensource @privacy
But why do you use Chrome?
I can tell why I do. I used to use Firefox but had to move to Chromium long time ago for several reasons:
It was nicer on RAM on a very small machine I had at the time. I think Firefox got better in that sense since then.
Many web apps don't work quite well (or don't work at all) on anything but Chrome. That's a sin many lazy web developers make, and it forces their choice on the users.
- The first point is no longer true. The second point is, sadly, quite relevant.
  
  To the second point, as a avid firefox user, I noticed that some Webapps seem to not depend on the Browser alone.
  Even in safe mode, some Webapps sometimes work better on different systems than on others using the same Firefox version.
  For instance youtube streaming seem to work better on my Linux laptop then on my Windows desktop, where it becomes stuttery. In Chromium there it works as well as Firefox on my Laptop.
  What I want to say is that browsers and all the systems around this are very complicated. So your milage with the same browser will vary, and you might blame the wrong thing.
  
  By just changing user agent string you can make the site work on Firefox too!
  
  After using Firefox for 20 years, aside of maybe 3 times I never had any problems. So I can't confirm the second point at all

@grafcube @opensource @privacy Very good blog post. I use a fork of LibreWolf called FireDragon with all the settings I used to use on LibreWolf select including blocking fingerprint tracking, total cookie protection, and also multiple containers for sites. Cookies are only saved for sites I specify and the rest are deleted on closure.
- I remember WaterFox but this is getting ridiculous.
  
  Don't forget GNU IceCat

Excellent write up. Thank you for doing this, I'll share with my whole family and friends.

If WEI proceeds, I won't have a choice of browser. Or operating system.

I use Floorp, works pretty well and has the option to look like Edge which I really like

@grafcube @opensource @privacy I will make some comments to it, when I finished reading. I just want to say u already got some points wrong, Brave plans to continue supporting MV2 too, same for Vivaldi as far ik. Also DuckDuckGo's Browser are not chromium based too, they use the Systems Webview.
Edit: removed the info that Brave will not support WEI, since it got later mentioned in the blog post
- The WebView on Android at least is Chromium based though, but I agree its probably best to make that distinction.
  
  Also its breaking sites left , right and center ! Things load on ff much better
  
  @Skimmer I guess, there are still some differences to a normal chromium based browser if a browser operates with the systems webview Integration, which u can also change.
- What is the Systems Webview?
  
  @hevov It's basically a system component which display web content. Android, Windows and other OS has this.

Anybody knows what happened to the impervious browser?

@grafcube @opensource @privacy So mostly, I agree with what you said, but except the things you got wrong, which I already, mentioned there some other things I wanted to say: You critized Brave for including it's crypto stuff, which is fair, but you said it like it would make it less trustworthy or bad for privacy which isn't true, also u just can disable it and it has also the posetive effect that people who like this crypto stuff, start using a privacy respecting browser instead of the others
- @grafcube @opensource @privacy Which I also wanted to say, the only Ads Brave allow are Ads in Search Results as far ik, I never seen any other ads so far while using Brave on Android (on Desktop I have uBO on top), you also said that Firefox has the superior Fingerprinting Protections which isn't rly true, Brave's approach to defend fingerprinting by randomization (giving every website a unique fingerprint every new session, etc.) is pretty effective. While Vivaldi has almost no fingepriting1/2
  
  @grafcube @opensource @privacy 2/2 protections which make it a lot weaker compared too Brave. I wouldn't never recommend Vilvadi over Brave, if it's about privacy.

I am fairly tech savvy and I willingly avoid using Firefox because I despise Mozilla. Thank you for your concerns.
- What do you use? And why do you despise mozilla?
  
  Don't even ask, not worth it with this guy.
- What's your beef with Mozilla?
- I don't really like Mozilla, but how is Google any better? And those are the two options, unfortunately.
  
  And those are the two options, unfortunately.
  Exactly. Mozilla is better but not that much. What we really need is a 100% community-developed browser engine sponsored by several large companies that are independent from each other. But seems like it's too late, we're boiled frogs at this point. Although maybe these are the circumstances under which such an initiative could finally emerge.
- You are a brave user, aren't you?
- @Engywuck @grafcube why? And what browser do you use then?
- You could at least explain why you avoid firefox, so the comment at least is more informative.

83 comments