this post was submitted on 22 Jul 2023
2605 points (99.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55056 readers
143 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
 

looks like rendering adblockers extensions obsolete with manifest-v3 was not enough so now they try to implement DRM into the browser giving the ability to any website to refuse traffic to you if you don't run a complaint browser ( cough...firefox )

here is an article in hacker news since i'm sure they can explain this to you better than i.

and also some github docs

you are viewing a single comment's thread
view the rest of the comments
[–] frog 40 points 1 year ago (14 children)

They want to go back to the days of websites requiring internet explorer... just this time with their browser. Even though getting away from that culture is most of the reason people ever switched to chrome. I will say though, just using firefox for everything you can isn't enough of a protest. If this goes the way Google (Alphabet I guess) wants it to, you bank will require you to use a browser with DRM. You will be forced to use a browser whose source code you can't verify as secure, to access your bank. And that is where the protest lines need to be drawn. If your bank does that? Send your message. Close the account. Take back your money. Now I'd personally do this for everything possible, but that would be a looooot of time spent getting very little across to companies that don't care if you visit their site. Taking money from banks though? Yeah it might be a whole process where you gotta request it, verify in person, wait a week to get the cash, and THEN close it, but so what? A couple hours of doing stuff and then a week of business as usual before a couple more hours opening a new bank account. That's more than worth doing to send a REAL message.

[–] [email protected] 4 points 1 year ago (13 children)

Why would my bank care which browser I use? Their business model isn't based on showing me ads.

[–] frog 6 points 1 year ago (2 children)

I could go into the conspiratorial 4D chess I'm sure google is playing, but let me ask this instead: Does you bank not have any captchas, anywhere in the flow of accessing/using their website? Cause if they do, I hope you know google is absolutely going to advertise DRM requirements as the best tech for fighting bot traffic. Even if Google wasn't doing anything like offering cheap training to their standards to influence the future of the cybersecurity space, that would be PLENTY to get a looooot of big corporations, including banks, to use it.

[–] [email protected] 2 points 1 year ago (1 children)

No captcha's for any of my banking services. I don't know how effective captcha's are anyways. I suspect slow cooldowns are probably more secure.

[–] frog 3 points 1 year ago

Huh, neat. Regardless, I think google will find a way to sell it or they wouldn't be invested in it so much, but point taken. I just saw a lot of people commenting on other places about how this is hopeless and there's no way to protest and wanted to give a solid example of how it could be done effectively.

[–] [email protected] 0 points 1 year ago (1 children)

Criminals will crack the DRM in short order—they always do—so that idea won't last long.

And no, the DRM can't be updated to fix the vulnerability if it's implemented in firmware. Not without shutting out absolutely everyone whose computer/phone is more than 3 years old, and there's not a snowball's chance in hell that banks will do that when half of their customers are old farts with decade-old computers and an “if it ain't broke, don't fix it” attitude.

[–] frog 2 points 1 year ago (1 children)

Wait were they seriously looking to implement it at a FIRMWARE level? jesus that's just stupid.

[–] [email protected] 2 points 1 year ago (1 children)

If they implement it in hardware, then fixing vulnerabilities is completely impossible instead of only mostly impossible.

[–] frog 2 points 1 year ago (1 children)

I was just expecting it to be something built into chrome, similar to how drivers need to be signed to run in windows, they'd force you to use browsers Signed By Google to be verifiably compliant with the DRM. It seems like the easiest option for them and the most well understood since it's been used for drivers for so long

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

If they implement it in pure software, then it's easy to crack.

They're not going to wrap Chrome in Denuvo because that would ruin its performance. The last thing they want is for Firefox to be not only faster but dramatically faster. Performance is a big part of how Internet Explorer lost its market share. And even if they do wrap it in Denuvo, Empress will no doubt show them the error of their ways.

So yes, I expect they will use firmware/hardware, presumably TPM or Microsoft Pluton, to implement this.

load more comments (10 replies)
load more comments (10 replies)