this post was submitted on 13 Oct 2023
1219 points (98.8% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
55085 readers
308 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Well yeah. But those clients could ultimately just say they are firefox if Mozilla is open enough, which they tend to be. It ends when Google decides that stuff like YouTube should only work on chrome. That would be bad, and I think regulators would treat it as bad, especially the EU.
Just to be clear, I don't think forcing this standard down everyone's throats for naked commercial reasons is a good idea either.
IIRC the proposal includes some crypto-handshake verification to make sure the attestor is who it claims to be, so no, apps can't just fake it. Or, if some of those secret keys leak and apps use it, sites won't accept it anymore.
It's a question of trust. Google will select the certificates they trust for the services they provide, and the entities that own those certificates will decide what do to with them. If they trust a certificate from Mozilla, and Mozilla agrees to make that certificate open to everyone for instance, than Google's only choice is to stop trusting it. But if Mozilla decides that is the certificate Firefox will use, than Google has to choose kicking off Firefox as well as other third party apps. Same with Microsoft and Apple, but I think Mozilla is more likely to oppose this kind of standard rather than try to reach some kind of agreement with Google.
The other way that this could play out every browser dev makes some kind of arrangement. Very unstable when we are talking about competitors.
At the end of the day, it requires a level of co-operation with the browser developers and internet service providers that I don't think a lot of people will go for, for various reasons. Especially not regulators. I guess I am just more optimistic about the open internet.