-
Notifications
You must be signed in to change notification settings - Fork 6.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[wei] Ensure Origin Trial enables full feature
This CL moves the base::Feature from content_features.h to a generated feature from runtime_enabled_features.json5. This means that the base::Feature can be default-enabled while the web API is controlled by the RuntimeFeature, which will still be default-disabled. An origin trial can enable the RuntimeFeature, which will allow full access to the API, provided the base::Feature is also enabled (see change to origin_trial_context.cc). Meanwhile, the base::Feature can be disabled through Finch as a kill-switch for the whole feature, and prevent origin trials from turning the feature on. Tests have been added to WebView test, as it allowed for easy spoofing of responses on a known origin. Bug: 1439945 Change-Id: Ifa0f5d4f5e0a0bf882dd1b0207698dddd6f71420 Fixed: b/278701736 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4681552 Reviewed-by: Rayan Kanso <rayankans@chromium.org> Commit-Queue: Peter Pakkenberg <pbirk@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Richard Coles <torne@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/main@{#1173344}
- Loading branch information
Peter Birk Pakkenberg
authored and
Chromium LUCI CQ
committed
Jul 21, 2023
1 parent
05e71c3
commit 6f47a22
Showing
15 changed files
with
173 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Open source dev that supports big corp monopoly, aren't you ashamed of yourself?
sucker
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a difference between software and entertainment media. There are many reasons why I try to use free software over proprietary garbage as much as possible. One of them is privacy. Proprietary software can have all sorts of things hidden in its source code since the code is compiled and often obfuscated. It often contains trackers and other nasty stuff that I don't want on my devices. Open source software also allows everyone to modify and redistribute it, which is a huge reason why I like it. That just doesn't apply to entertainment media.
E.g., a movie is just a video file, it is not an executable program. It can't contain things like trackers.
Yes, unfortunately.
No. I don't watch movies/TV shows often. After a few years, I wanted to re-watch that one show because I like it. How does that make me dependent?
Oh, I can afford that very well. Many people pirate stuff because they can't afford it (which I can understand since the film industry really can't get their shit together and offer stuff at reasonable prices).
I pirate for other reasons.
As a customer, I want to be treated with respect. Not accepting an email alias and trying to force me to give them my real email instead, so they can spam my inbox with garbage advertisements, is not respectful of paying customers.
I am not against the "cultural" industry without any reason. The reason is that they try to nickel and dime everyone, and they don't even have any respect left for the customers who pay them insane amounts of money or for those who create the content that they then go on to sell. In my opinion, entertainment media don't necessarily have to be free (as in price). I'd love to pay artists fair prices for their great work. But, e.g., if I pay for my music through Spotify, the artist doesn't get anything out of it. The majority of the money either goes to Spotify or to record labels. It's the same with movies and TV shows. Those who actually produce the content don't get anything. The big corporations get even richer. That's why I hate them. I want artists to get paid, not multi-billionaire assholes.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is absolutely appalling. Stop destroying the free internet.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just quoting this so it doesn't get lost in the old comments. Contacting your regulators and anti-trust commissions is far more likely to have an impact that complaining here. Sending an email or making a call takes a few minutes and will benefit us all (unlike WEI).
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikelsr
In reality it's not that simple.
You are assuming government regulators know what's going on in this realm of technology.
Starting a path of challenging acts or omissions at the municipal, state, or national level is not a one time event. It can take years and hundreds of man hours of work to first bring the regulatos and their staffers up to speed and then still more effort to keep your issue on their agenda.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is always the same, first comes the out cry from the people. Then they calm down. Then they forget.
I also do not support this idea or this "proposal", but I bet my ass off that many people who are writing comments here are using some sort of chromium based browser.
That is called "double standarts".
Please, everyone who wrote here, please stop using chrome, and move the fuck on to non chromium based browsers.
Thank you for your time while reading this, have a nice evening or day.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hard to argue with that. This can be turned off, allegedly, at Settings => Auto-verify.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Stupid fools think they're above the law, they will learn the same lesson Microsoft should have, except this time it's not a single company that will have to be disappeared. Whoever got this idea to boot is a brainlet
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Stallman disliked that
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the reason any kind of monopoly is always bad...
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🖕
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same for me, using Librewolf and telling my family to use at the very least Firefox.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think by and large Brave is largely fine as a fork of Chrome... I've used librewolf, at the time it had some issues on Windows... Brave is a better "normie" browser... barring this mostly sure.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider the following:
Doesn't the function have to go through the browser? What is stopping us from falsifying a request from the attester?
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Trusted Computing".
The attestation would be signed against its own key and eventually against trusted computing platform key. As I have been saying, this "remote attestation" ability is the most evil part of TC.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I decided to swift-read the spec.
Nothing is stopping us from generating a (silent) new tab with all extensions / modifications disabled, and getting the attestation from THERE instead. Attester sees nothing wrong and sends token that is passed to main tab- main tab doesn't realize it's fake and we can go about fucking with that tab without consequences.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No it is not horrible. It is evil. It is evil by design.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like @falseuniversefacts said, This is probably not intended and will most-likely get patched somehow.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm already working on the business plan for my new attestation-as-a-service company.
It's so exciting to be on the verge of creating something completely useless!!!
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
God damnit, the law strikes again.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just so you know, this industry already exists, in the form of captcha solving services. your business plan should be building the service, not marketing, as people WILL be looking for what you're building
oh wait this is probably just a joke, just like this entire proposal
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"the law" is not static https://www.eff.org/deeplinks/2020/11/github-reinstates-youtube-dl-after-riaas-abuse-dmca.
"law" is just the science of words.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, "the avergae user" might believe anything.
I don't know what this is for in reality. To track users, keep users from listening to music or watching some production. It ain't gonna stop savvy users from doing whatever they want on their own machines.
Ain't nobody gonna be filing bug reports notifying Chrome their gear is broken for the broken parts of this.
The irony is in the Settings it says verify you are not a "bot". Now how many "bots" and "AI" is Google and even GitHub deploying right now?
So what do they do, exlude themselves from scrutiny... How convenient.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The sheer audacity of this.
To origin-trial this nobody should be listening to an automated voice and be placed on hold for an hour when they call a corporation.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have tried plenty of the browsers you listed.
I settled on palemoon because I decided enough was enough with firefox, though not nearly as bad as this.
I haven't checked if librewolf disabled that specific feature or not, but palemoon seems more minimal, and doesn't need rust, so I'll stick with it.
The downside with palemoon is extension support and webrtc support.
How much the latter is a downside is debatable.
However, for most people, I'd recommend librewolf. Use tor only for shady stuff, don't use it all the time and under no circumstanced link your clearweb activity to you tor activity.
I'll also leave this here:
https://xgqt.gitlab.io/spywarewatchdog/articles/index.html
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Piracy is a necessary check on the media industry.
Without it, prices would be outrageous and privacy violations would be even more commonplace.
I don't want to be subscribed to 5 different streaming services and still not be able to watch shows.
Not to mention that nothing beats blu-ray quality.
I don't have the money to spend ~500$ per month to buy countless blu-rays to get the best quality picture and sound. I get that from other pirates for free.
Even if I had the money, I wouldn't buy them because it's way more convenient to download a torrent and the prices seem way to high.
Also, plenty of discs wouldn't play because of region locking, so I'd have to rip them just to be able to watch them, notably JPBD's with anime.
I don't want to get multiple subscriptions to different streaming services and support this industry in milking people for money.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything going on is very spooky.
We have already seen how much power google has over the web.
The only web standard that matters to site creators is google chrome.
We have seen how much average people rely on google when huawei phones no longer had google services preinstalled, even though they were just a few well documented clicks away for those who needed them.
I for one don't use chromium-based browsers, but how do we convince normies that this is bad?
Even though it affects them directly be making blocking ads harder, they still use google chrome.
What is it about google chrome and chromium-based browsers that compels people to give in like this?
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
People hate change. In the past (before WEI), when tried to get people in my family to at least use a Chromium fork that protects their privacy like Brave, the first questions I got were “Is it different than Chrome? Does it work like Chrome? I don’t want to learn how to use a new browser”
You can build the best browser on the planet and boomers won’t use it cause it’s different than what they know.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's about indoctrinating people to use specific software. There is a reason why Micro$oft pushes so hard for grade schools to use Windows (same with Chrome and their aggressive marketing). They know once people begin using it as their first operating system or browser they become comfortable with it and are then resistant to change. Anything unfamiliar from their Windows/Chrome experience seems foreign and too much of a learning curve, even though they forget that Windows/Chrome themselves once had a learning curve as well.
When I got my senior mom a computer she had never used Windows. Instead of having her learn that I installed Debian with Xfce and Firefox. Now that's all she knows, I laugh at people who tell me Linux is too hard when my mom without any tech knowledge uses it as her daily computer. If I had to switch her to Windows or a Chrome browser she'll make a fuss about it.
Getting people to use FOSS that is friendly to the users begins with us tech-savvy folks. If more of use took charge in getting our friends, family, employers, etc to use such software before it's too late to make them change their habits, the less control these evil corporations would have over society.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Been using Firefox for years, this, this behavior from google, this is exactly why...
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So google decided it is also time to kill not only their own projects but the web itself. gfy
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe someone should open a PR to add "The Internet" to https://killedbygoogle.com/ 🤔
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Get over your fears, quickly. Fear, that is you entertaining fear in your own mind, is contrary to happiness.
Go to the local park. Play chess. Go to the library. Read non-fiction. Read hstory and you should get over yourself rather rapidly.
False.
This is just a virtual world that you are giiving value to that you don't have to give value to. So you are choosing to be afraid of a virtual domain.
Sure you can avoid the Web. It's not that difficult. Go to the park. Play chess. Run a few laps at the local track. Feed the birds.
On the technical side, here you are in Chromium open source repository in the very PR that implements the thing they got going on. Fork the code and remove WEI! Then build and lauch your own Chromium without WEI. That's how Chromium in general gets into Linux distribution packages - a developers forks the code and includes or excludes things. Then packages the result of their changes.
I use Chromium and Firefox. I have a lost list of items I disable when I fetch the nightly release. Some people go much further, e.g., ungoogled Chromium.
webkitSpeechRecognition()which records user voice and sends that recording (user biometric PII) to Google servers (the same thing happens when speechSynthesis.speak() is used with Google voices on Chrome);6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everybody calm down and stop using Google products and everything remotely connected to them to the point thy become irrelevant.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't WEI be verifying Chrome isn't a ("AI") bot, too? Learn as you search (and browse) using generative AI.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a huge mistake to implement and is antithetical to the ethos of the open web.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the attestor's are not going independent, this questions me how they want to anonymize everything, this is plain evil.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only google software I use is gmail. Any good alternatives? I'd rather them also be free, both as in freedom and as in beer.
I can't self-host because I am behind CGNAT.
These comments aren't about chrome/chromium itself, but about how implementing this in chrome and chromium would allow for sites to blacklist certain browser or operating systems.
I won't switch to a browser that implements this garbage even if I get locked out of most of the web, because most of my web activity is outside the corporate web.
The only corporate website I use is github, but If they start blocking me, I'll switch to something else.
Sadly, I am one of a few ones that has this level of flexibility, so this will force normies to comply.
If this doesn't cause outrage among normies, I don't know what will. If not because of the freedom concerns, because of ads.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Protonmail
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for Proton Mail. Tutanota is also a good option. For maximum privacy use an email aliasing solution like SimpleLogin (which has been acquired by Proton Mail) or the independent AnonAddy which has recently actually rebranded to addy.io.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job devs.. did you think we would not notice this f'krey.. slow clap for shame. Down with Web Environment Integrity (WEI). #Enshitternet
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is awful.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like the time to switch from github came sooner than I thought.
I guess this is good bye. It's been fun.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I myself use disroot.org
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
chrome://settings/content/autoVerify
https://google.com
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sadly, they will just wait until the backlash calms down and continue their plans as usual. We must not let them get away with it. Do something. Report them to your local antitrust authority. Use alternatives for their services. Actions speak louder than words.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did all of that.
I filed a report with the European Commission, I don't use any Google services for anything (except for YouTube proxied through Piped, but I try to use LBRY and PeerTube as much as possible) and I even completely blocked all connections to any Google service in my firewall.
And sadly it's not enough. I am just a single person. Google still has billions of customers, most people have Android phones and don't even know that other search engines exist. Also, most people are on Gmail and nearly everybody uses YouTube. It's pretty unfortunate.
And it's quite hard to convince people to stop using this garbage.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's the sad part, our actions won't mean much if we're just going to be a loud minority, while the majority of normies continue to consoom.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A whole lot of people believe in religion. I don't think any ruler believes in the religion they rule with.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔥
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No one:
Google:
We need to add more DRM!
(there's already web DRM, we don't need more, fuck you widevine, eat my wideass).
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For those in the Philippines:
You can file a complaint at the Philippine Competition Commission.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have they ever learned about not trusting the client, guess not 💀.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is pure evil. Simple as that.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤦
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here, i don't see any
Issue Sectionopen, on this repository, if i remember, perhaps it was open a year ago,can anyone open an issue on the subject of wei?
Especially, For
in the code there are technical aspects to be investigated regarding clank, which I imagine internally corresponds to chrome.
In any case in Chromium based
privacy **fork** browser, the origin trials are deactivated, i.e. Bromite for Android https://github.com/bromite/bromite.Relating to this, their is one more thread here #187
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bromite is dead, use Cromite instead
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the good and concerning suggestion, i already know that.
6f47a22There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even worse, it is possible that the government is also involved in it