Don't.

[OrionMoonclaw]

Sometimes you have to ask the question whether something should be done at all, and trusted computing is certainly one of those cases where the answer is obviously a big fat NO.

So please reconsider what you believe in, leave this demon to history where it forever belongs.

[nicholasudell]

This is a foolish and dangerous proposal that will lead to widescale degradation of the internet as a whole. Don't do it.

[Axis4s]

Someone should just mass report this repo (harsh and against TOS i know) but way too dangerous to leave it up

[endrift]

Someone should just mass report this repo (harsh and against TOS i know)

but way too dangerous to leave it up

That won't accomplish anything. Even if it gets taken down (which it won't), that just means it won't be public, not that it will disappear entirely.

[monoxane]

This is a direct attack on the free and open web and serves only to strengthen Google's abusive position of power over the entire industry.

[jbruchon]

I will gladly employ tools to lie to all of your systems. I will not care about the legality or morality of such tools. I will do what I want with my hardware and software.

[spaztron64]

We are already gagged by Chromium as the de facto browser to target in ways much worse than IE ever could've possibly reached. This'll only serve to make the situation worse. There's nothing I can say about this that hasn't already been said by others prior. Just know that I will fight tooth and nail against this, and if it one day comes to pass, I will haunt the ones who greenlit and developed this in their sleep.

[k32]

what is the point of the "commenting doesn't help" genre of comment except as literally a conservative troll

Don't forget to like, subscribe, and hit that notification bell button to stop a tech giant in its tracks. Or, you know, you can do something that has real life effect: take steps to degoogle and dezuck yourself and whatever products you're building.

[OrionMoonclaw]

Or, you know, you can do something that has real life effect: take steps to degoogle and dezuck yourself and whatever products you're building.

It's cute you think that alone will help defeat Google. Remember they're not alone either, they have the support of their buddies - Microsoft and Apple.

Together these corporations literally dictate what goes into the chips on everyone's devices. They want a TZ inside phones? They get that. Pluton? Sure thing!

And notice I said everyone's, not your specifically. You may run a librebooted thinkpad and this will still affect you.

On the day YouTube starts requiring attestation and a fully encrypted link to your monitor, on a clean locked down install of Windows, or any other mainstream OS, and you'll have no choice but to get another device or wait for someone to (infrequently) upload an analog recorded copy or break another device to temporarily be able to rip it, you'll pull a surprised pikachu face.

The same will happen when your bank requires it, your government, and that random fastfood website, because why wouldn't they? If the exclusion only affects 1% of people and it brings them ad revenue they won't care. Trusted computing is generally benign until 99% of people have it enabled by default, it then becomes impossible to go without it.

[rabryst]

Leave the web open.

[k32]

It's cute you think that alone will help defeat Google.

I don't think I can defeat Google, nor that I have to.

Together these corporations literally dictate what goes into the chips on everyone's devices. They want a TZ inside phones? They get that. Pluton? Sure thing!

Of course they get that, because they know that you'll pay for that.

On the day YouTube starts requiring attestation and a fully encrypted link to your monitor...

I won't notice anything, because I don't use youtube.

your government

This is the only real problem on the list.

[ghost]

Google pulling stuff like this is the reason we can't have nice things.

[0xBYTESHIFT]

The web is shite enough with all those cookies, JS frameworks bloat and trackers, let's stop making it even worse maybe, huh? 🤔

[AshtonKem]

I would like to respectfully add my suggestion that Ben Wiser (Google), Borbala Benko (Google), Philipp Pfeiffenberger (Google), and Sergey Kataev (Google) all take this opportunity to engage a personal lawyer and seek legal advice, i.e. do not defer to the corporate counsel (Google), who may not have their best interests in mind. Antitrust law is real. Some violations are crimes.

I think a lot of people involved here are drastically underestimating how much it would suck to be involved in an antitrust lawsuit even if the target remains google, the corporation. Major litigation like this is regularly life altering for participants, with the stress of depositions (remember, lying to the government is a crime) and demands for document production being major life stressors.

The authors are putting their own quality of life at what I personally would consider an unacceptable level of risk.

[roryyamm]

Chromium must die. There must be active competition between it and some other browser engine again. That's the only solution I think will work to stop this stupidity.

[cheesycod]

Lol, you should've acted when bootloader locking came or when Patriot Act was passed, its too late now

[Siphonay]

I don’t understand how in good conscience you can work on such a project. If my employer made me do that I would simply quit. And I get that it’s easier said than done but if I had a job at Google I wouldn’t be worried about finding something else. Unless you need to be this morally bankrupt to work at Google in the first place.

[zb3]

What a wonderful API, I love it!

I hope this will finally let me quit my adblocking addiction which prevents me from truly enjoying my life by doing what I love the most - watching ads. I understand that initially it will only work on mobile devices, but I hope you will be able to partner with Microsoft to bring this to PCs as well.

I'd like to see more ads SO MUCH, but currently my brain forces me to block all of them. I can't stand it anymore so I'm deeply thankful for this attempt to finally rescue me from this horrible addiction.

Don't listen to what people are saying here. These comments are posted by poor misguided adblocker addicts and I hope you understand very well that people like them need urgent help.

Please implement this ASAP!!

[jmaris]

This is a horrific idea in so many ways. Not only does it go against the values of the web, but from an EU side, I don't see it as ever meeting EU competition regulations. This is undoubtedly not something google should pursue.

[wklaebe]

what is the point of the "commenting doesn't help" genre of comment except as literally a conservative troll

Don't forget to like, subscribe, and hit that notification bell button to stop a tech giant in its tracks. Or, you know, you can do something that has real life effect: take steps to degoogle and dezuck yourself and whatever products you're building.

Yeah, right, de-google YouTube. De-zucking "Threads" would be more probable, by just moving to the Fediverse and letting "Threads" die... And I don't even believe in that.

[wklaebe]

On the day YouTube starts requiring attestation and a fully encrypted link to your monitor...

I won't notice anything, because I don't use youtube.

Until you need those repair instructions that somehow are posted there and nowhere else...

your government

This is the only real problem on the list.

There are governments that are quite a lot more "for the people" than some parts of the US one... Can you spell "GDPR"?

[bruno-gelb]

I hoped you were Wiser than that.

[jbruchon]

Yeah, right, de-google YouTube.

laughs in yt-dlp

[brhfl]

"If a company claims to give access to the world of information, then presents a filtered view, the Web loses its crediblity." - Tim Berners-Lee

It already feels like we're watching in realtime as the web becomes increasingly constricted and decreasingly democratic. Do the four names at the top of this proposal really want to be the ones to accelerate this to its next milestone? I realize that Google has long been an enemy of the open web, but the callousness of this is somehow still staggering. You should all feel deeply ashamed.

I understand that there are Googlers who believe this is not "the right kind of feedback at the right time," but the only time to address it is now, and the only appropriate feedback is truly: "Don't."

[ghost]

You should be ashamed. Evil.

[BatchDrake]

I agree with other people above. We do not need the Internet to become the new TV.

[yoavweiss]

Hey folks!

Jumping in here in a chair role, at the request of the team working on this.

I'd like to remind folks that contributions on this repo are subject to GitHub's code of conduct as well as the W3C's Code of Ethics and Professional Conduct. Violations of these codes of conduct will results in bans and reports. Spammy issues will be closed without comment. Duplicates of this issue will be folded into this one.

I understand many folks here are upset about this proposal. I urge you to actually read the proposal, rather than rely on rumors about what it does or doesn't propose. If it's at all helpful, I wrote a few words about ways you can constructively engage with proposals you don't like.

This repo represents an early stage proposal, not a fait-acompli. High quality feedback on the proposal itself is highly welcome. Unprofessional behavior is not.

Thanks!

[0dragosh]

I think the spirit of the proposal is locking down the web, which is Google's end game. You should all stop this, think about what you're doing here.

You're human beings and users of the web first, Google employees second (hopefully).

[pandruszkow]

This proposal is problematic on multiple levels, and should never be implemented. This proposal being implemented means the death of the open Internet. I urge all involved in this proposal to remove it, to never reconsider it in the future.

This repo represents an early stage proposal, not a fait-acompli.

Chrome is the de-facto default browser of the Internet, and we have all seen what happened with EME.

[neggles]

Normally I wouldn't bother joining the chorus on this sort of thing, but this is such a violently aggressive attack on the internet as a whole that I can't sit idly by and do nothing.

Saying this is "not a fait-accompli" is a complete and utter pile of BS and you know it.

Regardless of other browsers' existence, the reality is that Chrome dictates what the web is. If Chrome adds a feature, developers will use the shiny new thing with no regard for whether anything else supports it, it'll work for the overwhelming majority of web users, and every other browser in existence is forced to either add the feature or lose yet more market share.

This proposal is the most egregious example yet of why it was a horrible mistake to allow Chrome to take over the vast majority of browser market share. It effectively destroys all freedom on the internet, gives Google the ability (and arguably, obligation) to literally dictate what content is and is not allowed online, and would give governments and organizations unparalleled ability to censor, restrict, manipulate, and oppress the public.

If you can't see why this is a, to be blunt, ABSOLUTELY FUCKING HORRIFICALLY BAD IDEA that has infinitely more harmful uses than helpful ones, I don't know what to tell you.

The internet is built on freedom. It is fundamentally decentralized, for the most part, despite many corporations and governments' attempts to constrain and control it.

I was going to continue this comment, but since I see you're just deleting them blindly now, I won't waste my breath.

Please consider the response your "proposal" has received before you or your corporate masters attempt to proceed any further.

[Snukii]

Hey folks!

Jumping in here in a chair role, at the request of the team working on this.

I'd like to remind folks that contributions on this repo are subject to GitHub's code of conduct as well as the W3C's Code of Ethics and Professional Conduct. Violations of these codes of conduct will results in bans and reports. Spammy issues will be closed without comment. Duplicates of this issue will be folded into this one.

I understand many folks here are upset about this proposal. I urge you to actually read the proposal, rather than rely on rumors about what it does or doesn't propose. If it's at all helpful, I wrote a few words about ways you can constructively engage with proposals you don't like.

This repo represents an early stage proposal, not a fait-acompli. High quality feedback on the proposal itself is highly welcome. Unprofessional behavior is not.

Thanks!

This is not helpful at all no.

You are violating the basic code of conduct of the entire internet with this proposal.

Tone policing when you are the one suggesting insane things is silly.

You say to apply Occam's razor, which would clearly imply google locking down the internet for their own profit here.

Stop this and delete the repository immediately.

[OrionMoonclaw]

I understand many folks here are upset about this proposal. I urge you to actually read the proposal, rather than rely on rumors about what it does or doesn't propose. If it's at all helpful, I wrote a few words about ways you can constructively engage with proposals you don't like.

While the proposal may not directly be meant to do the things mentioned here, its power dynamics work out that way over time. In the end a solution like this requires power over verifying the client to be given out to the servers, which relies on a hardware root of trust that has been covertly installed by the industry in end-user devices without much thought given to whether society as a whole has consented to this. In fact the wording used around these technologies feels deliberataly technical and becomes a footnote security feature mentioned in marketing material, without the power implications being widely explained. It is an initiative undertaken by corporations without democratic control.

I find the inspiration being taken from native implementions like play integrity to be problematic. These systems have shown us a taste of how this looks like, but thankfully limited to mobile devices. Regardless, I have first hand experience of having to battle with SafetyNet to keep older devices alive and up to date (which has a downgrade attack, so it's not a full use of remote attestation). Ironically using outdated vendor software brings no issues in that case, which makes SafetyNet a obstacle to better security.

The overall effect is that other operating systems cannot interoperate in practice, because 3rd parties would have to explicitly support them, and they simply don't care. Since the user has no option of overriding their hardware, they cannot resort to spoofing.

I don't believe there has to be a conspiracy there, market dynamics will simply ensure that smaller players won't get taken into account and will have a conflict of interest with the industry. Similarly the wide implementation of this technology is simply convenient to big tech players, they get to kill two birds with one stone (CAPTCHAs, 2FA) and they get to ensure their market dominance. It also avoids usual antitrust issues (though I'm not a lawyer, so don't hold me on this), because it distributes the enforcment of this. There are likely to be multiple gatekeepers here that all roughly align themselves with what big platforms want, which dillutes responsibility. They will keep their influence through network effects, as users and browsers will have to accept the standards of those who's attestation is trusted by the most platforms.

I understand this is a convenient solution for some engineering problems, but as it's leading us down a very bad path, we have no choice but to back out of it and do something else. This is where your responsibility comes in, because I think pushing this set of technologies forward in any way should be avoided, it makes it much more difficult to back out of and will enable abuse.

That's why I don't think it's possible to offer constructive criticism of this proposal itself, it comes with the assumption that it and the oppresive technology it's built on itself is valid. But I can offer constructive input on other paths the industry could take.

External hardware tokens are one way, you still get attestation that someone holds a physical object, you get 2FA, but you cannot determine the device state, which is the whole point that makes TC an oppressive technology. Less convenient? Yes, both for users and industry, you'd probably need to manadate it through legal means, but it is 100% worth it to avoid compromising user autonomy on a global scale.

Note here: Integrating that into devices without enabling TC is possible, but presents problems for reselling/giving away used devices and parts, but maybe something could be done about this.

[leif]

I implore everyone involved in working on this proposal to read Phillip Rogaway's 2015 paper The Moral Character of Cryptographic Work and to think about what kind of world you want to live in.

[monoxane]

I implore everyone involved in working on this proposal to read Phillip Rogaway's 2015 paper The Moral Character of Cryptographic Work and to think about what kind of world you want to live in.

Everyone should also watch Cory Doctorow's speech on The Coming War on General Computing from 11 years ago that talks about this concept and it's detrimental effects to humanity as a whole. https://youtu.be/HUEvRyemKSg

[nukeop]

They're gonna do it, just like they did manifest v3, and you're not gonna do anything about it, just because they can.

[neggles]

Apologies for my earlier snide remark w.r.t. comment deletion, at least one of those did deserve to be removed.

I just have one more thing to add. Re-reading the proposal, there are multiple places where you point out several Very Bad Things that it could be used for. It appears that your entire plan for "mitigating" those possible uses is 80% "well we'll just tell people not to" and 20% "maybe we can just randomly not present the information sometimes so people can't rely on it?" and I think it's pretty obvious that neither of those will work.

If it is possible for a technology to be abused for oppressive or abusive purposes, it will be.

"telling people not to" (or pointing at "agreements"/"pledges" that companies have made, basically them saying "I swear I won't misuse this" despite being under massive financial pressure to take every single possible commercial advantage they can get their hands on) is laughable.

Anything that involves intermittently not sending the attestation will just result in people seeing errors until they've mashed refresh enough times to trigger a fallback/failsafe, or begin an unending game of cat and mouse between the masking algorithm and enterprises seeking to bypass it.

It is helpful to remember that under our current Western system of economics and government, every single publicly traded business is driven by a single goal: Provide a bigger number on the next quarterly return than the last one. Literally nothing else matters.

Adding functionality with such massive potential for misuse and abuse, without any guard rails against abuse other than "we swear we won't uwu", is not even remotely close to good enough - and I fail to see any way this could be made to achieve any of the stated goals (goals I don't believe are remotely necessary or worthwhile, mind you, but that's beside the point) without it being possible to misuse.

The only way to stop this technology from being misused is to not implement it in the first place.

[ghost]

I understand many folks here are upset about this proposal. I urge you to actually read the proposal, rather than rely on rumors about what it does or doesn't propose.

I found this interesting:

We do not have a specification yet, however we expect to publish in the near future both the considered implementation options for the web layer in an initial spec, which we suspect are not very controversial, and an explanation of our approach for issuing tokens, which we expect will spark more public discussion, but is not directly a web platform component. We are gathering community feedback through the explainer before we actively develop the specification.

Source: https://groups.google.com/a/chromium.org/g/blink-dev/c/Ux5h_kGO22g

[neozeed]

Great so even the powerful Microsoft gave up on writing a web browser and went Chrome. Everything is Chrome, and now here comes the flex to lock us little people out. I understand that pulling up the ladder, and closing out people is a priority but wow just wow. I wonder if we will even be allowed to host web sites in this brave new world? I left blogger for a reason, namely that Google was beyond inept at running it. What happens when this standard gets pushed, and we get locked out, and this will become the IE6 of the 2030's forever locked us into some AOL land where we have zero freedom to use the open networks?

If you wanted innovation, it should be leveraging AI to augment routing protocols, dns lookups, threat detection & mitagation. I'd love to see some Gibson-esque ICE. Instead all I see is the slamming wall of the 防火长城.

I'd say I was sad, but I'd expect nothing more from an organisation shielding itself from the people, to protect the megacorps.

Shame.

[jbruchon]

I'd like to remind folks that contributions on this repo are subject to GitHub's code of conduct as well as the W3C's Code of Ethics and Professional Conduct. Violations of these codes of conduct will results in bans and reports.

I don't care about SJW "Codes of Conduct." They have no place in open discussions and should be abolished. Anyone in software laying out a "Code of Conduct" is contributing to the social cancer and should be exiled. Bullies like @scanlime [1] who would open project issues just to accuse people of "abuse" are precisely the reason that both "Codes of Conduct" and remote attestation are horrible ideas. Remote attestation in particular will be used to restrict and silence anyone who disagrees with the narrative of those who have access to the technology or the favor of the people controlling it.

Even Google themselves admit upfront that this can and will be abused by bad actors.

[AshtonKem]

I'd like to remind folks that contributions on this repo are subject to GitHub's code of conduct as well as the W3C's Code of Ethics and Professional Conduct. Violations of these codes of conduct will results in bans and reports. Spammy issues will be closed without comment. Duplicates of this issue will be folded into this one.

Gonna be straightforward in this one. Don't be a coward and and dismiss your peers outrage as "spam". The level of outrage generated is a valid thing to consider, and deleting issues has never ever worked out for anyone PR wise.

I'll also note that abusive comments supporting the proposal so far have stayed up. Just saying...

I understand many folks here are upset about this proposal. I urge you to actually read the proposal, rather than rely on rumors about what it does or doesn't propose. If it's at all helpful, I wrote a few words about ways you can constructively engage with proposals you don't like.

This is a pretty neat sleight of hand trick you've pulled off. Implicitly assuming that the constructive outcome is to improve the proposal. This is of course a bad response when the community consensus is that the proposal is fundamentally bad not in its methods, but in its stated goals.

This repo represents an early stage proposal, not a fait-acompli.

Once again, the fundamental issue here is that nobody trusts Google. You can swear up and down that it's not a fait accompli, but it's not like we've seen Google use their market dominance to force through unpopular standards changes before. Part of the long term consequences of this loss of credibility is that any proposal like this is treated as a nine alarm fire because

1. Nobody trusts google to not abuse this mechanism.

2. Nobody believes that its "just a proposal".

These things would be obvious to you too if you stopped and listened to other people, rather than talking at us.

[Akselmo]

Google has often proven untrustworthy. Thus, there's no reason to trust this proposal either. Sure you can claim all you want that "content blocking will still work!" but people clearly know what is up.

Do the right thing: It's time to stop this madness just to get people to watch ads or destroy their privacy, for a quick buck.

People also have right to their privacy and right to not connect their computer to addresses they do not wish to connect.

Leaving a husk of "open" internet to future generations is not what anyone wants. It must be preserved as it is. You do not have to do anything.

Or do you really wish your children's and their children's privacy to be invaded? That's the route we're on, once again. And why we're on that route? Because Google has a stranglehold of the internet.

For other users of the internet, I hope that you will very least switch your browser from any chromium based ones.

[jbruchon]

Or do you really wish your children's and their children's privacy to be invaded? That's the route we're on, once again.

To a megacorp, children are slaves to be bred into good little worker bee CONSOOMERS. This entire "remote attestation" idea is peak corporatism.

[ghost]

I understand many folks here are upset about this proposal. I urge you to actually read the proposal, rather than rely on rumors about what it does or doesn't propose.

The proposal is crystal clear, anybody with the slightest experience in software development can clearly see what you are trying to do here. Have you noticed that you haven't got any defenders, under this issue?

This repo represents an early stage proposal, not a fait-acompli.

Something that you are not willing to withdraw is not a proposal, and given your affiliation with Google it is already a fait accompli.

High quality feedback on the proposal itself is highly welcome. Unprofessional behavior is not.

There is no higher quality feedback than this: show integrity and dump this. Expecting others to even assist you with your nefarious attempt does neither speak for your professionalism nor for your integrity. It just demonstrates that you have already made up your mind and will try to pull this off, at all costs.

[ghost]

@jbruchon it undermines your attempt at taking the high road when you delete the post I was responding to and replace it to obscure the edit history.

[iambeingtracked]

Is that whole thing a joke? If something like that gets implemented people will no longer keep dealing with it like it's nothing, a bloody revolution may be the only solution. So just don't implement this

[jbruchon]

@jbruchon it undermines your attempt at taking the high road when you delete the post I was responding to and replace it to obscure the edit history.

I don't care about "taking the high road." I care about the "open" part of "open source." You pretend to care until someone says something you don't like, then it's "rules for thee, not for me." If you don't like people seeing the shitty things you say then you're free to stop saying those things.

People like you who make it impossible to agree on one thing while disagreeing with something else are the shining example of what I'm talking about in my previous comment. You want a codified method to rules lawyer anyone who disagrees with you out of anywhere you go and a big hammer to enforce it with. Remote attestation is a colossal magic banhammer that can be wielded over the Web. You pretend to be against it until someone disagrees, then it's all "this guy is why authoritarianism is needed, now hand me that banhammer for a minute."

[AshtonKem]

This repo represents an early stage proposal, not a fait-acompli.

I'll just brow beat this a bit. If it's actually a proposal and not a fait accompli, by what mechanism would this be dropped @yoavweiss? Not modified, abandoned. Because if there is not a mechanism by which the entire proposal is scrapped then it is a fait accompli.

Also, it sure looks like Google is already beginning to prototype this on Chromium. Which begins to call into question whether you're being dishonest or merely misled by your peers.

[ghost]

a big hammer to enforce it with

So far all I've done is file an issue on your repo with a link to your (now deleted) comment. No bans, no censorship. You've deleted my issue and deleted your comment. I just can't figure out what angle i'm supposed to view your strawman from for it to make sense.

[jbruchon]

a big hammer to enforce it with

So far all I've done is file an issue on your repo with a link to your (now deleted) comment. No bans, no censorship. You've deleted my issue and deleted your comment. I just can't figure out what angle i'm supposed to view your strawman from for it to make sense.

@scanlime: Suggestion: Add "anti-code-of-conduct" to solidify this project's pro-abuse position (Issue #1)

Also @scanlime: "All I did was file an issue and link to a comment!"

I can't fix your issue. We can agree to disagree though. Have a great day.

[yoavweiss]

@yoavweiss maybe you could respond to the feedback instead of just closing every issue and saying our feedback is unprofessional?

This is not my proposal. I'm here as chair to make sure this remains a professional working environment. I left open mostly the issues which I think the team working on this proposal should reply on. I closed the issues that were not actionable, spammy, and counter to the code of conduct, or ones that were duplicates.

I'll just brow beat this a bit. If it's actually a proposal and not a fait accompli, by what mechanism would this be dropped @yoavweiss? Not modified, abandoned. Because if there is not a mechanism by which the entire proposal is scrapped then it is a fait accompli.

Presenting unmitigated risks that outweigh the benefits of the anti-abuse use cases, and that go beyond the status-quo of device fingerprinting could be one way of convincing e.g. the Blink API owners not to approve this proposal when it reaches an Intent to Ship stage (quite a long time from now, as it's an early stage proposal).

Also, it sure looks like Google is already beginning to prototype this on Chromium.

Code for this is being prototyped in Chromium behind a flag. That means nothing regarding this feature shipping in the future. Lots of code gets prototyped in Chromium and then modified or scrapped when the feature changes course.

Which begins to call into question whether you're being dishonest or merely misled by your peers.

Let's keep this civil.

[ghost]

Also, it sure looks like Google is already beginning to prototype this on Chromium.

Code for this is being prototyped in Chromium behind a flag. That means nothing regarding this feature shipping in the future. Lots of code gets prototyped in Chromium and then modified or scrapped when the feature changes course.

Which begins to call into question whether you're being dishonest or merely misled by your peers.

Let's keep this civil.

"Diplomacy is the art of saying 'Nice doggie' until you can find a rock."

• Will Rogers