looks like rendering adblockers extensions obsolete with manifest-v3 was not enough so now they try to implement DRM into the browser giving the ability to any website to refuse traffic to you if you don’t run a complaint browser ( cough…firefox )

here is an article in hacker news since i’m sure they can explain this to you better than i.

and also some github docs

  • argv_minus_one@beehaw.org
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    1 year ago

    Why would my bank care which browser I use? Their business model isn’t based on showing me ads.

    • Redjard@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Why do banks require "safety"net on their apps now? The safest roms specifically don’t have the security nightmare that is google play services, and banking apps are always the hardest to get working.

      It is a symbiotic relationship. Regulators hear about the next wave of compromised online banking, add some law requiring whatever, banks are stuck having to comply and in comes google with “Hey this great webDRM/safetynet/playprotect totally complies with this”, which it doesn’t really but google has the capabilities to lock up any legal processes about it for years when they bring in the next thing and repeat. Banks in large part know it’s bullshit but don’t care, they’re off the hook (They are the ones doing 2 factor by making the banking app on your phone require a confirmation in your tan app on your phone to make a transaction, they don’t give a rats ass about the safety of their systems).

      Banks get someone shielding them from regulations for cheap, google gets partners that can help them lock you in their proprietary system, and you get extra work on your rooted phone and can’t fully remove play services.

      • argv_minus_one@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I notice the big American banks’ apps don’t care, as long as a compatible implementation of Google Play Services is available. Nor does my American bank seem to care that I do my desktop banking in Firefox on Linux. Is this an issue only in specific countries?

        making the banking app on your phone require a confirmation in your tan app on your phone to make a transaction

        I’m afraid I don’t know what you’re talking about here. I don’t have to give any kind of confirmation to make a transaction. What’s a “tan app”?

        • Rikudou_Sage@lemmings.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          I’m using a SailfishOS (Linux) phone and on SFOS forums it’s one of the biggest complaints, they can’t use their bank through the Android compatibility layer because it doesn’t pass SafetyNet. I’m lucky enough that my bank doesn’t do this, but I had to fiddle with low level stuff for Revolut to work - they require you install the app from Play Store or the app doesn’t work.

          • argv_minus_one@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Can you take your business elsewhere, to a company that doesn’t require you to compromise your security and privacy?

    • frog
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      I could go into the conspiratorial 4D chess I’m sure google is playing, but let me ask this instead: Does you bank not have any captchas, anywhere in the flow of accessing/using their website? Cause if they do, I hope you know google is absolutely going to advertise DRM requirements as the best tech for fighting bot traffic. Even if Google wasn’t doing anything like offering cheap training to their standards to influence the future of the cybersecurity space, that would be PLENTY to get a looooot of big corporations, including banks, to use it.

      • Grimpen@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        No captcha’s for any of my banking services. I don’t know how effective captcha’s are anyways. I suspect slow cooldowns are probably more secure.

        • frog
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Huh, neat. Regardless, I think google will find a way to sell it or they wouldn’t be invested in it so much, but point taken. I just saw a lot of people commenting on other places about how this is hopeless and there’s no way to protest and wanted to give a solid example of how it could be done effectively.

      • argv_minus_one@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Criminals will crack the DRM in short order—they always do—so that idea won’t last long.

        And no, the DRM can’t be updated to fix the vulnerability if it’s implemented in firmware. Not without shutting out absolutely everyone whose computer/phone is more than 3 years old, and there’s not a snowball’s chance in hell that banks will do that when half of their customers are old farts with decade-old computers and an “if it ain’t broke, don’t fix it” attitude.

        • frog
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Wait were they seriously looking to implement it at a FIRMWARE level? jesus that’s just stupid.

          • argv_minus_one@beehaw.org
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            If they implement it in hardware, then fixing vulnerabilities is completely impossible instead of only mostly impossible.

            • frog
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              I was just expecting it to be something built into chrome, similar to how drivers need to be signed to run in windows, they’d force you to use browsers Signed By Google to be verifiably compliant with the DRM. It seems like the easiest option for them and the most well understood since it’s been used for drivers for so long

              • argv_minus_one@beehaw.org
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 year ago

                If they implement it in pure software, then it’s easy to crack.

                They’re not going to wrap Chrome in Denuvo because that would ruin its performance. The last thing they want is for Firefox to be not only faster but dramatically faster. Performance is a big part of how Internet Explorer lost its market share. And even if they do wrap it in Denuvo, Empress will no doubt show them the error of their ways.

                So yes, I expect they will use firmware/hardware, presumably TPM or Microsoft Pluton, to implement this.