Follow

Chromium, aka Google, just keeps proposing new standards to make the web less private and secure for users. We need to find a way to stop this.

Allow JavaScript to make direct TCP and UDP connections? Sure!
theregister.com/2020/08/22/chr

Packaging up an entire website into a file so individual ads can't be blocked? Also sure!
brave.com/webbundles-harmful-t

Really shows the problem of their monopoly, as well the effect of corporate interests on a common space.

@makeworld And Mozilla wants out of the standards business so they can focus on making a profit.

@makeworld Direct TCP and UDP connections would be quite nice for AddOns, because that would enable the implementation of other protocols like Gemini, Gopher or even Dat and IPFS

@waweic maybe, but even then I'm wary. However this is about any website code being able to do that, which I'm against, even with a permissions based model.

@makeworld @waweic I agree with @makeworld here, it's tools for closing down the ecosystem even more. And that's before looking into the security aspects.

@Steinar @makeworld I think it's rather a result from a an already closed down ecosystem

@Steinar @makeworld As much as capitalism, the resulting cluttered ecosystem and in turn resulting network effects are a vicious cycle, yes

@makeworld
For now I would argue returning to older standards for the web. Maybe pipe them through new crypto. Stripping away js and make css client side like how it started. #ipfs is opaque and #hypercore / #datprotocall has a nice ux but the sole client requires chromium.

@SwindlerOfInsanity Gemini sort of does this, and it's a great protocol and ecosystem. Definitely simplifies.

@makeworld
If an entire site were to be bundled in one large file, how could custom ads be sent to each individual client?

@taziotoninzo I'm not sure about custom ads, but my understanding is that now you can't block ads until after they've already been downloaded, or potentially not at all now because they don't have unique URLs.

@taziotoninzo @makeworld Indeed, this is one of the reasons why I don't buy the Brave article.

A good discussion of Web packaging is also in RFC 8752.

@makeworld the hypocrisy Brave has by criticizing Google and Chrome and then turning around and using Chromium as their browser engine

感觉 wbn 还挺好的, 可以用签名验证 wbn 的有效性来访问现有网站的资源, 在离线网络下可以直接根据签名新建一个命名空间, 网站的 wbn 签名通过就可以直接使用离线时创建好的空间
至于隐私保护程序, 还是可以根据 url 工作的, 这点感觉没有什么大问题
raw sockets 我倒是第一眼就觉得能用来 DDOS

@makeworld I'm surprised it took this long for someone to reimplement Opera Mini %)

...for completely different reasons

@makeworld
Remember when JS couldn't connect to domains that weren't it's own?

@makeworld It is more complicated than that, and Brave is not perfect either. Bundles are a very good idea (although of course the devil is in the details) and one of the arguments ("Origin Confusion") seems quite wrong: because resources are signed, bundles REENABLE origin authentication, which was threatened by CDNs.

Sign in to participate in the conversation
Sunbeam City 🌻

Sunbeam City is a anticapitalist, antifascist solarpunk instance that is run collectively.