this post was submitted on 13 Oct 2023
1164 points (98.7% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54716 readers
247 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

You might have noticed that even on Firefox (depending on your lists) YouTube may detect uBlock Origin on Firefox now

There's already a workaround (found, again, here), but I figured I would use this opportunity to tell people that projects like Piped and Invidious exist, which both allow you to watch YouTube without loading their ads, with improved Privacy and (in the case of Piped) even Geoblocking-Circumvention and SponsorBlock out of the box.

They're both great tools, and using something like LibRedirect you can even automatically go to Piped or Invidious when clicking/opening a YouTube link (and more).

Both don't load ads, but unless changed in the settings Individous may still make connections to Google/YouTube to load the video(s) themselves.

Bit of a shameless plug for these projects, but I figured this is a really good time to show these projects as I often see people asking what they are in threads on here

you are viewing a single comment's thread
view the rest of the comments
[–] spark947@lemm.ee 5 points 1 year ago (1 children)

Perhaps, but eventually there will probably ba a certificate authority alternative to Google. But I agree, we need regulation to determine to ensure that programs calling themselves web browsers will have to adhere to standards, and not be based on features that make certain websites work only on their browser. I think the backlash reaction to implementing "integrity" as a standard was really healthy. But there is still a lot of action to take on the regulatory front.

[–] BrioxorMorbide@lemm.ee 4 points 1 year ago (1 children)

eventually there will probably ba a certificate authority alternative to Google

Which won't matter (for access from third-party apps), because to be accepted by websites they need to prove their trustworthiness, so you can't just use a different one to circumvent it.

[–] spark947@lemm.ee 3 points 1 year ago (1 children)

It can be very similar to the TLS scheme we use today, where certificates are signed by regulated CA's. The only difference is that currently there is no regulation to ensure that Google will build chrimium to trust other authorities for browser integrity other than itself. That is definitely a major concern. Fortunately, I don't think that it is long term viable. First, Microsoft, Mozilla and Apple would be extremely unhappy with this scheme. That's right off the bat. So there will definitely be resistance on that front because eventually it would do something like break youtube compatibility with Firefox.

Now, I do think that it is plausible that these organizations could come to a agreement that is still ultimately bad for web browsers. There fore, this should be considered by government regulators as something to pay attention to. I'm not too pessimistic about them doing this. There us political will to preserve the open internet, especially in the EU. It looks like the US is also set to re-adopt net neutrality rules. So, im just not as pessimistic about it.

The only issue is that in the short-term, alot of these services that are free are going to degrade. This is what we are seeing with youtube. That is too bad, but I am hopeful and optimistic that it will lead to a more open internet. The fact that we are having this conversation on a decentralized social network is a positive sign.

[–] BrioxorMorbide@lemm.ee 1 points 1 year ago (1 children)

It still doesn't matter. A website can choose which attestors to trust (if they had to trust all of them the whole thing would be useless), so Youtube can just deny access to the video streams to anything that isn't a trusted browser environment, and anything third party like Invidious, Piped, Newpipe, Freetube... won't be able to work anymore.

[–] spark947@lemm.ee 1 points 1 year ago* (last edited 1 year ago) (1 children)

Well yeah. But those clients could ultimately just say they are firefox if Mozilla is open enough, which they tend to be. It ends when Google decides that stuff like YouTube should only work on chrome. That would be bad, and I think regulators would treat it as bad, especially the EU.

Just to be clear, I don't think forcing this standard down everyone's throats for naked commercial reasons is a good idea either.

[–] BrioxorMorbide@lemm.ee 1 points 1 year ago (1 children)

IIRC the proposal includes some crypto-handshake verification to make sure the attestor is who it claims to be, so no, apps can't just fake it. Or, if some of those secret keys leak and apps use it, sites won't accept it anymore.

[–] spark947@lemm.ee 1 points 1 year ago

It's a question of trust. Google will select the certificates they trust for the services they provide, and the entities that own those certificates will decide what do to with them. If they trust a certificate from Mozilla, and Mozilla agrees to make that certificate open to everyone for instance, than Google's only choice is to stop trusting it. But if Mozilla decides that is the certificate Firefox will use, than Google has to choose kicking off Firefox as well as other third party apps. Same with Microsoft and Apple, but I think Mozilla is more likely to oppose this kind of standard rather than try to reach some kind of agreement with Google.

The other way that this could play out every browser dev makes some kind of arrangement. Very unstable when we are talking about competitors.

At the end of the day, it requires a level of co-operation with the browser developers and internet service providers that I don't think a lot of people will go for, for various reasons. Especially not regulators. I guess I am just more optimistic about the open internet.