Sign in / up

back to article Google bins integrity API that looked more than a bit like horrible DRM for websites

Amid rising community concern, Google says it will no longer develop controversial technology that was said to fight fraud online though to critics looked more like DRM for websites. Instead, the Chocolate Factory plans to work on a more limited version of the tech for Android WebViews, a version of its Chrome browser that can …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. doublelayer Silver badge

    Victory! for a month

    It's very good for us and the internet as a whole that this particular incarnation has died. Unfortunately, this isn't the first time, nor will it be the last, when Google tries to break the openness of the internet, where any site that works in a standard way can be accessed by software that complies with the standard, so that Google's software is advantaged. It won't be long until they make another one. We'll have to shout loudly that time as well. Nobody else will stop this from getting through.

    Whether it's Google thinking that their desire to prevent ad fraud is somehow our problem instead of their problem, video streamers wanting to support browser watching but only on platforms where they already have a native app anyway, or just companies that want to make it really easy to have a full list of everything you've ever done to sell to the highest bidder, as well as most of the rest of the bidders, the internet's standards are fragile.

    38 1 Reply
    1. ecofeco Silver badge
      Reply Icon

      Re: Victory! for a month

      Every walled garden attempt of the Internet has eventually failed.

      I'm loving each failure.

      7 1 Reply
  2. DS999 Silver badge

    I don't see how this would help in their goal even if they did it

    Fraudsters already operate banks of smartphones to commit ad fraud in apps, so if they had to run actual browsers to commit click fraud they'd just run a thousand VM instances on a single beefy machine running scripted mouse movements and clicks instead.

    14 0 Reply
    1. doublelayer Silver badge
      Reply Icon

      Re: I don't see how this would help in their goal even if they did it

      It probably wouldn't. Most likely, ad fraud was their way of trying to find an excuse for having this feature. If they told the truth: "We want to add a feature which explicitly breaks anybody who isn't using Chrome, then get a lot of people to mindlessly activate it, then take the integrity information and leak it through Google Analytics or something for extra fingerprinting", people wouldn't want it. Sometimes, when they introduce new APIs that don't really need to be in the browser, they can think of a possible benefit that someone could get. For instance, when they decided that browsers should be able to talk to USB devices directly, they could show you how a game written in Javascript could automatically interact with USB gaming hardware or how you could upload code to a USB-connected dev board without learning how to use a serial console. With WEI, they couldn't actually think of any user benefit. They already know some ways to fight ad fraud, such as by looking at the source of the traffic which would get around your VM proposal, but they don't want to bother doing it because talking too much about fraud would just scare the people buying the ads.

      18 0 Reply
    2. Christian Berger
      Reply Icon

      Fraud is not the issue they want to solve with it

      For Google the more pressing issue is that there are other browsers. Things like HTTP/2 or HTTP/3 essentially make it harder for new competitors to enter the browser market. Just imagine a browser that is truly "Free", one that is not controlled by a large corporation, one every user could modify in a meaningful way. That would greatly shake up the status quo. Things like "noscript" wouldn't be an extension, but something browsers would ship by default. Browsers would ship common files like Google Fonts by default, robbing Google of valuable access data.

      I mean Google has no reason to care about "ad fraud". The whole business is a cestpool of fraud. It simply doesn't matter if the ads are actually displayed or not.

      3 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Fraud is not the issue they want to solve with it

        Whilst I mostly agree with your post, I wouldn't say http/2 and http/3 are the stumbling block to new entrants.

        Open source http/2 and http/3 libraries already exist, and with the ongoing additions to css and javascript etc., protocol support is probably the easiest part of a project to keep uptodate.

        2 0 Reply
  3. mostly average
    Big Brother

    This has only two purposes...

    1. Ensure only Google can use Web scrapers.

    2. Protect Google's precious ad revenue by breaking ad blockers.

    Any other stated purpose is either bovine excrement or a side effect.

    33 0 Reply
    1. The Central Scrutinizer Silver badge
      Reply Icon

      Re: This has only two purposes...

      Seeing as you mentioned ad blockers, YouTube is now refusing to let me play videos because I have the temerity to be running one. I use YouTube as an information resource for 3D graphics techniques, so wtf am I supposed to do now? Give gogglebots the ability to play me endless ads while I'm finding information, I guess?

      The enshitification of the Internet continues unabated....

      15 2 Reply
      1. Red~1
        Reply Icon

        Re: This has only two purposes...

        I've heard the most recent uBlock origin gets around this issue, but you may have to refresh your database more frequently. Their post on it is here https://www.reddit.com/r/uBlockOrigin/comments/17j6ygs/youtube_antiadblock_and_ads_october_29_2023_mega/ - Hope this helps :)

        8 0 Reply
        1. katrinab Silver badge
          Reply Icon
          Meh

          Re: This has only two purposes...

          At the time of writing this reply, yes. But you do have to update it several times per day.

          3 0 Reply
        2. Snowy Silver badge
          Reply Icon
          Go

          Re: This has only two purposes...

          It works for me and I do not refresh the list manually.

          0 0 Reply
          1. Grogan
            Reply Icon

            Re: This has only two purposes...

            That's because they haven't fully rolled out the anti-adblock detection to all of their infrastructure yet. I haven't had youtube complain either.

            1 0 Reply
      2. Greybearded old scrote
        Reply Icon

        Re: This has only two purposes...

        I've seen claims that the adblocker blocker only works if you're logged in to Goggle. I've certainly never seen it. Is it worth trying a 'clean' browser session?

        1 0 Reply
      3. AVR Silver badge
        Reply Icon

        Re: This has only two purposes...

        yt-dlp still works against them.

        1 0 Reply
      4. Justthefacts Silver badge
        Reply Icon

        Re: This has only two purposes...

        Errr….how about, just *pay directly* for the information resource, which you find important to you. Subscribe to YouTube Premium. Then no ads. Then YouTube take a cut, for the cost of aggregation and distribution, and pass the remainder onto the creator. This is not a complicated thing.

        Not worth it for me, because IDGAF about ads. But you do. You’re angry at Google “selling your data”, which is apparently super-valuable. Fine, it’s valuable, so it has a value, so Google has bothered to price that up for you, apparently £12/month. And now you know the price, you claim it’s not worth it.

        So either: just subscribe, if it it’s worth it to you. Or your data really isn’t worth that much at all, in which case please for the love of god STFU about Dr Evil “stealing your valuable data” by *providing a service*.

        6 21 Reply
        1. Grogan
          Reply Icon

          Re: This has only two purposes...

          How about, you "STFU" with your jumped up admonishments instead? I'll continue to (successfully) block their ads and unwanted rubbish, I don't care if I have to manually create rules for each element.

          Only the proverbial fools easily parting with their money would pay to watch youtube videos. Not one red cent for that fucking crap.

          12 7 Reply
        2. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: This has only two purposes...

          How is paying YouTube "pay directly for the information"?

          Or is there some magic way to ensure 100% of the money goes to the person who made the videos?

          8 0 Reply
        3. MachDiamond Silver badge
          Reply Icon

          Re: This has only two purposes...

          "Subscribe to YouTube Premium. Then no ads. "

          It's not necessarily the ads, it's the tracking, cookies, selling of data based on what they are harvesting.

          I don't care much about the ads. I ignore them as they are mainly for products that do not work, are a total rip off or actually dangerous. As if I believe there's a "hack" where Amazon will send ME 5 figure checks every two weeks while I bang away on a mobe from a tropical beach. Not just that, but using an ad with worse production value than what I made many years ago in high school (B/W even). I'm also not convinced that a cheap Chinese made mini chain saw is good for much compared to the 'real' ones I already own.

          1 0 Reply
        4. Jamie Jones Silver badge
          Reply Icon

          Re: This has only two purposes...

          Damn, youtube is so annoying. Stupid changes that make the UI worse.

          Utter contempt for commenters Their censorship rules make no sense. You can't even link to a youtube created youtube video. If they decide a comment should be censored, they just delete it without warning. If they decide a comment should "probably" be censored, they shadow-ban it - useful replies I'd made to others in the past were never seen - I only found out about the shadow ban when someone asked me elsewhere for the information I promised I'd reply to a thread with (and did)

          A few years ago, they've made the "thumbnails" HUGE - totally inappropriate for a large screen. They are still like it. Why can't I set it as it was before?

          You reply to someones comment, and the comment is greyed out so you can't read the post you're replying to, even though it's on the screen.

          Every update seems to remove some customisation control, dumbing things down further.

          Pause a video? Screen dims until you click on it. Why? Why can't I disable this?

          Every day I'm closer and closer to scrapping youtube altogether - not because of the content, but because of youtube "designers" with no common sense.

          Without all this crap, I probably would pay for it, but as it stands, no, I'm not going to pay for something that annoys me.

          0 0 Reply
      5. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: This has only two purposes...

        Google co-sponsored, and presented positively at an adblocker conference, whilst at the same time, youtube pushed it's blocking of ads.

        A very schizophrenic company! https://www.wired.com/story/youtubes-ad-blocker-crackdown-spurs-record-uninstalls/.

        3 0 Reply
      6. MachDiamond Silver badge
        Reply Icon

        Re: This has only two purposes...

        "so wtf am I supposed to do now?"

        Have you edited your localhost file so most things Google wind up doing nothing?

        I have noticed they seem to be able to get around this in some cases, but every little bit helps.

        0 0 Reply
      7. Rich 2 Silver badge
        Reply Icon

        Re: This has only two purposes...

        I never watch anything directly from the YouTube website - just use yt-dl (can’t remember exact name but stick it in Google (oh, the irony) and it will find it for you)

        0 0 Reply
  4. martinusher Silver badge

    Ass Backwards, as usual

    Web technology reminds me of technologies like supermarket self-checkouts. The basic technology is simple but not that well thought through. The result is a host of unintended -- and negative -- consequences which are then addressed by every more convoluted and complex patches. These still fail to address the fundamental problems so the patches themselves get patches. The result is a convoluted mess that still doesn't work that well.

    The problem with the web is that websites need to positively identify users and their location in order to 'personalize' -- sell -- them stuff (and, while they're about it, prevent those users from getting stuff that site owners think they should pay for). The resulting technological whack-a-mole that wastes huge amounts of processing power and network bandwidth (not to mention time)....a mess. This "API" was just another sorry kludge.

    7 1 Reply
    1. Fred Daggy
      Reply Icon
      Coat

      Won't somebody think of the Billion Dollar Megacorporations?

      You got an upvote. This technology WILL be used for fingerprinting users, wherever they may be. For monetisation purposes only, I assure you. And any other purpose a web dev thinks up - like blocking non-Chrome browsers (the 90s called, wants it IE5.5 back), or blocking classes of users "just because".

      8 0 Reply
  5. StrangerHereMyself Silver badge

    Integrity

    I don't believe for a minute the Integrity API would result in website owners blocking users. That's not a valid concern IMHO since websites have a self-interest in having as many users visit their site as possible. Blocking users because they have an ad-blocker installed is already possible and very few do so.

    I also doubt YouTube will follow through with its anti-ad blocker campaign if people start flocking to competitors' sites.

    2 10 Reply
    1. mattaw2001
      Reply Icon

      Re: Integrity

      I don't think you are taking into account the history of how these monopolistic operators actually work. My belief is the following:

      First the integrity API, then will come a policy not serving content to anyone who doesn't have it "to protect the users", "to protect the content creators", and think of the children! Finally a policy that to be part of Google's ad empire and get income from ads will require it.

      Just like a real world coup, I suspect you only actually need a small percentage of important websites to be onboard, and they win.

      2 0 Reply
    2. ecofeco Silver badge
      Reply Icon

      Re: Integrity

      Ever heard of Frontpage?

      2 0 Reply
    3. doublelayer Silver badge
      Reply Icon

      Re: Integrity

      "I don't believe for a minute the Integrity API would result in website owners blocking users. That's not a valid concern IMHO since websites have a self-interest in having as many users visit their site as possible."

      Sites block users all the time. Whether it's for some security precaution that probably doesn't work, for some browser problem that probably isn't necessary, or some reason only known to one crazy web designer, they do it. For example, I have a site that I pay for access to, and it blocks my login attempts with a message that I could be a bot. Not a captcha, a straight block. This only happens in Firefox, and if I change to something Chromium-based, it tends to work. Switching the user agent doesn't work in this situation. I assume there's some misbehaving script involved here, but the result is that anyone who uses Firefox is being blocked. WEI can similarly be used to look for bot activity, and sites that experience enough of it that they demand bot detection and blocking may use it incorrectly to a similar effect.

      I've had a certain debate a few times in these and other forums. The topic is whether blocking IP addresses in bulk, rather than blocking them individually when they do something, is a good idea. I generally take the view that blocking an entire country is unlikely to benefit you and isn't worth the problems to users, but there are many people who still do it. They are deciding to refuse a potentially large class of visitors because, in most cases, they think this helps their server's security (this is where we disagree). That's a more deliberate decision.

      In summary, sites block on purpose and by accident, so why would I expect them not to do so with WEI as another tool to give unreliable information?

      4 0 Reply
  6. IGotOut Silver badge
    Joke

    Remember the good old days...

    When IE6 was king.

    Sighhh...

    3 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like