• 𝕸𝖔𝖘𝖘@infosec.pub
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    You’re right. But it’s so much worse than that.

    Imagine, for a minute, that this passes. If a website exists that a specific entity disagrees with (say… a whistleblower forum, or accounts of how Google is abusing its powers, or accounts of a Government is abusing it’s citizens), all that would need to happen, is for the “integrity authority” to deny access to that site, and it will be censored. Whereas now, a website has to be taken offline (in most cases) to be effectively censored, if this passes, the “integrity authority” would just need to say nay.

    Imagine never hearing of the Snowden files, or George Floyd, or the Russian-Ukraine war. Not because they didn’t exist or didn’t happen, but because you ‘weren’t allowed’ to see them by an entity who benefits from you not seeing them or knowing about them.

    If this passes, we would be -officially- entering a dystopia.

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      It’s kind of the opposite of this though, it’s not censorship. It’s not that you aren’t allowed to visit other sites, it’s that sites can choose to let you in or not.

      The scary part is we don’t know what makes that decision, and from Google’s proposal is that it could just be anything they decide. So it’s not censorship, but it is saying “You aren’t playing by our rules (like by using an ad blocker, or you visited too many whistleblower forums, or we just plain decided we don’t like you) so you don’t get to use gmail/your bank/whoever decides to implement this”

    • floofloof@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Won’t there need to be backwards compatibility with sites that don’t implement this? The default would have to be that the browser is allowed to see a site that doesn’t require attestation. So if the whistleblower or political site just didn’t implement this, would that be a way around it?

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        At first, maybe. But not ultimately. If you compare it to TLS, for example, if the site use TLS 1.0, your browser will simply not load the site. This web integrity thing is similar.

        Another, maybe more relevant, example, is Flash. Once Google decided Flash will no longer be supported on their browser, Flash died. I actually don’t disagree with the killing of Flash, but the idea is similar.

    • Paradox@lemdro.id
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Google can already do that. It’s called “safe browsing” and if your site ever gets on the wrong side of it good luck. It’s easier to get off a spamhaus registry than it