.io is a ccTLD though and is subject to the whims of the British Indian Ocean Territory. They can, for any reason, remove domains. See what recently happened with Mali and .ml.

• Decreased performance, as DRM is often hooked deep into event loops and adds non-negligible overhead.
• Decreased privacy, as DRM often requires pinging an external server constantly.
• Decreased security, as DRM is a black-box blob intentionally meant to be difficult to peer in to, and has been the target of attacks such as code execution vulnerabilities before.
• If you own a game but don’t have an active internet connection, DRM may prevent you from playing the game.
• If you own a game but have multiple computers, DRM may force you to buy multiple licenses when you’re only using one copy at a time (c.f., a physical CD with the game on it).
• Eventually, a DRM company is going to go out of business or stop supporting old versions of their software; if you want to play an old game that had that DRM, you won’t be able to even if you own the game.
• &c.

DRM exists to "protect’ the software developer, i.e. protect profits by making sure every copy has been paid for and to force people to buy multiple copies in certain cases. DRM never has and never will be for your (the consumer’s) benefit.

It’s interesting how you went from “it’s not relevant at all” to “it’s relevant in general but not in this case” after I gave you a reply.

If you have found a new security or privacy flaw, I would love to hear about it. But pushing your irrelevant opinions on others who are not interested, is unpleasant for us, and a waste of time for you.

My opinions are not irrelevant, as I laid out in my previous comment that you just agreed with. Others are obviously interested, and it’s not “unpleasant” for them, as people responded and upvoted (and no downvotes)–indicating it’s relevant. It’s not a waste of time for me, because not only did it take me negligible time to type literally three sentences (actually, I copy-and-pasted the comment from one I made earlier, I didn’t even write it fresh here), but it has value to others and as such is not a waste of time for me.

So whether he agrees with you that guys can become girls or vice versa, or whether he believes the same narrative that you do regarding corona is simply irrelevant.

The strawman construction was a nice little touch. Completely ignoring the part where I laid out that my personal stance and agreement or disagreement with the CEO is irrelevant, you act as if I personally disagree with the CEO and then use that to dismiss me.

You obviously have an agenda. So be it. But this conversation is truly a waste of time: you were obviously wrong and as soon as that was pointed out you shift goalposts.

I see, thanks for the clarification. I wasn’t sure about the specifics of how they produce their product from the upstream source.

If you think the two are unrelated you’re oblivious to the considerations that must be taken into account when discussing potential privacy concerns in software. It’s not ad hominem to acknowledge that the personal convictions and values of the CEO (and indeed other employees) can potentially decrease the sense of privacy of a product.

If the CEO is so adamant in his anti-X stance that he decides it’s acceptable to censor access to materials about X, or perhaps worse that he decides to expose anyone using his software that discusses or supports X, would not consider those valid concerns?

Companies are made of people, and software is made by people. Since people are not neutral, companies and software are also not neutral. The stances of a company or software on privacy, freedoms, etc are all influenced by the stances on those exact issues by the constituent people of the company and developers of the software.

Consider Elon Musk and Twitter. Given Elon’s personal beliefs and how adamant he is to enact and enforce those beliefs, do you consider him a neutral influence on the privacy of Twitter as a product? There is no way to see him as a neutral influence; he has direct influence by his ideological stance on the software. As such, if you have enough distrust in him or his ideological stance, that can transfer to distrust in Twitter as software.

In fact, it’s not even about whether I support the CEO or whether I think his stance is “right” or “wrong” as you imply. It’s entirely about how the CEO sees his beliefs in relation to the company and product he’s overseeing. I could entirely agree with the CEO and still consider their influence to be a detriment to the product if he puts his ideology ahead of pragmatism, for example.

I see what you’re saying. I read it as implying the browser would fake the attestation token. I don’t know the answer, but if their (stated) goal is to stop bots and scrapers, I have to assume it wouldn’t be so simple. After all, a lot of bots and scrapers are literally running an instance of Chrome.

Search engines like DDG should really begin maintaining their own index, and they should exclude sites that use the tech from the index.

If this gets implemented, it would ruin the ability for competitor search engines (such as DDG) to exist. If Google convinces site operators to require attestation, then suddenly automated crawlers and indexers will not function. Google could say to site operators that if they wish to run ads via Google’s ad network they must require attestation; then, any third-party search indexer or crawler would be blocked from those sites. Google’s ad network is used on about 98.8% of all sites which have advertising, and about 49.5% of all websites.

Isn’t someone just going to fork Chromium, take out this stuff,

Yes, upstream Chromium forks will likely try to remove this functionality, but

put in something that spoofs the DRM to the sites so that adblocking still works?

This is the part that is not possible. The browser is not doing the attestation; it’s a third party who serves as Attestor. All the browser does is makes the request to the attestor, and passes the attestor’s results to the server you’re talking to. There is no way a change in the browser could thwart this if the server you’re talking to expects attestation.

It depends on how Google wants to play this. If they require website operators to use WEI in order to serve ads from Google’s ad network (a real possibility), then suddenly 98.8% of websites that have advertising, and 49.5% of all websites would be unusable unless you’re using Chrome. It’s probably safe to assume they’d also apply this to their own products, which means YouTube, Gmail, Drive/Docs, all of which have large userbases. The spec allows denying attestation if they don’t like your browser, but also if they don’t like your OS. They could effectively disallow LineageOS and all Android derivatives, not just browser alternatives.

It may be dead to its users anyway depending on how forceful Google is with this. If Brave doesn’t work on 98.8% of all websites with advertising or indeed on 49.5% of all websites (approximately Google’s ad network’s reach), it becomes as niche as lynx.

A fork like Vivaldi, Brave or Opera could opt not to implement these changes

It doesn’t quite work like that. They wouldn’t choose to not implement the change, because the change comes from upstream via Chromium. They would have to choose to remove the feature which, depending on how it’s integrated, could be just as much work as implementing it (or more, if Google wants to be difficult on purpose). Not implementing the change is zero effort; removing the upstream code is a lot of effort.

Brave is built on Chromium. So, by default, no they are not safe from this. Without extra effort, Brave will have this feature. I don’t know if its feasible but there’s a chance the Brave devs can remove the code from their distribution, but that’s the best case scenario and just puts them in the same position as Firefox: they get locked out because they refuse to implement the spec.

Within the context of Chrome and other Chromium based web browsers, this means that Google will be able to monitor your web browsing in a new way any time you’re using a browser based on Chrome/Chromium.

With only slight hyperbole, we can say that Google can do this monitoring already.

What’s worse, is now they can:

• Refuse you access to information by refusing to attest your environment.
• Restrict your browser, extensions, and operating system setup by refusing attestation.
• Potentially bring litigation against you for attempting to circumvent DRM (in the USA it’s illegal to bypass DRM).
• Leverage their ad network to require web site operators to use attestation if they wish to serve ads via Google. AKA force you to use Chrome to use big websites.
• Derank search results for sites that are not using attestation.

In my opinion, the least harmful part of this is the ability to monitor page access, because they can more or less do this for Chrome users anyway. What’s really harmful here is the potential to restrict access to and destroy practically the entirety of the internet.

ISPs coming out and bothering you cause you pirate stuff? Never heard of it.

You must have the distinct privilege of not living in the USA or several other Western countries.

I’d jump ship immediately if I got one such letter.

If you mean jump ship off that ISP, there’s nothing you can do. You can go to another ISP (if there even is one in your area), who will do the exact same thing. You can jump ship entirely and not have internet, I guess.

Colloquial use of that word is not related to its technical use to describe a female dog in dog breeding. Colloquial use of the word is precisely driven by misogyny. Don’t try to play that game, it’s dishonest. Do you think the homophobic f-slur is acceptable because, after all, it is a technical term relating to bound wood fuel? If not, why is that not acceptable, but the one you’re using is? Historical linguistic justification for a word whose colloquial use has not been related to its historical meaning for a very long time is dishonest.

By “otherwise discriminatory” I meant discriminatory in ways other than the two (sexism, ableism) that I explicitly mentioned; can you not think of other ways to discriminate? “Otherwise discriminatory” can include words that are specificaly xenophobic or racist, or homophobic. I didn’t bother doing a full inventory when I was illustrating a point.

I find casual use of opaque blocklists without any second thought to their impact disturbing.

It’s not opaque. The entire block list regex is publicly visible for every single instance. In fact, it’s in the page source of every single page you load. You’re simply uninformed. Moreover, if you think there was no second thought to it’s impact, you’re yet again uninformed. There was (and has been) discussion about it amongst developers and (early) users, and discussion continues; in fact, there was a post about it with large engagement maybe three days ago.

I am not sure how I feel about enforcing a block list (and I said that in my previous comment), but one thing it does do, repeatedly, is illuminate how little people think about offensive things they say. Interestingly, more often than not, people would rather defend their use of misogynist language than consider using literally any other word in English or another language.

It’s in the blocked word list because it’s misogynist. The fact that it’s used so commonly with no second thought is disturbing.

I don’t know if I agree with the blocked word list being enforced, but I definitely have a problem with rampant misogynist, ableist, and otherwise discriminatory language used with no thought.

I see what you’re saying but I still disagree. If you are making that much money and living paycheck to paycheck, it’s your own fault and is a lack of self control or money management knowledge. If you’re making $7.25 an hour and living paycheck to paycheck, no amount of self control and money management knowledge will mean you aren’t living paycheck to paycheck. Living paycheck to paycheck is a personal failing when you’re in the top 1% of earners in the country.

Mullvad does not allow port forwarding.

They announced on May 29th that they would not allow new port forwarding. On July 1st, all existing port forwarding was disabled. Since then, Mullvad no longer allows port forwarding.

Ah I see you mentioned the cuts are only a few seconds long. This wouldn’t catch that very well.

If you have a server outside of your network you could simply hold open a TCP connection and report when it breaks, but I’ll admit at that point it’s outside of what I’ve had to deal with.

Depends on how much you want to set up. For my purposes, I just check for connectivity every minute, and record true or false as a new row in a sqlite database if there is connectivity.

This is what I use on my raspberry pi,

#!/usr/bin/env python3
from datetime import datetime
import sqlite3
import socket
from pathlib import Path

try:
    host = socket.gethostbyname("one.one.one.one")
    s = socket.create_connection((host, 80), 2)
    s.close()
    connected = True
except:
    connected = False
timestamp = datetime.now().isoformat()

db_file = Path(__file__).resolve().parent / 'Database.sqlite3'
conn = sqlite3.connect(db_file)
curs = conn.cursor()
curs.execute('''CREATE TABLE IF NOT EXISTS checks (id INTEGER PRIMARY KEY AUTOINCREMENT, timestamp TEXT, connected INTEGER)>
curs.execute('''INSERT INTO checks (timestamp, connected) VALUES (?, ?);''', (timestamp, 1 if connected else 0))
conn.commit()
conn.close()

and I just have a crontab entry * * * * * ~/connectivity_check/check.py >/dev/null 2>&1 to run it every minute.

Then I just check for recent disconnects via:

$ sqlite3 ./connectivity_check/Database.sqlite3 'select count(*) from checks where connected = 0 order by timestamp desc;'

Obviously, it’s not as full-featured as something with configurable options or a web UI etc, but for my purposes, it does exactly what I need with absolutely zero overhead.