Author Topic: THE BLOB! – Google’s new threat to Internet privacy and security  (Read 541 times)

0 Members and 1 Guest are viewing this topic.

Online Elderberry

  • TBR Contributor
  • *****
  • Posts: 24,278
Watts Up With That? by Anthony Watts 9/1/2020

“Google is proposing a new standard called WebBundles,” according to Brave’s senior privacy researcher. Brave is an alternate web browser, competition to Chrome, Edge, and Firefox. From the Brave website:

WebBundles Harmful to Content Blocking, Security Tools, and the Open Web

This proposed standard allows websites to ‘bundle’ resources together, and will make it impossible for browsers to reason about sub-resources by URL.

“This threatens to change the Web from a hyperlinked collection of resources (that can be audited, selectively fetched, or even replaced), to opaque all-or-nothing “blobs” (like PDFs or SWFs). Organizations, users, researchers and regulators who believe in an open, user-serving, transparent Web should oppose this standard…

The Web is valuable because it’s user-centric, user-controllable, user-editable. Users, with only a small amount of expertise, can see what web-resources a page includes, and decide which, if any, their browser should load; and non-expert users can take advantage of this knowledge by installing extensions or privacy protecting tools… At root, what makes the Web different, more open, more user-centric than other application systems, is the URL. Because URLs (generally) point to one thing, researchers and activists can measure, analyze and reason about those URLs in advance; other users can then use this information to make decisions about whether, and in what way, they’d like to load the thing the URL points to…

At a high level, WebBundles are a way of packing resources together, so that instead of downloading each Website, image and JavaScript file independently, your browser downloads just one “bundle”, and that file includes all the information needed to load the entire page. And URLs are no longer common, global references to resources on the Web, but arbitrary indexes into the bundle. Put differently, WebBundles make Websites behave like PDFs (or Flash SWFs). A PDF includes all the images, videos, and scripts needed to render the PDF; you don’t download each item individually. This has some convenience benefits, but also makes it near-impossible to reason about an image in a PDF independently from the PDF itself. This is, for example, why there are no content-blocking tools for PDFs. PDFs are effectively all or nothing propositions, and WebBundles would turn Websites into the same.

More: https://wattsupwiththat.com/2020/08/31/the-blob-googles-new-threat-to-internet-privacy-and-security/