Comment by Dalewyn
8 months ago
>Personally, I think life would be better if browsers just didn't play the game at all.
A web browser is a user agent. Why is the browser deciding anything one way or another? Let the user decide by providing options one way or another. If the user wants DRM access, let them; why is it the browser's business?
Again, the two important words: User agent.
The freedom to decide and choose is what helped Firefox take out IE6 and led to most subsequent browsers featuring some form or another of extensibility (which incidentally is now regressing because web browsers are increasingly developer and publisher agents).
There should be a great diversity in user agents because there is great diversity in personal tastes.
One person's user agent might be another person's "software I would never use".
As a text-only web user I am continually amazed, thirty years in, that web developers and now their CDN service providers are _still_ making incorrect assumptions about what user agent I am using. They are wrong every single time. There is almost zero focus on rate limits but hyperfocus on user agent string or other headers. For most sites I send no user-agent header and this works fine. But when sites want certain headers this tells me the purpose is not "protecting" servers from being overloaded, it is "protecting" servers from web users who will not involuntarily provide commercially useful data/information so that access to them as ad targets can be sold for profit.
Choice of user agent should make no difference. The JSON I'm getting is the same regardless of what device or software I am using. I decide what I want to do with the JSON after I retrieve it.
Imagining how things could be different, there could be "commercial" user agents that people use for accessing their bank acconts online and for other commercial transactions. There could also be "non-commercial" user agents that people use to read HN. Unfortunately, the way things are now people are using commercial browsers for non-commercial web use and exposing themselves 24/7 to unecessary tracking and advertising.
Personally, I only use a commercial user agent infrequently. I'm not doing many commercial tranasctions over the web. Most times, I am using non-commercial user agents. I see no ads and can focus on the text.
There are easily less than 1,000 people using the internet in the way that you do. The internet is not immune from cost-benefit.
I think I see an underlying point though. What other Internet protocol or service requires the user client to supply endless additional arbitrary metadata to even gain access to a resource, let alone receive information? Not even email is that cumbersome for the clientside. Although it is the way it is for better or worse.
Right, pack it up. You all heard the guy with the random username. Corporations have the power to make things convenient so I guess we should just give up and allow ubiquitous corporate control.
> it is "protecting" servers from web users who will not involuntarily provide commercially useful data/information
I don't think it comes down to that, I think it's more about the fact that your browser likely looks more like a bot than it does a human.
Also, rate limiting has a significant overhead and complexity at scale, where agent filtering is relatively cheap and easy to distribute. Though, this is largely a problem that has been resolved many, many times over and the additional overhead is not that bad. All said, I've met too many developers that don't conceptually understand public/private key encryption and would assume they'd mess up rate limiting.
Firstly, I object to DRM being added to the web platform in the first place. It is antithetical to the platform. This goes above the definition of what a user agent is and goes into what the web even is in the first place.
Secondly, users don't really get a choice. Users are fucked because browsers implement features like DRM and websites hard-depend on them. So the user is no longer choosing whether or not to enable DRM, but whether or not they can watch Netflix on their laptop. User agents should not put users in predicaments like this where they are forced to make choices against their own interests. This is one of those situations where nuance is necessary.
If Netflix doesn't work in the browser users aren't going to lean back in their chairs and think fondly of the freedom fighter jchw that protected them from working against their own interests, they are going to open Edge and watch Netflix.
No matter how much you opine the outcome is not going to change, the end users have spoken in what they want in their user agent.
> If Netflix doesn't work in the browser users aren't going to lean back in their chairs and think fondly of the freedom fighter jchw that protected them from working against their own interests, they are going to open Edge and watch Netflix.
Or maybe (hopefully) they download popcorn time instead
Yes... that's pretty much exactly what I said. Users will indeed just do what they need to do to watch Netflix, whether or not DRM is good for them or the web platform.
> Secondly, users don't really get a choice. Users are fucked because browsers implement features like DRM and websites hard-depend on them. So the user is no longer choosing whether or not to enable DRM, but whether or not they can watch Netflix on their laptop. User agents should not put users in predicaments like this where they are forced to make choices against their own interests. This is one of those situations where nuance is necessary.
That's why it shouldn't be a part of the web platform in the first place. Because we shouldn't force users to make choices against their own interests.
Here are some other examples of where we shouldn't force users to make choices against their own interests:
- Users should not have to give up their rights to be able to access legally-mandated warranty services or replacement parts.
- Users should not be forced to accept being tracked.
- Users should not be forced to forfeit their right to be a part of a class action lawsuit to use a product or service.
Try as you might, you're never going to convince anyone that the free market will just magically make all of the incentives align and make "the right choice", these are things that ultimately have to be solved with policy. The closest thing to "policy" on the web is standards, and W3C put EME in the standards despite widespread outcry, and that's why we're at where we're at.
Now the thing is, we have DRM in browsers, but we still don't have Web Environment Integrity, a complete and utter bastardization of the open web that would've made it cryptographically impossible for an open source browser to really meaningfully exist (since compiling it yourself would likely make it impossible for you to e.g. do banking or watch Twitch streams, since it would then fail attestation.) The reason we don't have WEI is because it was widely rejected by the community. Not because users made a choice.
It's nice to think that you can just leave it to the users to pick and they'll always do the right thing, but at the end of the day most people don't have time to care about DRM or WEI. Most people are not technical and just simply don't have the capacity in their day to be concerned about things like that. That's why it's literally the job of people who do have that capacity to fight for the user's best interests and try to avoid users being put into positions where they are basically guaranteed to be fucked.
And frankly, we're not winning the fight.
(This is no different from anything else. The vast majority of people can't be expected to fight for e.g. free speech rights either; it's always going to be a minority of people who hold the line.)
6 replies →