Handheld gaming device maker AYN is teasing an upcoming crowdfunding campaign for a new Android & ARM-powered model. A new dev board is up for pre-order that looks a bit like a larger Raspberry Pi… but which has an Intel processor and M.2 connectors, among other things. And the folks that recently brought the Fairphone 4 to North America are now selling a de-Googled, refurbished Google Pixel 5.
But one of the biggest stories making the rounds on tech sites this week? Google is proposing a new “Web Environment Integrity” (WEI) API that the company says could help websites and apps verify that they’re interacting with hardware that will perform as expected. But many folks are concerned that the method Google is proposing to build “trust” could also further consolidate control over the internet into the hands of a few big players (like Google), make it easier for sites to block visitors using ad blockers or other plugins, and generally bring about the end of the “open” web as we know it.
For their part, the Google representatives who have presented the new proposal say that’s not their intent, and that they’re even designing features that mean websites that used WEI to block visitors using ad blockers or other unapproved plugins or browsers would likely see those efforts backfire. But, unsurprisingly, many folks are still skeptical.
It’s still early days for Google’s proposal. A lot of details have yet to be worked out, and it’s far from certain that WEI will be built into future versions of Chrome or other browsers anytime soon.
Here’s a roundup of recent tech news from around the web.
Google’s browser security plan slammed as dangerous, terrible, DRM for websites [The Register]
Google engineers are proposing a new “Web Environment Integrity” system that would let websites verify your hardware & software with a third party to block bots, game cheats, etc. But many critics worry that WEI could spell the end of the open web.
Youyeetoo X1 – A Compact Intel Jasper Lake SBC going for $110 and up
The Youyeetoo X1 is a small dev board with an Intel Celeron N5105 chip, up to 16GB RAM, eMMC storage, and two M.2 slots (one for NVMe storage and one for a WiFi, Bluetooth and/or 4G LTE module). It’s up for pre-order now for $110 and up.
Odin2 next-gen gaming handheld IGG preview [Indiegogo]
The makers of the AYN Odin (Android) and Loki (Windows) handhelds are preparing to launch a 2nd-gen Odin. Pricing, specs, and availability haven’t been revealed yet, but there’s an IGG coming soon page, and more details are on the way.
Murena Pixel 5 now available in the USA and Canada [E Foundation]
Shortly after bringing the Fairphone 4 to North America (with the de-Googled /e/OS software), the E Foundation has announced that it’s also selling a refurbished Pixel 5 with /e/OS in the US and Canada.
Keep up on the latest headlines by following @[email protected] on Mastodon. You can also follow Liliputing on Twitter and Facebook, and keep up with the latest open source mobile news by following LinuxSmartphones on Twitter and Facebook.
Some comments have tried to explain why it is bad, lemme do the TLDR; version.
It is “Trusted Computing” and they never state the important parts. WHO is trusting WHAT to do / not do WHAT. And all of them proposed to date answer that question with “Mega corps can trust that the hardware you paid for is not in any way under your control, and in fact belongs in everything but legal nicety to another mega corp that can be trusted to keep its boot on your neck.
Wasn’t this sort of idea like the concepts also behind the Urbit crypto-peer-network or a text-only internet version sort of like Gopher protocol. To have multiple, somewhat-competing separated internets, perhaps that depend on the hardware and software configurations that you use. I guess that is what many mobile “Apps” have become sort of like walled garden dystopias like TikTox, etc.
Not so much the end of the open web but the end of freedom in personal computing.
The way this scheme works is that websites present an “are you trustworthy” page to your browser. Your browser then must ask an attestor program somewhere on your computer for a token that it signs with a certificate/key located…somewhere else, and this attestor has its own ideas of what criteria make a browser or user session trustworthy. However, it must send certain information in the token, such as its own identity, and information about the browser, and a list of other, undefined criteria.
Here’s the problem.
Websites will be able to block any attestors that’s not on their list of attestors they trust, or have been compelled to trust exclusively.
How will they determine which ones to trust? At the bare minimum, circulating lists of approved attestors that meet criteria set by security companies, governments, and anyone who has any kind of contract with any kind of interactive computer service provider.
Their stated goals are to stop basically all forms of automated activity on the web. You can’t do that if the user can be running whatever software he wants while the browser is open. So, the website needs the attestor to check the running process and the hash and signature of the browser binary at a bare minimum.
The attestor can’t tell what you’re running, not really, so it either needs to forbid unknown software or anything that matches a long list of known automation signatures, similar to antivirus, since we can’t trust the self-identification of the processes.
Of course, if you have a walled garden with only one software repository, the attestor can easily trust what you’ve got open is what it says it is.
Cloudflare and your government won’t want to put up with people running their own attestors that just check a browser hash and signature. Gotta stop ALL bots, browser automations, shell scripts that move the mouse and keyboard, GUI macro programs, etc. And presently, no open source attestor that just checks the browser exists as far as I know.
So people can’t be allowed to install their own attestors and they can’t be allowed to tamper with the vendor’s attestor to try and spoof the signature the TPM will add to the token.
How do you stop that?
You put the attestor along with whatever system file it needs into a read only partition. Android, iOS, ChromeOS, and MacOS already do this. Microsoft is already planning on making Windows State Separated with CorePC.
Then you need to stop the user from tampering with the attestor via booting another OS. You can then do one of two things, either lock the bootloader, or encrypt the hard drive and don’t give your users anything they’d need to decrypt it themselves.
You want your attestor to be trusted? You have to stop your users from running arbitrary code, and that’s the only way I know to do it.
And you know the best part? IT WON’T EVEN STOP (INDUSTRIALIZED) AUTOMATED ACTIVITY ANYWAY! You just need a bunch of guys in a phone farm who can be using locked down, walled garden devices, feeding data to and from a bot server that doesn’t even need internet access, and still be delivering automated responses. If anything, this could just make that even easier, if they get to skip the captcha!
There is definitely a subtle and slow push for a “digital identity”, where you wont be able to connect to the web without a digital id (like a social security number, only unique to you). Easy to track you, and also to catch criminals who want to hack, launder money, whatever.
Yeah, it’s a push toward a dystopian internet reality. Don’t want to flash your “ID”? Tough, you can’t get online.
Oh well. I’d happily say goodbye to the internet and go back to the 80’s style of life before the internet became widely available to the masses, and live my life peacefully. Already, there are stores where I live that want to scan your id to buy certain products, and I tell them to go to hell and shop elsewhere.
It is coming, but we wont see this level of dystopia in the near future I believe. But it is coming.
Already, it’s getting harder and harder to be able to apply for a job in person with a paper application, instead needing to apply at indeed or whatever. Everything, including your medical records, are getting integrated into the internet. Sad times, really.
Have you heard about Sam Altman’s iris-scanning Worldcoin?
Or Musk planning to turn “X” (formerly twitter) into a WeChat-PayPal omniplatform?
Or lest we forget, vaccine passports and checkpoints at every doorway. Those are, quite frankly, a nearly impossible to spoof form of digital ID that has the convenience of being easily revoked if you misbehave.
Or what Europe’s already doing with state digital ID.
Or what’s going to happen if KOSA passes, although that’s not nearly as bad in my opinion as EARN IT or RESTRICT or another act I can’t even name without sounding like a bad guy, all of which are before the US congress this year!
But digital ID isn’t really relevant to what WEI or apple’s PAT require operating systems to be.
What do you want me to say, Some Guy? I’ve never disagreed with your posts, I think you’re spot on, but the timing is wrong I believe. They will slowly introduce this stuff over a long period of time. Ever hear of the phrase, “boil the frog slowly”?
It will happen, but not all right away.
To ‘Upgrade pi-top [3]’, I couldn’t care less what Altman has to say. He’s a liar and a doomsdayer because he’s trying to push an agenda. Hear what I say: Altman is a LIAR.
And I’ll say something else, Some Guy. (I like you and your posts by the way, so don’t take this as an attack).
The day the internet goes full dystopia, I will be disconnecting. Why do you think I horde software? So I can be independent of the net and have everything I need in case it all goes to hell…
I grew up in a time before the internet became available to every household. I rode my bike as a kid, played board games, kick the can and wiffle ball with my neighbors. I skipped high school and went to the mall when going to the mall was fun and actually a cool place to be. Point is, I lived life. I picked up the phone and called a friend and asked if they wanted to hang out, not spending my entire days glued to a smartphone looking to get my next dopamine hit off social media. I actually socialized and lived my life, and I will live my life when the internet truely goes to crap.
I don’t understand all this doomsdayer stuff about the internet going dysopic (except I know that it’s happening ever so slowly). It’s not the end of the world. Life goes on. Mankind lived how many millenia without the internet? We will survive.
I think going back to the 80’s ways of doing things is actually healthy and wholesome. Who gives a damn about what happens to the internet? There is life (there should be) beyond the internet. I don’t know about you, but I’m almost 50. Finding a spouse I can truly care about and want to be with, and building a life is what is truly important to me.
Reading books? GASP Oh the humanity that we’d actually have to pick up a book and read versus seeing what likes we get on social media. Take away social media, OH MY GOD THE SKY IS FALLING!!!!
Get a freaking life, I say.
p.s. The benefits of drinking — it makes me HONEST. had to say this tonight.
tldr; it’s not the end of the world and life will go on, and might actually be a lot healthier than this addiction creating social media we have now. Chew on that for awhile, World.