This article is more than 1 year old
Brave takes brave stand against Google's plan to turn websites into ad-blocker-thwarting Web Bundles
Draft spec reduces pages to inscrutable data blobs, says privacy bod
A proposed Google web specification threatens to turn websites into inscrutable digital blobs that resist content blocking and code scrutiny, according to Peter Snyder, senior privacy researcher at Brave Software.
On Tuesday, Snyder published a memo warning that Web Bundles threaten user agency and web code observability. He raised this issue back in February, noting that Web Bundles would prevent ad blockers from blocking unwanted subresources. He said at the time he was trying to work with the spec's authors to address concerns but evidently not much progress has been made.
His company makes the Brave web browser, which is based on Google's open-source Chromium project though implements privacy protections, by addition or omission, not available in Google's commercial incarnation of Chromium, known as Chrome.
Google's second stab at preserving both privacy and ad revenue draws fireREAD MORE
The Register asked Google to comment. Its spokespeople did not respond.
The Web Bundles API is a Google-backed web specification for bundling the multitude of files that make up a website into a single
.wbn file, which can then be shared or delivered from a content delivery network node rather than a more distant server. It's one of several related specifications for packaging websites.
The problem, as Snyder sees it, is that Web Bundles takes away the very essence of the web, the URL.
"At root, what makes the web different, more open, more user-centric than other application systems, is the URL," he wrote. "Because URLs (generally) point to one thing, researchers and activists can measure, analyze and reason about those URLs in advance; other users can then use this information to make decisions about whether, and in what way, they’d like to load the thing the URL points to."
That becomes difficult when the file isn't easily teased out of a larger whole. Web Bundles set up private namespaces for URLs, so privacy tools that rely on URLs don't work.
"The concern is that by making URLs not meaningful, like just these arbitrary indexes into a package, the websites will become things like
.SWF files or PDF files, just a big blob that you can't reason about independently, and it'll become an all or nothing deal," Snyder explained in a phone interview with The Register.
Separately, Google has been working to hide full URLs in the Chrome omnibox.
Snyder concedes that some of the goals these tools aim to realize may be valuable, like assertions of resource integrity through signatures, but he objects to means being applied to get there.
"I think that some of the ends of these tools are shooting for are valuable," he said. "I think the way that they're shooting for them is not valuable and has a kind of insidious side effect of allowing other things that are user hostile."
Snyder is not alone in his doubts about the spec. Apple WebKit engineer John Wilander filed two issues arguing that ad tech companies could use website packaging to bypass user privacy decisions.
And Maciej Stachowiak, a software engineer who leads the development of Apple's WebKit, also voiced opposition to Web Bundles.
I’m glad to see Brave speaking out agains WebBundle tech (AMP 2.0). This is part of Google’s ambition to serve the whole web from their own servers while pretending it’s coming from elsewhere. It’s also bad for privacy protections, as outlined by Brave in this post. https://t.co/SYGNDki1WN— othermaciej (@othermaciej) August 25, 2020
Despite Google's disinterest in responding officially, various Google engineers challenged Snyder's claims and defended the technology on Twitter.
Alex Russell, senior staff software engineer at Google, contends that Snyder has misunderstood the various web packaging proposals, perhaps deliberately. And he insists that they don't break URLs.
Bundles allow folks who opt into bundles to have others serve their content...again...on an opt-in basis.— Alex Russell (@slightlylate) August 26, 2020
What they *don't* do is break URLs and the origin model.
What's clear is that there are more than a few open privacy issues that have been raised about these proposals; what's less obvious is whether Google, as the dominant player on the web, will accommodate critics or ignore them.
The erosion of user agency – the ability to control and modify one's own software and hardware – has been ongoing for years, driven by profit-minded tech giants, repair-hostile hardware designs, and the realization that the openness of the PC era would pose problems as phones and home appliances became more dependent on vulnerability-prone software and processors.
In his 2008 book [PDF], The Future of the Internet — And How to Stop It, Jonathan Zittrain pointed to the "sterile" iPhone as the endgame, quoting Steve Job's repudiation of third-party innovation on the newly introduced smartphone:
We define everything that is on the phone. . . . You don’t want your phone to be like a PC. The last thing you want is to have loaded three apps on your phone and then you go to make a call and it doesn’t work anymore. These are more like iPods than they are like computers.
Apple however backed away from a strict appliance model. As Zittrain mentioned in passing, a promised software development kit – unreleased at the time – might allow third-parties to create iPhone apps with Apple's permission. And that came to pass, creating the App Store model now on the defensive against trustbusters and aggrieved developers around the globe.
The web remained open, at least on a technical level, as smartphones proliferated over the past decade. It's been a small consolation for those annoyed by the paternalism of Apple and Google, which each in their own way limit native software in their respective smartphone platforms.
But ad companies have demonstrated that they're not thrilled with people being able to block their ads. Consider how Facebook, which proudly touts its commitment to open source software, routinely obfuscates the structure of its webpage code to prevent content blockers from working.
Google is in the midst of making changes to its browser ecosystem that affect code freedom and privacy. The ad biz has been trying to address a broad range of web security and privacy problems – many of which really do need to be dealt with – while also figuring out how its ad-based business model can thrive when starved of its rich diet of cookies. But in putting its house in order, the company has managed to step on a few toes.
Perhaps Google's motives are pure and it only wants what's best for the web. Perhaps the company's deprecated motto "Don't be evil" still motivates its employees. If so, the ad biz clearly has more work to do to convince people it's not trying to privatize the web and force ads on the unwilling.
"The Google argument is, to my mind, absurd," Snyder said in an email. "It goes something like 'this is already available if you buy service XYZ'; my point is that paying for XYZ is a meaningful, useful deterrent! Or they'll say 'blocking by URL is already imperfect because of ABC'; my point is that WebBundles are further eroding the effectiveness of an imperfect-but-none-the-less extremely useful tool, URL-based blocking." ®