Conversation

twitter.com/BrendanEich/st I don't see how this isn't DRM, and it's not a good precedent. Web sites would love to use this kind of DRM to prevent users from blocking advertisements or other unwanted features exactly like Brave is doing, and Brave would be locked out by that too.

Quote Tweet

BrendanEich

@BrendanEich

Jul 25, 2019

Replying to @DanielMicay @justsee and @bcrypt

DRM is WideVine. OS-level antifraud is not "DRM" in any useful sense of the TLA. I think @EFF agrees, but anyway, your further "enforced viewing" words were inaccurate and misleading! You mean: we make Brave Ads viewers pass OS-tested antifraud that the appstores require. Yes.

11:33 PM · Jul 25, 2019Twitter Web App

Replying to

It literally exists for the purpose of blocking users from modifying the web content or extracting it from there and viewing it in another app with modifications. Imagine if web sites themselves used attestation functionality to do this. I think they already have the APIs for it.

Replying to

DRM is when there's a TEE in your device in which secret keys you don't own are used to decrypt content. Brave Ads don't do that. You abusing "DRM" would be like me calling you "adfraud apologist." What do you suggest if not the OS-level antifraud checks native apps use? Be real!

Replying to

SafetyNet does have support for using secret keys in the TEE or HSM via key attestation. It doesn't currently enforce that key attestation passes, which is why it's currently so easy to bypass, but that's clearly going to change. TEE doesn't need to decrypt it for it to be DRM.

Show replies