Conversation

I don't think calling it DRM is a mislabel. It would say exactly the same thing about a video game using this feature to enforce that people don't block in-game advertisements or bypass the need to pay micropayments for features or virtual currency.

Quote Tweet

Replying to @DanielMicay @justsee and @bcrypt

You picked a fight. "DRM" abuse, then "enforced viewing". Ad fraud is real and the $320B/year growing to $1T system uses JS nonsense against it, fruitlessly except for the CYA shakedown artists who sell tag-level antifraud. G & FB use what you mislabel "DRM". We aim to as well.

3

2

5

Replying to

This is false. Without safetynet users still get Brave's baseline features: ad/tracker blocking, fingerprinting protection, cross-site referer blinding, &c. They even can opt into Brave Rewards and fund their own anonymous donations. They just can't take 70% ad revshare. Yeesh!

4

2

Replying to

and

I'm going to reply to my reply. You tweeted that we replace ads in page slots. False. You abused DRM to describe anti-fraud tech that limits only Brave user ads, which are opt in. These are either hugely ignorant errors on your part, or lies. No third way!

1

Replying to

Oh, so it's a problem when I do it, but you can do it. You're trying to make a subtle distinction about what it means to replace ads, and I don't agree with it. It's you that's being incredibly dishonest by misrepresenting my statements as false or dishonest when they're not.

2

Replying to

and

I didn't abuse the term DRM. It's the way the term is used among almost everyone that I speak to. I'm hardly the only one using the term to include features like anti-modding / anti-cheat / anti-fraud trying to stop the user from doing something with code on their device...

2

Replying to

Stop replying to yourself. eff.org/issues/drm

1

Replying to

This is how I use Twitter. Stop dictating to me how to use the site. You're the one choosing to jump into my feed. If you don't want to talk to me, you have the choice not to engage with me in the first place. If you talk to me, I'm going to use Twitter how I've always used it.

2

Replying to

and

Gents, gents - how about scheduling a live recorded discussion on this topic so that we can all learn some useful insights into the world of Brave and DRM without being constrained by Twitter limitations and UX inadequacies?

1

Replying to

and

No, I'm sorry. Read eff.org/issues/drm and stop equivocating. Daniel is mad we use the same native-app-friendly antifraud tech G and FB use and Google and Apple provide. He calls that tech DRM. It does not fit EFF's definition. I'm done.

1

Replying to

and

twitter.com/DanielMicay/st I also certainly don't call attestation features DRM. I'm a fan of using attestation as a security feature to verify and monitor device security. I'm not a fan of using it for DRM. I never said that DRM is evil, but rather that it shows this won't work.

Quote Tweet

Replying to @BrendanEich

That's one form of DRM. It's not the entire picture. Software trying to enforce restrictions on usage and trying to prevent it from being bypassed is what myself and many others refer to as DRM and it includes anti-fraud and anti-cheat mechanisms. To me, that's what it means.

1

Replying to

and

SafetyNet attestation is incredibly weak software attestation and easily bypassed, as I pointed out. People have software to bypass it. Eventually, it will likely use the hardware-based key attestation, but that's still not some super strong security feature without pairing.

12:26 AM · Jul 26, 2019Twitter Web App

Replying to

and

The model of verifying based on chaining to a root of trust is a weak approach. Someone only needs to extract a single batch key from an exploited TEE to bypass it across the board. There are public exploits able to do this.

1

Replying to

and

Ok, adding

to help.

1