Google did it again.

  • @[email protected]
    link
    fedilink
    English
    31 year ago

    My understanding is vague but the sandbox environment is cryptographically integrity checked in some fashion that makes the spoofing you’re suggesting difficult or impossible.

    • @orclev
      link
      English
      7
      edit-2
      1 year ago

      Well, I did a little digging, and while parts of the stuff proposed by Google might be tricky, the actual topics portion of the API looks pretty easy to spoof. It seems like there’s really only two things that need to be done. The first is to spoof the feature detection logic to return true for calls to document.featurePolicy.allowsFeature('browsing-topics'). The second would be to return randomly selected topics from all available topics from calls to document.browsingTopics() (care might need to be taken to return a consistent set of random topics to a given page, otherwise clever sites might poll the API many times to detect randomness). That really seems to be all there is to the topics API part of this. As for spoofing the rest of the web DRM parts, that’s going to be a lot trickier, but with control of the browser I can’t see how it could be made insurmountable.