Towards an Internet of slaves?

Or the way Internet Giants are mastering the network

A few years back, in France, the national and unique telecom company invented a system based on “low power terminals” connected to central servers. The company rented (for free) those terminals to their consumers. These terminal connected to central servers using plain old telephony standard (1200 baud/s modem) on overpriced phone numbers. You had no choice of content, and many services were only based on time (they tried to keep you online as long as possible to charge you as long as possible).

This was called Minitel (for mini small tel terminal). It had no data storage, no upgrade possible, everything was run on the remote side.

Internet has broken their business

Then, around 1999, users could buy POTS modem (up to 56KBaud/s) and connect to non-overpriced telephone number, and get access to free (as in freedom) internet content. As expected, this killed the Minitel business.

The main reason why this happened was not the price (price was reduced for Minitel’s services yet it did not survive), but the opportunity for people to connect to any service they wanted, not one of the few thousands that were offered.

The lesson to learn was “people want to master their content and services”

Internet is now becoming a Minitel 2.0

A small shift fifteen years later and a global look to current internet system present abnormal similarity. You are presented a limited number of “servers” to contact to, your data is in their hands. Your browsing session is made as long as possible for you to watch their advertisement, and for them to earn from your time spent. You pay for bandwidth (you rent it from your ISP).

It was not like this five years ago, and there is no sign of returning back to the previous state. Worse, they are making it harder for you to do so.

Loss of freedom

At some point in time, we have experienced a very large access to freedom. Freedom to learn, to hack and to express ourself. This fire is being extinguished with the help of big companies.

You shall become Advertisement slave…

You probably remember the “pop up hell” that internet users of year 2000 used to live with Internet Explorer. Then appeared Mozilla Firefox with an automatic pop up killer.

Popup had the advantages of not breaking the content you were reading.

A few years later, pop up have disappeared, but advertisers filled the content with, well, ad.

Ad blocker appeared, and killed they practices (at least, for power user who installed an ad-blocker)

Long story short, there’s a war between advertisers and users who want their web uncluttered.

Back to current year, we are seeing a large increase of mobile based browsing. Chance are high that you are reading this page on a “smartphone” running Android or iOS (or Windows Phone). You are probably using a browser called “Chrome”, “Safari” or “Edge / Internet Explorer” (or for the most adventurous, “Firefox”).

Yet, do you realize that the browser you are using is as naked as the browser you used in 2000 ?

Sure, your browser is doing 3D acceleration, audio, etc. But mobile browser from Internet Giant, by default, offer no extension system. This means no Adblock, uBlock, Ghostery, Greasemonkey, whatsoever…

Do you think it’s an oversight from the three main browser vendors ?

How does Google earn money ? Or Microsoft ? Right, they are advertisement-delivery provider. They earn each time you waste a second reading an useless ad (worst, they earn each time you download an ad)

You probably experience those pesky Javascript based popup that you must click to go away. Doesn’t it smell a lot like the 2000s ?

Why aren’t they providing the technology to kill that pest (that’s easy since you can spot that a content with external resource is having a z-index higher than the main page, and this happens after the page loaded) ?

You shall use the content on our servers only…

Recently, all browser vendor are locking in their users. The choice is simple, it’s the very usual strong-against-the-weak principle. Major browser vendor implement a closed source technology for video and audio playing of DRM content (yes, even Firefox). If you don’t do that, your users will not be able to watch the content they asked for. The power balance is inverted here, we, as users, we should impose our will to the providers, and not the opposite. The move from Firefox is the exact example that something is wrong.

It’s like when you order to a pizza shop a pepperoni pizza, and get a mozzarella one instead. I don’t want your mozzarella pizza. You can keep it, no way I’m going to accept it.

Why in hell should I accept this video if you don’t let me watch it ? I’m watching your advertisements here, you earn money, each time I watch your stuff. Are you really sure you’re completely clear in your mind ?

Recently, major browser vendors are “agreeing” toward “certifying” the content of what you are watching. At first, that might sound a good idea (as usual, devil is in details).

When you look to it more closely, the browser can now prevent a website from loading content from any other website. Yes, that’s right, this prevents you to run your favorite bookmarklet that removes the clutter from the actual interesting content, this prevents you to publish some content from any non-approved website, etc…

This also means that any cross domain, cross-browser, compatible code you might have be used to (or written) will now have to be re-written for every different browser, every different platform, and so on, as an “browser extension” or add-on.

Nice move to prevent other browser provider to appear, since the work done by unpaid developers for writing extensions for the major browsers will have to be done again for the new browser.

This “technology” is called CSP (for content security policy, the usual security-removes-freedom mojo is running at maximum speed). Basically, a website tells the browser that the content is allowed from X or Y but no-one else.

Tomorrow, if I want to post a picture of my cat hosted on my server on any of such website, it will fail silently because it’s very unlikely my server will be listed in the CSP. Obviously, Google Photo, Flicker, etc will all be listed here, so I’ll be locked out because I’m not using their service.

Remark: It’s not Google that forces the website to use their service, it’s the pressure of users that want to link their pictures hosted on Google’s server that force the webmaster of the site to allow Google’s servers. Again, it’s the strong against the weak.

Mozilla is not reacting to this whatsoever, because, well, Mozilla is bollocks-less, they are struggling to stay “competitive” in the browser market, and they depends for this on ad revenue from the big Giants.

You shall not change the content…

If this wasn’t enough, a new “security scheme” is being implemented that allow website to lock their CSS so that a browser will not load the stylesheet if it’s being modified (by who? ).
Technically, the CSS is hashed, and the hash is stored in the link referrer.

How often does a malware comes from a stylesheet, really ?

However, how often does a CSS contains a link to advertisement’s resource ? Isn’t it like… every time ?

Whose who work for maintaining a network will tell you how hard it is to intercept and modify something on the network without being caught, and with SSL/TLS (HTTPS), it’s even harder.

They start with CSS, and soon they’ll do the same for Javascript, so what you’ll get is a web application that you can not modify, that you must trust, that you can’t analyze for correctness, who’s only able to manipulate your data on their server. It’s using your time for them to earn money by having you watch their advertisement.

There’s another word for this, being unpaid for doing some work, while (few) others earn the benefit of your work, it’s called a slave. In fact, it’s even worse, because in the ancient time, slave didn’t have to pay to get access to slavery.