I don’t understand why so many opinion pieces and news keep on saying that Web Environment Integrity could be abused and that’s why we should oppose it. This misses the point a great deal.
Implementation of Web Environment Integrity in browsers IS ITSELF AN ABUSE, because I have the right to go around the web without continually proving who I am, even less against a 3rd party.
It’s as if someone said that some officer (and not even a government one) should always be by your side when you go out, ready to certify who you are, whenever you speak with people on the street – and even with friends. Would you accept that?
Are we totally out of our minds??
How would WEI work? What signals does my computer send to convince the other computers that my computer is doing what they want? Is it based on some “trusted computer” hardware level bullshit that’s already there? (I just want my computer to do what I want.)
That’s not part of this spec, all it says is that the attester produces a cryptographic proof. What it checks and what that proof means is for the attester to decide.
Google and Apple say they would “just” check if the user is logged into their Google/Apple account, as a way to proof that they are human and not a bot. That would be bad enough, because you should not have to have an account with these companies to browse the web. But they could easily make it even worse, by requiring you to install a kind of anti-cheat software that scans your device, and only provide the proof if they like the results. Heck they could just exclude everyone who visited a certain website in the past or who’s name starts with an F if they wanted to, because that’s how broad and dangerous this proposal is!
Big companies should not be able to decide if people are allowed to visit certain websites or not, even if they say they have the best intentions.
Without having read anything about WEI at all: Microsoft already supports something similar by using Windows Hello (Edge). It’s using your TPM to make sure the hardware/OS wasn’t tampered with. On Android, this is comparable to safetynet/Play Integrity.
deleted by creator
[This comment has been deleted by an automated system]
That works until you are forced to interact with a website that only works with it, either by work or school.
deleted by creator
I can only assume these opinion pieces are written by people who use Google for everything they do and trust them.
Dumb fucks, to quote Zuckerberg…
So like 8% of the market, mostly from Mozilla?
deleted by creator
Most people don’t give a shit about these things. It might actually decrease if Netflix just tells people to install Chrome to watch Stranger Things
Aren’t Vivaldi and Brave downstream of chromium though 🤔
Vivaldi and Brave can modify Chromium to disable this feature. Chromium is open source after all.
Goggle standard approach to it, is to integrate it so much with other components that it will be a lot of work to disable it, eventually making it impractical.
The right way would be for those clients to switch to gecko engine.
Well… Normie stream love their 69 chrome versions so that’s where we are at… Competition
Will have to wait and see how Apple reacts with Safari. Mozilla dismissing the proposal is big, but Apple has the second largest mobile OS marketshare with iOS, and so Safari is very relevant for websites to support it.
Doesn’t Safari already have their own version of this?
They do indeed: https://httptoolkit.com/blog/apple-private-access-tokens-attestation/
From the article:
The focus here is primarily on removing captchas, and as such it’s been integrated into Cloudflare (discussed here) and Fastly (here) as a mechanism for recognizing ‘real’ clients without needing other captcha mechanisms.
Fundamentally though, it’s exactly the same concept: a way that web servers can demand your device prove it is a sufficiently ‘legitimate’ device before browsing the web.
Lmao, no. Google is out of their minds. Apple has zero interest in controlling browsers or ads.
https://money.cnn.com/2017/08/31/technology/business/apple-net-neutrality/index.html
From the article:
“We work hard to build great products, and what consumers do with those tools is up to them — not Apple, and not broadband providers,” Cynthia Hogan, VP of public policy at Apple
Prove it, then. Unlock the bootloader. Allow us to install our own apps. Let us install our own OS on the hardware. I get they don’t want to open source their iOS, that’s fine. They say “what consumers do with those tools is up to them”, but then they lock those tools down TIGHT. Actions speak much louder than words. They say those tools are ours? They need to show us that this is true.
Google: “How cute, anyway as I was saying…”
Google doesn’t care 🙁
I can’t honestly see how any other company can single-handedly stop Google if they go though with this. Google has the ability to strong arm this proposal by having Youtube and Google search dependent on Web Environment Integrity. There are enough alternative to web search but I can’t see how anyone can fight Google’s dominance in video hosting to stop them.
You would almost have to have every other major website intentionally break on Chrome to even the playing field, and if Google still don’t back down you are left with a divided internet.
If you oppose this, don’t just comment and complain, contact your antitrust authority today:
US:
https://www.ftc.gov/enforcement/report-antitrust-violation
EU:
https://competition-policy.ec.europa.eu/antitrust/contact_en
UK:
https://www.gov.uk/guidance/tell-the-cma-about-a-competition-or-market-problem
France:
https://signal.conso.gouv.fr/fr/tel-internet-media/faire-un-signalement
Germany: @[email protected] (anti-cartel bureau) of @BMWK https://www.bundeskartellamt.de/DE/Kartellverbot/Anonyme_Hinweise/anonymehinweise_node.html https://www.bundeskartellamt.de/DE/Missbrauchsaufsicht/missbrauchsaufsicht_node.html
Philippines:
https://www.phcc.gov.ph/file-a-complaint/
India:
https://www.cci.gov.in/antitrust/
https://www.cci.gov.in/filing/atd
Canada:
https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/frm-eng/GHÉT-7TDNA5
The UK government won’t do anything, they’re probably all for this, assuming they understand it.
Hell yeah. Top of the line comment right here. Thank you
Thank you. Took the words out of my mouth.
If all browsers and standards organizations oppose this idea, but Google does it anyway and it succeeds and takes over, can you imagine how easy the anti-trust case will be?
Thanks for the nudge, I wrote to the EU registry.
What I’m getting from this is that some monopoly busting is sorely needed.
EU commission, really. That’s the only way
Cause I for sure know us Americans will do jack shit about it
You should contact your FTC
LOL, sorry but if it is control over my computer vs youtube going away my reasponse is “bye bye, YouTube, don’t let the door hit you on the way out”
I agree with you personally, but it’s the second most used platform after Facebook I think so it does have an insanely massive userbase.
Yeah, I made the same argument and had a bunch of morons talking about how inconvenienced they would be if they couldn’t visit a website.
I think YouTube and Google Search are the least of our worries. There will be companies who would have a field day picking up the pieces if that happened.
It’s everyone else using it that suddenly means you can’t run an ad/script blocker on the ickier parts of the web that really need it. The modern internet is an unusable mess, and only ad blockers make it tolerable again.
You know, most major web servers are open source projects (Apache, nginx, …). They could in theory decide to check for the browser that’s accessing a website and just return an error If it’s a variant that supports WEI. Ofc people could fork them and remove the check, but many might just use them as is.
Just a thought though, this would be a very radical and hugely controversial step.
Microsoft are staying suspiciously quiet then. And what about Apple?
Apple already added basically the same thing about a year ago: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/
Is this technically equivalent to Google’s proposal? Apple say that their version was developed in collaboration with Google, so it would be surprising for Google to go and deploy a second version of the same thing, were it not for the fact that Google always has two competing versions of everything.
And I guess the main reason people are more concerned about Google’s version is that they are so dominant in the browser market.
The details are a bit different. PATs use HTTP headers during a request while WEI is a JS browser API. But otherwise the general structure and end result are the same. A website requests an integrity check, an attester checks your device, and if the attester doesn’t like your device then you’re SOL.
Edge is a Chromium browser isn’t it? Then again, so is Brave and the article indicates they are making a point of removing this stuff from their build. Safari is it’s own thing though afaik.
Brave is a chromium fork with custom stuff, they can just not implement it if they want.
There needs to be a unified fight against this, that involves not only browser companies but also the businesses running major websites. If it goes through and Google manages to persuade websites to use it, all the other browsers will be forced to implement it if they want to continue existing. And then no more freedom for web users.
The businesses running major websites want this more than Google does.
Safari is its own thing, but so is Mozilla. It affects everyone, it affects the very landscape of the web.
Apple won’t do anything of the sort. They were in support of net neutrality and are committed to an open, free web. One of their chief complaints against Adobe back when Flash was at its all time peak as just that: it gave Adobe control of the web. They pushed for HTML5 and other alternatives.
Google is alone in this. However, I feel they can’t do it without Microsoft. At least not to the effect they are hoping so I totally see MS jumping on this as they have been firing on all cylinders with regards to “Windows as a service”. All they care about is building their own monopoly.
Brave can suck it too.
At this point, why don’t the companies who run Chrome derivatives work together to build a fork that evolves separately from Chrome? Edge, Vivaldi, Opera, etc. will never get the marketshare on their own to rival Chrome, but together, they could make a dent with a unified browser engine.
Gecko (Firefox engine) already is worked on, why not contribute there instead of losing community? If anything why those browsers use engine that is controlled by a single company?
Looking on the bright side here, this will be good for applications that depend heavily on Chromium such as Steam. It won’t be much good, but it’s something.
Did Opera announced any intent?
Brave and Vivaldi (and edge) have no say in the matter, they are practically in the business of rebranding chrome for what it is and contributed to reinforcing goggle’s monopoly. I have absolutely no sympathy for them.
At least Brave forks Chromium and they have a bunch of patches they apply to the codebase. I mean yeah, they still contribute to the Chromium monopoly but calling them just a rebrand is a bit unfair in my opinion
