Hot Take Google engineers want to introduce DRMs for web pages

F

ForgottenSeer 97327

Good find, yes this idea is concerning, two highlights of the explainer and one (last) valid response of a reddit member (PeterCxy) why it is flawed (BS)

The goal maybe Web Environment Integrity, but the effort to prevent abuse/attacks of/to webservers by non-human interaction certainly have the smell of DRM.
Explainer said:
Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it.

Also this sounds like a renewed effort to limit the loss of income through adblocking (don't laugh when you don't recognise yourself in this need)
Explainer said:
Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads

Why it is a bad solution for the wrong problem
PeterCxy said:
If the security of your web service depends on a specific client environment, your web service is designed wrong. Period. If something is security-critical, you should not ever delegate that computation to client side and you should not ever blindly trust any client-side input, even if you can attest to any digital signature from the client.
 

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
565
A perspective on why we need this web environment integrity API:

Ad blocking virus is currently spreading and we all know it makes people unhappy, because people need to watch at least 250 ads per day to be happy. Ad blockers interfere with this and it's not hard to see their detrimental effects on mental health.

Ads make people SO HAPPY, they literally LOVE THEM, but unfortunately that horrible ad blocking addiction prevents those people from watching them. We all know that's a disaster which needs to be addressed immmediately.
.........................................................................................................................

This API is EXACTLY the thing we all need. Thanks to this we can serve the real website code only after authenticating the platform. This way the code would be fully shielded from any kind of reverse engineering which could result in this horrible ad blocking virus again finding a way to prevent the user from experiencing true happiness.


:ROFLMAO:
 

cryogent

Level 7
Verified
Well-known
Oct 1, 2016
307
Let’s face it: Google has never been a fan of ad blocking. The “Big G” first went on the warpath against ad blockers about 10 years ago: that included a mass purge of ad blockers from the Google Play Store in 2013-2014, changes to developer policies to specifically target ad blockers in 2016, and most recently, Google-owned YouTube launching a crackdown on ad blocking users. The reason for this long-running tug-of-war is that Google is not only the maker of the world’s most popular browser, Chrome, and a long list of other services used daily by billions of users, but first and foremost it is an ad tech giant. The lion’s share of Google’s profits, about 80%, comes from online advertising.

Google’s sneaky proposal​

Now it looks like instead of trying to ban ad blockers outright, Google has taken a more roundabout approach. A group of Google engineers have proposed an API called Web Environment Integrity. Its stated goal is to make the Web safer by letting websites verify that the devices and apps that visit them are safe and genuine in such a way so as not to facilitate fingerprinting and infringe on users’ privacy.
 

Jonny Quest

Level 17
Verified
Top Poster
Well-known
Mar 2, 2023
799
From your above link, this is the part that got my attention:

So what happens if websites are armed with the WEI API? They’ll be able to detect if you’re running DuckDuckGo, AdGuard, or any other browser, app, or plugin they don’t like, and block you from accessing their content. In fact, implementing this API can hamstring not only privacy protection tools, but also password managers, translation tools, video players, and, in general, tools that may change the layout of the website. This can turn a huge portion of the Internet into a walled garden, accessible to only certain “whitelisted” applications. This is a big concern.
 

Sandbox Breaker

Level 9
Well-known
Jan 6, 2022
433
From your above link, this is the part that got my attention:

So what happens if websites are armed with the WEI API? They’ll be able to detect if you’re running DuckDuckGo, AdGuard, or any other browser, app, or plugin they don’t like, and block you from accessing their content. In fact, implementing this API can hamstring not only privacy protection tools, but also password managers, translation tools, video players, and, in general, tools that may change the layout of the website. This can turn a huge portion of the Internet into a walled garden, accessible to only certain “whitelisted” applications. This is a big concern.
It's only getting worse.
 

cryogent

Level 7
Verified
Well-known
Oct 1, 2016
307
It is a frightening thing if it is implemented, it seems that more and more methods are found to be monitored, to be restricted, to block access to the information .... all lead me with the thought that all are based on the manipulation of all people and the attempt to monetize at a higher level..... something like "tax for chimney smoke"
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I have a Google Pixel phone. I keep it offline. One tiny drop in a galaxy of Internet.

This was written on the wall around the initial announcement of Manifest v. 3, aiming to do away with cookies. This feels like it's bigger than all of us--with its own momentum. What can we do? Will someone fight the good fight for us?

On a brighter note, those YouTube ads that can't be blocked haven't made their way here. Yet.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,681
Browser developers push back on Google's “web DRM” WEI API
Google's plans to introduce the Web Environment Integrity (WEI) API on Chrome has been met with fierce backlash from internet software developers, drawing criticism for limiting user freedom and undermining the core principles of the open web.

Employees from Vivaldi, Brave, and Firefox have taken a strong, opposing stance against Google's proposed standard, and some have gone as far as to call it DRM (digital rights management) for websites.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,283
Let's hope all of them does something against this new Google "feature"

For me interesting to read this article from developers of Vivaldi:

Can we just refuse to implement it?​

Unfortunately, it’s not that simple this time. Any browser choosing not to implement this would not be trusted and any website choosing to use this API could therefore reject users from those browsers. Google also has ways to drive adoptions by websites themselves.

First, they can easily make all their properties depend on using these features, and not being able to use Google websites is a death sentence for most browsers already.

Furthermore, they could try to mandate that sites that use Google Ads use this API as well, which makes sense since the first goal is to prevent fake ad clicks. That would quickly ensure that any browser not supporting the API would be doomed.
 

nicolaasjan

Level 4
Thread author
May 29, 2023
155
Looks like it is committed to the Chromium source (?):
I have never seen so much comments on a commit (282; click "Load more comments") .
 
Last edited:

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,516
We also asked Google whether it had anything further to add beyond last week’s comment, when a company spokesperson told us that the program had been paused, and directed us in the face of early backlash to a response by the explainer article’s author, which concluded: “We welcome collaboration on a solution for scaled anti-abuse that respects user privacy, while maintaining the open nature of the web.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top