Hot Take Google engineers want to introduce DRMs for web pages

F

ForgottenSeer 97327

Good find, yes this idea is concerning, two highlights of the explainer and one (last) valid response of a reddit member (PeterCxy) why it is flawed (BS)

The goal maybe Web Environment Integrity, but the effort to prevent abuse/attacks of/to webservers by non-human interaction certainly have the smell of DRM.
Explainer said:
Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it.
Click to expand...

Also this sounds like a renewed effort to limit the loss of income through adblocking (don't laugh when you don't recognise yourself in this need)
Explainer said:
Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads
Click to expand...

Why it is a bad solution for the wrong problem
PeterCxy said:
If the security of your web service depends on a specific client environment, your web service is designed wrong. Period. If something is security-critical, you should not ever delegate that computation to client side and you should not ever blindly trust any client-side input, even if you can attest to any digital signature from the client.
Click to expand...
 
  • Like
  • +Reputation
  • Applause
Reactions: plat, cryogent, brambedkar59 and 6 others
wat0114

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
576
A perspective on why we need this web environment integrity API:

Ad blocking virus is currently spreading and we all know it makes people unhappy, because people need to watch at least 250 ads per day to be happy. Ad blockers interfere with this and it's not hard to see their detrimental effects on mental health.

Ads make people SO HAPPY, they literally LOVE THEM, but unfortunately that horrible ad blocking addiction prevents those people from watching them. We all know that's a disaster which needs to be addressed immmediately.
.........................................................................................................................

This API is EXACTLY the thing we all need. Thanks to this we can serve the real website code only after authenticating the platform. This way the code would be fully shielded from any kind of reverse engineering which could result in this horrible ad blocking virus again finding a way to prevent the user from experiencing true happiness.
Click to expand...

github.com

Do not listen to ad blocking addicts, please ship this ASAP · Issue #51 · RupertBenWiser/Web-Environment-Integrity

Ad blocking virus is currently spreading and we all know it makes people unhappy, because people need to watch at least 250 ads per day to be happy. Ad blockers interfere with this and it's not har...
github.com github.com

:ROFLMAO:
 
  • HaHa
Reactions: plat, Nevi, brambedkar59 and 4 others
cryogent

cryogent

Level 7
Verified
Well-known
Oct 1, 2016
307
Let’s face it: Google has never been a fan of ad blocking. The “Big G” first went on the warpath against ad blockers about 10 years ago: that included a mass purge of ad blockers from the Google Play Store in 2013-2014, changes to developer policies to specifically target ad blockers in 2016, and most recently, Google-owned YouTube launching a crackdown on ad blocking users. The reason for this long-running tug-of-war is that Google is not only the maker of the world’s most popular browser, Chrome, and a long list of other services used daily by billions of users, but first and foremost it is an ad tech giant. The lion’s share of Google’s profits, about 80%, comes from online advertising.

Google’s sneaky proposal​

Now it looks like instead of trying to ban ad blockers outright, Google has taken a more roundabout approach. A group of Google engineers have proposed an API called Web Environment Integrity. Its stated goal is to make the Web safer by letting websites verify that the devices and apps that visit them are safe and genuine in such a way so as not to facilitate fingerprinting and infringe on users’ privacy.
Click to expand...
adguard.com

Google wants to kill open Web under the guise of making it safer

A group of Google engineers has proposed a new Web API that threatens to uproot the work of apps and browsers if they interfere with its ad business. Will the open Web survive?
adguard.com adguard.com
 
  • +Reputation
  • Like
Reactions: Nevi, wat0114, SeriousHoax and 6 others
Jonny Quest

Jonny Quest

Level 17
Verified
Top Poster
Well-known
Mar 2, 2023
814
From your above link, this is the part that got my attention:

So what happens if websites are armed with the WEI API? They’ll be able to detect if you’re running DuckDuckGo, AdGuard, or any other browser, app, or plugin they don’t like, and block you from accessing their content. In fact, implementing this API can hamstring not only privacy protection tools, but also password managers, translation tools, video players, and, in general, tools that may change the layout of the website. This can turn a huge portion of the Internet into a walled garden, accessible to only certain “whitelisted” applications. This is a big concern.
 
  • Hundred Points
  • Like
  • +Reputation
Reactions: Nevi, wat0114, SeriousHoax and 9 others
Sandbox Breaker

Sandbox Breaker

Level 9
Verified
Well-known
Jan 6, 2022
436
Jonny Quest said:
From your above link, this is the part that got my attention:

So what happens if websites are armed with the WEI API? They’ll be able to detect if you’re running DuckDuckGo, AdGuard, or any other browser, app, or plugin they don’t like, and block you from accessing their content. In fact, implementing this API can hamstring not only privacy protection tools, but also password managers, translation tools, video players, and, in general, tools that may change the layout of the website. This can turn a huge portion of the Internet into a walled garden, accessible to only certain “whitelisted” applications. This is a big concern.
Click to expand...
It's only getting worse.
 
  • Like
  • Sad
Reactions: Nevi, oldschool, [correlate] and 4 others
cryogent

cryogent

Level 7
Verified
Well-known
Oct 1, 2016
307
It is a frightening thing if it is implemented, it seems that more and more methods are found to be monitored, to be restricted, to block access to the information .... all lead me with the thought that all are based on the manipulation of all people and the attempt to monetize at a higher level..... something like "tax for chimney smoke"
 
  • Like
Reactions: Nevi, wat0114, SeriousHoax and 6 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I have a Google Pixel phone. I keep it offline. One tiny drop in a galaxy of Internet.

This was written on the wall around the initial announcement of Manifest v. 3, aiming to do away with cookies. This feels like it's bigger than all of us--with its own momentum. What can we do? Will someone fight the good fight for us?

On a brighter note, those YouTube ads that can't be blocked haven't made their way here. Yet.
 
  • Like
Reactions: Nevi, wat0114, cryogent and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,624
Browser developers push back on Google's “web DRM” WEI API
Google's plans to introduce the Web Environment Integrity (WEI) API on Chrome has been met with fierce backlash from internet software developers, drawing criticism for limiting user freedom and undermining the core principles of the open web.

Employees from Vivaldi, Brave, and Firefox have taken a strong, opposing stance against Google's proposed standard, and some have gone as far as to call it DRM (digital rights management) for websites.
Click to expand...
www.bleepingcomputer.com

Browser developers push back on Google's “web DRM” WEI API

Google's plans to introduce the Web Environment Integrity (WEI) API on Chrome has been met with fierce backlash from internet software developers, drawing criticism for limiting user freedom and undermining the core principles of the open web.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Applause
Reactions: plat, SeriousHoax, Nevi and 4 others
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,210
Let's hope all of them does something against this new Google "feature"
www.neowin.net

Brave, Vivaldi, and Mozilla reject Google's controversial "tracker" API

Google's proposed Web Environment Integrity API faces backlash from developers and companies for granting too much control over web access. Some concerns include privacy, security, and more.
www.neowin.net www.neowin.net

For me interesting to read this article from developers of Vivaldi:
vivaldi.com

Unpacking Google’s new “dangerous” Web-Environment-Integrity specification

Why Vivaldi browser thinks Google’s new proposal, the Web-Environment-Integrity spec, is a major threat to the open web and should be pushed back.
vivaldi.com vivaldi.com

Can we just refuse to implement it?​

Unfortunately, it’s not that simple this time. Any browser choosing not to implement this would not be trusted and any website choosing to use this API could therefore reject users from those browsers. Google also has ways to drive adoptions by websites themselves.

First, they can easily make all their properties depend on using these features, and not being able to use Google websites is a death sentence for most browsers already.

Furthermore, they could try to mandate that sites that use Google Ads use this API as well, which makes sense since the first goal is to prevent fake ad clicks. That would quickly ensure that any browser not supporting the API would be doomed.
Click to expand...
 
  • Like
  • +Reputation
  • Applause
Reactions: plat, vtqhtr413, SeriousHoax and 4 others
nicolaasjan

nicolaasjan

Level 3
Thread author
May 29, 2023
148
Looks like it is committed to the Chromium source (?):

Google is already pushing WEI into Chromium | Hacker News

news.ycombinator.com news.ycombinator.com
Click to expand...
github.com

[wei] Ensure Origin Trial enables full feature · chromium/chromium@6f47a22

This CL moves the base::Feature from content_features.h to a generated feature from runtime_enabled_features.json5. This means that the base::Feature can be default-enabled while the web API is co...
github.com github.com
Click to expand...
I have never seen so much comments on a commit (282; click "Load more comments") .
 
Last edited:
  • Like
  • Wow
Reactions: plat, vtqhtr413, silversurfer and 4 others
vtqhtr413

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,507
We also asked Google whether it had anything further to add beyond last week’s comment, when a company spokesperson told us that the program had been paused, and directed us in the face of early backlash to a response by the explainer article’s author, which concluded: “We welcome collaboration on a solution for scaled anti-abuse that respects user privacy, while maintaining the open nature of the web.
Click to expand...
www.techradar.com

New Google Chrome browser security plan slammed by experts

Brave, Firefox, and Vivaldi have all spoken up against Google Chrome plan
www.techradar.com www.techradar.com
 
  • Like
  • Hundred Points
Reactions: oldschool, nicolaasjan, cryogent and 2 others

Similar threads

nicolaasjan
    • Like
    • Applause
Serious Discussion Chrome not proceeding with Web Integrity API
Replies
1
Views
438
Chrome & Chromium
nicolaasjan
nicolaasjan
B
    • Thanks
Chrome Dev for Android Update
Replies
0
Views
103
Chrome & Chromium
Ben Mason
B
B
Chrome Beta for Android Update
Replies
0
Views
52
Chrome & Chromium
Ben Mason
B

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top