this post was submitted on 03 Nov 2023
21 points (92.0% liked)
Hacker News
4123 readers
3 users here now
This community serves to share top posts on Hacker News with the wider fediverse.
Rules
0. Keep it legal
- Keep it civil and SFW
- Keep it safe for members of marginalised groups
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is the best summary I could come up with:
Google intended its Web Environment Integrity API, announced on a developer mailing list in May, to serve as a way to limit online fraud and abuse without enabling privacy problems like cross-site tracking or browser fingerprinting.
That is to say, the API would allow websites to figure out if they were being visited by a legit user in a normal browser as opposed to a page-scraping bot masquerading as a real person or some malicious software bent on fraudulently viewing and clicking on ads and doing other bad stuff.
Apple incidentally has already shipped its own attestation scheme called Private Access Tokens, which while it presents some of the same concerns is arguably less worrisome than Google's proposal because Safari's overall share of the web browser market across all devices is far lower than Chrome's.
And its YouTube subsidiary's scanning of client browsers for ad blocking extensions also represents a form of attestation or integrity check, albeit where what's evaluated is installed software rather than a cryptographic token.
Google's plan was to prototype the Web Environment Integrity API in Chromium, the open source foundation of Chrome as well as Edge, Brave, Vivaldi, and various other browsers โ though not Firefox or Safari.
But following the publication of a working draft specification in July, a flood of critical feedback from the technical community, both on the project's issues forum and on social media channels put Google on the defensive.
The original article contains 746 words, the summary contains 238 words. Saved 68%. I'm a bot and I'm open source!