Friday, 28 July 2023

Google Rightfully Gets Panned For Its ‘Web Environment Integrity’

WebProNews
Google Rightfully Gets Panned For Its ‘Web Environment Integrity’

Google is once again mucking with internet technologies and standards, this time pushing one critics say will essentially ‘DRM the web.’

Four Googlers took to GitHub to author an explainer on exactly what Web Environment Integrity does and the problem it tries to solve. It doesn’t take long to figure out exactly what Google’s motivations are:

Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it. This trust is the backbone of the open internet, critical for the safety of user data and for the sustainability of the website’s business.

That last statement is the key part of that entire paragraph, as evidenced by the next section:

Some examples of scenarios where users depend on client trust include:

  • Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they’re human, sometimes through tasks like challenges or logins.
  • Users want to know they are interacting with real people on social websites but bad actors often want to promote posts with fake engagement (for example, to promote products, or make a news story seem more important). Websites can only show users what content is popular with real people if websites are able to know the difference between a trusted and untrusted environment.
  • Users playing a game on a website want to know whether other players are using software that enforces the game’s rules.
  • Users sometimes get tricked into installing malicious software that imitates software like their banking apps, to steal from those users. The bank’s internet interface could protect those users if it could establish that the requests it’s getting actually come from the bank’s or other trustworthy software.

It’s no surprise that Google, the internet’s leading advertising platform, lists web advertising as the first reason for its Web Environment Integrity.

The explainer then goes on to outline Google’s solution, which involves websites using a “web environment integrity API” to verify the client device and decide whether to trust it.

Per Google’s own explainer, however, there are a slew of problems with this approach, including trying to prevent websites from tracking users’ browsing history, fingerprinting users, and engaging in cross-site tracking.

Unfortunately, Google takes inspiration from Android’s Play Integrity API and Apple’s App Attest, both of which verify the authenticity of the OS running on a smartphone. If a phone fails attestation, some apps will not work.

Unfortunately, rooting a device or installing a non-standard version of the OS can interfere with the attestation, setting up a user to be locked out from using some apps. Yet this is the model that Google is taking inspiration from for the web.

Imagine altering your computer or OS in some way that is not within the scope of the attestation process. Will your favorite websites still work? Or will you be locked out of online banking, membership sites, and more?

Google has been slammed by critics across industries for this idea — and with good reason. This is exactly the kind of nonsense that happens when the leading web advertising has too much influence on the direction of the internet.

Google Rightfully Gets Panned For Its ‘Web Environment Integrity’
Matt Milano



from WebProNews https://ift.tt/s1Ig4dh

No comments:

Post a Comment