- cross-posted to:
- technology@lemmygrad.ml
- technology@lemmy.world
- cross-posted to:
- technology@lemmygrad.ml
- technology@lemmy.world
There is a discussion on Hacker News, but feel free to comment here as well.
There is a discussion on Hacker News, but feel free to comment here as well.
This is the best summary I could come up with:
Google intended its Web Environment Integrity API, announced on a developer mailing list in May, to serve as a way to limit online fraud and abuse without enabling privacy problems like cross-site tracking or browser fingerprinting.
That is to say, the API would allow websites to figure out if they were being visited by a legit user in a normal browser as opposed to a page-scraping bot masquerading as a real person or some malicious software bent on fraudulently viewing and clicking on ads and doing other bad stuff.
Apple incidentally has already shipped its own attestation scheme called Private Access Tokens, which while it presents some of the same concerns is arguably less worrisome than Google’s proposal because Safari’s overall share of the web browser market across all devices is far lower than Chrome’s.
And its YouTube subsidiary’s scanning of client browsers for ad blocking extensions also represents a form of attestation or integrity check, albeit where what’s evaluated is installed software rather than a cryptographic token.
Google’s plan was to prototype the Web Environment Integrity API in Chromium, the open source foundation of Chrome as well as Edge, Brave, Vivaldi, and various other browsers – though not Firefox or Safari.
But following the publication of a working draft specification in July, a flood of critical feedback from the technical community, both on the project’s issues forum and on social media channels put Google on the defensive.
The original article contains 746 words, the summary contains 238 words. Saved 68%. I’m a bot and I’m open source!