Is Web Environment Integrity a risk to the accessibility of the Internet? - eviltoast
  • ruffsl@programming.devOP
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 year ago

    This proposed standard raises my concerns about the ability to continue using the public internet with user-preferred hardware/software and custom extensions, and does not instill my confidence in maintaining the level of freedom and accessibility users currently enjoy:

    Some examples of scenarios where users depend on client trust include:

    • Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they’re human, sometimes through tasks like challenges or logins.

    What information is in the signed attestation?

    The proposal calls for at least the following information in the signed attestation:

    • The attester’s identity, for example, “Google Play”.
    • A verdict saying whether the attester considers the device trustworthy.

    How does this affect browser modifications and extensions?

    Web Environment Integrity attests the legitimacy of the underlying hardware and software stack, it does not restrict the indicated application’s functionality: E.g. if the browser allows extensions, the user may use extensions; if a browser is modified, the modified browser can still request Web Environment Integrity attestation.