Google Tries to Defend Its Web Environment Integrity as Critics Slam It as Dangerous
techreport.com
Google has defended its Web Environment Integrity on the grounds that it aims to make web browsing more private and safe through tokens.

I’m happy to see this being noticed more and more. Google wants to destroy the open web, so it’s a lot at stake.

Google basically says “Trust us”. What a joke.

  • donut4ever@lemmy.worldEnglish
    4·
    1 year ago

    So, they can also block operating systems if they deemed them untrustworthy? So, if you are running Linux and some corporation deemed it “untrustworthy”, you are SOL? What if you have a rooted phone? What if you are running graphene OS or calyx OS to protect your privacy? So, technically, if a site can’t track you, they can just deem you as “untrustworthy”? This is fucked. We need to stop it at all costs.

    • 1984@lemmy.todayOPEnglish
      1·
      1 year ago

      Yes exactly. This is what worries me the most since I also run only Linux, and I can’t imagine even being interested in computers anymore if Linux is not allowed on the web. That would be horrific.

      It’s 100% critically dangerous and must be stopped.

  • 6xpipe_@lemmy.worldEnglish
    4·
    1 year ago

    WEI can potentially be used to impose restrictions on unlawful activities on the internet, such as downloading YouTube videos and other content, ad blocking, web scraping, etc.

    Not one of those things is illegal.

    Some are against a site’s TOS and some are outright fine.

  • stravanasu@lemmy.caEnglish
    1·
    1 year ago

    From this github comment:

    If you oppose this, don’t just comment and complain, contact your antitrust authority today:

     

     

     

     

    • blindjezebel@lemmy.worldEnglish
      0·
      1 year ago

      Dense US citizen here. Eli5 how I should explain “just trust us not to abuse collection of all your data or else get locked out of the world wide web” applies to antitrust laws for the FTC?

      I’m genuinely wanting to submit an email complaint/report. I understand that WEI protects nothing, but risks your data with all the sites you visit, all in an effort just to block possibly unprofitable users – but I’m not sure how to tie in and word the Breaks Antitrust Laws part.

      Thank for your time to post these links.

      • Tuss@lemmy.worldEnglish
        1·
        1 year ago

        Another dense citizen here. I ould say that you put it quite eloquently in your comment.

        But direct the question towards them.

        “Would googles new changes on their ad and user policy be affected by FTC data protection laws and GDPR or would they be in compliance”

        Or something among those lines.

  • Max-P@lemmy.max-p.meEnglish
    1·
    1 year ago

    They claim it’s to prevent bots, but we all know it’ll soon become standard in every WAF out there (Cloudflare, Akamai, etc) to just blanket block browsers failing attestation.

    All you need to know what will happen is to root an Android phone. You’d expect Netflix and bank apps and other highly sensitive apps to stop working. Okay, I can accept that, it kind of make sense. But the more you use the phone the more you realize a ton of apps also refuse to work. Zoom complains and marks your session as insecure, the Speedtest app refuses to test your speed, even the fucking weather app won’t give you weather anymore. Jira/Confluence/Outlook/Teams also complain about it. It’s ridiculous.

    Even if it’d trust Google to not misuse the feature and genuinely use it to reduce ad fraud, the problem is the rest of the developers and companies. Those, they absolutely cannot be trusted to not abuse the feature to block everyone. Security “consultants” will start mandating its use to pass security audits, government websites will absolute use it, and before you know it, half the web refuses to work unless you use Chrome, Edge or Safari.

    • 1984@lemmy.todayOPEnglish
      0·
      1 year ago

      Yup I noticed this also. I used a rooted phone without Google apps on it and so many apps simply refused to work. They use Googles api in the background which means Google finds out about literally everything we do on our phones. They already own the entire operating system but we can’t even run apps without them being in the middle.

      This is all similar to using Microsoft Windows or Mac OS so I guess people are so used to this behavior that it’s somehow ok.

      But I’m a long term Linux user and I’m used to the OS not calling home and not reporting what apps I use. And this is how it should be. I’m so over big tech it’s not even funny anymore.

      • Zak@lemmy.worldEnglish
        1·
        1 year ago

        I used a rooted phone without Google apps on it and so many apps simply refused to work. They use Googles api in the background

        This has nothing to do with being rooted but with Google encouraging people to build apps using its proprietary libraries to make Google Android more valuable than Android Open Source Project. There may be a connection to the EU’s attempts to stop Google from forcibly bundling several of its other apps with the Play Store.

        For most use cases, good alternatives are available and it’s just a matter of developers being lazy, but I’m not sure there’s another good option for chat apps to get timely notifications without high battery consumption. MicroG provides an open source alternative to Google’s libraries and works for most apps, including chat notifications.

  • lifluf@lemm.eeEnglish
    1·
    1 year ago

    explain like i’m a developer why wei is bad? ad blocking can already be detected

    • SeriousBug@infosec.pubEnglish
      1·
      1 year ago

      What people are rightfully scared of is that:

      • Big websites will only accept attestations from big companies like Google, Apple, and Microsoft
      • Google, Apple, and Microsoft will refuse to attest your browser if you have an adblocker installed, or if you are using a browser or operating system they don’t approve, or if you made modifications to your browser or your operating system etc.

      While adblocking can be detected, you can block anti-adblock scripts, it’s sort of a weapons race. Depending on how deep an attestation goes, it might be extremely difficult to fight. Attestations might also be used to block more than just adblockers, for example using Firefox, or rooting/jailbreaking your phone, or installing an alternative OS might make your phone ineligible for attestations and thus locked out of a lot of the internet.

  • stravanasu@lemmy.caEnglish
    1·
    1 year ago

    There’s an ongoing protest against this on GitHub, symbolically modifying the code that would implement this in Chromium. See this lemmy post by the person who had this idea, and this GitHub commit. Feel free to “Review changes” –> “Approve”. Around 300 people have joined so far.

    • vinhill@feddit.deEnglish
      2·
      1 year ago

      I don’t think filling Google repositories with complaints and well-intentioned, but garbage issues/pull requests. At best they’ll just delete them occasionally and at worst work less in the open, changing permissions on repositories, doing discussions more in internal tools.

      What you can do is support alternative browsers, get other people to use them too and notify news as well as your local politicians about such problems. Maybe join organizations on protecting privacy or computer clubs (in Germany, support e.g. Netzpolitik.org and CCC).

      Maybe acknowledge what the in-principle good things about WEI would be and support alternative means of achieving them. This proposal uses good things like less reliance on captchas and tracking, a simple to use API to enable a huge potential for abuse and power grab. Alternatives might be a privacy pass, as mentioned by WebKit https://github.com/WebKit/standards-positions/issues/234

  • Gnubyte@lemdit.comEnglish
    0·
    1 year ago

    I think we need to start being very realistic here.

    Google has ad buying customers who want their ads served, and it’s those customers that would probably opt into the SDK and API in the first place. Scope matters.

    Next there’s a plethora of freeloaders on the Internet who consume mountains of content but who scoff at paying for or contributing to the Internet.

    Lastly I’m not seeing anything here that says it will block a site like Lemmy for example.the one thing I do find problematic is this potentially limiting competing browsers

      • Gnubyte@lemdit.comEnglish
        0·
        1 year ago

        Don’t mistake me for excusing their behavior. It’s the contrary. But I do think a grounded conversation starts with understanding what people’s motivations are.

          • Gnubyte@lemdit.comEnglish
            0·
            1 year ago

            I actually posted an article about their opening of a data center being detrimental to another countries water supply. Link should be in my profiles recent posts, worth a read.

            I think there is a fair lot of people who think it’s absurd to pay for what they consume. And if you asked them what the alternative is to them paying they’d say nothing, it should be free.

            Each service they run is binned and probably billed and generates revenue separate ways, but enough of that Im not trying to argue for pro google. The DRM they’re trying to push is bullshit.