Article Link
Archive Link
Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web
It's just a "proposal," but it's also being prototyped inside Chrome right now.
Ron Amadeo - Monday at undefined
Google's newest proposed web standard is... DRM? Over the weekend the Internet got wind of this proposal for a "Web Environment Integrity API. " The explainer is authored by four Googlers, including at least one person on Chrome's "Privacy Sandbox" team, which is responding to the death of tracking cookies by building a user-tracking ad platform right into the browser.
The intro to the Web Integrity API starts out: "Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it."
The goal of the project is to learn more about the person on the other side of the web browser, ensuring they aren't a robot and that the browser hasn't been modified or tampered with in any unapproved ways. The intro says this data would be useful to advertisers to better count ad impressions, stop social network bots, enforce intellectual property rights, stop cheating in web games, and help financial transactions be more secure.
Perhaps the most telling line of the explainer is that it "takes inspiration from existing native attestation signals such as [Apple's] App Attest and the [Android] Play Integrity API." Play Integrity (formerly called "SafetyNet") is an Android API that lets apps find out if your device has been rooted. Root access allows you full control over the device that you purchased, and a lot of app developers don't like that. So if you root an Android phone and get flagged by the Android Integrity API, several types of apps will just refuse to run. You'll generally be locked out of banking apps, Google Wallet, online games, Snapchat, and some media apps like Netflix. You could be using root access to cheat at games or phish banking data, but you could also just want root to customize your device, remove crapware, or have a viable backup system. Play Integrity doesn't care and will lock you out of those apps either way. Google wants the same thing for the web.
Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data. At this point your browser would contact a "third-party" attestation server, and you would need to pass some kind of test. If you passed, you would get a signed "IntegrityToken" that verifies your environment is unmodified and points to the content you wanted unlocked. You bring this back to the web server, and if the server trusts the attestation company, you get the content unlocked and finally get a response with the data you wanted.
Google's diagram of the Web Integrity API.
Google likes to describe its APIs in a generic sense, but in reality, most of the actors in this play would probably be Google. Google may or may not be supplying the website, Chrome would be the browser, and the attestation server would definitely be from Google.
Google's document pinky-promises the company doesn't want to use this for anything evil. The authors "strongly feel" the API shouldn't be used to uniquely fingerprint people, but they also want "some indicator enabling rate limiting against a physical device." In the "non-goals" section, the project says it doesn't want to "interfere with browser functionality, including plugins and extensions." That's a veiled reference to not killing ad-blockers, even though the project mentions better advertising support as some of its goals. Chrome already has a "kill ad blockers" plan anyway (or at least "watered-down ad blockers" plan). It's called Manifest V3, which will change the way critical extension APIs work so they can't modify webpage content as effectively. Google also says it doesn't want to "exclude other vendors" from its DRM scheme.
Google hasn't done much in the way of public promotion of this idea yet, and even the documentation is only hosted on an employee's personal GitHub account, rather than an official Google repo. The earliest proposal we can find is from April 2022. Over the weekend, an updated spec was published, and the proposal got picked up by HackerNews and device-repair YouTuber Louis Rossmann. This caused the Internet to descend upon the repo's GitHub issues forum and start absolutely cooking Google in the replies.
Issue #134 calls the idea "absolutely unethical and against the open web." Issue #113 say they "can't believe this is even proposed." Issue #127 adds: "Have you ever stopped to consider that you're the bad guys?" Another user posted a screed entirely in hexadecimal that, when translated, starts with "Death to Fascists" and wishes explosive diarrhea on everyone involved. So reception so far has been... mixed.
Exactly how the rest of the world feels about this is not necessarily relevant, though. Google owns the world's most popular web browser, the world's largest advertising network, the world's biggest search engine, the world's most popular operating system, and some of the world's most popular websites. So really, Google can do whatever it wants. Other projects like Chrome's "Privacy Sandbox" ad platform and the adblock-limiting manifest V3 have been universally panned, but Google has kept right on trucking with the projects. There have been some small project tweaks and delays, but Google keeps marching forward.
For now this is only a "proposal" API, but in May Google published an "intent to prototype" notice, meaning it's building the feature into Chrome right now for testing. There's a page for feature-development tracking on chromestatus.com. We've asked Google for a comment and will update this page if it sends anything.
Archive Link
Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web
It's just a "proposal," but it's also being prototyped inside Chrome right now.
Ron Amadeo - Monday at undefined
Google's newest proposed web standard is... DRM? Over the weekend the Internet got wind of this proposal for a "Web Environment Integrity API. " The explainer is authored by four Googlers, including at least one person on Chrome's "Privacy Sandbox" team, which is responding to the death of tracking cookies by building a user-tracking ad platform right into the browser.
The intro to the Web Integrity API starts out: "Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it."
The goal of the project is to learn more about the person on the other side of the web browser, ensuring they aren't a robot and that the browser hasn't been modified or tampered with in any unapproved ways. The intro says this data would be useful to advertisers to better count ad impressions, stop social network bots, enforce intellectual property rights, stop cheating in web games, and help financial transactions be more secure.
Perhaps the most telling line of the explainer is that it "takes inspiration from existing native attestation signals such as [Apple's] App Attest and the [Android] Play Integrity API." Play Integrity (formerly called "SafetyNet") is an Android API that lets apps find out if your device has been rooted. Root access allows you full control over the device that you purchased, and a lot of app developers don't like that. So if you root an Android phone and get flagged by the Android Integrity API, several types of apps will just refuse to run. You'll generally be locked out of banking apps, Google Wallet, online games, Snapchat, and some media apps like Netflix. You could be using root access to cheat at games or phish banking data, but you could also just want root to customize your device, remove crapware, or have a viable backup system. Play Integrity doesn't care and will lock you out of those apps either way. Google wants the same thing for the web.
Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data. At this point your browser would contact a "third-party" attestation server, and you would need to pass some kind of test. If you passed, you would get a signed "IntegrityToken" that verifies your environment is unmodified and points to the content you wanted unlocked. You bring this back to the web server, and if the server trusts the attestation company, you get the content unlocked and finally get a response with the data you wanted.
Google's diagram of the Web Integrity API.
Google likes to describe its APIs in a generic sense, but in reality, most of the actors in this play would probably be Google. Google may or may not be supplying the website, Chrome would be the browser, and the attestation server would definitely be from Google.
Google's document pinky-promises the company doesn't want to use this for anything evil. The authors "strongly feel" the API shouldn't be used to uniquely fingerprint people, but they also want "some indicator enabling rate limiting against a physical device." In the "non-goals" section, the project says it doesn't want to "interfere with browser functionality, including plugins and extensions." That's a veiled reference to not killing ad-blockers, even though the project mentions better advertising support as some of its goals. Chrome already has a "kill ad blockers" plan anyway (or at least "watered-down ad blockers" plan). It's called Manifest V3, which will change the way critical extension APIs work so they can't modify webpage content as effectively. Google also says it doesn't want to "exclude other vendors" from its DRM scheme.
Google hasn't done much in the way of public promotion of this idea yet, and even the documentation is only hosted on an employee's personal GitHub account, rather than an official Google repo. The earliest proposal we can find is from April 2022. Over the weekend, an updated spec was published, and the proposal got picked up by HackerNews and device-repair YouTuber Louis Rossmann. This caused the Internet to descend upon the repo's GitHub issues forum and start absolutely cooking Google in the replies.
Issue #134 calls the idea "absolutely unethical and against the open web." Issue #113 say they "can't believe this is even proposed." Issue #127 adds: "Have you ever stopped to consider that you're the bad guys?" Another user posted a screed entirely in hexadecimal that, when translated, starts with "Death to Fascists" and wishes explosive diarrhea on everyone involved. So reception so far has been... mixed.
Exactly how the rest of the world feels about this is not necessarily relevant, though. Google owns the world's most popular web browser, the world's largest advertising network, the world's biggest search engine, the world's most popular operating system, and some of the world's most popular websites. So really, Google can do whatever it wants. Other projects like Chrome's "Privacy Sandbox" ad platform and the adblock-limiting manifest V3 have been universally panned, but Google has kept right on trucking with the projects. There have been some small project tweaks and delays, but Google keeps marching forward.
For now this is only a "proposal" API, but in May Google published an "intent to prototype" notice, meaning it's building the feature into Chrome right now for testing. There's a page for feature-development tracking on chromestatus.com. We've asked Google for a comment and will update this page if it sends anything.
Last edited by a moderator:
