Hey everyone, thank you for your patience, and thank you to everyone who engaged constructively. It is clear based on the feedback we’ve received that a bigger discussion needs to take place, and I’m not sure my personal repository is the best place to do that - we are looking for a better forum and will update when we have found one. We want to continue the discussion and collaborate to address your core concerns in an improved explainer.
I want to be transparent about the perceived silence from my end. In the W3C process it is common for individuals to put forth early proposals for new web standards, and host them in a team member’s personal repository while pursuing adoption within a standards body. My first impulse was to jump in with more information as soon as possible - but our team wanted to take in all the feedback, and be thorough in our response.
That being said, I did want to take a moment to clarify the problems our team is trying to solve that exist on the web today and point out key details of this early stage proposal that may have been missed.
WEI’s goal is to make the web more private and safe The WEI experiment is part of a larger goal to keep the web safe and open while discouraging cross-site tracking and lessening the reliance on fingerprinting for combating fraud and abuse. Fraud detection and mitigation techniques often rely heavily on analyzing unique client behavior over time for anomalies, which involves large collection of client data from both human users and suspected automated clients.
Privacy features like user-agent reduction, IP reduction, preventing cross-site storage, and fingerprint randomization make it more difficult to distinguish or reidentify individual clients, which is great for privacy, but makes fighting fraud more difficult. This matters to users because making the web more private without providing new APIs to developers could lead to websites adding more:
sign-in gates to access basic content invasive user fingerprinting, which is less transparent to users and more difficult to control excessive challenges (SMS verification, captchas) All of these options are detrimental to a user’s web browsing experience, either by increasing browsing friction or significantly reducing privacy.
We believe this is a tough problem to solve, but a very important one that we will continue to work on. We will continue to design, discuss, and debate in public.
WEI is not designed to single out browsers or extensions Our intention for web environment integrity is to provide browsers with an alternative to the above checks and make it easier for users to block invasive fingerprinting without breaking safety mechanisms. The objective of WEI is to provide a signal that a device can be trusted, not to share data or signals about the browser on the device.
Maintaining users’ access to an open web on all platforms is a critical aspect of the proposal. It is an explicit goal that user agents can browse the web without this proposal, which means we want the user to remain free to modify their browser, install extensions, use Dev tools, and importantly, continue to use accessibility features.
WEI prevents ecosystem lock-in through hold-backs We had proposed a hold-back to prevent lock-in at the platform level. Essentially, some percentage of the time, say 5% or 10%, the WEI attestation would intentionally be omitted, and would look the same as if the user opted-out of WEI or the device is not supported.
This is designed to prevent WEI from becoming “DRM for the web”. Any sites that attempted to restrict browser access based on WEI signals alone would have also restricted access to a significant enough proportion of attestable devices to disincentivize this behavior.
Additionally, and this could be clarified in the explainer more, WEI is an opportunity for developers to use hardware-backed attestation as alternatives to captchas and other privacy-invasive integrity checks.
WEI does not disadvantage browsers that spoof their identity The hold-back and the lack of browser identification in the response provides cover to browsers that spoof their user agents that might otherwise be treated differently by sites. This also includes custom forks of Chromium that web developers create.
Let’s work together on finding the right path We acknowledge facilitating an ecosystem that is open, private, and safe at the same time is a difficult problem, especially when working on the scale and complexity of the web. We welcome collaboration on a solution for scaled anti-abuse that respects user privacy, while maintaining the open nature of the web.
Hardware backed attestation isn’t about security or privacy, if you can’t pass SafetyNet on your Android device you can’t install certain apps, but even with stock software and passing SafetyNet you can still install malware direct from the App Store, it’s about vendor lock in, always has been.
Edit: Clarified my point.
This is the part that caught my attention:
Privacy features like user-agent reduction, IP reduction, preventing cross-site storage, and fingerprint randomization make it more difficult to distinguish or reidentify individual clients, which is great for privacy, but makes fighting fraud more difficult.
And we do those things, not because we’re fraudsters, but because we’re trying to protect ourselves from the likez of YOU!
YOU did this, change your model and maybe it’ll be better? Oh! But! Mooooooooney! I forgot. Stupid me.
This is the fucking bully telling the nerd that if he doesn’t just HAND OVER his lunch money, that he’ll get beat. It’s YOUR fault! Not OURS!
Edit: Formatting and added about bully
Edit 2: fixing the formatting of the formatting edit. :-D lol
You know who the least trusted party is here? Not privacy-focused users, not even malicious users and bots. You are the least trusted party here. The greatest point of security vulnerability is giving greater control of what does and doesn’t get seen to a company that’s proven itself to be a bad actor.
Megacorps that feed on our data are the danger. Not just to network security, but to humanity. We don’t want or need you limiting our access to information and to one another so that you can further lock down your pilfering of our personal data and your force-feeding of ads and toxic cultural forces.
The abuse of this responsibility has already caused untold damage to our individual lives, the functioning of our societies, and our actual planet itself. It’s led to the mass promotion of some of the worst ideas in human history, and the diminishment of good will, social cohesion, and personal autonomy. The last thing we need is more overreach.
Leave the internet alone. Go make a game or something.
“You’re blowing this out of proportion… circular speech… platitudes… and this will make everything better!”
comments disabled
The objective of WEI is to provide a signal that a device can be trusted
This is exactly the opposite of everything anyone would learn in CompSci 101.
NEVER TRUST THE CLIENT. CLIENTS CANNOT BE TRUSTED. CLIENTS ARE NOT SANE. THAR BE DRAGONS THERE. (Maybe that last one is pirate treasure maps, but I think it holds.)
Anyone who is buying this guy’s argument that they’re trying to make it so you can trust clients, should immediately be removed from any computers they are in possession of and be “invited” by men in black suits to go live on a nice agrarian farm where the only computer available is an air-gapped Tandy TRS-80 MC-10. They can rejoin humanity when they’ve relearned the lessons of the last 40 years and understand why this is just patently insane.
WEI’s goal is to make the web more private and safe The WEI experiment is part of a larger goal to keep the web safe and open
(Emphasis mine)
They contradict themselves in the span of 2 sentences. Great look, folks.
How is that a contradiction?
The Open Internet (OI) is a fundamental network (net) neutrality concept in which information across the World Wide Web (WWW) is equally free and available without variables that depend on the financial motives of Internet Service Providers (ISP).
Open is not the opposite of private. You can have an open internet where your information is not shared with third parties, i.e. private.
The web is currently a communal well. We all drink from it because people before us paid the foundations.
Google aims to be the owner of that well. Like the land and oil barons before them, they wish to monetize every last second of web access.
That same corporation, to spew such vile, ignorant nonsense is…well, I guess it shouldn’t be much of a surprise, should it?
WEI prevents ecosystem lock-in through hold-backs
We had proposed a hold-back to prevent lock-in at the platform level. Essentially, some percentage of the time, say 5% or 10%, the WEI attestation would intentionally be omitted, and would look the same as if the user opted-out of WEI or the device is not supported.This is designed to prevent WEI from becoming “DRM for the web”.
At least this acknowledges that this proposal would in fact be “DRM for the web” if the only thing from preventing it from being that is an additional measure unrelated to the core implementation.
Not to mention, what prevents a future release of the feature either turning the percentage to 0% or removing the hold-back entirely?
My big concern with this and the new digital standard for images that they’re proposing is that it looks to make the internet less anonymous than even in-person interactions. To me, that’s a complete destruction of one of the most valuable features of the internet. To some extent, anonymity is a shield against tyranny; a government can’t exactly come and drag you off for re-education if they can’t tell who made the image mocking the dear leader. No matter who you are or how you identify politically, we should be able to throw our tomatoes anonymously if we do choose, without threat of Google telling the Chinese or American governments who threw them.
Well, looking at these comments, one thing is clear: the discussion is not going to happen here. I don’t think there was even one comment of substance, which is unfortunate, since the explainer in OP reads sincere to me.
Maybe instead of jumping on the „google bad“ bandwagon, it would be helpful if people point out the specific issues that they are seeing with this.
As it stands, we might just take literally any commit to chromium and paste the same comments below it.
Edit: since posting this, the comments have considerably improved, I love some of the discussion. Thanks!
We already have sufficient attestation for the web. It’s called SSL/TLS. It guarantees that what the browser sees is what the server put out.
WEI is about blocking the browser from modifying the website in any way on the client side. Can it be used for good? Sure. Will the company whose income is 90% ads, spies on billions of people, and owns 90% of the browser market share use it for good? Hmm…
The explainer explicitly mentions that the proposal allows browser to ignore WEI and the web is intended to work without. It even points out that there will be a continuous group of chrome users of ~5% that have the feature disabled.
If website owners rely on this feature, they are hurting chrome users just as much as other browsers.
there will be a continuous group of chrome users of ~5% that have the feature disabled
inb4 that 5% gets killedbygoogle.com
