I have a 7950X, a pile of RAM, and an unfairly expensive RTX 4000-series GPU. The cursor occasionally hitches for ~400ms whenever doing things like opening task manager or resuming from the lock screen, so that checks out unfortunately.
I don’t disagree, and I’m personally aware of the consequences. Adding the API would be the first step, and future proposals and changes could amend it to add other environment details to tell a website that there are browser extensions that can read or modify the page.
I don’t really think summarizing WEI as though it already includes those really helps people understand what WEI currently is or does, though. Nobody reads the actual documentation before repeating what they were told, and that’s going to lead to the spread of factually-incorrect information. It’s not a bad thing for people to be aware of the long-term issue with having a WEI API, but users’ lack of understanding of WEI in its current form is just going to be used by Google as proof to dismiss dissenting feedback as FUD.
I’m not saying you’re wrong or that Web Environment Integrity is a good thing, but a primary source and citation is needed for this statement:
It enforces the original markup and code from a server to be the markup and code that the browser interprets and executes, preventing any post-loading modifications.
Can’t have a runtime error if you don’t have a compiled binary *taps forehead*
(For the record, I say this as someone who enjoys Rust)
Having thought about it for a bit, it’s possible for this proposal to be abused by authoritarian governments.
Suppose a government—say, Wadiya—mandated that all websites allowed on the Wadiyan Internet must ensure that visitors are using a list of verified browsers. This list is provided by the Wadiyan government, and includes: Wadiya On-Line, Wadiya Explorer, and WadiyaScape Navigator. All three of those browsers are developed in cooperation with the Wadiyan government.
Each of those browsers also happen to send a list of visited URLs to a Wadiyan government agency, and routinely scan the hard drive for material deemed “anti-social.”
Because the attestations are cryptographically verified, citizens would not be able to fake the browser environment. They couldn’t just download Firefox and install an extension to pretend to be Wadiya Explorer; they would actually have to install the spyware browser to be able to browse websites available on the Wadiyan Internet.
If that were the case, wouldn’t the mouse jump when the latest frame is presented? For me, it’s more that it just stays still until after Windows stops having a fuss.