the API is called Web Environment Integrity, and it’s a way to kill ad blockers first and a Google ecosystem lock-in mechanism second, with no other practical use case I can find

  • @selfOPA
    link
    English
    7
    edit-2
    1 year ago

    if anyone hasn’t read it yet, the goals and non-goals sections of the “explainer” are a joke that mostly contradict the rest of the document, and seem like a late addition to muddy the waters in online discussions when they realized how unpopular this idea would be. the entire thing gives me crypto whitepaper vibes in that it’s an intentionally dishonest representation of a technology nobody but google wants

    also, the actual spec isn’t even a first draft, almost like other browser vendors supporting or even understanding this thing is an unlisted non-goal. it’s much worse if they do though: implementing this thing requires your browser to keep a connection to a google-approved attester, which will receive a live feed of the requests leaving your browser; ie, it’ll have your live browsing history. for some reason (by design), when the explainer talks about cross-site tracking, it only talks about methods to prevent the web server from doing it, other than this paragraph of nonsense:

    User agents will not provide any browsing information to attesters when requesting a token. We are researching an issuer-attester split that prevents the attester from tracking users at scale, while allowing for a limited number of attestations to be inspected for debugging—with transparency reporting and auditability.

    only a couple of paragraphs before this, the doc describes what the attester receives and signs as a “content binding”, which… seems to be a set of browsing information for the page you’re on

    e: oh yeah, that’s one of the only places they mention the concept of a token issuer at all. they don’t actually describe what it is, and I can’t figure out the value of splitting it from the attester if the token has to contain your browsing data — either way, both systems get a copy of it

    • @future_synthetic
      link
      English
      81 year ago

      They are doing their best to make Chrome actual malware.

    • Steve
      link
      English
      51 year ago

      I couldn’t read past the example scenarios in the introduction. I read “bad actors” and it’s enough to know that they are avoiding thinking, or at least talking, about the realities of what they are making.

  • Steve
    link
    English
    71 year ago

    This is why every full-stack engineer who celebrates the chromium browser dominance because they don’t have to worry about css and js browser compatibility should be slapped. The I/O conference is the biggest ad disguised as a “we care about the web” community event of them all.

    • Steve
      link
      English
      61 year ago

      Google meet is the only product on the web I’ve seen in the last 5 years that still says “these features don’t work in your browser”

      • Steve
        link
        English
        61 year ago

        Gecko and WebKit are open-source. If google cared about the web they’d contribute to the other engines as well.

        • @selfOPA
          link
          English
          61 year ago

          I see you have also been forced to use google tech and consume google’s awful developer docs and deal with their laughable UIs (how does anyone use google analytics for any purpose?) because the only thing corporations are comfortable with is garbage as far as the eye can see

          • Steve
            link
            English
            41 year ago

            I’m a firm believer that GTM is one of the worst things to happen to the web

            • @selfOPA
              link
              English
              41 year ago

              it’s a terrible day when you realize the stack for a new project was chosen based only on google’s unearned reputation for making good software

  • David GerardMA
    link
    English
    51 year ago

    the authors of this paper need never to work in tech ever again

    • Steve
      link
      English
      51 year ago

      all four of the authors are software engineers

      • @selfOPA
        link
        English
        81 year ago

        to paraphrase many of the issues on this repo, they need to not

  • @maol
    link
    English
    21 year ago

    Are they just copying the stuff Microsoft did back in the 90s to kill Netscape navigator? Someone should set up a website called Chrome is Evil à la Internet Explorer Is Evil.

    • @gerikson
      link
      English
      31 year ago

      Did setting up that website actually help?

      • @selfOPA
        link
        English
        41 year ago

        so I was pretty young at the time, but that site was one of my motivating factors in trying pre-Firefox Mozilla for the first time

      • @maol
        link
        English
        11 year ago

        No idea. But it was funny.