Jump to content

Web Environment Integrity

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Aaron Liu (talk | contribs) at 15:03, 25 August 2023 (Reception). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Web Environment Integrity (WEI) is an API proposal currently being developed for Google Chrome.[1] As of August 2023, a Web Environment Integrity prototype exists in Chromium,[2] but has not shipped in any browser.[3][non-primary source needed]

Proposal

Sequence diagram showing WEI attestation

The draft proposes an API for websites to get a digitally-signed token that contains the certifier's name and whether or not they deem the web client to be authentic. The stated goal is to only allow access to certain sites for human users instead of automated programs and "allow web servers to evaluate the authenticity of the device and honest representation of the software stack and the traffic from the device". Access to this API will not be allowed in non-secure (HTTP) contexts.[4]

History

On April 25, 2023, Google engineers, Ben Wiser, Borbala Benko, Philipp Pfeiffenberger and Sergey Kataev created a GitHub repository explaining the details of the proposal.[5] The proposal was flamed by GitHub users, with numerous comments, issues and pull requests voicing strong opposition to the existence of the standard and arguing for its deletion.

On July 21st, 2023, Wiser and fellow Google engineer Yoav Weiss added a code of conduct to the explanation repository[6] and locked it from receiving new comments, issues or pull requests.[citation needed] On the same day, preliminary code was added to Chromium to implement the standard. This also received a large amount of highly negative comments.[2]

Reception

The proposal has been widely criticized for limiting general purpose computing, with some comparing WEI to digital rights management (DRM).[7][8] Others have accused the standard of being evidence of Google abusing Chrome's near-monopoly of browser share.[9]

Some stakeholders have issued official statements on the matter:

  • On July 25, Mozilla opposed it for contradicting their principle that anything that supports it can access the Web.[10]
  • On July 27, Vivaldi opposed it as "simply dangerous" and claimed it would significantly limit the browsers that could be used.[11]
  • On July 29, the Free Software Foundation opposed it as "an all-out attack on the free Internet" and claimed it would significantly limit the browsers that could be used.[12]
  • On July 31, Brave Software opposed it as "junk that Google puts into Chromium".[13]
  • On August 7, the Electronic Frontier Foundation opposed it as "a bad idea that Google should not pursue" and claimed it would significantly limit the browsers that could be used.[14]
  • On August 11, the World Wide Web Consortium made clear that they won't take a stance as it was "not being worked on in W3C, nor has there been any submission [for W3C] review".[15]

See also

References

  1. ^ Amadeo, Ron (2023-08-03). "Google's nightmare "Web Integrity API" wants a DRM gatekeeper for the web". Ars Technica. Retrieved 2023-08-03.
  2. ^ a b "[wei] Ensure Origin Trial enables full feature · chromium/chromium@6f47a22". GitHub. Retrieved 2023-08-19.
  3. ^ "Feature: Web environment integrity API". Chrome Platform Status. 2023-05-09. Retrieved 2023-08-23.{{cite web}}: CS1 maint: url-status (link)
  4. ^ "Web-Environment-Integrity/explainer.md at main · RupertBenWiser/Web-Environment-Integrity". GitHub. Retrieved 2023-07-26.
  5. ^ Wiser, Ben (2023-08-18), Web Environment Integrity API, retrieved 2023-08-19
  6. ^ "Create CODE_OF_CONDUCT.md · RupertBenWiser/Web-Environment-Integrity@7998217". GitHub. Retrieved 2023-08-19.
  7. ^ Amadeo, Ron (2023-07-24). "Google's nightmare "Web Integrity API" wants a DRM gatekeeper for the web". Ars Technica. Retrieved 2023-07-26.
  8. ^ Claburn, Thomas. "Google Web Environment Integrity draft draws developer rage". The Register. Retrieved 2023-07-26.
  9. ^ Claburn, Thomas. "Google Web Environment Integrity draft draws developer rage". www.theregister.com. Retrieved 2023-08-19.
  10. ^ "Request for Position: Web Environment Integrity API · Issue #852 · mozilla/standards-positions". GitHub. Retrieved 2023-07-26.
  11. ^ "Unpacking Google's new "dangerous" Web-Environment-Integrity specification". Vivaldi Browser. 2023-07-25. Retrieved 2023-07-26.
  12. ^ Farough, Greg (2023-07-28). ""Web Environment Integrity" is an all-out attack on the free Internet". Free Software Foundation. Retrieved 2023-07-28.
  13. ^ Eich, Brendan (2023-07-27). "We are a fork, have been all along, the "reskinned" claim is complete nonsense. We won't be shipping WEI support, just as we disable or otherwise nullify lots of other junk that Google puts into Chromium". Twitter. Retrieved 2023-08-25.
  14. ^ Doctorow, Cory; Hoffman-Andrews, Jacob (2023-08-07). "Your Computer Should Say What You Tell It To Say". www.eff.org. Retrieved 2023-08-07.
  15. ^ "Web Environment Integrity has no standing at W3C; understanding new W3C work". www.w3.org. 2023-08-11. Retrieved 2023-08-11.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Web_Environment_Integrity&oldid=1172192094"