Google’s new evil clown act is here! The Web Environment Integrity API would allow websites to request a cryptographically signed attestation token from the user's browser containing verified claims about the user's device and software. This attestation would be generated and signed by a trusted "attester" entity that the browser communicates with.
The core technical components include:
- The attester, likely the operating system vendor, which generates and signs an attestation token after receiving a request from the browser. This contains info like whether the device is trusted and what app is making the request.
- A content binding provided by the site, which the browser hashes and includes to prevent replay attacks. This binds the attestation to the specific browser session.
- Signing of the attestation payload using IETF standards COSE and CBOR for compact and verifiable tokens.
- Verification of the attestation signature server-side using the attester's public key to confirm legitimacy.
The key controversy around this proposal from a technical standpoint is that it enables new device fingerprinting and tracking capabilities. The attestation provides a cryptographic proof of the user's software environment, and could allow colluding sites to link attestations.
While protections like profile partitioning are suggested, many point out these are insufficient. The prominence of Chrome gives Google power to dictate adoption, and alternatives like Firefox may be locked out of sites expecting certain attestation claims.
Critics view this as the logical conclusion of a decades-long march to lock down general purpose computing into restricted platforms built for control rather than user freedom. Integrity measurement architectures like TPMs now may extend to the software layers of the web.
Additionally, the security justifications around bot detection ring hollow when alternative approaches like holdbacks are deliberately weakened to support business models based on tracking and ads. Real user security seems a secondary concern.
The Web Environment Integrity proposal could significantly undermine open internet standards in a few key ways:
- It would give companies like Google asymmetric power to deny access to browsers that don't implement proprietary attestation APIs. This departs from the open web standards model based on voluntary adoption. If Netflix adheres to this standard, and so does, say every big streaming corporation, then Chromium and other browsers will shift to support this standard.
- Web standards are traditionally developed through bodies like W3C and WHATWG with input from diverse stakeholders. This proposal comes from Google alone and risks being unilaterally imposed via Chrome's dominance, undermining the standards process.
- Attestation capabilities would be tied to platform vendors like Google rather than standardized in an interoperable way. This entrenches vendor-specific implementations rather than open standards.
- The privacy and fingerprinting concerns may deter participation from vendors like Mozilla who prioritize user trust. A standard without broad stakeholder buy-in cannot be considered open.
- Legitimizing restricted client environments and DRM-style attestation contradicts the open ethos of web standards. It sets a precedent that could lead to broader erosion of user rights and controls.
- Fragmenting the web into attested and non-attested experiences undermines the universality and consistency that open standards foster, creating a divided ecosystem.
Further reading
