At a time when Google’s Web Environment Integrity (WEI) proposal has come under heavy criticism, one of the developers working on the project said that it intends to make the web “more private and safe.”
The fraud-fighting project has fired up quite a controversy, with rising concerns that it could take away the freedom of choice from users and affect their privacy negatively.
Responding to the concerns about WEI being too dangerous and invasive of privacy, Ben Wiser, a software engineer at the Chocolate Factory, insisted that WEI is meant to address online abuse and fraud while evading the privacy harms enabled by cross-site tracking and browser fingerprinting.
What Is Google’s Web Environment Integrity and How Does It Work?
The Web Environment Integrity DRM proposed by Google is essentially an attestation scheme. It offers web publishers a way to integrate their websites or apps with a code that checks with a trusted party (such as Google) to verify if a client’s hardware and software stack meets certain criteria.
Through WEI, Google aims to help websites weed out bots by verifying that the visitors on their domains are actual users.
In an explainer published by Google, the tech giant insists on the importance of websites verifying the trustworthiness of the client environment they are run in. This includes the web browser and the operating system, as well as their methods to protect data and intellectual property.
Here’s how Google’s proposed Web Environment Integrity would work – when users try to access a website integrated with the API, the site would request a token attesting to the client environment.
A third-party attester, in this case, WEI, will then test the device and sign the token provided. A browser or device that fails to pass the attestation will be marked as untrusted.
The token is then returned to the originating web page, following which the web server verifies the token and checks for the attester’s signature. If everyone turns out well, the user will be able to access the website.
However, if the token fails the test, it’s up to the website publisher to decide how the web server would respond to the signal.
While Google didn’t reveal what WEI looks for during the attestation check, Wisner insists that “WEI is not designed to single out browsers or extensions” and that it won’t block browsers that spoof their identity.
The intended use cases of the DRM include allowing game publishers to detect players cheating with the help of disallowed hardware or software. It can also help content publishers check whether their ads are being seen by actual visitors or fraudulent bots.
Why Are People Concerned About WEI?
Unfortunately, the intended use of such technologies is rarely a limitation to how they’d actually be used. The technical community has expressed concern that bringing the web under a permission-based regime where a third party determines the worthiness of a user can prove to be dangerous.
A big part of the reason why there is a problem is the surveillance economy, and the solution to the surveillance economy seems to be more surveillance.Jon von Tetzchner, Vivaldi CEO
WEI can potentially be used to impose restrictions on unlawful activities on the internet, such as downloading YouTube videos and other content, ad blocking, web scraping, etc.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : TechReport – https://techreport.com/news/google-tries-to-defend-its-web-environment-integrity-as-critics-slam-it-as-dangerous/