search

explainers-by-googlers / Web-Environment-Integrity

538 stars 100 forks source link

But on a serious note... #118

Open melontini opened 1 year ago

melontini commented 1 year ago

This proposal is pretty problematic. The explainer.md is full of things that it doesn't help to solve, plus a few other problems.

Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads

This is not what the “user” wants, this is what the site owner wants. Users use ad-blockers due to aggressive advertising (welcome https://www.fandom.com/) and privacy concerns (recent Tax prep – Meta Pixel scandal). There would be no need for ad-blockers if every website was modrinth.

Also, there are already ways to detect ad-blockers without checking for “integrity”.

Users want to know they are interacting with real people on social websites but bad actors often want to promote posts with fake engagement (for example, to promote products, or make a news story seem more important).

This is not helpful at all. There are a lot of bots on Twitter not because the environment is “not trustworthy”, but because there are no registration requirements. All you require is an email address and a unique username.

And what's to stop bad actors from just using a macro in Chrome? The environment would still be “trusted”, right?

Users playing a game on a website want to know whether other players are using software that enforces the game's rules.

This is the only somewhat valid reason that users want. But in general, there are other ways to detect this.

Users sometimes get tricked into installing malicious software that imitates software like their banking apps

So how does this API help? People fall for https://www.citi-bank.org/. This is not a browser “integrity” issue.

Yes, this will work if malware tries to modify the webpage, but this is too much effort since you can just redirect people to https://www.citi-bank.org/ or steal their passwords stored in Chrome/Safari/Firefox/whatever. The “Save Page As...” button is free.

My biggest problem with this is:

A third party that can “attest” to the device a web browser is executing on, referred to as the attester

This introduces a “third party” attester into the mix. As I understand it, the attester gets the environment info, but how can we trust that this information isn't being used by the attester to track people across sites? By your own words, the attester would get: IP (not sensitive, but still), platform, rate limit indicator (probably a number), and possibly more in the future.

So, in my opinion, this API provides almost no benefit, but could end up hurting: Small browser forks, modded Android/IOS phones, custom Linux distros, user privacy by giving attesters more data points and limiting privacy tools, user experience by breaking ad-blocking.

Some clarification on these issues would be really nice.

elbosso commented 1 year ago

Users like visiting websites that are expensive to create and maintain - I do not think that "users" like websites that are expensive. Meaning loading half a gig of bloated javascript and trackers first, draining the energy from their phones and on the whole the resources of the planet.

Simerax commented 1 year ago

if the browser allows extensions, the user may use extensions; if a browser is modified, the modified browser can still request Web Environment Integrity attestation.

This will basically create a whitelist of browsers. A user should not be punished for using a niche browser.
The "Attester" will have full control over who is allowed to use the internet and who is not.

This is basically taking the spirit of the internet (being decentralized and open) and throwing it into the garbage and then setting it on fire.

Internet Communication must not be centralized.