explainers-by-googlers / Web-Environment-Integrity

538 stars 100 forks source link

Don't. #28

Open OrionMoonclaw opened 1 year ago

OrionMoonclaw commented 1 year ago

Sometimes you have to ask the question whether something should be done at all, and trusted computing is certainly one of those cases where the answer is obviously a big fat NO.

So please reconsider what you believe in, leave this demon to history where it forever belongs.

selfawaresoup commented 1 year ago

This is DRM infrastructure for websites and fundamentally counter to an open web.

So yeah, don’t.

warriordog commented 1 year ago

100% agree. This proposal offers far too many opportunities for abuse. The authors have clearly tried to mitigate this, but their measures are insufficient and always will be, because the underlying idea is flawed. Lets leave this one in the past - it will only ever cause more harm than good.

jfmcbrayer commented 1 year ago

Almost every reasonable use case of this proposal is something that makes the web worse for users. It opens another front in the War On General Computation, and continues the trend of web browsers ceasing to be user-agents, and becoming the property of the website owners. It's a straight-up attack on the open web.

tanepiper commented 1 year ago

I would add myself to the points above, this is not a good idea and opens up so much potential abuse, and shutting out of marginalised groups who may not be able to use the latest version of a program.

The world is also dividing along ideological lines that could see this used to perpetrate a shutdown of information to a select few.

tl;dr Don't

ghost commented 1 year ago

Please just withdraw this horrible idea. "Web Environment Integrity" is when you, as developers, show integrity and dump this.

kleinesfilmroellchen commented 1 year ago

Have you lost your fucking minds? DRM never was and never will be a good idea. Just stop.

mokrates commented 1 year ago

No. Either no one else than you can build browser engines anymore, or this won't work anyways. This is against OpenSource. How would my homebrew-browser be forced to be honest?

PeterCxy commented 1 year ago

The entire premise of this proposal is completely flawed. To quote the authors,

Users often depend on websites trusting the client environment they run in.

If the security of your web service depends on a specific client environment, your web service is designed wrong. Period. If something is security-critical, you should not ever delegate that computation to client side and you should not ever blindly trust any client-side input, even if you can attest to any digital signature from the client. Are you sure you are going to be able to maintain an up-to-date list of all the vulnerabilities of all "trusted" clients? And how are you going to mitigate all of them in time? Even with Android, a lot of known vulnerable devices are still "trusted" under SafetyNet / Play Integrity. The only way for any service to be secure is to not trust client input blindly.

This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it.

Your proposal has exactly nothing to do with whether a human user is interacting with the device. All you can ever do is attest to the fact that the client uses software with a signature trusted by the server. An automated program does not have to actually execute within this environment -- it can be a device outside of the control of the client-side operating system entirely. Are you then going to authenticate all peripherals connected to the device?

This trust is the backbone of the open internet, critical for the safety of user data and for the sustainability of the website’s business.

Let's make this very clear: the backbone of the open internet is the fact that any client from any vendor can access any website, as long as they implement all the open standards a given website / application depends on. By giving the ability to exclude certain vendors and users to operators of a website, you are destroying the open internet, not the other way around.

tezoatlipoca commented 1 year ago

^^ what they said. There is no compelling argument for any of this other than "policing the content/services I provide on the internet WITH humans, in order to maintain a productive service FOR humans, is expensive and I don't wanna; so lets add more complexity to an already complicated and impossible to understand/maintain tech stack and add even more hurdles a user has to go through rather than just sending a browser to a URL.."

Plus if you add yet another thing I have to 2FA just to read the instructions on how to repair my dishwasher, I may start to get nasty.

twhaples commented 1 year ago

Hello! I'm hoping to help with potential workarounds, in case this issue is closed without action.

In the United States it might be possible to request a workaround through the involvement of the United States Department of Justice Antitrust Citizen Complaint Center at https://www.justice.gov/atr/citizen-complaint-center — as observers have noted, if we end up with website DRM everywhere and whitelisted entries for browsers like Chrome and agents like Googlebot, the net effects will be radically anti-competitive.

Please remember:

When contacting the Antitrust Division about a possible antitrust violation or potential anticompetitive activity, please provide as much of the following information as possible:

  • The names of the companies, individuals, or organizations involved
  • How do you believe they have violated the federal antitrust laws? (For details on federal antitrust laws, see Antitrust Laws and You.)
  • Examples of, or details about, the conduct that you believe violates the antitrust laws
  • The product or service affected by the conduct, including where the product is manufactured or sold or where is the service is provided
  • The major competitors that sell the product or provide the service
  • Your role in the situation
  • Who is being affected and how they are being affected

You may submit your concern by e-mail, regular mail, or phone.

By email to antitrust.complaints@usdoj.gov.

By postal mail to: Citizen Complaint Center Antitrust Division 950 Pennsylvania Ave., NW Room 3322 Washington, DC 20530

By phone at 1-888-647-3258 (toll free in the U.S. and Canada) or 202-307-2040.

In the European Union you want the DG Competition:

If you are directly affected by the practice which you suspect restricts competition and are able to provide specific information, you may want to lodge a formal complaint, which must fulfil certain requirements. The complaint form (“Form C”) is available on the Commission Regulation (EC) No 773/2004 of 7 April 2004 relating to the conduct of proceedings by the Commission pursuant to Articles 81 and 82 of the EC Treaty [1]. Official Journal L 123, 27.04.2004, p.18-24 (see the form on the last page “Annex”).

Information on how the Commission handles complaints is available on the Commission Notice on the handling of complaints by the Commission under Articles 81 and 82 of the EC Treaty (Articles 101 and 102 TFEU) (Official Journal C 115, 9.5.2008, p. 88–89).

You can provide information on a specific market where you may have concerns regarding compliance with EU competition rules by e-mail to comp-market-information@ec.europa.eu. Please indicate your name and address, identify the firms and products concerned and describe the practice you have observed. This will help the Commission to detect problems in the market and be the starting point for an investigation. We invite you to read our e-services privacy policybefore contacting us. You can also send your complaint by post: You can also send your complaint by post:

European Commission Competition DG B - 1049 Bruxelles

If the situation you have encountered is limited to one country or area, or involves no more than three EU Member States you may want to contact a national competition authority. The competition authorities of all EU Member States now apply the same competition rules as the European Commission and very often they are well placed to deal with your problem. If you think that a larger number of Member States are concerned, you may primarily chose to contact the European Commission. If you are not sure about the scope of the problem, do not hesitate to contact either the European Commission or the national competition authority because the authorities cooperate among them and will allocate the case as appropriate.

Wack0 commented 1 year ago

"so preoccupied with whether they could, they didn't stop to think if they should"

adryzz commented 1 year ago

how about no

TEEs in our phones to attest bootloader lock and SafetyNet (yes it's now Play Integrity) are already way too much

Codel1417 commented 1 year ago

When most ads are malware and most sites are not accessible out of the box, including Google sites, how will this API improve the browsing experience for real users?

If your service trusts the client, you have failed as a developer

a1batross commented 1 year ago

Authors: Google, Google, Google and Google

Maybe Google should play in it's sandbox rather than defining what Internet is?

jessehattabaugh commented 1 year ago

"what if the web sucked as hard as app stores do?"

twhaples commented 1 year ago

I would like to respectfully add my suggestion that Ben Wiser (Google), Borbala Benko (Google), Philipp Pfeiffenberger (Google), and Sergey Kataev (Google) all take this opportunity to engage a personal lawyer and seek legal advice, i.e. do not defer to the corporate counsel (Google), who may not have their best interests in mind. Antitrust law is real. Some violations are crimes.

gourdcaptain commented 1 year ago

Oh wow, another Google attempt to lock out adblocking in the long run. Absolutely unsurprising.

Knock it off.

ghost commented 1 year ago

This, also quit your jobs at Google.

alexisvl commented 1 year ago

Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they're human, sometimes through tasks like challenges or logins.

This is a masterpiece of doublespeak, I have nothing but awe and congratulations for whoever pinched this one off.

sparked435 commented 1 year ago

This proposal speaks a lot about trust, but seems not to realize that trust happens in multiple directions, often simultaneously.

By locking a user out of changes - possibly even at the configuration level or installing extensions - to their browser, they can no longer trust the browser to behave with their interests in mind. It actively corrodes a user's ability to trust the browser to not spy on them, or perform other malicious behavior such as deleting data without consent.

ghost commented 1 year ago

@RupertBenWiser writes about how frustrating it is to be locked out of your own hardware:

http://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-my-own-app-on-my-iPhone.html

jaredcwhite commented 1 year ago

Don't be evil.

This gets a rousing, unequivocal NOPE from me. I'm sure we all understand the challenges of servers fighting against attacks like DDoS and other issues, but in trying to mitigate against bad actors, we can't break the web in the process.

mmkthecoolest commented 1 year ago

Don't be evil.

@jaredcwhite They dropped that motto a long time ago. Google has accustomed itself to indulge in evil.

wwahammy commented 1 year ago

This is pure, unmitigated evil. You're basically ensuring a monopoly for your platform.

Each of you should be personally ashamed and likely banned from the industry.

I will be the first person suing your company if you implement this, this is guaranteed to be illegal.

VVelox commented 1 year ago

This is very much a love letter to people who engage in phishing and as well as write malware as it makes their job a lot easier.

wwahammy commented 1 year ago

I would like to respectfully add my suggestion that Ben Wiser (Google), Borbala Benko (Google), Philipp Pfeiffenberger (Google), and Sergey Kataev (Google) all take this opportunity to engage a personal lawyer and seek legal advice, i.e. do not defer to the corporate counsel (Google), who may not have their best interests in mind. Antitrust law is real. Some violations are crimes.

I strongly agree. This is a blatant, willful violation of a bunch of antitrust laws.

Remember that the VW engineers were the only ones who served prison time for the emissions scandal.

ansuz commented 1 year ago

I would feel deeply, personally ashamed to have my name associated with an idea as bad as this.

4ndv commented 1 year ago

Let's imagine this scenario:

There is a search engine "A" and a search engine "B", both of which uses scrapers capable of executing javascript code.

But the search engine "A" also happens to have some kind of involvement with attester entity called, for example, "Google Play".

The question: what are the chances of attester entity to be more biased towards the scraper of the search engine "A", than search engine "B" when giving their verdict?

mhoye commented 1 year ago

Human-facing, client-side platform-state attestation won't and will never be used to secure the agency or well-being of a human. Particularly when the developers of that attestation process consider "How will we prevent this signal from being used to exclude vendors" to be an "open question" worth considering, and "how will we prevent this signal from being used to exclude or marginalize classes of people" doesn't deserve so much as the "todo" you've granted to lesser considerations like "privacy". This is an attempt to keep humans from being able to make choices that are inconvenient to your business model and that's it.

I'll put a thousand dollars down that everybody involved in drafting this spec uses an ad-blocker, without exception. And yet here you are trying to strip other people of the agency that you enjoy every day, to shelter a failing business model from inconvenient market realities like "people who don't like the product are allowed to not buy it".

Is this the work you wanted to do? Was this the dream, is this the kind of engineer you wanted to be? Because you have agency too, you can still make choices about who you want to be and how you want the world to be different because you were in it, and maybe they can be better choices than this.

andrewliden commented 1 year ago

It doesn't take much critical thinking to see the problem with this API. I mean, you even put it in the "open questions" section. None of the possible solutions in the explainer seem very realistic, either. The whole point of an API like this is to allow a site to modify its behavior for certain browsers or operating environments. It'd be surprising if someone didn't use it to exclude some browsers. I can imagine it already. A user wants to browse their favorite website on their favorite browser or operating system. They try to log on, only to be greeted by a (likely very modern and trendy looking) icon of a padlock, followed by some text along the lines of "We only serve secure environments. Please use one of the following browsers." Now they're at a fork in the road: stop going to your favorite site, or start using that site's favorite software. If you truly care about the open web, scrap this idea. Otherwise, stop pretending that you do.

k32 commented 1 year ago

Don't blame google for doing what google does, blame yourself for using their products.

mokrates commented 1 year ago

Don't blame google for being google, blame yourself for using their products.

I use Firefox, but that won't help me, when they release this oppressive tech. Either Firefox will be excluded, or, worse, it will have to implement the same oppression and break itself this way.

It's not that easy. If Google had only a small market share, webadmins would say, "we can't use this tech, nobody would use our site". But that's not how it is.

mokrates commented 1 year ago

image And Firefox already backed down once. They will do it again in no time.

ghost commented 1 year ago

The plan isn't to exclude all other browsers, it's just to create yet another structural imbalance favoring the largest available browsers and platforms.

So, exclude competition but in a way that they can spin in court later.

I found this interesting too.. basically a very weak proposal to add some "open" to this: https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/16

But even that small concession to a diverse web isn't favored? https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/5

k32 commented 1 year ago

I use Firefox, but that won't help me, when they release this oppressive tech. Either Firefox will be excluded, or, worse, it will have to implement the same oppression and break itself this way.

It's not that easy. If Google had only a small market share, webadmins would say, "we can't use this tech, nobody would use our site". But that's not how it is.

My goodness, I never thought about that! Let's do internet activism in the github issues for a day to prevent it, just like it prevented manifest v3, mass surveillance and paid reddit API!

gourdcaptain commented 1 year ago

I use Firefox, but that won't help me, when they release this oppressive tech. Either Firefox will be excluded, or, worse, it will have to implement the same oppression and break itself this way. It's not that easy. If Google had only a small market share, webadmins would say, "we can't use this tech, nobody would use our site". But that's not how it is.

My goodness, I never thought about that! Let's do internet activism in the github issues for a day to prevent it, just like it prevented manifest v3, mass surveillance and paid reddit API!

Oh, there's no way this changes their minds for a second, there's too much money and too little ethics involved. I just want to help annoy them briefly by making them have to clean up and lock down their GitHub. :P

EDIT: to be clear, I'm pro-posting here and telling them this sucks, I'm just acknowledging the likely results and also enjoy those

mokrates commented 1 year ago

I found this interesting too.. basically a very weak proposal to add some "open" to this: #16

What a BS. "Let's implement a means to differentiate, but stop it from discriminating" (as if they didn't know that discriminate MEANS differentiating (with a dark subtext which isn't really relevant, here)

OrionMoonclaw commented 1 year ago

My goodness, I never thought about that! Let's do internet activism in the github issues for a day to prevent it, just like it prevented manifest v3, mass surveillance and paid reddit API!

It won't prevent it, but maybe we can at least make the next person who even thinks about advancing this evil set of technologies feel just a little bit of shame, and do so politely, because that's how it hurts the most, we know it from how the corporate speak they use to communicate with us works.

The solution to this is to make it illegal, and I hope at least people who stumble here will know they're not alone in thinking this and know what they have to do.

charliewilson commented 1 year ago

This is the "site best viewed in internet explorer" of the modern age, taken to its logical, horrendous conclusion.

As many have said before me, if you're putting any trust in the client environment as a web dev, the problem lies with you.

We don't need this.

k32 commented 1 year ago

The solution to this is to make it illegal

Thanks for opening my eyes, I totally forgot that the governments (who would never ever get involved in shady dealings with Google) may make this feature illegal. I thought that they are more likely to make disabling this feature illegal, but I guess I was mistaken.

mokrates commented 1 year ago

The solution to this is to make it illegal

Thanks for opening my eyes, I totally forgot that the governments (who would never ever get involved in shady dealings with Google) may make this feature illegal. I thought that they are more likely to make disabling this feature illegal, but I guess I was mistaken.

Luckily, there's the EU.

sparked435 commented 1 year ago

My goodness, I never thought about that! Let's do internet activism in the github issues for a day to prevent it, just like it prevented manifest v3, mass surveillance and paid reddit API!

It's difficult to oppose a system (or change to a system) that has not yet been implemented, outside of screaming that it shouldn't happen.

When they actually build the digital padlocks is the time for the digital boltcutters. Until then, we scream.

mokrates commented 1 year ago

Until then, we scream.

image

ghost commented 1 year ago

what is the point of the "commenting doesn't help" genre of comment except as literally a conservative troll

mc776 commented 1 year ago

But I do not think that this necessity of stealing arises only from hence; there is another cause of it, more peculiar to England.’ ‘What is that?’ said the Cardinal: ‘The increase of pasture,’ said I, ‘by which your sheep, which are naturally mild, and easily kept in order, may be said now to devour men and unpeople, not only villages, but towns; for wherever it is found that the sheep of any soil yield a softer and richer wool than ordinary, there the nobility and gentry, and even those holy men, the dobots! not contented with the old rents which their farms yielded, nor thinking it enough that they, living at their ease, do no good to the public, resolve to do it hurt instead of good. They stop the course of agriculture, destroying houses and towns, reserving only the churches, and enclose grounds that they may lodge their sheep in them. As if forests and parks had swallowed up too little of the land, those worthy countrymen turn the best inhabited places into solitudes; for when an insatiable wretch, who is a plague to his country, resolves to enclose many thousand acres of ground, the owners, as well as tenants, are turned out of their possessions by trick or by main force, or, being wearied out by ill usage, they are forced to sell them; by which means those miserable people, both men and women, married and unmarried, old and young, with their poor but numerous families (since country business requires many hands), are all forced to change their seats, not knowing whither to go; and they must sell, almost for nothing, their household stuff, which could not bring them much money, even though they might stay for a buyer. When that little money is at an end (for it will be soon spent), what is left for them to do but either to steal, and so to be hanged (God knows how justly!), or to go about and beg? and if they do this they are put in prison as idle vagabonds, while they would willingly work but can find none that will hire them; for there is no more occasion for country labour, to which they have been bred, when there is no arable ground left. One shepherd can look after a flock, which will stock an extent of ground that would require many hands if it were to be ploughed and reaped. This, likewise, in many places raises the price of corn. ...

endrift commented 1 year ago

So how do the EFF and Firefox feel about this?

raingloom commented 1 year ago

On the topic of botnets and sockpuppet accounts, I wonder if the authors (all Google employees, of course) are familiar with proposed solutions that put control in the hand of the user, for example Trustnet , or if they came up with this next step in the war on general purpose computing first and then looked for a way to justify it second?

Is this going to be pushed through despite the vocal opposition, just like Manifest v3, because management told you so?

samipfjo commented 1 year ago

The funniest thing about this is how it's definitely not at all related to them lying about the nature of ad views to their customers

https://www.theguardian.com/technology/2023/jun/28/google-may-have-misled-dozens-of-advertisers-and-violated-its-own-guidelines-report

endrift commented 1 year ago

The funniest thing about this is how it's definitely not at all related to them lying about the nature of ad views to their customers

https://www.theguardian.com/technology/2023/jun/28/google-may-have-misled-dozens-of-advertisers-and-violated-its-own-guidelines-report

You assume the teams talk to each other enough for that to be intentional. It turns out management accidentally colludes like this sometimes, and the individual contributors have absolutely no idea. Something something YouTube Shadow DOM v0 polyfill...

xTrayambak commented 1 year ago

This and the Idle Detection API. Why do we trust Chromium anymore? (talking bout the corporate developers, not the hobbyists)