Don't.

[klrtk]

Sometimes you have to ask the question whether something should be done at all, and trusted computing is certainly one of those cases where the answer is obviously a big fat NO.

So please reconsider what you believe in, leave this demon to history where it forever belongs.

[selfawaresoup]

This is DRM infrastructure for websites and fundamentally counter to an open web.

So yeah, don’t.

[warriordog]

100% agree. This proposal offers far too many opportunities for abuse. The authors have clearly tried to mitigate this, but their measures are insufficient and always will be, because the underlying idea is flawed. Lets leave this one in the past - it will only ever cause more harm than good.

[jfmcbrayer]

Almost every reasonable use case of this proposal is something that makes the web worse for users. It opens another front in the War On General Computation, and continues the trend of web browsers ceasing to be user-agents, and becoming the property of the website owners. It's a straight-up attack on the open web.

[tanepiper]

I would add myself to the points above, this is not a good idea and opens up so much potential abuse, and shutting out of marginalised groups who may not be able to use the latest version of a program.

The world is also dividing along ideological lines that could see this used to perpetrate a shutdown of information to a select few.

tl;dr Don't

[ghost]

Please just withdraw this horrible idea. "Web Environment Integrity" is when you, as developers, show integrity and dump this.

[kleinesfilmroellchen]

Have you lost your fucking minds? DRM never was and never will be a good idea. Just stop.

[mokrates]

No. Either no one else than you can build browser engines anymore, or this won't work anyways. This is against OpenSource. How would my homebrew-browser be forced to be honest?

[PeterCxy]

The entire premise of this proposal is completely flawed. To quote the authors,

Users often depend on websites trusting the client environment they run in.

If the security of your web service depends on a specific client environment, your web service is designed wrong. Period. If something is security-critical, you should not ever delegate that computation to client side and you should not ever blindly trust any client-side input, even if you can attest to any digital signature from the client. Are you sure you are going to be able to maintain an up-to-date list of all the vulnerabilities of all "trusted" clients? And how are you going to mitigate all of them in time? Even with Android, a lot of known vulnerable devices are still "trusted" under SafetyNet / Play Integrity. The only way for any service to be secure is to not trust client input blindly.

This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it.

Your proposal has exactly nothing to do with whether a human user is interacting with the device. All you can ever do is attest to the fact that the client uses software with a signature trusted by the server. An automated program does not have to actually execute within this environment -- it can be a device outside of the control of the client-side operating system entirely. Are you then going to authenticate all peripherals connected to the device?

This trust is the backbone of the open internet, critical for the safety of user data and for the sustainability of the website’s business.

Let's make this very clear: the backbone of the open internet is the fact that any client from any vendor can access any website, as long as they implement all the open standards a given website / application depends on. By giving the ability to exclude certain vendors and users to operators of a website, you are destroying the open internet, not the other way around.

[tezoatlipoca]

^^ what they said. There is no compelling argument for any of this other than "policing the content/services I provide on the internet WITH humans, in order to maintain a productive service FOR humans, is expensive and I don't wanna; so lets add more complexity to an already complicated and impossible to understand/maintain tech stack and add even more hurdles a user has to go through rather than just sending a browser to a URL.."

Plus if you add yet another thing I have to 2FA just to read the instructions on how to repair my dishwasher, I may start to get nasty.

[twhaples]

Hello! I'm hoping to help with potential workarounds, in case this issue is closed without action.

In the United States it might be possible to request a workaround through the involvement of the United States Department of Justice Antitrust Citizen Complaint Center at https://www.justice.gov/atr/citizen-complaint-center — as observers have noted, if we end up with website DRM everywhere and whitelisted entries for browsers like Chrome and agents like Googlebot, the net effects will be radically anti-competitive.

Please remember:

When contacting the Antitrust Division about a possible antitrust violation or potential anticompetitive activity, please provide as much of the following information as possible:

• The names of the companies, individuals, or organizations involved
• How do you believe they have violated the federal antitrust laws? (For details on federal antitrust laws, see Antitrust Laws and You.)
• Examples of, or details about, the conduct that you believe violates the antitrust laws
• The product or service affected by the conduct, including where the product is manufactured or sold or where is the service is provided
• The major competitors that sell the product or provide the service
• Your role in the situation
• Who is being affected and how they are being affected

You may submit your concern by e-mail, regular mail, or phone.

By email to antitrust.complaints@usdoj.gov.

By postal mail to: Citizen Complaint Center Antitrust Division 950 Pennsylvania Ave., NW Room 3322 Washington, DC 20530

By phone at 1-888-647-3258 (toll free in the U.S. and Canada) or 202-307-2040.

In the European Union you want the DG Competition:

If you are directly affected by the practice which you suspect restricts competition and are able to provide specific information, you may want to lodge a formal complaint, which must fulfil certain requirements. The complaint form (“Form C”) is available on the Commission Regulation (EC) No 773/2004 of 7 April 2004 relating to the conduct of proceedings by the Commission pursuant to Articles 81 and 82 of the EC Treaty [1]. Official Journal L 123, 27.04.2004, p.18-24 (see the form on the last page “Annex”).

Information on how the Commission handles complaints is available on the Commission Notice on the handling of complaints by the Commission under Articles 81 and 82 of the EC Treaty (Articles 101 and 102 TFEU) (Official Journal C 115, 9.5.2008, p. 88–89).

You can provide information on a specific market where you may have concerns regarding compliance with EU competition rules by e-mail to comp-market-information@ec.europa.eu. Please indicate your name and address, identify the firms and products concerned and describe the practice you have observed. This will help the Commission to detect problems in the market and be the starting point for an investigation. We invite you to read our e-services privacy policybefore contacting us. You can also send your complaint by post: You can also send your complaint by post:

European Commission Competition DG B - 1049 Bruxelles

If the situation you have encountered is limited to one country or area, or involves no more than three EU Member States you may want to contact a national competition authority. The competition authorities of all EU Member States now apply the same competition rules as the European Commission and very often they are well placed to deal with your problem. If you think that a larger number of Member States are concerned, you may primarily chose to contact the European Commission. If you are not sure about the scope of the problem, do not hesitate to contact either the European Commission or the national competition authority because the authorities cooperate among them and will allocate the case as appropriate.

[Wack0]

"so preoccupied with whether they could, they didn't stop to think if they should"

[adryzz]

how about no

TEEs in our phones to attest bootloader lock and SafetyNet (yes it's now Play Integrity) are already way too much

[Codel1417]

When most ads are malware and most sites are not accessible out of the box, including Google sites, how will this API improve the browsing experience for real users?

If your service trusts the client, you have failed as a developer

[a1batross]

Authors: Google, Google, Google and Google

Maybe Google should play in it's sandbox rather than defining what Internet is?

[jessehattabaugh]

"what if the web sucked as hard as app stores do?"

[twhaples]

I would like to respectfully add my suggestion that Ben Wiser (Google), Borbala Benko (Google), Philipp Pfeiffenberger (Google), and Sergey Kataev (Google) all take this opportunity to engage a personal lawyer and seek legal advice, i.e. do not defer to the corporate counsel (Google), who may not have their best interests in mind. Antitrust law is real. Some violations are crimes.

[gourdcaptain]

Oh wow, another Google attempt to lock out adblocking in the long run. Absolutely unsurprising.

Knock it off.

[ghost]

This, also quit your jobs at Google.

[alexisvl]

Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they're human, sometimes through tasks like challenges or logins.

This is a masterpiece of doublespeak, I have nothing but awe and congratulations for whoever pinched this one off.

[sparked435]

This proposal speaks a lot about trust, but seems not to realize that trust happens in multiple directions, often simultaneously.

By locking a user out of changes - possibly even at the configuration level or installing extensions - to their browser, they can no longer trust the browser to behave with their interests in mind. It actively corrodes a user's ability to trust the browser to not spy on them, or perform other malicious behavior such as deleting data without consent.

[ghost]

@RupertBenWiser writes about how frustrating it is to be locked out of your own hardware:

http://benwiser.com/blog/I-just-spent-%C2%A3700-to-have-my-own-app-on-my-iPhone.html

[jaredcwhite]

Don't be evil.

This gets a rousing, unequivocal NOPE from me. I'm sure we all understand the challenges of servers fighting against attacks like DDoS and other issues, but in trying to mitigate against bad actors, we can't break the web in the process.

[mmkthecoolest]

Don't be evil.

@jaredcwhite They dropped that motto a long time ago. Google has accustomed itself to indulge in evil.

[wwahammy]

This is pure, unmitigated evil. You're basically ensuring a monopoly for your platform.

Each of you should be personally ashamed and likely banned from the industry.

I will be the first person suing your company if you implement this, this is guaranteed to be illegal.

[VVelox]

This is very much a love letter to people who engage in phishing and as well as write malware as it makes their job a lot easier.

[wwahammy]

I would like to respectfully add my suggestion that Ben Wiser (Google), Borbala Benko (Google), Philipp Pfeiffenberger (Google), and Sergey Kataev (Google) all take this opportunity to engage a personal lawyer and seek legal advice, i.e. do not defer to the corporate counsel (Google), who may not have their best interests in mind. Antitrust law is real. Some violations are crimes.

I strongly agree. This is a blatant, willful violation of a bunch of antitrust laws.

Remember that the VW engineers were the only ones who served prison time for the emissions scandal.

[ansuz]

I would feel deeply, personally ashamed to have my name associated with an idea as bad as this.

[4ndv]

Let's imagine this scenario:

There is a search engine "A" and a search engine "B", both of which uses scrapers capable of executing javascript code.

But the search engine "A" also happens to have some kind of involvement with attester entity called, for example, "Google Play".

The question: what are the chances of attester entity to be more biased towards the scraper of the search engine "A", than search engine "B" when giving their verdict?

[mhoye]

Human-facing, client-side platform-state attestation won't and will never be used to secure the agency or well-being of a human. Particularly when the developers of that attestation process consider "How will we prevent this signal from being used to exclude vendors" to be an "open question" worth considering, and "how will we prevent this signal from being used to exclude or marginalize classes of people" doesn't deserve so much as the "todo" you've granted to lesser considerations like "privacy". This is an attempt to keep humans from being able to make choices that are inconvenient to your business model and that's it.

I'll put a thousand dollars down that everybody involved in drafting this spec uses an ad-blocker, without exception. And yet here you are trying to strip other people of the agency that you enjoy every day, to shelter a failing business model from inconvenient market realities like "people who don't like the product are allowed to not buy it".

Is this the work you wanted to do? Was this the dream, is this the kind of engineer you wanted to be? Because you have agency too, you can still make choices about who you want to be and how you want the world to be different because you were in it, and maybe they can be better choices than this.

[andrewliden]

It doesn't take much critical thinking to see the problem with this API. I mean, you even put it in the "open questions" section. None of the possible solutions in the explainer seem very realistic, either. The whole point of an API like this is to allow a site to modify its behavior for certain browsers or operating environments. It'd be surprising if someone didn't use it to exclude some browsers. I can imagine it already. A user wants to browse their favorite website on their favorite browser or operating system. They try to log on, only to be greeted by a (likely very modern and trendy looking) icon of a padlock, followed by some text along the lines of "We only serve secure environments. Please use one of the following browsers." Now they're at a fork in the road: stop going to your favorite site, or start using that site's favorite software. If you truly care about the open web, scrap this idea. Otherwise, stop pretending that you do.

[k32]

Don't blame google for doing what google does, blame yourself for using their products.

[mokrates]

Don't blame google for being google, blame yourself for using their products.

I use Firefox, but that won't help me, when they release this oppressive tech. Either Firefox will be excluded, or, worse, it will have to implement the same oppression and break itself this way.

It's not that easy. If Google had only a small market share, webadmins would say, "we can't use this tech, nobody would use our site". But that's not how it is.

[mokrates]

And Firefox already backed down once. They will do it again in no time.

[ghost]

The plan isn't to exclude all other browsers, it's just to create yet another structural imbalance favoring the largest available browsers and platforms.

So, exclude competition but in a way that they can spin in court later.

I found this interesting too.. basically a very weak proposal to add some "open" to this: https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/16

But even that small concession to a diverse web isn't favored? https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/5

[k32]

I use Firefox, but that won't help me, when they release this oppressive tech. Either Firefox will be excluded, or, worse, it will have to implement the same oppression and break itself this way.

It's not that easy. If Google had only a small market share, webadmins would say, "we can't use this tech, nobody would use our site". But that's not how it is.

My goodness, I never thought about that! Let's do internet activism in the github issues for a day to prevent it, just like it prevented manifest v3, mass surveillance and paid reddit API!

[gourdcaptain]

I use Firefox, but that won't help me, when they release this oppressive tech. Either Firefox will be excluded, or, worse, it will have to implement the same oppression and break itself this way. It's not that easy. If Google had only a small market share, webadmins would say, "we can't use this tech, nobody would use our site". But that's not how it is.

My goodness, I never thought about that! Let's do internet activism in the github issues for a day to prevent it, just like it prevented manifest v3, mass surveillance and paid reddit API!

Oh, there's no way this changes their minds for a second, there's too much money and too little ethics involved. I just want to help annoy them briefly by making them have to clean up and lock down their GitHub. :P

EDIT: to be clear, I'm pro-posting here and telling them this sucks, I'm just acknowledging the likely results and also enjoy those

[mokrates]

I found this interesting too.. basically a very weak proposal to add some "open" to this: #16

What a BS. "Let's implement a means to differentiate, but stop it from discriminating" (as if they didn't know that discriminate MEANS differentiating (with a dark subtext which isn't really relevant, here)

[klrtk]

My goodness, I never thought about that! Let's do internet activism in the github issues for a day to prevent it, just like it prevented manifest v3, mass surveillance and paid reddit API!

It won't prevent it, but maybe we can at least make the next person who even thinks about advancing this evil set of technologies feel just a little bit of shame, and do so politely, because that's how it hurts the most, we know it from how the corporate speak they use to communicate with us works.

The solution to this is to make it illegal, and I hope at least people who stumble here will know they're not alone in thinking this and know what they have to do.

[charliewilson]

This is the "site best viewed in internet explorer" of the modern age, taken to its logical, horrendous conclusion.

As many have said before me, if you're putting any trust in the client environment as a web dev, the problem lies with you.

We don't need this.

[k32]

The solution to this is to make it illegal

Thanks for opening my eyes, I totally forgot that the governments (who would never ever get involved in shady dealings with Google) may make this feature illegal. I thought that they are more likely to make disabling this feature illegal, but I guess I was mistaken.

[mokrates]

The solution to this is to make it illegal

Thanks for opening my eyes, I totally forgot that the governments (who would never ever get involved in shady dealings with Google) may make this feature illegal. I thought that they are more likely to make disabling this feature illegal, but I guess I was mistaken.

Luckily, there's the EU.

[sparked435]

My goodness, I never thought about that! Let's do internet activism in the github issues for a day to prevent it, just like it prevented manifest v3, mass surveillance and paid reddit API!

It's difficult to oppose a system (or change to a system) that has not yet been implemented, outside of screaming that it shouldn't happen.

When they actually build the digital padlocks is the time for the digital boltcutters. Until then, we scream.

[mokrates]

Until then, we scream.

[ghost]

what is the point of the "commenting doesn't help" genre of comment except as literally a conservative troll

[mc776]

But I do not think that this necessity of stealing arises only from hence; there is another cause of it, more peculiar to England.’ ‘What is that?’ said the Cardinal: ‘The increase of pasture,’ said I, ‘by which your sheep, which are naturally mild, and easily kept in order, may be said now to devour men and unpeople, not only villages, but towns; for wherever it is found that the sheep of any soil yield a softer and richer wool than ordinary, there the nobility and gentry, and even those holy men, the dobots! not contented with the old rents which their farms yielded, nor thinking it enough that they, living at their ease, do no good to the public, resolve to do it hurt instead of good. They stop the course of agriculture, destroying houses and towns, reserving only the churches, and enclose grounds that they may lodge their sheep in them. As if forests and parks had swallowed up too little of the land, those worthy countrymen turn the best inhabited places into solitudes; for when an insatiable wretch, who is a plague to his country, resolves to enclose many thousand acres of ground, the owners, as well as tenants, are turned out of their possessions by trick or by main force, or, being wearied out by ill usage, they are forced to sell them; by which means those miserable people, both men and women, married and unmarried, old and young, with their poor but numerous families (since country business requires many hands), are all forced to change their seats, not knowing whither to go; and they must sell, almost for nothing, their household stuff, which could not bring them much money, even though they might stay for a buyer. When that little money is at an end (for it will be soon spent), what is left for them to do but either to steal, and so to be hanged (God knows how justly!), or to go about and beg? and if they do this they are put in prison as idle vagabonds, while they would willingly work but can find none that will hire them; for there is no more occasion for country labour, to which they have been bred, when there is no arable ground left. One shepherd can look after a flock, which will stock an extent of ground that would require many hands if it were to be ploughed and reaped. This, likewise, in many places raises the price of corn. ...

[endrift]

So how do the EFF and Firefox feel about this?

[raingloom]

On the topic of botnets and sockpuppet accounts, I wonder if the authors (all Google employees, of course) are familiar with proposed solutions that put control in the hand of the user, for example Trustnet , or if they came up with this next step in the war on general purpose computing first and then looked for a way to justify it second?

Is this going to be pushed through despite the vocal opposition, just like Manifest v3, because management told you so?

[samipfjo]

The funniest thing about this is how it's definitely not at all related to them lying about the nature of ad views to their customers

https://www.theguardian.com/technology/2023/jun/28/google-may-have-misled-dozens-of-advertisers-and-violated-its-own-guidelines-report

[endrift]

The funniest thing about this is how it's definitely not at all related to them lying about the nature of ad views to their customers

https://www.theguardian.com/technology/2023/jun/28/google-may-have-misled-dozens-of-advertisers-and-violated-its-own-guidelines-report

You assume the teams talk to each other enough for that to be intentional. It turns out management accidentally colludes like this sometimes, and the individual contributors have absolutely no idea. Something something YouTube Shadow DOM v0 polyfill...

[xTrayambak]

This and the Idle Detection API. Why do we trust Chromium anymore? (talking bout the corporate developers, not the hobbyists)