Hey everyone, thank you for your patience, and thank you to everyone who engaged constructively. It is clear based on the feedback we’ve received that a bigger discussion needs to take place, and I’m not sure my personal repository is the best place to do that - we are looking for a better forum and will update when we have found one. We want to continue the discussion and collaborate to address your core concerns in an improved explainer.

I want to be transparent about the perceived silence from my end. In the W3C process it is common for individuals to put forth early proposals for new web standards, and host them in a team member’s personal repository while pursuing adoption within a standards body. My first impulse was to jump in with more information as soon as possible - but our team wanted to take in all the feedback, and be thorough in our response.

That being said, I did want to take a moment to clarify the problems our team is trying to solve that exist on the web today and point out key details of this early stage proposal that may have been missed.

WEI’s goal is to make the web more private and safe The WEI experiment is part of a larger goal to keep the web safe and open while discouraging cross-site tracking and lessening the reliance on fingerprinting for combating fraud and abuse. Fraud detection and mitigation techniques often rely heavily on analyzing unique client behavior over time for anomalies, which involves large collection of client data from both human users and suspected automated clients.

Privacy features like user-agent reduction, IP reduction, preventing cross-site storage, and fingerprint randomization make it more difficult to distinguish or reidentify individual clients, which is great for privacy, but makes fighting fraud more difficult. This matters to users because making the web more private without providing new APIs to developers could lead to websites adding more:

sign-in gates to access basic content invasive user fingerprinting, which is less transparent to users and more difficult to control excessive challenges (SMS verification, captchas) All of these options are detrimental to a user’s web browsing experience, either by increasing browsing friction or significantly reducing privacy.

We believe this is a tough problem to solve, but a very important one that we will continue to work on. We will continue to design, discuss, and debate in public.

WEI is not designed to single out browsers or extensions Our intention for web environment integrity is to provide browsers with an alternative to the above checks and make it easier for users to block invasive fingerprinting without breaking safety mechanisms. The objective of WEI is to provide a signal that a device can be trusted, not to share data or signals about the browser on the device.

Maintaining users’ access to an open web on all platforms is a critical aspect of the proposal. It is an explicit goal that user agents can browse the web without this proposal, which means we want the user to remain free to modify their browser, install extensions, use Dev tools, and importantly, continue to use accessibility features.

WEI prevents ecosystem lock-in through hold-backs We had proposed a hold-back to prevent lock-in at the platform level. Essentially, some percentage of the time, say 5% or 10%, the WEI attestation would intentionally be omitted, and would look the same as if the user opted-out of WEI or the device is not supported.

This is designed to prevent WEI from becoming “DRM for the web”. Any sites that attempted to restrict browser access based on WEI signals alone would have also restricted access to a significant enough proportion of attestable devices to disincentivize this behavior.

Additionally, and this could be clarified in the explainer more, WEI is an opportunity for developers to use hardware-backed attestation as alternatives to captchas and other privacy-invasive integrity checks.

WEI does not disadvantage browsers that spoof their identity The hold-back and the lack of browser identification in the response provides cover to browsers that spoof their user agents that might otherwise be treated differently by sites. This also includes custom forks of Chromium that web developers create.

Let’s work together on finding the right path We acknowledge facilitating an ecosystem that is open, private, and safe at the same time is a difficult problem, especially when working on the scale and complexity of the web. We welcome collaboration on a solution for scaled anti-abuse that respects user privacy, while maintaining the open nature of the web.

  • superfes@beehaw.org
    link
    fedilink
    arrow-up
    98
    ·
    edit-2
    1 year ago

    Hardware backed attestation isn’t about security or privacy, if you can’t pass SafetyNet on your Android device you can’t install certain apps, but even with stock software and passing SafetyNet you can still install malware direct from the App Store, it’s about vendor lock in, always has been.

    Edit: Clarified my point.

  • !ozoned@lemmy.world@beehaw.org
    link
    fedilink
    arrow-up
    93
    ·
    edit-2
    1 year ago

    This is the part that caught my attention:

    Privacy features like user-agent reduction, IP reduction, preventing cross-site storage, and fingerprint randomization make it more difficult to distinguish or reidentify individual clients, which is great for privacy, but makes fighting fraud more difficult.

    And we do those things, not because we’re fraudsters, but because we’re trying to protect ourselves from the likez of YOU!

    YOU did this, change your model and maybe it’ll be better? Oh! But! Mooooooooney! I forgot. Stupid me.

    This is the fucking bully telling the nerd that if he doesn’t just HAND OVER his lunch money, that he’ll get beat. It’s YOUR fault! Not OURS!

    Edit: Formatting and added about bully

    Edit 2: fixing the formatting of the formatting edit. :-D lol

  • Melody Fwygon@lemmy.one
    link
    fedilink
    arrow-up
    54
    ·
    1 year ago

    WEI’s goal is to make the web more private and safe

    Bull. Fucking. Shit. You do not get to pick and choose who you treat differently based on software level indications. You absolutely cannot justify this technology with fraud-prevention; as your fraud prevention should be baked in elsewhere in your logic chain and service delivery anyways. Developers do not need yet another magic number. Your typical fraudster is going to be an Authenticated Human anyways; and will easily bypass this attestation if this is actually implemented as intended. Because of that fact; this will drive desperate developers to implement this in consumer-hostile and privacy-hostile manners. You cannot simply say “That’s not how it’s intended to be used” and expect those devs to play along with it!

    TL;DR: We must not give developers tools that can be abused in ways that run counter to the open internet

    WEI is not designed to single out browsers or extensions

    Wrong!

    You absolutely ARE singling out browsers; particularly ones that may be older or “Un-attestable” for other arbitrary reasons. This will impact a large number of people in the disabled community who may use specific, webpage modifying extensions in order to make the web more usable for themselves.

    WEI prevents ecosystem lock-in through hold-backs

    This won’t work; your devs will just write other server backend code that is forked off of yours that won’t “hold back”. This is a ridiculously tiny band-aid for a gaping wound that needs stitches;

    WEI does not disadvantage browsers that spoof their identity

    Wrong again! You cannot trust developers and companies with financial motivations and interests to not mark spoofed browsers as fraudulent; nor can you obligate them to treat them exactly the same as a properly attested browser agent.

    Let’s work together on finding the right path

    This proposal is not working together! This is a blatant attempt by Google and Alphabet to further bully it’s dominance over standards for the financial gain of itself and it’s partners. Please don’t pretend otherwise.

    • badarmor@beehaw.org
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      making the web more private without providing new APIs to developers could lead to… significantly reducing privacy.

      Lol

    • Zyansheep@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      your devs will just write other server backend code that is forked off of yours that won’t “hold back”.

      Isn’t it the client (i.e. the browser) that holds back randomly? The server for any service can’t force clients to send an attestation.

  • Butterbee (She/Her)@beehaw.org
    link
    fedilink
    arrow-up
    36
    ·
    1 year ago

    “Privacy features like user-agent reduction, IP reduction, preventing cross-site storage, and fingerprint randomization make it more difficult to distinguish or reidentify individual clients, which is great for privacy, but makes fighting fraud more difficult. This matters to users because making the web more private without providing new APIs to developers could lead to websites adding more:”

    Ohhh it’s fighting fraud that they want to do! And here I thought it was entirely for the much more profitable goal of maintaining advertising revenue. Well, I’m SO GLAD to be wrong on that one. Slash S.

    • that_one_guy@beehaw.org
      link
      fedilink
      arrow-up
      31
      ·
      1 year ago

      When we all started using Chrome to get away from Microsoft’s web stewardship that arose from everyone using IE.

    • FlickOfTheBean@beehaw.org
      link
      fedilink
      arrow-up
      14
      ·
      1 year ago

      Probably when “I use ie to download chrome” became a mainstream meme.

      Unfortunately this is a money-ocracy (data-exploitation-ocracy), not a democracy.

        • lloram239@feddit.de
          link
          fedilink
          arrow-up
          11
          ·
          1 year ago

          Chrome was way faster than anything else out there. Back when Chrome was new, Firefox would regularly freeze the whole browser when one Tab got a little busy. Chrome fixed that by using multi processes for the Tabs and Firefox took years to catch up. Only recently everybody is more or less on the same level again, but that’s largely because everybody outside of Firefox is just a repackaged Chrome.

        • FlickOfTheBean@beehaw.org
          link
          fedilink
          arrow-up
          7
          ·
          1 year ago

          I do web dev and I can say I was super guilty of this back in the 2010s. I bit the hype hard, and now we’re getting right back to the circumstances that made ie such a POS to work with. (In my defense, I got my dev job in 2013 and had to develop for ie6. It’s not a good defense, but I think that really lead to my overhype for google. I had no knowledge of chrome’s bloated whale carcass days, so it always felt like the browser that “just worked ™”)

          Market monopoly inspires evil in the good intentioned. Market monopoly also inspires nefariousness in the evil.

          I’d say this is the sort of thing that inspired Google to remove the “don’t be evil” from their guidelines.

          • StudioLE@programming.dev
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            You must mean ie7, surely?

            I was developing for ie6 back in 2010 and I considered those to be dark, dark times. I can’t believe it hung on for another 3 years?

            • FlickOfTheBean@beehaw.org
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              We had some demanding clients lol

              I remember having to use pie.htc to hack rounded corners for buttons into ie6. I remember liking ie7 a little bit better, but ie8 felt like a god send compared to 6 lmao

              I recall having to support multiple versions of ie as well at the same time as well. I can’t remember what year we dropped support for ie6 but it wasn’t too long after I started.

              I danced every time we got to drop another ie support version all the way up to 11

  • DarthYoshiBoy@kbin.social
    link
    fedilink
    arrow-up
    36
    ·
    1 year ago

    The objective of WEI is to provide a signal that a device can be trusted

    This is exactly the opposite of everything anyone would learn in CompSci 101.

    NEVER TRUST THE CLIENT. CLIENTS CANNOT BE TRUSTED. CLIENTS ARE NOT SANE. THAR BE DRAGONS THERE. (Maybe that last one is pirate treasure maps, but I think it holds.)

    Anyone who is buying this guy’s argument that they’re trying to make it so you can trust clients, should immediately be removed from any computers they are in possession of and be “invited” by men in black suits to go live on a nice agrarian farm where the only computer available is an air-gapped Tandy TRS-80 MC-10. They can rejoin humanity when they’ve relearned the lessons of the last 40 years and understand why this is just patently insane.

    • Bowen@beehaw.org
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Anyone who’s played an online game in the past 30+ years knows that nothing is secure on a client machine. You have to rotate offsets and encryption keys constantly, and even then you buy yourself a few days at the most. You’d think google would have actual good engineers, what are they paying all that money for?

  • Goronmon@kbin.social
    link
    fedilink
    arrow-up
    33
    ·
    1 year ago

    WEI prevents ecosystem lock-in through hold-backs
    We had proposed a hold-back to prevent lock-in at the platform level. Essentially, some percentage of the time, say 5% or 10%, the WEI attestation would intentionally be omitted, and would look the same as if the user opted-out of WEI or the device is not supported.

    This is designed to prevent WEI from becoming “DRM for the web”.

    At least this acknowledges that this proposal would in fact be “DRM for the web” if the only thing from preventing it from being that is an additional measure unrelated to the core implementation.

    Not to mention, what prevents a future release of the feature either turning the percentage to 0% or removing the hold-back entirely?

    • Zyansheep@lemmy.ml
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      Not to mention, what prevents a future release of the feature either turning the percentage to 0% or removing the hold-back entirely?

      Imo thats like the main issue here. Google tweaks chromium changing a single number and everything goes to shit. This proposal is a trojan horse!

  • millie@beehaw.org
    link
    fedilink
    arrow-up
    24
    ·
    edit-2
    1 year ago

    You know who the least trusted party is here? Not privacy-focused users, not even malicious users and bots. You are the least trusted party here. The greatest point of security vulnerability is giving greater control of what does and doesn’t get seen to a company that’s proven itself to be a bad actor.

    Megacorps that feed on our data are the danger. Not just to network security, but to humanity. We don’t want or need you limiting our access to information and to one another so that you can further lock down your pilfering of our personal data and your force-feeding of ads and toxic cultural forces.

    The abuse of this responsibility has already caused untold damage to our individual lives, the functioning of our societies, and our actual planet itself. It’s led to the mass promotion of some of the worst ideas in human history, and the diminishment of good will, social cohesion, and personal autonomy. The last thing we need is more overreach.

    Leave the internet alone. Go make a game or something.

    • ConsciousCode@beehaw.org
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Their response sounds genuine, I think it’s more a matter of myopic optimism taken advantage of by the broader company. They don’t have to be explicitly evil if their otherwise moral employees trust the corporate apparatus to not abuse powers granted to them in the name of security.

  • HaiZhung@feddit.de
    link
    fedilink
    arrow-up
    17
    ·
    edit-2
    1 year ago

    Well, looking at these comments, one thing is clear: the discussion is not going to happen here. I don’t think there was even one comment of substance, which is unfortunate, since the explainer in OP reads sincere to me.

    Maybe instead of jumping on the „google bad“ bandwagon, it would be helpful if people point out the specific issues that they are seeing with this.

    As it stands, we might just take literally any commit to chromium and paste the same comments below it.

    Edit: since posting this, the comments have considerably improved, I love some of the discussion. Thanks!

    • argv_minus_one@beehaw.org
      link
      fedilink
      arrow-up
      19
      ·
      edit-2
      1 year ago

      Here’s a specific issue: this will obliterate all browsers other than Chrome and Safari. There will be no meaningful competition, because websites will block competing browsers as untrusted. No more Firefox, no more Brave, no more Vivaldi, no more self-built Chromium. Use the official build or be shown the door.

      This is “embrace, extend, extinguish” for the web, and it’s terrifying because of how many things require the use of the web. Some banks don’t even have physical branches any more; you’ll have to use Chrome or lose your account.

      • HaiZhung@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        As pointed out in another comment, the proposal explicitly states that web sites have to function without this feature; and chrome itself will keep it disabled for a random 5% of users.

        • argv_minus_one@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Obviously they’re not actually going to implement it that way. Remote attestation is useless unless strictly enforced.

    • Pleonasm@programming.dev
      link
      fedilink
      arrow-up
      16
      ·
      1 year ago

      Seeing as you’re having such trouble with people’s reactions to this, maybe you should be the one in this thread to point out the specific reasons why individuals should be in favour of this.

      • HaiZhung@feddit.de
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        I wouldn’t necessarily agree with that. If you are outraged by something, I think it’s unrealistic to expect other people to explain to you why there is nothing to be outraged about. Otherwise you might as well just walk through life outraged by anything.

        Rather, it is your responsibility to take a deep breath and ask yourself, what is it really you are concerned about? And if you deem that serious enough, convince others.

        • millie@beehaw.org
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          It’s just that with your current participation in the thread, you’re indistinguishable from a bad actor planted by Google to try to distract from the topic and make those who don’t understand what’s actually being said here think everyone else is being unreasonable. The people here are explaining what they don’t like about this, which you’re actively obfuscating.

          Curious.

          • HaiZhung@feddit.de
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Wouldn’t it be boring if everyone just agreed on everything? :-)

            Don’t get me wrong, I am the first one to criticize Google when they mess up, but recently I have observed that piling on Google is just appears to be en vogue. I think it is important to understand what you are criticizing/outraged by, otherwise you are letting yourself be manipulated somewhat too easily.

            I, for instance, don’t fully penetrate the WEI proposal, I admit. All the more I am befuddled by the overwhelming news cycle this generates, and I can’t help but wonder … why?

            Anyway, when I wrote the top level comment, all other comments were just “suck it google” in various flavors, and I was disappointed by the lack of depth in the discussion.

            In the meantime, this has changed, see my edit.

        • Pleonasm@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Your advice is applicable to your own original comment, so it seems you do agree with what I said, at least to some degree.

          Anyway, in the interests of constructive discussion, let me ask you specifically. Do you think this WEI proposal is good for and why? Does the proposal mention at all what the downsides of this feature might be, or how it could be abused? Is it proposed in such a way that the dominant implementors can’t deviate later from the terms suggested in the proposal?

          • HaiZhung@feddit.de
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            I do not see how my advice applies to my own comment. To me, this proposal is exactly like all other proposals, I don’t really think about it at all, and I don’t have the context or the background knowledge to judge its usefulness.

            But okay, if I try to understand it: this seems to be an attempt at stopping the cat-and-mouse game between browser fingerprinting tech and browser obfuscation tech, and instead make it - optionally - possible to identify yourself as a „real“ user. You can opt out, and I sincerely doubt that Google would lock out users that will opt out or use another browser. Why? Because they would be leaving free ad money on the table, and they don’t do that.

            So I don’t really see how that changes the ways of the internet, since fingerprinting is being done already, so, I guess, I don’t really care for this proposal one way or the other.

    • ModularTable@beehaw.org
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      The explainer may be sincere; however, it is clear that privacy and an open web are not in Google’s interests. They contradict that sentiment in the explainer entirely. There’s 0 reason for any one to give them the benefit of the doubt.

      • HaiZhung@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        From what I can tell, out of all the big tech firms, Google goes to the greatest lengths preserving your privacy. You can even go to your profile settings right now and delete all your data. This was possible even before GDPR, so I am not sure how you get this picture.

  • DarthYoshiBoy@kbin.social
    link
    fedilink
    arrow-up
    16
    ·
    1 year ago

    Any sites that attempted to restrict browser access based on WEI signals alone would have also restricted access to a significant enough proportion of attestable devices to disincentivize this behavior.

    If it’s actually a “significant enough proportion of attestable devices to disincentivize this behavior” why would anyone want to rely on this mechanism? I have a means to check if a device should be trusted, but it fails enough of the time that I shouldn’t depend on it… Why would I ever depend on it? What use case allows for an expected 10% failure rate?

  • CyberCatBytes@kbin.social
    link
    fedilink
    arrow-up
    15
    ·
    edit-2
    1 year ago

    “The WEI experiment is part of a larger goal to keep the web safe and open” I’m guessing the openness they’re referring to doesn’t apply to everyone given that their proposal would likely negatively affect assistive technologies a lot of disabled people rely on? Haven’t seen them address that

    • CapedStanker@beehaw.org
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      disabled people? bro, you think middle managers give a fuck about disabled people? what are you? compassionate?