Google had said a lot of things during the years. Lying is second nature. As soon as there is a possibility to increase revenue, get on the good side of advertisers, or decrease competition, they will.

You have to understand that they are working under capitalism, where the only thing that matters is to grow your profits every year, or your stocks tank.

They are there for profits, and don’t care at all about the internets health or wellbeing. Maybe some employees do but it doesn’t matter. They don’t decide what to work on.

Google wants the internet sites to be like cable TV. You subscribe to them, you can’t block ads, and you have to run their allowed operating systems and devices. They make all the rules. You can do nothing.

This is classic Google/corporate strategy - make it “digestable” to the most vocal public and address the concerns on the surface, then slowly erode, lock in and enshittify. Look at what’s happened to Gtalk/Hangouts for instance - everyone using other XMPP clients eventually switched to Gtalk since it was an open protocol and they could also continue using their existing clients, but after some time Google locked them in, then completely killed XMPP, then completely killed Hangouts.

It may subjectively look like Google is trying to address concerns around Web Integrity and sure, initial iterations may all be harmless and won’t break anything, but I’m 100% willing to bet that as people put their pitchforks down and Web Integrity all but fades away from public memory, they’ll start to lock you in with more and more DRM-like features, more and more websites will start to adopt it, until one day, you suddenly look back and realize you’ve been had, and how shitty the web has become - but by that point, it’s too late to change anything.

We need to nip this in the bud, before it even takes off. It goes grossly against the open web envisioned by Sir Tim Berners-Lee, regardless of its “good” intentions.

WEI code is already being merged while Google is trying the “finding a suitable forum” tactics. If it’s truely for open web’s benefit, why the rush?

Unless Google are planning to completely lock the browser down to prevent user scripting and all extensions

Ding ding ding!

deleted by creator

leave some of that boot for others

I guess you missed the part about being able to “validate” plugins, entire operating systems, dns resolving etc.

I don’t care about Googles financial problems. I don’t use their services. They can close down YouTube if they don’t have enough paying customers. Same with Google search. Bye Google. And the internet is suddenly a much better place.

Dear madam/sir

I dont trust googel. take me seriously.

yours, Willer

Dense US citizen here. Eli5 how I should explain “just trust us not to abuse collection of all your data or else get locked out of the world wide web” applies to antitrust laws for the FTC?

I’m genuinely wanting to submit an email complaint/report. I understand that WEI protects nothing, but risks your data with all the sites you visit, all in an effort just to block possibly unprofitable users – but I’m not sure how to tie in and word the Breaks Antitrust Laws part.

Thank for your time to post these links.

I think there’s some non-symbolic effort going on in ungoogled-chromium.

That PR doesn’t appear to make any sense. It modifies an include rule, so at best it would make Android Webview fail to compile.

I don’t think filling Google repositories with complaints and well-intentioned, but garbage issues/pull requests. At best they’ll just delete them occasionally and at worst work less in the open, changing permissions on repositories, doing discussions more in internal tools.

What you can do is support alternative browsers, get other people to use them too and notify news as well as your local politicians about such problems. Maybe join organizations on protecting privacy or computer clubs (in Germany, support e.g. Netzpolitik.org and CCC).

Maybe acknowledge what the in-principle good things about WEI would be and support alternative means of achieving them. This proposal uses good things like less reliance on captchas and tracking, a simple to use API to enable a huge potential for abuse and power grab. Alternatives might be a privacy pass, as mentioned by WebKit https://github.com/WebKit/standards-positions/issues/234

This is actually in correct. They do care about it because they are going to enforce a standard. Which means they will be able to force ads to be displayed. Ads is Google’s main revenue source.

On mobile web in iOS browsers, they’ll just do the old “install our app to continue” move.

I think with the possibility of sidloading apps, Apple in Eu will have Firefox

Vote with your wallet. Corporations only understand money. If users leave because they are not getting what they want, they’ll get what they want.

I wish they’d have grown a pair and outright said “we’re forbidding ad blockers in Chrome, come at us”. I bet there’d be less controversy. This WEI thing just makes them look like sniveling weasels.

From their point of view, blocking ads probably equals fraud.

Me too, there is hope!

Fixed - thank you.

This is much much more than just ad blocking. The mechanism is so generic that it can be used to lock out users for whatever reason. If the “attester” doesn’t provide the requested proof then you’re just shit outa luck. We should not hand such a power to anyone, let alone big for-profit companies.

As other have pointed out, it goes way beyond ad-blocking. It’s a complete reversal of the trust model, and is basically DRM for your OS:
Right now, websites assume rightfully that clients can’t be trusted. Any security measure happens on the server side, with the rationale that the user has control over the client and you as a dev control the server. If your security is worth two cents, you secure server side. This change propose to extend vendor power, by defining a set of rule about what they deem acceptable as a client app, and enforcing it through a token system. It gives way too much power to the vendor, who gets to dictate what you can do on your machine.
We actually have a live experience of how that could go down with safetynet on android. Instead of doubling down on the biggest security issue there (OEM that refuses to support their software for more than 1 or 2 year after release which, quite frankly, should be universally considered as unacceptable), google decided that OEMs should be allowed way more trust than the user. Therefore modifying your own OS in any way, even if it’s ripe with security flaws to begin with and you’re just trying to fix that, breaks safetynet. If you break safetynet, “critical apps” like banking apps stop working altogether.
The worst part is that there are ways to circonvent safetynet breakage, because in the end, if DRM taught us anything, it is that if you control the client and know your way around, with enough work you can do pretty much anything you want with it. So bad actors are certainly not kept at bay, you just unjustly annoy people with legitmate usecases or even just experimenting with their hardware because in the end, you consider that your user are at best dumb security flaws, at worst huge cash machine, often both at the same time.

Basically the website will just not render if the browser does not have a proper credential, or if the ad’s are blocked. He’ll they could also block Linux OS clients from accessing these same websites.

Only browsers blessed by a single company can view the entire web. Not exactly a feature of the free and open web.

Their proposal is that, when you visit a website using WEI, it doesn’t let you see it right away. Instead, it first asks a third party if you’re “legit”, as opposed to maybe a bot or something.

The problem is, it would be really tricky to tell if you’re “legit”, because people get very, very tricky and clever with their bots (not to mention things like content farms, which aren’t even bots, they’re real humans, just doing the same job as a bot would). So, in order to try to do their jobs at all, these kind of third parties would have to try to find out a whole bunch of stuff about you.

Now, websites already try to do that, but for now the arms race is actually on our side; the end user has more or less full control over what code a website can run on their browser (which is how extensions like u-block and privacy badger work).

But if the end user could just block data collection, the third-party is back to square one. How can they possibly verify (“attest”) that you aren’t sus, if you’re preventing all attempts at collecting data about yourself, or your device / operating system / browser / etc?

The answer is, they can’t. So, to do a proper attestation, they have to have a whole bunch of information about you. And if they can’t, they logically have no way of knowing if you’re a bot. And if that’s the case, when the third-party reports that back to the website you’re trying to visit, they’ll assume you’re a bot, and block you. Obviously.

That’s pretty much my understanding of the situation. In order to actually implement this proposal, it would require unprecedented invasive measures for data collection; and for people who try to block it, they might just end up being classified as “bots” and basically frozen out of major parts of the internet. Especially because, when you consider how people can essentially just use whatever hardware and software they want, it would be in these big companies’ interests to restrict consumer choice to only the hardware and software they deem acceptable. Basically, it’s a conflict of interest, especially because the one trying to push this on everyone is Google themselves.

Now, Google obviously denies all that. They assure us it won’t be used for invasive data collection, that people will be able to opt out without losing access to websites, that there won’t be any discrimination against anyone’s personal choice of browser/OS/device/etc.

But it’s bullshit. They’re lying. It’s that shrimple.

What people are rightfully scared of is that:

• Big websites will only accept attestations from big companies like Google, Apple, and Microsoft
• Google, Apple, and Microsoft will refuse to attest your browser if you have an adblocker installed, or if you are using a browser or operating system they don’t approve, or if you made modifications to your browser or your operating system etc.

While adblocking can be detected, you can block anti-adblock scripts, it’s sort of a weapons race. Depending on how deep an attestation goes, it might be extremely difficult to fight. Attestations might also be used to block more than just adblockers, for example using Firefox, or rooting/jailbreaking your phone, or installing an alternative OS might make your phone ineligible for attestations and thus locked out of a lot of the internet.

Lmao this would be hilarious

Absolutely. And build web sites where all browsers and operating systems are welcome.

I would support this

This is actually already implemented, see here.

Monopoly busting. Ecosystem lock-in. Right to repair. Software patent reform. Privacy and AI regulation.

What do lawmakers even do these days anyway?