Vivaldi talks about why and how the notorious 'Web Environment Integrity' as 'DRM in the web world' is dangerous, Apple products have already introduced a similar mechanism

Google is developing Web Environment Integrity (WEI) as a new web standard. WEI is a ``mechanism that authenticates that a trusted third party is a legitimate user,'' and the developer of the Vivaldi browser criticized it on its official blog as it drives unauthenticated people out of the web world.

Unpacking Google's new “dangerous” Web-Environment-Integrity specification

The following article explains in detail how WEI works.

Google employees propose a new web standard ``Web Environment Integrity'' to eliminate bots and modified browsers with certification by ``trusted third parties'' to create a ``healthy Internet''-GIGAZINE

WEI means that when a user accesses a site, it submits browser and platform data to a trusted third party to authenticate that it is a legitimate user. It is possible to determine and prevent mechanical access by bots, and to prevent cheating in web-based games using modified browsers.

Vivaldi criticized WEI, saying that 'despite its noble motives and seemingly sensible use cases, the proposed implementation is utterly awful, like DRM for the web.' Since the first example of use is ``guarantee that the person who saw or clicked the ad was really human'', Google does everything to strengthen the advertising platform rather than harming web users. It can be seen that there is an intention to exercise means. Despite the fact that WEI's explanatory document states 'the risk of excluding other browsers from the web world', the methods described as a solution are poor, and the actual solution is nothing. It is said that it is over without it.

Since the authenticating 'third party' can decide which browser to authenticate, the new browser must somehow win the trust of the third parties in order to be authenticated, and the WEI specification is introduced. There is also a problem that old browsers that do not are excluded from the web world.

The WEI document mentions Google Play on Android as an example of an authenticator, suggesting that platforms such as Google, Microsoft, and Apple will perform authentication. 'Google Chrome' developed by Google, Microsoft's 'Edge', and Apple's 'Safari' are likely to be considered reliable browsers, but for other browsers, 'whether you can access the web world' Whether or not the basic role of the browser can be fulfilled depends on the 'favor' of the platformers.

In addition, Vivaldi claims that there is also a problem with ``methods to prove that the person who accessed is really human''. The WEI document does not clarify this point, and the possibility of adopting a privacy-problematic method of ``submitting user behavior data to the authenticator'' and ``restricting automatic input by external tools'' It is stated that there is a possibility that a mechanism that sacrifices the convenience of the user will be adopted.

Browsers that are not WEI-certified are regarded as 'untrusted access' and may be denied access from many sites. You won't get it. If the website managed by Google cannot be used, it will be a 'death sentence' for the browser at that point. Also, if Google mandates the use of WEI to use advertising tools such as Google AdSense, there will be almost no sites that can be viewed with browsers that refuse WEI.

One hopeful aspect of this WEI case is that it is highly likely that the law of the EU, where Vivaldi is headquartered, does not allow a small number of companies to hold a large amount of rights. The point is that it can be given. However, the legislative and judicial processes tend to be slow, and until action is taken, WEI can have a large impact on small browsers and the open web itself.

Vivaldi said the only long-term solution is to put Google on a level playing field. Laws can help achieve this, but it's effective to cut the overwhelming browser market share that powers Google. 'We hope web users choose their browsers with this in mind,' the blog concludes.

In addition, Apple products have already introduced a mechanism similar to WEI '

Private Access Tokens ', but Apple's Safari has only 11% of the market share , so there is no enforcement force in the web world, and it has not become a problem. yeah.

in Note,   Software,   Web Application, Posted by log1d_ts