Google's browser security plan slammed as dangerous, terrible, DRM for websites

Google's Web Environment Integrity (WEI) proposal, according to 1 of nan developers moving connected nan arguable fraud fighting project, intends to make nan web "more backstage and safe."

Ben Wiser, a package technologist astatine nan Chocolate Factory, responded connected Wednesday to serious concerns astir nan connection by insisting that WEI intends to reside online fraud and maltreatment without nan privateness harms enabled by browser fingerprinting and cross-site tracking.

"The WEI research is portion of a larger extremity to support nan web safe and unfastened while discouraging cross-site search and lessening nan reliance connected fingerprinting for combating fraud and abuse," he explained successful a GitHub Issues post.

The WEI research is portion of a larger extremity to support nan web safe and open

"Fraud discovery and mitigation techniques often trust heavy connected analyzing unsocial customer behaviour complete clip for anomalies, which involves ample postulation of customer information from some quality users and suspected automated clients."

WEI is an attestation scheme. It provides a measurement for a web patient to adhd codification to a website aliases app that checks pinch a trusted 3rd party, for illustration Google, to spot whether a visitor's package and hardware stack meets definite criteria to beryllium deemed authentic.

Technically speaking, attestation is conscionable a matter of transmitting a token pinch a worth – derived from as-yet-undisclosed hardware and package characteristics – that indicates whether aliases not nan customer is trustworthy. It's past up to nan website patient to determine really to respond to that signal.

In theory, if efficaciously implemented, WEI could let a web crippled patient to cheque whether crippled players are cheating done nan usage of unsanctioned hardware aliases software. Or it mightiness beryllium utilized by a contented patient to cheque whether ads are being displayed to existent visitors aliases fraudulent bots.

The interest is that WEI could perchance beryllium utilized to disallow advertisement blocking, to artifact definite browsers, to limit web scraping (still mostly legal, though often disallowed nether websites' terms-of-service), to exclude package for downloading YouTube videos aliases different content, and enforce different limitations connected different lawful web activities.

What WEI's attestation cheque really looks for has not been revealed. Nor is it evident from nan WEI code that has been added to nan Chromium unfastened root project. But Wisner insists, "WEI is not designed to azygous retired browsers aliases extensions" and is not designed to artifact browsers that spoof their identity.

However, nan intended usage of a exertion isn't needfully a limitation connected it being employed successful tricky caller ways.

Sounding nan alarm

Those successful nan method organization who person expressed siren astir nan connection reason that nan web should not beryllium brought nether a permission-based regime, wherever a 3rd statement renders judgement connected nan worthiness of users – without consultation, based connected opaque criteria.

The usage cases listed look very reasonable, nan solution projected is perfectly terrible

"The thought of it is arsenic elemental arsenic it is dangerous. It would supply websites pinch an API telling them whether nan browser and nan level it is moving connected that is presently successful usage is trusted by an charismatic 3rd statement (called an attester)," wrote Julien Picalausa, a package developer astatine browser shaper Vivaldi, successful a post connected Tuesday.

"The specifications are nebulous, but nan extremity seems to beryllium to forestall 'fake' interactions pinch websites of each kinds. While this seems for illustration a noble motivation, and nan usage cases listed look very reasonable, nan solution projected is perfectly unspeakable and has already been equated pinch DRM for websites, pinch each that it implies."

Dangerous though nan thought whitethorn be, attestation has already been implemented connected autochthonal platforms (Android and iOS) – immoderate would opportunity autocratic regimes compared to nan comparatively unfastened web.

• Google's adjacent large thought for browser information looks for illustration different state drawback to some
• Google asks websites to kindly not break its shiny caller targeted-advertising API
• Xiaomi emits telephone browser updates aft almighty statement complete web activity harvested moreover successful incognito mode
• How dodgy browser plugins, web scripts tin silently rewrite that URL you were astir to deed – and propulsion you into an net wormhole

But attestation has moreover made it to nan web. Tim Perry, creator of dev instrumentality HTTP Toolkit, noted successful a blog post connected Tuesday that Apple offers Private Access Tokens for its Safari browser. Network information patient Cloudflare uses Private Access Tokens arsenic a measurement to debar showing group CAPTCHA puzzles to beryllium that they're not robots.

Perry argues that Apple's strategy is little of a interest because Safari's marketplace stock (~20 percent of mobile and desktop browsers) is acold little than Chrome/Chromium (~70 percent of web clients). Nonetheless, he opposes attestation for being fundamentally anti-competitive.

"Fraud and bots connected nan web are a existent problem, and chat connected ways to take sides against that is wholly reasonable, and often very valuable!" Perry declared.

Removing each personification power complete their ain devices is not a reasonable tradeoff

"It's a difficult problem. That said, this has to beryllium cautiously balanced against nan wellness of nan web itself. Blocking competition, hamstringing unfastened root and nan unfastened web, and removing each personification power complete their ain devices is not a reasonable tradeoff."

Google considers Apple Private Access Tokens to beryllium excessively private. The WEI connection says, "due to nan afloat masked tokens, this exertion assumes that nan attester tin nutrient sustainable, high-quality attestation without immoderate feedback from websites astir gaps specified arsenic mendacious positives aliases mendacious negatives."

Apple's Private Access Tokens do not impact nan speech of instrumentality data betwixt nan instrumentality shaper (Apple, arsenic an attester) and Cloudflare. Google argues that masking token information successful this mode denies feedback from websites progressive successful nan attestation process that whitethorn beryllium capable to usage withheld instrumentality information to minimize incorrect spot verdicts.

In fact, Wiser suggests privateness improvements are what prompted WEI. "Privacy features for illustration user-agent reduction, IP reduction, preventing cross-site storage, and fingerprint randomization make it much difficult to separate aliases reidentify individual clients, which is awesome for privacy, but makes fighting fraud much difficult," he claimed.

The consequence of this, he argues, is that websites – wished to conflict fraud – person responded by expanding their usage of sign-in gates, invasive fingerprinting techniques, and intrusive challenges for illustration CAPTCHAs and SMS verification. Wiser argues these defenses make nan web acquisition worse.

"We judge this is simply a reliable problem to solve, but a very important 1 that we will proceed to activity on. We will proceed to design, discuss, and statement successful public," he said.

A basal flaw

Jon von Tetzchner, CEO of Vivaldi, told The Register successful an question and reply that while Google has yet to specify precisely what WEI will beryllium measuring to render spot verdicts, nan specifications don't really matter – nan full attack is flawed.

"A large portion of nan logic why location is simply a problem is nan surveillance economy," he explained, "and nan solution to nan surveillance system seems to beryllium much surveillance."

Von Tetzchner said that Google wants to cognize who is seeing its ads erstwhile it should, successful his opinion, attraction connected wherever its ads get shown – often connected web spam pages to beryllium viewed by bots progressive successful advertisement fraud.

The solution is to get distant from nan surveillance economy

He recalled erstwhile he was progressive pinch nan Opera browser and had to woody pinch Google Docs not moving connected nan browser. "When we started pinch Vivaldi, my reasoning was okay, we are utilizing Chromium, this is not going to beryllium a problem," he said.

But compatibility issues remained, he said, and Vivaldi had to hide its personality (spoof its default User-Agent string) to alteration users to entree celebrated Google services. And he's concerned WEI represents much of nan same.

Von Tetzchner argues that attestation is not nan due consequence to online fraud.

"I conscionable don't deliberation this is simply a solution," he said. "The solution is to get distant from nan surveillance economy. We've been trying to prohibition nan surveillance system and prohibition nan postulation of information and making profiles connected extremity users and utilizing it for advertisements. I really don't really spot immoderate logic why that should beryllium ineligible successful society.

"The surveillance system is highly toxic," he added. "It has created important issues for society. And I deliberation that nan evident point should beryllium to extremity utilizing nan technology. It doesn't make immoderate consciousness to usage it and location are different ways to do advertizing that activity conscionable arsenic well. But location is simply a batch of money for definite companies and they don't want to springiness up what they have." ®