Summary

  • Google’s proposal, Web Environment Integrity (WEI), aims to send tamper-proof information about a user’s operating system and software to websites.
  • The information sent would help reduce ad fraud and enhance security, but it also raises concerns about user autonomy and control over devices.
  • The authors argue that implementing WEI could lead to websites blocking access for users not on approved systems and browsers.
  • They express worries about companies gaining more control over users’ devices and the potential for abuse.
  • The authors emphasize that users should have the final say over what information their devices share.
  • Remote attestation tools, like WEI, might have their place in specific contexts but should not be implemented on the open web due to potential negative consequences.
  • The authors advocate for preserving user autonomy and the openness of the web, emphasizing that users should be the ultimate decision-makers about their devices.

Joke:

Two pieces of string walk into a bar. The first piece of string asks for a drink. The bartender says, “Get lost. We don’t serve pieces of string.”

The second string ties a knot in his middle and messes up his ends. Then he orders a drink.

The bartender says, “Hey, you aren’t a piece of string, are you?” The piece of string says, “Not me! I’m a frayed knot.”

  • SyJ@lemmy.ml
    link
    fedilink
    English
    arrow-up
    39
    arrow-down
    1
    ·
    1 year ago

    Your computer should say what you tell it to say - so if I want to spoof my browser and OS I can do that right? Right?

    • hoshikarakitaridia
      link
      fedilink
      English
      arrow-up
      19
      ·
      1 year ago

      The magic words are “user-agent header in http protocol”

      Also the goal is not for everyone to spoof everyone else, but the goal is to not trust any information you are given by a browser. A good developer would always find ways to bypass any limits with that so it would be useless anyway.

    • HootinNHollerin
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      1 year ago

      Yes Theres browser extensions that do this. I tried one and didn’t work but then today tried chameleon and it worked for a site I need for work that only allows chrome.

      • EnglishMobster@kbin.social
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        That’s because they check your user agent.

        This API aims to break those kinds of extensions, making it impossible to spoof a user agent or certain kind of machine.

    • PlexSheep@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      If this comes live it won’t be so easy. Many operating systems will probably not allow to turn this garbage off or spoof it. Especially android.