Summary
- Google’s proposal, Web Environment Integrity (WEI), aims to send tamper-proof information about a user’s operating system and software to websites.
- The information sent would help reduce ad fraud and enhance security, but it also raises concerns about user autonomy and control over devices.
- The authors argue that implementing WEI could lead to websites blocking access for users not on approved systems and browsers.
- They express worries about companies gaining more control over users’ devices and the potential for abuse.
- The authors emphasize that users should have the final say over what information their devices share.
- Remote attestation tools, like WEI, might have their place in specific contexts but should not be implemented on the open web due to potential negative consequences.
- The authors advocate for preserving user autonomy and the openness of the web, emphasizing that users should be the ultimate decision-makers about their devices.
Joke:
Two pieces of string walk into a bar. The first piece of string asks for a drink. The bartender says, “Get lost. We don’t serve pieces of string.”
The second string ties a knot in his middle and messes up his ends. Then he orders a drink.
The bartender says, “Hey, you aren’t a piece of string, are you?” The piece of string says, “Not me! I’m a frayed knot.”
Your computer should say what you tell it to say - so if I want to spoof my browser and OS I can do that right? Right?
Yes. And you should be able to retain that ability.
The magic words are “user-agent header in http protocol”
Also the goal is not for everyone to spoof everyone else, but the goal is to not trust any information you are given by a browser. A good developer would always find ways to bypass any limits with that so it would be useless anyway.
Yes Theres browser extensions that do this. I tried one and didn’t work but then today tried chameleon and it worked for a site I need for work that only allows chrome.
That’s because they check your user agent.
This API aims to break those kinds of extensions, making it impossible to spoof a user agent or certain kind of machine.
If this comes live it won’t be so easy. Many operating systems will probably not allow to turn this garbage off or spoof it. Especially android.