Web-Environment-Integrity
use-cases
Web-Environment-Integrity | use-cases | |
---|---|---|
54 | 1 | |
536 | 5 | |
- | - | |
10.0 | 0.0 | |
6 months ago | 8 months ago | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Web-Environment-Integrity
-
Google apparently backs off on WEI
Repo has be archived - "NOTE: This proposal is no longer pursued."
https://github.com/RupertBenWiser/Web-Environment-Integrity
-
The boiling frog of digital freedom
[2] - https://github.com/RupertBenWiser/Web-Environment-Integrity/...
-
It's time we do a uno reverse to Web Integrity API
I think the best issue raised is: Why would I, as a user, want this?
https://github.com/RupertBenWiser/Web-Environment-Integrity/...
- Issues / Web-Environment-Integrity
-
EFF denounces Google's WEI proposal
There were proposals for protecting against this in the WEI explainer under "Open Questions" https://github.com/RupertBenWiser/Web-Environment-Integrity/...
-
Web Environment Integrity: Google strikes again
The Web Environment Integrity is yet another Google proposal for making the web worse for everyone but them.
-
Google’s Plan to DRM the Web Goes Against Everything Google Once Stood For
Point me to anything which would give websites access to that information via WEI. There is nothing. I have seen nothing except FUD. Aside from that, this only attests for the device. Ad-blockers can be external. This does nothing for external ad-blockers.
Explicit non-goals for WEI:
"Enforce or interfere with browser functionality, including plugins and extensions."
https://github.com/RupertBenWiser/Web-Environment-Integrity/...
-
With merge of this pull request, Brave Browser disables WebEnvironmentIntegrity
That also applies to Javascript, or being forced to use some form of an up-to-date browser. What is different with WEI?
I didn't see many people debating the actual text of the WEI explainer[0] on the HN posts about WEI, and that's probably because they were links to articles about WEI. The HN post for the explainer with the most upvotes only has 89[1], likely because most of HN treats the upvote as "I agree/like this" instead of "boost this topic for discussion".
0: https://github.com/RupertBenWiser/Web-Environment-Integrity/...
1: https://news.ycombinator.com/item?id=36785516
-
Adtech is built on a privacy fault line
> If you don't want my browser to render content as it sees fit, don't serve the content over a protocol where that dynamic is inherent.
to play the devil's advocate, this is why google proposed the WEI (https://github.com/RupertBenWiser/Web-Environment-Integrity/...). Be careful what you wish for...
-
The Right to Lie and Google’s “Web Environment Integrity”
https://github.com/RupertBenWiser/Web-Environment-Integrity/...
I stopped reading after the explainer’s intro section. The first example is making it easier for websites to sell adds (lmao) and the other 3 are extremely questionable whether if the proposed remedy even helps. And it’s presented as a benevolent alternative to browser fingerprinting, as if we must choose between these two awful choices. It’s an absolute joke of a proposal.
use-cases
-
Google Chrome Proposal – Web Environment Integrity
These proposals appear to be coming from the W3C Anti-Fraud Community Group. They haven't identified even a single use case[1] of the technologies they're trying to push onto the world being misused and abused. Use cases and their naivety appear to be largely copied from the OWASP Automated Threats to Web Applications[2].
There are no use case about these technologies being used by a dystopian country. No use case about enabling anti-competitive practices from incumbent companies. Seemingly little to no care or attempts to balance the longer term strategic impacts of these technologies on society, such as loss of innovation or greater fragility due to increased centralisation/monopolisation of technology. No cost-benefit analysis or historical analysis for identified threat actors likelihood to compromise TPMs and attested operating systems to avoid these technologies (there's no shortage of Widevine L1 content out there on the Internet). No environmental impact consideration for blacklisting devices and having them all thrown into a rubbish tip too early in their lifespan. No political/sovereignty consideration to whether people around the world will accept a handful of American technology companies to be in control of everything, and whether that would push to the rest of the world to abandon American technology.
The majority of the contributors to these projects appear to be tech employees of large technology companies seemingly without experience outside of this bubble. Discussions within the group at times self-identify this naivety. The group appears very hasty to propose the most drastic, impractical technical security controls with significant negative impacts such as whitelisting device hardware and software. But in the real world for e.g. banking fraud, attacks typically occur through social engineering where the group's proposed technical controls wouldn't help. There appears to be little to no attempt made to consider more effective real world security controls with fewer negative impacts, such as delaying transactions and notifying users through multiple channels to ensure users have had a chance to validate a transaction or "cool off".
[1] https://github.com/antifraudcg/use-cases/blob/main/USE-CASES...
[2] https://owasp.org/www-project-automated-threats-to-web-appli...
What are some alternatives?
dillo-plus - A lightweight web browser based on Dillo but with many improvements, such as: support for http, https, gemini, gopher, epub, reader mode and more...
SupplyChainAttacks
BrowserBoxPro - :cyclone: BrowserBox is Web application virtualization via zero trust remote browser isolation and secure document gateway technology. Embed secure unrestricted webviews on any device in a regular webpage. Multiplayer embeddable browsers, open source! [Moved to: https://github.com/BrowserBox/BrowserBox]
bikeshed - :bike: A preprocessor for anyone writing specifications that converts source files into actual specs.
encrypted-media - Encrypted Media Extensions
nyxt - Nyxt - the hacker's browser.
standards-positions
chromium - The official GitHub mirror of the Chromium source
kilian.io - :wave: my personal homepage
nativefier - Make any web page a desktop application
ipa - Interoperable Private Attribution (IPA) - A Private Measurement Proposal