Web-Environment-Integrity VS topics

Repo has be archived - "NOTE: This proposal is no longer pursued."

https://github.com/RupertBenWiser/Web-Environment-Integrity

[2] - https://github.com/RupertBenWiser/Web-Environment-Integrity/...

I think the best issue raised is: Why would I, as a user, want this?

https://github.com/RupertBenWiser/Web-Environment-Integrity/...

There were proposals for protecting against this in the WEI explainer under "Open Questions" https://github.com/RupertBenWiser/Web-Environment-Integrity/...

The Web Environment Integrity is yet another Google proposal for making the web worse for everyone but them.

Point me to anything which would give websites access to that information via WEI. There is nothing. I have seen nothing except FUD. Aside from that, this only attests for the device. Ad-blockers can be external. This does nothing for external ad-blockers.

Explicit non-goals for WEI:

"Enforce or interfere with browser functionality, including plugins and extensions."

https://github.com/RupertBenWiser/Web-Environment-Integrity/...

That also applies to Javascript, or being forced to use some form of an up-to-date browser. What is different with WEI?

I didn't see many people debating the actual text of the WEI explainer[0] on the HN posts about WEI, and that's probably because they were links to articles about WEI. The HN post for the explainer with the most upvotes only has 89[1], likely because most of HN treats the upvote as "I agree/like this" instead of "boost this topic for discussion".

0: https://github.com/RupertBenWiser/Web-Environment-Integrity/...

1: https://news.ycombinator.com/item?id=36785516

> If you don't want my browser to render content as it sees fit, don't serve the content over a protocol where that dynamic is inherent.

to play the devil's advocate, this is why google proposed the WEI (https://github.com/RupertBenWiser/Web-Environment-Integrity/...). Be careful what you wish for...

https://github.com/RupertBenWiser/Web-Environment-Integrity/...

I stopped reading after the explainer’s intro section. The first example is making it easier for websites to sell adds (lmao) and the other 3 are extremely questionable whether if the proposed remedy even helps. And it’s presented as a benevolent alternative to browser fingerprinting, as if we must choose between these two awful choices. It’s an absolute joke of a proposal.

The browser keeps track of he top 5 categories from this list of these 629 topics. https://github.com/patcg-individual-drafts/topics/blob/main/...

Other than when it returns a random topic, the browser only reveals a topic to a site if that site has observed the user on a site with that topic before.

Delete Chrome.

“The intent of the Topics API is to provide callers (including third-party ad-tech or advertising providers on the page that run script) with coarse-grained advertising topics that the page visitor might currently be interested in.”

https://github.com/patcg-individual-drafts/topics#the-api-an...

Those are the top-level categories. Each of them has subcategories which are more granular. Not all of them are public, from what I can tell. Here's an example of some that are. https://github.com/patcg-individual-drafts/topics/blob/main/...

https://github.com/patcg-individual-drafts/topics/blob/main/...

>knows that you are male and sees that you've been recently interested in dresses and panties, and this website happens to be a far-right-leaning activist website, and decides to dox you, or blackmail you, or forward this information to Ron DeSantis's administration for possible criminal prosecution, you're all good with that?

If you want to keep topics a secret you can just block them. Every week of your 5 topics that gets selected there is a 5% chance that a topic in replaced with a random one. If you see a user's topic is /Shopping/Apparel/Women's Clothing/Dresses it could be there by chance. It would also require the site to take out a bunch of ads on these women clothing sites hoping that one of your future website visitors would see your ad.

> You seem to be taking things that are factual, normal, everyday, aspects of the WHATWG working process and trying to imply that chrome is doing something unusual, or untoward with its process here, but it isn't. It's doing what is necessary to make a proposal with WHATWG: have a trial.

And yet, we've seen many such proposals go through this process because Chrome is paying lip service to it. Whatever Google wants it ships. And Google wants this.

As an adjacent (ads- and tracking-related) example: Google's FLoC flopped, hard. So they immediatey shipped the replacement Topics API [1] despite there being no consensus. E.g. Firefox is against [2] (but Chrome presents Firefox's position as "No signal" in the feature status). And despite the fact that its status is literally "individual proposal, not accepted" [3]

Do not assume any good intent on Google's part when it comes to Google's business interests. Their intent is always malicious until proven otherwise. And there have been fewer and fewer cases when they have been proven otherwise.

[1] https://chromestatus.com/feature/5680923054964736

[2] https://github.com/mozilla/standards-positions/issues/622

[3] https://github.com/patcg-individual-drafts/topics

> [0] https://github.com/patcg-individual-drafts/topics/blob/main/...

Nice v1 at the end. We can assume that this list is final and will not be changed?

> nor (by policy) other kinds of sensitive PII.

Yeah, it just exposes interest in family planing, loans, ..., which we do know have absolutely no potential for abuse.

Or given the attempts to outlaw drag there is probably no potential way to use interest in Nail Care or Makeup in a negative fashion, right?

> Yes, if you assume the people who designed this API were idiots

I assume they are getting paid well to play the role.

It's related to Google's Topics API proposal, I guess. This new API automatically categorizes users into pre-defined "topics" that are inferred by the browser through a classifier model (basically matching the hostname with the classifier model). So, in the end, advertisers sent ads for these topics, and users within shall see them).

Don't take my word for it: WordPress treated FLoC as a security concern in 2021: https://make.wordpress.org/core/2021/04/18/proposal-treat-fl...

A good overview of the context: https://digiday.com/media/we-cant-un-floc-ourselves-googles-...

More detail: https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-...

When it comes to Topics, it's essential that there be hands on the wheel at W3C that approach the solidification of e.g. the Topics taxonomy https://github.com/patcg-individual-drafts/topics/blob/main/... from a neutral perspective that takes into account the various ways in which proposed topics could be dangerous, and how strongly to word the specification to prevent it from creeping in increasingly privacy-eroding ways in the future.