Google's Web Environment Integrity could be a disaster for the web

Ashwin
Jul 28, 2023
Internet
|
30

Google has proposed a new web standard called Web Environment Integrity. You may have read about it on other sites, here's why the proposal could be a disaster for the web.

What is Google's Web Environment Integrity proposal?

Google has published an explainer that gets down to the nitty-gritty of its proposal. It outlines the importance of websites and trusting the client environment they run in, i.e. your web browser and operating system and their methods to protect user data, intellectual property, etc.

The goal for Web Environment Integrity seems to be to prevent fake interactions on websites, aka bots. Google wants to help websites verify that the visitor to their domain is not a robot, but an actual user.

The Mountain View company points out that users are concerned about the authenticity of interactions on social websites, i.e. fake interactions (likes, comments) that are used to promote news, posts, products, etc. The document mentions that it is an expensive ordeal for websites to run, and that advertisements help ease their burden, and that ads are meant for humans, i.e. users and not fake clicks by bots. It also quotes other examples, such as players of online games, who may want to know whether other players on the platform are using legitimate software that enforces the game's rules. This is essentially talking about anti-cheating tools to prevent cheaters from ruining the experience.

Google also played the security card, claiming that users may get tricked into installing malware that mimics genuine apps like banking apps, which in turn could steal the user's data, identity or runs a phishing attack. It wants to prevent bulk hijacking attempts, bulk account creation, password guessing attempts (password stuffing), and detect compromised devices where the user's data could be at risk.

Google says that these issues could be prevented by verifying if the request (attempt to access the website) came from the official app or other trustworthy software. It claims that websites need to differentiate between a trusted and untrusted environment (read environment = browsers).

In a nut-shell, Web Environment Integrity seems to be designed as an anti-fraud tool. While that may sound nice on paper, Google's examples are a sales pitch delivered by a salesman, to push their product as something positive, when in fact it benefits only themselves and their advertisers.

The explainer takes inspiration from existing native attestation signals such as Apple's App Attest and the Google Play Integrity API. As Ars Technica points out, Play Integrity (formerly known as SafetyNet) is an API in Android which apps can use to check if the phone has been rooted or not. The API will flag the device if it discovers that the device is rooted, and apps that use the API may refuse to run. This is pretty common in banking apps, games and some streaming service apps. These apps assume that the user could game the system with root access to phish banking data, cheat at games, etc. There was a time when we could use Magisk to hide the root status to pass SafetyNet, but it seems like ages ago. Google nearly killed custom roms when it started flagging unlocked bootloaders as a security risk.

Now imagine if the same thing happens on the web. It could affect the entire internet quite badly, but we'll get to this in a bit.

How Web Environment Integrity API could be implemented?

Websites will use a Web Environment Integrity API, this will allow them to verify the authenticity of visitors. When a user tries to access a web page, the site will request a token that attests the client environment. A third-party server that acts as the attester, i.e. attest to the device a web browser/operating system is running on, will test your device and sign a token (if your device passes the test). This token contains the attestation with a private key.

The attester's public key will be available to everyone. If your browser/device is attested, it becomes a trusted environment, but if it fails the check, it is seen as untrusted. The attester's server returns the token to the originating web page, and the web server checks if the token came from an attester that it trusts and verifies the token, and check its signature with the public key. If everything goes well, you will be able to access the website.

How Web Environment Integrity API could be implemented

In layman's terms, when you visit a website in your browser, the site will ask a third-party service to verify the integrity of your computer or mobile phone which was used to access the website, before allowing you to view the page.

Theoretically, instead of a 404 error, could we actually see an error like "You cannot access the website because your browser/device has been modified" ? I almost can't believe what I am writing about here, has it really come down to this? And I thought AMP, FLoC were bad ideas.

Why you should be worried about Web Environment Integrity API

Web Environment Integrity API is a form of DRM (Digital Rights Management). It takes away the freedom of user choice, and could negatively impact the privacy of users.

DRMs in browser are not new, Google's Widevine is commonly used by streaming services such as Netflix, Amazon Prime, etc. to protect their data (from being downloaded). You may have noticed that trying to capture a screenshot on your phone may result in a blank screen if the video is protected, that's because the DRM prevents you from recording the media. You could argue that there is some sort of logic there, because those are paid services, and that they want to prevent users from accessing the media for free.

With Web Environment Integrity API however, regular websites could kick you off, simply because you are not using the web browser that they approve on the operating system, because they think it is unsafe. You can't just change the user agent. So, is Web Environment Integrity API not a DRM for websites? It is, this is an insane level of gatekeeping.

And if an attester checks your computer and browser, stores the data in a token and this is sent to the website that requested the token, does that not qualify as fingerprinting? Google's explainer claims that the "attestation payloads will only include information about device and application integrity, as attesters will not have access to the profile information in applications." Nice try, but I'm not entirely convinced by the words of a company that makes it revenue by selling ads.

The document states that Web Environment Integrity will only depend on the underlying hardware and software stack. It will not restrict a browser's functionality, including extensions. Is that supposed to be good news, to soften the blow, perhaps?

Here's the bigger problem. Who decides which browser is trusted? A third-party attester will, but who selects the attester? How does a company qualify to be one? There are no guidelines or rules for that in place, probably because the proposal listed on Chromestatus is still cooking, it's not ready yet.

Take a look at the example given in the explainer. It clearly describes Google Play as an attester. Google has a significant foothold in the smartphone market with Android, and its default browser, Chrome. It also leads the desktop browser market share. Does this automatically grant it the powers of the attester? Well, that does seem to be the case, and it could decide which browsers should be trusted or not be trusted.

Did you know that Apple already has an attestation system in place? It is called Private Access Tokens, and shipped with Safari, iOS 16, macOS 13 Ventura. This article by Tim Perry provides an in-depth analysis of why attestation of browsers is bad.

The proposal seems to be largely in favor of advertisers, rather than users. Google has actively fought against ad blockers, and Manifest V3 could just be the tip of the iceberg which the company wants to control the web with. Remember that conversation between Captain America and Nick Fury in the Winter Soldier where they talk about freedom, this entire scenario reminds me of it.

Mozilla opposes Web Environment Integrity API

A Mozilla representative has commented that the organization opposes the Web Environment Integrity API, it believes any attempt to restrict common web standard choices are harmful to the open web ecosystem. It also notes that detecting non-human traffic could adversely affect assistive technologies, automatic testing, and archiving & search engine spiders. While it agreed that detecting fraud and invalid traffic is a problem, Mozilla says that Web Environment Integrity API is not the solution for the issues.

Vivaldi slams Google's Web Environment Integrity API proposal

Vivaldi has published a much stronger response to criticize the Web Environment Integrity proposal. It poses some questions, such as would Microsoft be the gatekeeper on the Windows Store? Will Apple be the attester on Mac? It also speculates about how this could affect Linux user, whether Canonical, the parent company of Ubuntu, would become the attester for all Linux distros?

There is some concern about browser makers not choosing to implement the API, this would likely fail the attestation process, leaving them with no choice.

The article mentions that the European Union law will likely not allow a few companies to dictate which browsers should be allowed and which shouldn't. That process would be slow, meanwhile Google could rush into things and start implementing the API before the Parliament decides to act. In an interview with The Register, Jon von Tetzchner, the CEO of Vivaldi, slammed Google's idea by saying "A big part of the reason why there is a problem is the surveillance economy, and the solution to the surveillance economy seems to be more surveillance."

Hopefully other browser vendors like Brave, DuckDuckGo, Opera will join the fight against Web Environment Integrity API. Apple already has its own attestation method, and I doubt Microsoft will oppose this if it could somehow use it to shamelessly promote Edge.

As it stands, Web Environment Integrity is an obscene attempt at tightening the noose on users' choice and privacy.

What's your take on it?

Summary
Google's Web Environment Integrity could be a disaster for the web
Article Name
Google's Web Environment Integrity could be a disaster for the web
Description
We explain why Google's Web Environment Integrity API is a recipe for disaster.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. owl said on August 11, 2023 at 4:42 am
    Reply

    Similar case study

    https://jrhawley.ca/2023/08/07/blocked-by-cloudflare
    Some excerpts are quoted below:

    Well, it finally happened to me. I was blocked out of a website I need for work because of Cloudflare. And I have no idea if or when I’ll be let back in.
    Cloudflare’s secure connection loop

    The Web Integrity API proposal that has so many people and companies in uproar about the future of the web is precisely this kind of proposal. If and when financial companies opt in to remote attestation policies for their websites, it will place greater restrictions on the types of hardware, operating systems, and software individuals can use. I understand that there are legitimately good reasons to block certain combinations of hardware and software, say old devices with known vulnerabilities that cannot get patched. But decisions like this from corporate entities always seem to have motivated reasoning that increases the control of corporations at the cost of the freedoms or rights of individuals.

  2. Tom Hawack said on August 2, 2023 at 11:39 am
    Reply

    For those who may be concerned/interested, there’s a new, dedicated userscript avalable :

    Web Environment Integrity Blocker
    [https://greasyfork.org/en/scripts/472234-web-environment-integrity-blocker]

    which includes an informative link to :

    “Web Environment Integrity” is an all-out attack on the free Internet
    [https://www.fsf.org/blogs/community/web-environment-integrity-is-an-all-out-attack-on-the-free-internet]

    I’m a bit surprised that a dedicated script is made available whilst the ‘Web Environment Integrity’ api is not yet adopted by any Website as far as I know… or is it?

  3. Anonymous said on July 30, 2023 at 6:07 pm
    Reply

    “ads are meant for humans, i.e. users and not fake clicks by bots.”

    This wonderful Firefox add-on, AdNauseam, that has miraculously not yet been banned by Mozilla (not even on mobile where they banned all extension but 17), does fake clicks on ads to piss off the ad and surveillance industry on the web (in addition to hiding them):

    https://addons.mozilla.org/firefox/addon/adnauseam/

    Google wants to forbid ethical alternatives to their malware operating systems, browsers, and other software. As shown above they’re not even 100% lying about their motivations, not hesitating to give publicly user hostile ones.

    There are already similar mechanisms at work. Google has to give permission for their media DRM plugin to be used by alternative browsers, this is the function they took from the now dead Flash plugin, and sometimes they say no. The Cloudflare “anti-bot defense” treats worse the more ethical browsers. And so on.

    “You could argue that there is some sort of logic there”

    From their point of view. They go as far as using cameras on devices to count the number of people at home watching their “intellectual property”. As long as we let them place those shackles on us, there will always be people to think that there was some legitimacy in that after all (which is what you imply here by “logic”), once accustomed to them.

    “application integrity”

    Did you use an ad and tracker blocker ? Then you broke the integrity of the application, access denied.

    “Did you know that Apple already has an attestation system in place?”

    As often they do the bad strikes even before Chrome does them (like a worse version of manifest v3, or ad attribution components in the web engine), but we often hear less about them partly because they have fewer users and those are not the most conscious about fighting for their rights, and also because it’s fundamentally the GAFAM themselves who control such campaigns against what they do.

    “A Mozilla representative has commented that the organization opposes the Web Environment Integrity API, it believes any attempt to restrict common web standard choices are harmful to the open web ecosystem.”

    That sentence literally means that what they don’t like about that is that they were not asked their opinion. Not that they disagree. The comment also argues that

    “no single party decides which form-factors, devices, operating systems, and browsers may access the Web”

    So as long as Mozilla is included in the gang deciding to exclude ethical browsers, operating systems and other pro-user software, they may very well agree.

    Besides, Google deciding for the media DRM did not prevent them from approving it. They just called it “a standard” too at that time. So maybe they don’t even want to be part of the gang, just to name that a “standard” and have reasonable assurances that Google will not use that weapon against them.

    Someone else in that discussion seems to have thought the same:

    https://github.com/mozilla/standards-positions/issues/852#issuecomment-1649928726

    “I guess, even if ” it contradicts our principles and vision for the Web.”, it might happen just like the past:
    https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/

  4. TelV said on July 30, 2023 at 12:43 pm
    Reply

    I think Google is using a means to clarify if a user is a bot or a real person already. I’ve been using Google to search for film reviews during marathon sessions just lately. By that I mean several hours during which the site remains open with the search string: “film reviews” followed by the film title in the search box. For each film I wanted reviews for I merely changed the title of it each time.

    But yesterday evening for the first time a large Google window planted itself on the page I was reading blocking my view. The window contained a question for which two choices were provided. They were: “Remain logged out” and “Login”. Since I’ve never logged into Google to search for something I chose the first one, but I hadn’t seen that window before and made a mental note of it.

    Generally speaking, after each session I delete all Google links together with the option to clear site data. But presumably Google is keeping a close eye on my antics and wants to keep track of them. But I use VPN and often change my location around the Web as well just to thwart such activity.

    Neither do I use a Chrome browser and stick with a Firefox fork called Floorp. Sadly, I’ll have to stop using Floorp now because Ablaze (the developer) has released version 11.0.0 which isn’t supported on Windows 7/8 and doesn’t appear to be going the same route as Mozilla by offering Firefox security updates until September 2024. I mailed them about that last night, but it’ll take several days before I’ll get a reply probably.

    As for Google itself, I think they’re aiming for deity status i.e the God Google and woe betide you if you disobey!

    1. owl said on July 30, 2023 at 1:04 pm
      Reply

      @TelV,
      > Neither do I use a Chrome browser and stick with a Firefox fork called Floorp. Sadly, I’ll have to stop using Floorp now because Ablaze (the developer) has released version 11.0.0 which isn’t supported on Windows 7/8 and doesn’t appear to be going the same route as Mozilla by offering Firefox security updates until September 2024. I mailed them about that last night, but it’ll take several days before I’ll get a reply probably.

      > v11.0.0 now on Floorp, but on the Github site it states that Windows 7/8 aren’t supported…

      I already replied to this about 5 hours ago, but it seems to be pending because the url exists.
      Just the gist of it (details omitted)
      (Windows 7/8 support)
      Floorp is based on FirefoxESR115. Do not worry, existing user continue to use Floorp for 1 year.
      Clean install is unsupported.

  5. noemata said on July 30, 2023 at 11:43 am
    Reply

    ps: .. and it made things “worse”:

    https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd

    that’s the result of blind activism/spam/google-bad. deserved. no so called dev on github should complain: it’s now in the chromium codebase. ps: sry martin/ashwin, the first post was a little to harsh. anyway, i’m done with comments again.

  6. Timon said on July 30, 2023 at 9:14 am
    Reply

    Scary. Spider’s web with victims stuck in… Bad news. Maybe they aren’t malevolent, but still…

  7. noemata said on July 29, 2023 at 9:03 pm
    Reply

    gossiping and blaspheming, ads here and there, on a website that displays ads to an extreme, nauseating excess: ghacks. we’re not in the nineties, early 2000s anymore. this is a proposal, and all the countless spam posts by all those media-brainwashed privacy junkies here, on github, et cetera, don’t help a damn bit. they asked for constructive, technical solutions. this spam here:

    https://github.com/RupertBenWiser/Web-Environment-Integrity/issues?q=is%3Aissue+is%3Aclosed

    only makes things worse. brainless times. and of course mozilla (have you forgotten what happend the last years with this company and their garage browser, ghackers?) seized the opportunity – hypocrites.

    1. owl said on July 31, 2023 at 12:21 am
      Reply

      @noemata
      > gossiping and blaspheming, ads here and there, on a website that displays ads to an extreme, nauseating excess: ghacks. we’re not in the nineties, early 2000s anymore. this is a proposal, and all the countless spam posts by all those media-brainwashed privacy junkies here, on github, et cetera,

      From your comment, it sounds like you have the right skills…
      However, I feel that the standing position is the result of being “brainwashed by Google”.

      Google is a global company specializing in the advertising business.
      That’s why, in order to strengthen the achievement of that purpose, Google is making browsers and promoting the monopoly of the browser market.
      It has no other real purpose. Everything else is just an excuse.

      What you expect from Google is itself “putting the cart before the horse”.
      Google just want to constantly strengthen their advertising business (so users don’t block ads, and give top priority to Google sponsors).

      Above all, this Google API is fraught with serious concerns, as it is also convenient for states, malicious organizations and others.

    2. Anonymous said on July 30, 2023 at 6:10 pm
      Reply

      “they asked for constructive, technical solutions”

      To what problem ?

      “only makes things worse”

      How ?

      “spam posts by all those media-brainwashed privacy junkies” “only makes things worse”

      How does your own post help more ?

  8. Anonymous said on July 29, 2023 at 4:20 pm
    Reply

    Article is not hitting them hard enough.

    This is basically TPM / “trusted computing”, but for browsers and with a external 3’rd party acting as the defacto ‘license server’, though its use will be much wider and much darker.

    It is about:
    #1 control.
    #2 setting up the field to make google one of the few major 3rd party verifiers, (extending the ‘log in with x’ system) embedding them even deeper and selling this as a service to governments and companies.
    MS and Apple will of course also demand their share, as will some other large players.

    All the other fluff is just that, fluff.
    At best it is also about distrust towards users.
    That stuff about trusted environment is complete bull. It is the usual about wanting run have/run secrets in the browsers that are kept from the user (DRM, bad security by obscurity, doing dark underhanded stuff, etc), so it does not have to run server/cloud-side instead where it obviously can not do the same dirty deeds as something that runs locally or the onus of the computational costs (TCO+usage) would be on be on the users instead.

    An example, online slot-machine sites. They’d LOVE to have everything run at your end. But rather obviously they do not want to trust the gamblers to “roll their own loaded dice” in a manner of speaking.

    Anti-piracy measures for video streaming has already been mentioned.
    Basically, you name it and you’ll find it is not about your benefit as it is for someone else – and for denying you freedoms.

    Of course, you really have to play a lot of attention to what could happen once such a system rolls out. You could soon find nonconformant browsers barred from anywhere.
    Wrong browser -> just get the same stub as those with noscript.
    But that is just the start.
    It quickly becomes perverted into making demands about extensions/plugins not being present, that google will be happy to deliver the framework for.
    Then it is not just about having the right browser (a Chrome or a deriviate), but also running NO or only ‘big-it’ whitelisted plugins, with a sidebusiness of extorting entries on the whitelist.

    As it is in my country, we have a awful national SSO system. They already refuse to run their client – reminder, the purpose of the client is solely to log you into your SSO – on rooted devices, devices with sideloading turned on and “old” phones (citing device security as the concern).
    We can no longer just login on a pc/laptop/tablet alone. When you try, you have to scan a QR code with their app on a locked down smartphone.
    I kid you not.
    They would be jumping up and down screaming Gimme Gimme Now! at this ‘web integrity’ trojan horse. Not in public of course, but from their controlfreaky “civil service” p.o.v. they are all in on that, other consequences be damned. They’d run all of society as a dystopian max security prison if they could, full of rights-less plebes being treated more like criminals and livestock, somehow thinking that they and their progeny would be exempt, outside and above.

    1. owl said on July 30, 2023 at 1:52 pm
      Reply

      > As it is in my country, we have a awful national SSO system. They already refuse to run their client – reminder, the purpose of the client is solely to log you into your SSO – on rooted devices, devices with sideloading turned on and “old” phones (citing device security as the concern).
      We can no longer just login on a pc/laptop/tablet alone. When you try, you have to scan a QR code with their app on a locked down smartphone.
      I kid you not.
      They would be jumping up and down screaming Gimme Gimme Now! at this ‘web integrity’ trojan horse. Not in public of course, but from their controlfreaky “civil service” p.o.v. they are all in on that, other consequences be damned. They’d run all of society as a dystopian max security prison if they could, full of rights-less plebes being treated more like criminals and livestock,

      Probably in any country (nation), “There isn’t much difference”
      In Japan, the “My Number-portal Card” was made compulsory (for many years, it was opposed by the public, but the current ruling party enforced it.). Only Google chrome is supported, so we are forced to use it.
      No exceptions were allowed, and all citizens (from newborns to the sick with impaired consciousness, men and women of all ages) made obligatory to use the web in a prescribed way.
      As a matter of course, various troubles have arisen, and compulsory execution has not progressed, but…
      There is no doubt that the essence of the problem is not limited to the convenience of browsers.
      There is no doubt that it will be used as a means of “A means of controlling the whole nation” by the state.

      1. owl said on July 30, 2023 at 2:16 pm
        Reply

        By the way,
        The origin of “My Number-portal Card” is the “National Total Uniform Number System” that assumed the national mobilization order.
        There was great opposition from the public, and the bill was scrapped.
        Even after the proposal was abolished, it was proposed many times by changing the name and decorating the contents.

        What is clear from the background is that they want to establish a system to “monitor and control all citizens” like the Nazis, Russia, and China.
        Google is perfect for that.

    2. TelV said on July 30, 2023 at 1:04 pm
      Reply

      @ Anonymous,

      Poor guy (or girl). I often wondered why users post with that nom de guerre, but I can understand why now after ready your post. Living in a society where your every move is closely monitored must be horrendous. I hope life improves for you in the not too distant future.

  9. Joe H said on July 29, 2023 at 3:32 pm
    Reply

    I find myself using fewer apps on mobile and interacting with fewer websites regardless of what browser I use. I turn off internet access whenever I use MS Office products (except to check for updates once a week).

    In short, the more that surveillance increases and the more advertising there is the less enjoyable the experience is and the more I withdraw from interacting and utilizing the internet. If my banking experience deteriorates I have no problem going back to writing checks and using cash for the goods and services I consume.

  10. John G. said on July 29, 2023 at 2:36 pm
    Reply

    It seems that some new times are coming. Thanks @Ashwin for this good article! :]

  11. Anonymous said on July 29, 2023 at 3:33 am
    Reply

    Disgusting behavior from Google. Hopefully this is stopped sooner than later.

  12. Anonymous said on July 29, 2023 at 2:33 am
    Reply

    I wish Ashwin was as good as getting to the point as Emre and Onur are.
    I have no problem with reading long things, I like to read books, but Ashwin is often is really needlessly verbose when they don’t have to be.

  13. Mystique said on July 28, 2023 at 9:43 pm
    Reply

    Whilst not reading the article completely at this current time I have a general understand and based on my assessment. Fundamentally this proposition if you will posses a great risk to the flow of information and how we digest it under a moving target of what can be specific points under the guise of non specific wording in what I feel were purposely designed to be vague to evade oversight on such things.

    I will attempt to have some sort of restraint in my wording as this is a sensitive subject but make no mistake this is not designed to be in the overall best interest of society. It will stifle innovation and at the very least withhold information and data from a large demographic.

    If we cannot restore the balance of power in regards to browsers then we must create a valid and impartial consortium of entities of which are not bias to create web standards without yielding to money, power, mark share or a number of other factors to dictate or influence the web standards and/or the foundational or fundamental values of the internet.

    It is my contention that Google is and have used subterfuge to deploy such policies as well as many others some of which have made it through the theoretical level to the real world therefore we cannot afford to remain quite or become willfully ignorant based on our favoritism or perceived favoritism towards one browser/company or another.
    Understand that we are fighting for the internet of today, the internet of tomorrow and for future generations.

  14. Kalmly said on July 28, 2023 at 5:41 pm
    Reply

    Yes. Thank you for the great article.

    Google and my government become increasingly similar. When they say something is needed to protect you – RUN.

  15. Tachy said on July 28, 2023 at 5:10 pm
    Reply

    This line here describes the problem with the entire planet.

    “Google’s examples are a sales pitch delivered by a salesman, to push their product as something positive, when in fact it benefits only themselves and their advertisers.”

    I can trim that down to one word. Greed.

  16. Mike said on July 28, 2023 at 4:55 pm
    Reply

    From my perspective, web Integrity is a malicious power grab. As much as I hate Microsoft, at least they were better stewards of the web when they were dominant. All Microsoft cared about was entrenching Windows and protecting it’s market share. Once Internet Explorer accomplished this task by sinking all competitors, Microsoft just let IE rot. “What are you gonna do, use something else? hahaha”

    I’d rather have someone who doesn’t care in charge of standards than someone who is (from my perspective) pushing malicious functionality. Today the dominant players are smarter; instead of just letting the market rot and counting their money, they leverage their dominant position to force through more unwanted standards.

    Ultimately, letting the browser market rot was Microsoft’s undoing and why they lost control of it. When they stopped paying attention to browser development, it gave an opportunity for competitors to surpass them.

  17. Tony said on July 28, 2023 at 4:00 pm
    Reply

    So if Google enforces the programming code of the advertisement that infects my computer with a virus, they are an accomplice, are they not?

  18. Karl said on July 28, 2023 at 3:23 pm
    Reply

    Great article Ashwin. As always, we can count on you and Martin for doing this sort of important work.

  19. Tom Hawack said on July 28, 2023 at 11:06 am
    Reply

    “Web Environment Integrity”, by Google. Web-Environment-Integrity : let us have that in mind.

    Great article indeed. Nice work, Ashwin.

    “A big part of the reason why there is a problem is the surveillance economy, and the solution to the surveillance economy seems to be more surveillance.” — Jon von Tetzchner, the CEO of Vivaldi.

    To quote the article :”As it stands, Web Environment Integrity is an obscene attempt at tightening the noose on users’ choice and privacy.” : Google IS evil and the ad business IS rotten, increasingly.

    Google claiming that “advertisements help ease [the] burden [of Websites having to check for authenticity]” is the final straw : what’s in perspective, a big hand to the ad business? A big slap in my case.

  20. bruh said on July 28, 2023 at 10:54 am
    Reply

    Seems very gay, typical Google, they want to increase the power and worth of advertising by being able to confirm whether there is a real human sitting at the other end of the screen.

    “Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly.” Never once have I cared about how “expensive” a website is – this is like going to a bar and worrying about their electricity bill. Not my problem mate, just serve me a damn drink, or don’t and i’ll go elsewhere!

    Webpages are very bloated nowadays and you can tell by the loading times and the amount of pure BS on display. Some of my favourite websites have designs ranging from basic HTML to things like blogspot clones.

    “These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots.” Not my problem, should have picked a different business model, or found an alternative revenue stream.

    Adverts are not curated by the website owner, they are not even contextual to the site you’re on a lot of the time, and much of the time they’re garbage. If there’s a banner ad that FOLLOWS you when you scroll, and it’s brighter and more saturated than the website content itself, and especially if it has some sort of looping animation… bro do you think anyone wants to put up with that??

    Fact of the matter is, people hosting personal websites should just be aware of the costs involved, and companies trying to make a profit on the web should find another method instead of ads, ads are ass, they make the user experience worse. Don’t they realise that?

    Sorry for the rant, but ads can go DIE – a lot of the time it’s a psychological game of trying to get a brand name stuck in your mind, you may not click an ad but if you’re continuously seeing brand names, you’ll be more likely to pick a brand you recognise next time you’re trying to by a product – you don’t deserve space in my head, if I don’t want to see or think about amazon/coca-cola or whatever, that is my personal right.

    Sorry for the rant – short version: Google can go shove it.

    Thanks for article…

    1. bruh said on July 28, 2023 at 10:56 am
      Reply

      Hell, you want to do ads in a better format?

      Make it so that there’s a full page AD for 3 seconds when first going on a website, after that, site loads fully with no ads. THAT would be better actually, and everyone would definitely see the ad.

      1. Anonymous said on July 28, 2023 at 12:21 pm
        Reply

        … and I’d be looking for ways to stop seeing those 3 second ads.

  21. owl said on July 28, 2023 at 9:31 am
    Reply

    Great article!
    The article provides a ‘knowledge of the situation’.
    Not only that, a careful analysis of ‘what is meant and who benefits from it’, and then sheds light on ‘potential concerns’, what should we do, the core of them is made as clear as possible.
    As expected, live up to “Ghacks Technology News”!
    For now, kudos to the author’s Ashwin and “Ghacks”.

  22. nunof said on July 28, 2023 at 9:17 am
    Reply

    The EU is investigating Microsoft for bundling Teams but no one in government agencies take a look at how bad for Internet users is Google controlling Chrome and the Chromium Project. One company should not have such a dominating control over the almost de facto browser used to access the Internet.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.