Google trashes its "DRM for the Web" API
In May 2023, privacy groups and developers were up in arms over Google's plan to integrate the Web Environment Integrity API into its Chrome web browser for the desktop and mobile devices.
Google announced the intent on a developer mailing list. The company claimed that this new API would help combat online fraud and abuse, and that it would do so in a privacy-friendly manner.
The main idea behind the API was to give websites controls to determine whether a visit is legitimate or not. In theory, this would allow (most) human users to access the contents of the website and disallow access to bots and users with malicious intent.
The sites would perform checks to determine whether the visit met certain criteria. If it did, access would be granted.
The main point of criticism leveled against the API was that it gave website owners control over visits. A site could, for instance, decide that users with content blockers would not meet the criteria for a visit. Other examples included blocking users with video downloaders, other browser extensions or even users who used specific browsers.
This API had the potential to create a DRM for the web. As is the case with these technologies, they provide benefits but also open the door for abuse.
The Register discovered that Google's changed the status of the project recently. Yesterday, Google published a notice on its Android Developers Blog in which it provided information on the future of the API.
There, the company reveals that Web Environment Integrity won't be integrated fully in Google Chrome. Google writes: "We’ve heard your feedback, and the Web Environment Integrity proposal is no longer being considered by the Chrome team". Code already integrated into Chromium and Google Chrome is being removed from the browser again.
Google plans to still use it as the Android WebView Media Integrity API, but with a narrower focus. According to Google, the feature will only be made available for WebViews embedded in apps on Android.
Google claims that it is extending existing functionality on "Android devices that have Google Mobile Services" and that the company has no plans "to offer it beyond embedded media, such as streaming video and audio, or beyond Android WebViews".
The Web Environment Integrity API is no more, which is a good thing for the open web and user freedom. Google will remove code from Chrome and Chromium, which it already added.
The Web has won this battle, but it is probably only a matter of time before a new proposal is going to be made that is once again attacking the very core of today's Internet.Advertisement