My favorite part is when they ask you to give them the benefit of the doubt, but also anyone who disagrees with them in a way that doesn't fit their expectations is "noise."

Wow, that blog post is truly nauseating and infuriating to read, knowing the context.

Fuck Google. They're the Nestlé of tech.

[Don't assume consensus nor finished state]

Often a proposal is just that - someone trying to solve a problem by proposing technical means to address it. Having a proposal sent out to public forums doesn't necessarily imply that the sender's employer is determined on pushing that proposal as is.

It also doesn't mean that the proposal is "done" and the proposal authors won't appreciate constructive suggestions for improvement.

[Be the signal, not the noise]

In cases where controversial browser proposals (or lack of adoption for features folks want, which is a related, but different, subject), it's not uncommon to see issues with dozens or even hundreds of comments from presumably well-intentioned folks, trying to influence the team working on the feature to change their minds.

In the many years I've been working on the web platform, I've yet to see this work. Not even once.

.....?
What is this, "Good vibes only?"

We developers should stop just looking at the technical side of our work only. There's social, economic and values to be taken into account when we put our minds to solve a problem. We tend to go blindly into it, without thinking what it can cause when it is released into the world.

It's like if we put a bunch of developers into a secret project to develop an Internet World Wide Nuclear Bomb a là Project Manhattan... the leaders shouldn't really have to hide what they were about to do, just throw the developers and engineers troubles to solve and they wouldn't mind what it will be used for. It's just tech, right?

At least this guy seems to fit the type: I want to do this technology I've been tasked for, I'm trying to solve a technological problem. The rest of the world is telling him «Man, this is a bad idea to implement.» and he whines saying «I want solutions to this technology, not what is wrong with it!»

(And if you aren't one of those developers, congratulations, we need more of you!)

@TheYang Exactly! Came here to say this. Everybody actively using chromium based browsers is a part of the problem.

Firefox depends on google for funding though. Google could probably deal a killing blow quite easily.

I've never donated to Mozilla before, but will now.

Firefox will most likely support this, if it doesn't want to get cut off from most of the web.

However, it would be nice to have a Firefox or Chromium fork with a switch to disable the "feature", an option to remove any links to websites requiring this stuff, and some search engine free of links to websites requiring it.

Please drink verification can

Or they just ban you without recourse and poof all your data and accounts are dead.

Edit: consider using Google Takeout to download your data periodically as a hedge against trouble with your account. This will help prevent data loss in the event your account suddenly goes poof. It won't help you with the apps you bought though.

Thanks for this. I skimmed the proposal doc itself and didn't quite understand the concern people have with it – most of the concerns that came to my own mind are already listed as non-goals. The first few lines of this comment express a realistic danger that's innate to what's actually being proposed.

Glory to Arstotzka ... I mean Alphabet.

Thank you for choosing Google!

I'm sorta sitting here in that same scenario. My iphone screen was severely broken last week, I don't use any other apple services. When I tried to get into it, my phone went into security lock mode. Coincidentally all of my 2FAs for my other accounts did their monthly checkin. No phone, no checkin so now I'm locked out of nearly all of my work accounts. Apple ID will renew in a few days, but I didn't think to take my broken phone with me on a trip, so my SIM with my phone number is now 1000s of miles away. So now I'm boned til I get home. 2FA works well until it works too well.

Please write for black mirror!

I would just move on at step 3

you need a Microsoft signed stub to boot anything other than Windows on a PC

Not necessarily, most motherboards and laptops (at least every single one I've ever owned) allow users to enroll their own Secure Boot keys and maintain an entirely non-Microsoft chain of trust. You can also disable secure boot entirely.

Major distros like Ubuntu and Fedora started shipping with Microsoft-signed boot shims as a matter of convenience, not necessity.

Secure Boot itself is not some nefarious mechanism, it is a component of the open UEFI standard. Where Microsoft comes in to play is the fact that most PC vendors are going to pre-enroll Microsoft keys because they are all shipping computers with Windows, and Microsoft wants Secure Boot enabled by default on machines shipping with with their operating system.

I started looking at Mac's for my next computer. Due to this amazing project. https://asahilinux.org/

you need a Microsoft signed stub to boot anything other than Windows on a PC

False. Every PC I've had has allowed Secure Boot to be turned off, and some of them allow me to add another trusted certificate as well.

you need Apple’s blessing to boot anything on a Mac

False. The Mac boot process is completely unlocked, at least on Intel Macs.

your smartphone manufacturer decides whether you can unlock it and lose attestation

My Pixel 6 allows me to unlock the boot loader at any time.

Attestation exists, unfortunately, but it's not nearly as pervasive as you seem to think.

This is the next logical step, to add “web app” attestation, since the previous ones had barely any pushback

Uh, there was huge pushback. That's why even a Microsoft Surface won't stop you from installing Linux.

you need a Microsoft signed stub to boot anything other than Windows on a PC

Can you expand on this? Maybe I'm just misunderstanding you, but a "pc" is not a Windows made machine. It is a collection of disparate computer parts made by different companies with no requirement to run Windows as the exclusive OS once put together.

Even on a Windows OS, I can run any program I want (that's made to operate with Windows). I may get a warning if it's not a "known" developer, but I can still run it. Did I miss a big update to how 11 works with unknown software or something?

While I agree in general, and the overall sentiment/direction here to steer towards (morally) is clear… let’s stick to facts only.

you need Apple's blessing to boot anything on a Mac

Bootloader is unlocked and alternative OS exist. Or what else did you mean by that?

Or have some letters removed all together.

Yeah, as if github aka Microsoft is going to do anything about it ... but hey, anything to keep the pressure up and not letting this go through.

Gonna play devil's advocate here.. I think most Mozilla money comes from Google and i think the reason Google keeps the money flowing to Mozilla is for Chrome to have a real competitor, Firefox to date is the only popular web browser with different engine and all that. Maybe it's fair for me to say that it resembles a tiny tiny fraction of why Intel keeps AMD alive back then.

As for EFF, i viewed them as just another NGO. For me most NGOs will have a non achievable goals, because it will be the dead of an NGO if they ever achive their goals. (No more money for them).

I'm not against people donating to Mozilla or EFF or Thunderbird Foundation. I think it will be better (yet longer process) if government can regulate big tech, much like what the European Union did with GDPR.

My ELI5 version:

Basically, the 'Web Environment Integrity' proposal is a new technique that verifies whether a visitor of a website is actually a human or a bot.

Currently, there are captchas where you need to select all the crosswalks, cars, bicycles, etc. which checks whether you're a bot, but this can sometimes be bypassed by the bots themselves.

This new 'Web Environment Integrity' thing goes as follows:

1. You visit a website
2. Website wants to know whether you're a human or a bot.
3. Your browser (or the 'client') will send request an 'environment attestation' from an 'attester'. This means that your browser (such as Firefox or Chrome) will request approval from some third-party (like Google or something) and the third-party (which is referred to as 'attester') will send your browser a message, which basically says 'This user is a bot' or 'This user is a human being'.
4. Your browser receives this message and will then send it to the website, together with the 'attester public key'. The 'attester public key' can be used by the website to verify whether the attester (a.k.a. the third-party checking whether you're a human or not) is trustworthy and will then check whether the attester says that you're a human or not.

I hope this clears things up and if I misinterpreted the GitHub explainer, please correct me.

The reason people (rightfully) worry about this, is because it gives attesters A LOT of power. If Google decides they don't like you, they won't tell the website that you're a human. Or maybe, if Google doesn't like the website you're trying to visit, they won't even cooperate with attesting. Lots of things can go wrong here.

So, a lot of the replies are highlighting how this is "nightmare fuel".
I'll try to provide insight into the "not nightmare" parts.

The proposal is for how to share this information between parties, and they call out that they're specifically envisioning it being between the operating system and the website. This makes it browser agnostic in principle.

Most security exploits happen either because the users computer is compromised, or a sensitive resource, like a bank, can't tell if they're actually talking to the user.
This provides a mechanism where the website can tell that the computer it's talking to is actually the one running the website, and not just some intermediate, and it can also tell if the end computer is compromised without having access to the computer directly.

The people who are claiming that this provides a mechanism for user tracking or leaks your browsing history to arrestors are perhaps overreacting a bit.

I work in the software security sector, specifically with device management systems that are intended to ensure that websites are only accessed by machines managed by the company, and that they meet the configuration guidelines of the company for a computer accessing their secure resources.

This is basically a generalization of already existing functionality built into Mac, windows, Android and iPhones.

Could this be used for no good? Sure. Probably will be.
But that doesn't mean that there aren't legitimate uses for something like this and the authors are openly evil.
This is a draft of a proposal, under discussion before preliminary conversations happen with the browser community.

Here you go

There is no technical solution to trust.

Google knows this. Trust isn't really the problem they're trying to solve.

Years ago i would have agreed with you, but on this era of heavy capitalist surveillance you don't want to give them the chance, they'll get every bit of data they can get about you. That and ads are strong dissemination vectors for malware. If i want to support something i'd rather do it directly, ads have proven to be noxious.

Until you're required to use their software for, say, banking or legal procedures. You DO NOT want this to become the status quo

Indeed, IDK if you remember back in the bad old days but you used to need a specific browser, and if that browser was IE, good luck if you weren't on Windows. Sites would just block you.

I really hope this doesn't become a thing again - it's already stupid with so many "best on chrome" stuff, but at least I think Apple and Safari put a dent in that because Apple users are a big enough group, and generally identified to have and spend more money than Android / Linux / Windows users so there's that. And Firefox is... well... something. 10% now? IDK, it's hard to be single browser now adays, but with these "for security" things? Who knows.

I guess if Apple, Microsoft and Mozilla all refuse to go this way, it'll break it. The other option is something like Lets Encrypt being big enough they can't delist the attester, but it just attest everything so turns into garbage. Or enough accepted attesters (if it's like SSL PKI) "attest" that you paid them $50 that year and that's about it, so again, everyone who cares gets a Comodo attestation or whatever and use a browser / extension / proxy / OS / whatever that just sends valid garbage or spoofed stuff to them, like many do for the various existing non-secure identity fields.

If you hosted a compromised app once, or ever messed up the setup of your mail server... that's what happens.

This is part of a broader plan:

1. Get hardware attestation, aka secure boot (DONE)
2. Get software attestation, via app stores (DONE)
3. Get web app attestation (this proposal)
4. Compile all web apps to webassembly (upcoming)
5. Create a provider-controlled environment on user-supplied devices (partially there)

Only basic extensions and ad blockers will work with compiled apps (Manifest V3 is part of that plan). Accessibility features will be as good as those of Flash.

What most are not liking, is the change in power dynamic on the WWW:

• Before: "you give me some data and I'll decide what to do with it"

• Upcoming: "we'll give you some data and you will do exactly as we tell you with it"

The time might be coming to create a "libre WWW", parallel to the "corporate WWW".

It sounds like most are not liking it because of some potential future abuses rather than what it actually is?

If I, potentially, wanted to abuse a system, I'd probably come up with a way to modify that system such that I can abuse it, but with a plausible explanation as to why I'm not actually going to do that, so that others will agree to it.

But let's assume, for the sake of the argument, that Google and/or the people who wrote this are actually acting in good faith. That still won't stop other large companies like Microsoft, Apple, etc. or even future Google employees from abusing the system later on.

Yes, the potential for abuse is the big deal here. And you know humans, if it can be abused, someone will try.

Maybe somebody can do a better job of boiling this down than I can.

Basically, right now, if you ask for something on the internet, it gets served to you. Sure there are lots of server side protections that may require an account to log in to access things or what have you, but still you can at least request something from a server and get some sort of response in return.

What this does is force attestation through a third party. I can ask for something from a server and the server turns to the attester and goes, "Hey, should I give this guy what he's asking for?" and the attester can say "No" for whatever reasons it might. Or worse yet, I can get the attestation but the server can then decide based in turn that it doesn't like me having that attestation and I get nothing.

You can make arguments that this would be good and useful, but it's so easy to see how this could go sideways and nobody with any sense should be taking Google or any of these large corporations at their word.

Ah yes, Google pinky promises it won't use this to screw us over, we're good to go!

Your hardware and OS already gets asked to verify whether it's safe to run an app on it (see: banking apps).

Same thing, but now with web browsers.

I think that the main difference is that with SSL you only encrypt the data, and then you can modify at will(as in making changes to every page your browser renders - ad block, grease monkey like extensions etc. With DRM, you won't be able to modify the pages at all