this post was submitted on 03 Nov 2023
21 points (92.0% liked)

Hacker News

4123 readers
1 users here now

This community serves to share top posts on Hacker News with the wider fediverse.

Rules0. Keep it legal

  1. Keep it civil and SFW
  2. Keep it safe for members of marginalised groups

founded 1 year ago
MODERATORS
 

There is a discussion on Hacker News, but feel free to comment here as well.

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago (1 children)

So, they've "abandoned" WEI, but are now pursuing Android WebView Media Integrity API instead.

As a complete novice, that has a very limited understanding of how Andriod WebView operates or how prevalent it is within the system. (I gather, it's a base to build browsers on?)

If I was an Andriod owner that used Firefox, how would this effect me? Would this be any different than using Chrome or something like Vivaldi?

Thanks!

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Not sure how prevalent it is, but less than Apple's equivalent. In Android the browser can use their own rendering engine, on IOs all use Safari's WebKit. That said... this was going to change not sure.maybe already happened.

[–] [email protected] 1 points 1 year ago

This is the best summary I could come up with:


Google intended its Web Environment Integrity API, announced on a developer mailing list in May, to serve as a way to limit online fraud and abuse without enabling privacy problems like cross-site tracking or browser fingerprinting.

That is to say, the API would allow websites to figure out if they were being visited by a legit user in a normal browser as opposed to a page-scraping bot masquerading as a real person or some malicious software bent on fraudulently viewing and clicking on ads and doing other bad stuff.

Apple incidentally has already shipped its own attestation scheme called Private Access Tokens, which while it presents some of the same concerns is arguably less worrisome than Google's proposal because Safari's overall share of the web browser market across all devices is far lower than Chrome's.

And its YouTube subsidiary's scanning of client browsers for ad blocking extensions also represents a form of attestation or integrity check, albeit where what's evaluated is installed software rather than a cryptographic token.

Google's plan was to prototype the Web Environment Integrity API in Chromium, the open source foundation of Chrome as well as Edge, Brave, Vivaldi, and various other browsers – though not Firefox or Safari.

But following the publication of a working draft specification in July, a flood of critical feedback from the technical community, both on the project's issues forum and on social media channels put Google on the defensive.


The original article contains 746 words, the summary contains 238 words. Saved 68%. I'm a bot and I'm open source!