logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: 102e29d4a9ceeea56a472f25ca31e565721c2913
parent e44082559a962785e9c16d72def43ef9ec3d5e7a
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Wed,  2 Aug 2023 06:50:36 +0200

articles/google-web-environment-integrity-illegal: DefectiveByDesign response; Update on breakability


Diffstat:


Marticles/google-web-environment-integrity-illegal.xml7++++++-


1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/articles/google-web-environment-integrity-illegal.xml b/articles/google-web-environment-integrity-illegal.xml
@@ -3,7 +3,7 @@
 <link rel="alternate" type="text/html" href="/articles/google-web-environment-integrity-illegal"/>
 <id>https://hacktivis.me/articles/google-web-environment-integrity-illegal</id>
 <published>2023-07-26T22:18:38Z</published>
-<updated>2023-07-27T01:53:34Z</updated>
+<updated>2023-08-02T04:48:34Z</updated>
 <link rel="external replies" type="application/activity+json" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
 <link rel="external replies" type="text/html" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
 <content type="xhtml">
@@ -22,11 +22,16 @@
 	Or, to reform laws like the DMCA to defang Google's "Web Environment Integrity", for example with adding an exception for interoperability.
 </p>
 
+<p>
+	Update: But that would be with assuming WEI is breakable in a way or another, which simply might just not be. At least no one broke <a href="https://en.wikipedia.org/wiki/SafetyNet_API">Google SafetyNet</a> yet and it might simply not be breakable, like if you would need to break client-side x509 certificates delivered by Google.
+</p>
+
 <h2>See Also</h2>
 <ul>
 	<li><a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md">Web Environment Integrity Specification</a> (<a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/raw/main/explainer.md">plain-text to avoid JS</a>)</li>
 	<li>Vivaldi: <a href="https://vivaldi.com/blog/googles-new-dangerous-web-environment-integrity-spec/">Unpacking Google’s new “dangerous” Web-Environment-Integrity specification</a> (note: Vivaldi is proprietay software)</li>
 	<li>Mozilla: <a href="https://github.com/mozilla/standards-positions/issues/852">Request for Position: Web Environment Integrity API</a> (rather internal)</li>
+	<li>FSF/DefectiveByDesign: <a href="https://www.defectivebydesign.org/blog/web_environment_integrity_is_an_all_out_attack_on_free_internet">"Web Environment Integrity" is an all-out attack on the free Internet</a> (sadly it's a very weak article, client-attestation on the web is put as merely shameful…)</li>
 </ul>
 
 </div>