logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git

google-web-environment-integrity-illegal.xml (3016B)

    

  1. <entry>
  2. <title>The anti-competitive "Web Environment Integrity" by Google needs to rendered illegal</title>
  3. <link rel="alternate" type="text/html" href="/articles/google-web-environment-integrity-illegal"/>
  4. <id>https://hacktivis.me/articles/google-web-environment-integrity-illegal</id>
  5. <published>2023-07-26T22:18:38Z</published>
  6. <updated>2023-08-02T04:48:34Z</updated>
  7. <link rel="external replies" type="application/activity+json" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
  8. <link rel="external replies" type="text/html" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
  9. <content type="xhtml">
  10. <div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="h-entry">
  11. <p><strong>Using Firefox or any other browser, isn't going to do anything against "Web Environment Integrity"</strong></p>
  13. <p>Let's say <strong>again</strong> what DRM and other broken-by-design copyright protections mechanisms under the DMCA means:
  14. 	<li>Circumventing the DRM is illegal</li>
  15. 	<li>Typically if you're not an authorized vendor, you cannot legally implement the DRM</li>
  16. </p>
  18. <p>
  19. 	So for the web, this effectively means that alternative browsers will either be incompatible with a lot more websites, or be effectivelly part of the grey/black market.<br />
  20. 	The only way forward is to go against Google in an anti-trust lawsuit, after all trying to render other implementations illegal probably couldn't be more anti-competitive.
  21. 	Or, to reform laws like the DMCA to defang Google's "Web Environment Integrity", for example with adding an exception for interoperability.
  22. </p>
  24. <p>
  25. 	Update: But that would be with assuming WEI is breakable in a way or another, which simply might just not be. At least no one broke <a href="https://en.wikipedia.org/wiki/SafetyNet_API">Google SafetyNet</a> yet and it might simply not be breakable, like if you would need to break client-side x509 certificates delivered by Google.
  26. </p>
  28. <h2>See Also</h2>
  29. <ul>
  30. 	<li><a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md">Web Environment Integrity Specification</a> (<a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/raw/main/explainer.md">plain-text to avoid JS</a>)</li>
  31. 	<li>Vivaldi: <a href="https://vivaldi.com/blog/googles-new-dangerous-web-environment-integrity-spec/">Unpacking Google’s new “dangerous” Web-Environment-Integrity specification</a> (note: Vivaldi is proprietay software)</li>
  32. 	<li>Mozilla: <a href="https://github.com/mozilla/standards-positions/issues/852">Request for Position: Web Environment Integrity API</a> (rather internal)</li>
  33. 	<li>FSF/DefectiveByDesign: <a href="https://www.defectivebydesign.org/blog/web_environment_integrity_is_an_all_out_attack_on_free_internet">"Web Environment Integrity" is an all-out attack on the free Internet</a> (sadly it's a very weak article, client-attestation on the web is put as merely shameful…)</li>
  34. </ul>
  36. </div>
  37. </content>
  38. </entry>