logo

blog

My website can't be that messy, right? git clone https://anongit.hacktivis.me/git/blog.git/

google-web-environment-integrity-illegal.xml (3140B)

    

  1. <!--
  2. Copyright © 2014 Haelwenn (lanodan) Monnier
  3. SPDX-License-Identifier: LAL-1.3
  4. -->
  5. <entry>
  6. <title>The anti-competitive "Web Environment Integrity" by Google needs to rendered illegal</title>
  7. <link rel="alternate" type="text/html" href="https://hacktivis.me/articles/google-web-environment-integrity-illegal"/>
  8. <id>https://hacktivis.me/articles/google-web-environment-integrity-illegal</id>
  9. <published>2023-07-26T22:18:38Z</published>
  10. <updated>2023-08-02T04:48:34Z</updated>
  11. <link rel="external replies" type="application/activity+json" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
  12. <link rel="external replies" type="text/html" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
  13. <content type="xhtml">
  14. <div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="h-entry">
  15. <p><strong>Using Firefox or any other browser, isn't going to do anything against "Web Environment Integrity"</strong></p>
  17. <p>
  18. 	Let's say <strong>again</strong> what DRM and other broken-by-design copyright protections mechanisms under the DMCA means:
  19. 	<ul>
  20. 		<li>Circumventing the DRM is illegal</li>
  21. 		<li>Typically if you're not an authorized vendor, you cannot legally implement the DRM</li>
  22. 	</ul>
  23. </p>
  25. <p>
  26. 	So for the web, this effectively means that alternative browsers will either be incompatible with a lot more websites, or be effectivelly part of the grey/black market.<br />
  27. 	The only way forward is to go against Google in an anti-trust lawsuit, after all trying to render other implementations illegal probably couldn't be more anti-competitive.
  28. 	Or, to reform laws like the DMCA to defang Google's "Web Environment Integrity", for example with adding an exception for interoperability.
  29. </p>
  31. <p>
  32. 	Update: But that would be with assuming WEI is breakable in a way or another, which simply might just not be. At least no one broke <a href="https://en.wikipedia.org/wiki/SafetyNet_API">Google SafetyNet</a> yet and it might simply not be breakable, like if you would need to break client-side x509 certificates delivered by Google.
  33. </p>
  35. <h2>See Also</h2>
  36. <ul>
  37. 	<li><a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md">Web Environment Integrity Specification</a> (<a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/raw/main/explainer.md">plain-text to avoid JS</a>)</li>
  38. 	<li>Vivaldi: <a href="https://vivaldi.com/blog/googles-new-dangerous-web-environment-integrity-spec/">Unpacking Google’s new “dangerous” Web-Environment-Integrity specification</a> (note: Vivaldi is proprietay software)</li>
  39. 	<li>Mozilla: <a href="https://github.com/mozilla/standards-positions/issues/852">Request for Position: Web Environment Integrity API</a> (rather internal)</li>
  40. 	<li>FSF/DefectiveByDesign: <a href="https://www.defectivebydesign.org/blog/web_environment_integrity_is_an_all_out_attack_on_free_internet">"Web Environment Integrity" is an all-out attack on the free Internet</a> (sadly it's a very weak article, client-attestation on the web is put as merely shameful…)</li>
  41. </ul>
  43. </div>
  44. </content>
  45. </entry>