logo

blog

My website can't be that messy, right? git clone https://anongit.hacktivis.me/git/blog.git/

google-web-environment-integrity-illegal.xml (3036B)


  1. <entry>
  2. <title>The anti-competitive "Web Environment Integrity" by Google needs to rendered illegal</title>
  3. <link rel="alternate" type="text/html" href="https://hacktivis.me/articles/google-web-environment-integrity-illegal"/>
  4. <id>https://hacktivis.me/articles/google-web-environment-integrity-illegal</id>
  5. <published>2023-07-26T22:18:38Z</published>
  6. <updated>2023-08-02T04:48:34Z</updated>
  7. <link rel="external replies" type="application/activity+json" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
  8. <link rel="external replies" type="text/html" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
  9. <content type="xhtml">
  10. <div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="h-entry">
  11. <p><strong>Using Firefox or any other browser, isn't going to do anything against "Web Environment Integrity"</strong></p>
  12. <p>Let's say <strong>again</strong> what DRM and other broken-by-design copyright protections mechanisms under the DMCA means:
  13. <li>Circumventing the DRM is illegal</li>
  14. <li>Typically if you're not an authorized vendor, you cannot legally implement the DRM</li>
  15. </p>
  16. <p>
  17. So for the web, this effectively means that alternative browsers will either be incompatible with a lot more websites, or be effectivelly part of the grey/black market.<br />
  18. The only way forward is to go against Google in an anti-trust lawsuit, after all trying to render other implementations illegal probably couldn't be more anti-competitive.
  19. Or, to reform laws like the DMCA to defang Google's "Web Environment Integrity", for example with adding an exception for interoperability.
  20. </p>
  21. <p>
  22. Update: But that would be with assuming WEI is breakable in a way or another, which simply might just not be. At least no one broke <a href="https://en.wikipedia.org/wiki/SafetyNet_API">Google SafetyNet</a> yet and it might simply not be breakable, like if you would need to break client-side x509 certificates delivered by Google.
  23. </p>
  24. <h2>See Also</h2>
  25. <ul>
  26. <li><a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md">Web Environment Integrity Specification</a> (<a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/raw/main/explainer.md">plain-text to avoid JS</a>)</li>
  27. <li>Vivaldi: <a href="https://vivaldi.com/blog/googles-new-dangerous-web-environment-integrity-spec/">Unpacking Google’s new “dangerous” Web-Environment-Integrity specification</a> (note: Vivaldi is proprietay software)</li>
  28. <li>Mozilla: <a href="https://github.com/mozilla/standards-positions/issues/852">Request for Position: Web Environment Integrity API</a> (rather internal)</li>
  29. <li>FSF/DefectiveByDesign: <a href="https://www.defectivebydesign.org/blog/web_environment_integrity_is_an_all_out_attack_on_free_internet">"Web Environment Integrity" is an all-out attack on the free Internet</a> (sadly it's a very weak article, client-attestation on the web is put as merely shameful…)</li>
  30. </ul>
  31. </div>
  32. </content>
  33. </entry>