google-web-environment-integrity-illegal.xml (3036B)
- <entry>
- <title>The anti-competitive "Web Environment Integrity" by Google needs to rendered illegal</title>
- <link rel="alternate" type="text/html" href="https://hacktivis.me/articles/google-web-environment-integrity-illegal"/>
- <id>https://hacktivis.me/articles/google-web-environment-integrity-illegal</id>
- <published>2023-07-26T22:18:38Z</published>
- <updated>2023-08-02T04:48:34Z</updated>
- <link rel="external replies" type="application/activity+json" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
- <link rel="external replies" type="text/html" href="https://queer.hacktivis.me/objects/c0c97e5d-e74b-4f72-a885-3ad17407f7ff" />
- <content type="xhtml">
- <div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="h-entry">
- <p><strong>Using Firefox or any other browser, isn't going to do anything against "Web Environment Integrity"</strong></p>
- <p>Let's say <strong>again</strong> what DRM and other broken-by-design copyright protections mechanisms under the DMCA means:
- <li>Circumventing the DRM is illegal</li>
- <li>Typically if you're not an authorized vendor, you cannot legally implement the DRM</li>
- </p>
- <p>
- So for the web, this effectively means that alternative browsers will either be incompatible with a lot more websites, or be effectivelly part of the grey/black market.<br />
- The only way forward is to go against Google in an anti-trust lawsuit, after all trying to render other implementations illegal probably couldn't be more anti-competitive.
- Or, to reform laws like the DMCA to defang Google's "Web Environment Integrity", for example with adding an exception for interoperability.
- </p>
- <p>
- Update: But that would be with assuming WEI is breakable in a way or another, which simply might just not be. At least no one broke <a href="https://en.wikipedia.org/wiki/SafetyNet_API">Google SafetyNet</a> yet and it might simply not be breakable, like if you would need to break client-side x509 certificates delivered by Google.
- </p>
- <h2>See Also</h2>
- <ul>
- <li><a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md">Web Environment Integrity Specification</a> (<a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/raw/main/explainer.md">plain-text to avoid JS</a>)</li>
- <li>Vivaldi: <a href="https://vivaldi.com/blog/googles-new-dangerous-web-environment-integrity-spec/">Unpacking Google’s new “dangerous” Web-Environment-Integrity specification</a> (note: Vivaldi is proprietay software)</li>
- <li>Mozilla: <a href="https://github.com/mozilla/standards-positions/issues/852">Request for Position: Web Environment Integrity API</a> (rather internal)</li>
- <li>FSF/DefectiveByDesign: <a href="https://www.defectivebydesign.org/blog/web_environment_integrity_is_an_all_out_attack_on_free_internet">"Web Environment Integrity" is an all-out attack on the free Internet</a> (sadly it's a very weak article, client-attestation on the web is put as merely shameful…)</li>
- </ul>
- </div>
- </content>
- </entry>