Google WEI (Web Environment Integrity) is a new project that the Internet giant is working on. According to those responsible, it has the objective of making the web “more private and secure” combating fraud and abuse, and ultimately improving the ‘integrity of the ecosystem’ that it promises. A laudable objective, on paper, because some competitors and analysts believe that it is a “DRM for terrible and dangerous websites”what to get going it will end the free and open web we know.
What is Google WEI
Google has posted an explanatory document on GitHub explaining their proposal. Describes the importance of websites and trust in the client environment in which they runthat is, your web browser and operating system and your methods to protect user data, intellectual property and the rest of the ecosystem components.
The Mountain View company points out that users are concerned about the authenticity of interactions on social websites, that is, fake interactions (likes, comments…) that are used to promote news, publications, products, etc. The document mentions that it is a costly ordeal to maintain portals on the web and that advertisements help ease their burden. But they are intended for humans, i.e. users, and not for fake clicks from bots.
He also cites other examples, such as online game players who may want to know if other players on the platform are using legitimate software to comply with the rules of the game. Basically, these are anti-cheat tools to prevent cheaters from ruining the experience. The goal of Google WEI goes that way, avoid fake interactions on websites of these bots helping websites to verify that the visitor to their domain is not a machine, but a real user.
Google also plays the always helpful card of the security, claiming that users can be tricked into installing malware that mimics genuine apps like banking apps, which in turn could steal user data, identity, or enable phishing attacks. According to the company, its project would help avoid mass account hijackings, password guessing attempts (password stuffing) and would also detect compromised devices where user data could be at risk.
The implementation of Google WEI would occur through a API installed on websites that would allow to verify the authenticity of the visitors. When a user tries to access a web page, the site will request a token that certifies the client’s environment. A third-party server acting as a certifier would test access and sign the token. If it fails the test, you would not be able to access the website.
great controversy
Mozilla, responsible for the Firefox web browser and other developments, has opened the faucet of criticism of the Google project. The Foundation strongly opposes this Web Environment Integrity API, believing that any attempt to restrict the choices of common web standards is detrimental to the open web ecosystem.
It also notes that detection of non-human traffic could negatively affect assistive technologies, automated tests, and search engine spiders. Agreeing that fraud and invalid traffic detection is a problem, Mozilla says that the Web Environment Integrity API is not the solution for these problems and it will bring other important damages.
Vivaldi has posted a more forceful response, posing questions like would Microsoft be the gatekeeper of the Windows Store? Will Apple be the witness on Mac? He also speculates how this might affect Linux users if Canonical, Ubuntu’s parent company, became the certifier for all Linux distributions.
In an interview with The RegisterJon von Tetzchner, CEO of Vivaldi, criticized Google’s idea: “A lot of the reason there’s a problem is the surveillance economy, and the solution to the surveillance economy seems to be more vigilance…«. The executive explains that “The surveillance economy is highly toxic and has created significant problems for society. It doesn’t make any sense to use it and there are other ways of advertising that work just as well. But there is a lot of money at stake for certain companies and they don’t want to give up what they have.”.
criticism is common. As it stands, Google WEI will curtail users’ freedom of choice and privacy. And much more power for Google on the Internet. Many users should be concerned that the method that Google proposes to generate “trust” also further consolidate control of the Internet in the hands of a few major players (such as Google), make it easy for sites to block visitors through ad blockers or others. plugins and generally bring about the end of the “open” web as we know it.
It is certain that other browser vendors such as Brave, DuckDuckGo or Opera will join the fight against this web environment integrity API. Apple already has its own certification method, while Microsoft will surely be on stand-by if it can use it to promote its Edge browser.
And the opinion of the regulars would be missing. It is likely that in its current state Google WEI does not comply with the rules of the European Union regarding the choice of browsers. The provider that did not implement the API would fail the certification process and be out of the game. It is still early to further assess Google’s proposal. With its problems, it is not clear that the company is going to implement it in Chrome, much less convince the rest.
