the API is called Web Environment Integrity, and it’s a way to kill ad blockers first and a Google ecosystem lock-in mechanism second, with no other practical use case I can find

  • self@awful.systemsOP
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    1 year ago

    if anyone hasn’t read it yet, the goals and non-goals sections of the “explainer” are a joke that mostly contradict the rest of the document, and seem like a late addition to muddy the waters in online discussions when they realized how unpopular this idea would be. the entire thing gives me crypto whitepaper vibes in that it’s an intentionally dishonest representation of a technology nobody but google wants

    also, the actual spec isn’t even a first draft, almost like other browser vendors supporting or even understanding this thing is an unlisted non-goal. it’s much worse if they do though: implementing this thing requires your browser to keep a connection to a google-approved attester, which will receive a live feed of the requests leaving your browser; ie, it’ll have your live browsing history. for some reason (by design), when the explainer talks about cross-site tracking, it only talks about methods to prevent the web server from doing it, other than this paragraph of nonsense:

    User agents will not provide any browsing information to attesters when requesting a token. We are researching an issuer-attester split that prevents the attester from tracking users at scale, while allowing for a limited number of attestations to be inspected for debugging—with transparency reporting and auditability.

    only a couple of paragraphs before this, the doc describes what the attester receives and signs as a “content binding”, which… seems to be a set of browsing information for the page you’re on

    e: oh yeah, that’s one of the only places they mention the concept of a token issuer at all. they don’t actually describe what it is, and I can’t figure out the value of splitting it from the attester if the token has to contain your browsing data — either way, both systems get a copy of it

    • Steve@awful.systems
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I couldn’t read past the example scenarios in the introduction. I read “bad actors” and it’s enough to know that they are avoiding thinking, or at least talking, about the realities of what they are making.

  • Steve@awful.systems
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    This is why every full-stack engineer who celebrates the chromium browser dominance because they don’t have to worry about css and js browser compatibility should be slapped. The I/O conference is the biggest ad disguised as a “we care about the web” community event of them all.

    • Steve@awful.systems
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Google meet is the only product on the web I’ve seen in the last 5 years that still says “these features don’t work in your browser”

      • Steve@awful.systems
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Gecko and WebKit are open-source. If google cared about the web they’d contribute to the other engines as well.

        • self@awful.systemsOP
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          I see you have also been forced to use google tech and consume google’s awful developer docs and deal with their laughable UIs (how does anyone use google analytics for any purpose?) because the only thing corporations are comfortable with is garbage as far as the eye can see

            • self@awful.systemsOP
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              it’s a terrible day when you realize the stack for a new project was chosen based only on google’s unearned reputation for making good software