Google’s proposal for a Web Environment Integrity API, tagged as a DRM-like system by users, has sparked widespread worry among Internet users. The idea, introduced by four Google workers in the “Web Environment Integrity Explainer” on GitHub, suggests implementing a token system to assess the authenticity of a device and browser session. While Google claims it is meant to combat malicious activity, many users see it as a potential form of DRM (Digital Rights Management), or a DRM-like system, that could restrict access and undermine the web’s openness.
The proposal suggests that websites could request a token to ascertain trust over visitors and their device environment. Bypassing an “environment attestation” test, users would be granted an “IntegrityToken,” indicating an unmodified and clean environment. The API aims to detect and prevent social media fake engagement, non-human traffic, phishing campaigns, bulk hijacking attempts, and other malicious activities without relying on device IDs or unique identifiers.
Google’s intentions about DRM-like system
Google, or the authors behind the proposal, emphasize that the API is not meant to collect device IDs or personally identifiable information. Instead, it aims to safeguard against cybersecurity threats and protect sensitive data. Similar functionality already exists in the Android Play Integrity API, which checks for rooted devices to ensure secure access for certain apps like banking and video streaming services.
Since the proposal’s publication, the GitHub issues forum has been inundated with complaints from users expressing their concerns. Many view the proposal as a form of DRM, potentially limiting access and control over online content. Some users argue that the API violates the open web’s principles and raises ethical questions. Critics fear that enforcing specific software and attestation tests could hinder user privacy and lead to discriminatory practices.
Ethical and regulatory implications
Opponents of the proposal cite the W3C’s “Code of Ethics and Professional Conduct” and argue that it goes against the principles of a positive work environment at W3C. They believe that forcing individuals to run specific software raises privacy and user choice concerns, and some even suggest that it could warrant investigation by regulatory bodies like the EU.
As of now, Google has not responded to the criticism and concerns raised by the proposed Web Environment Integrity API. Users and stakeholders await further updates from the company to understand its stance and potential adjustments to the proposal.
Google’s Web Environment Integrity API proposal has sparked controversy and concern among Internet users. While Google emphasizes its intention to combat malicious activities and protect sensitive data, critics fear that the API could act as a form of DRM and restrict access to online content. The discussions surrounding the proposal underscore the importance of balancing security measures with maintaining the principles of an open and inclusive web environment.
Note: The image depicts a frustrated and stressed user while attempting to use the Google anti-malware device