Write to your country’s anti-trust body if you feel Google is unilaterally going after the open web with WEI (content below taken from HN thread https://news.ycombinator.com/item?id=36880390).
Google has proposed a new Web Environment Integrity standard, outlined here: https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md
This standard would allow Google applications to block users who are not using Google products like Chrome or Android, and encourages other web developers to do the same, with the goal of eliminating ad blockers and competing web browsers.
Google has already begun implementing this in their browser here: https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd
Basic facts:
Google is a developer of popular websites such as google.com and youtube.com (currently the two most popular websites in the world according to SimilarWeb)
Google is the developer of the most popular browser in the world, Chrome, with around 65% of market share. Most other popular browsers are based on Chromium, also developed primarily by Google.
Google is the developer of the most popular mobile operating system in the world, Android, with around 70% of market share.
Currently, Google’s websites can be viewed on any web-standards-compliant browser on a device made by any manufacturer. This WEI proposal would allow Google websites to reject users that are not running a Google-approved browser on a Google-approved device. For example, Google could require that Youtube or Google Search can only be viewed using an official Android app or the Chrome browser, thereby noncompetitively locking consumers into using Google products while providing no benefit to those consumers.
Google is also primarily an ad company, with the majority of its revenue coming from ads. Google’s business model is challenged by browsers that do not show ads the way Google intends. This proposal would encourage any web developer using Google’s ad services to reject users that are not running a verified Google-approved version of Chrome, to ensure ads are viewed the way the advertiser wishes. This is not a hypothetical hidden agenda, it is explicitly stated in the proposal:
“Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they’re human, sometimes through tasks like challenges or logins.”
The proposed solution here is to allow web developers to reject any user that cannot prove they have viewed Google-served ads with their own human eyes.
It is essential to combat this proposal now, while it is still in an early stage. Once this is rolled out into Chrome and deployed around the world, it will be extremely difficult to rollback. It may be impossible to prevent this proposal if Google is allowed to continue owning the entire stack of website, browser, operating system, and hardware.
Thank you for your consideration of this important issue.
Allow web servers to evaluate the authenticity of the device and honest representation of the software stack and the traffic from the device.
Offer an adversarially robust and long-term sustainable anti-abuse solution.
Don’t enable new cross-site user tracking capabilities through attestation.
Continue to allow web browsers to browse the Web without attestation.
###Non-goals
Enable reliable client-side validation of verdicts: Signatures must be validated server-side, as client javascript may be modified to alter the validation result.
Enforce or interfere with browser functionality, including plugins and extensions.
Access to this functionality from non-Secure Contexts.
The workflow does not involve checking or blocking extensions. It operates closer to SSL certs. The webpage asks the browser to prove its identity. The browser generates a token. A trusted third party (attester) signs the token. It sends that back to the webpage. The webpage decides if the token is legitimate and if they trust the third party.
The ability to use extensions which alter the contents of the webpage is still allowed if the browser allows it. This standard just verifies the identity of the browser.
It still will cause issues for the Internet, though. Small browsers would likely be unable to afford paying for the attesters. Fingerprinting would be much easier and WEI doesn’t have a method to prevent high entropy. Attesters would be able to track each user and the sites they are visiting.
I could see charging like 1000 rupees to deter frivolous complaints, but up to $500,000 is absurd.
Seems like the system is only meant for B2B complaints. B2B antitrust complaints where the offended party still has enough money to drop half a million USD on an antitrust complaint.
do you have a link for canada?
Google sent me here https://www.ic.gc.ca/eic/site/cb-bc.nsf/frm-eng/GHÉT-7TDNA5
Thanks, just filed a complaint.
Done for Switzerland 👍🏻
This standard doesn’t affect ad blockers.
The workflow does not involve checking or blocking extensions. It operates closer to SSL certs. The webpage asks the browser to prove its identity. The browser generates a token. A trusted third party (attester) signs the token. It sends that back to the webpage. The webpage decides if the token is legitimate and if they trust the third party.
The ability to use extensions which alter the contents of the webpage is still allowed if the browser allows it. This standard just verifies the identity of the browser.
It still will cause issues for the Internet, though. Small browsers would likely be unable to afford paying for the attesters. Fingerprinting would be much easier and WEI doesn’t have a method to prevent high entropy. Attesters would be able to track each user and the sites they are visiting.
Don’t know about others, but it seems you need to pay money to file antitrust complaints in India. From the link you mentioned:
Woah, those go from expensive to absurd.
I could see charging like 1000 rupees to deter frivolous complaints, but up to $500,000 is absurd.
Seems like the system is only meant for B2B complaints. B2B antitrust complaints where the offended party still has enough money to drop half a million USD on an antitrust complaint.
Half a million rupees, not USD. It comes up to be over ~6000USD, which is still too high. That’s the price of a brand-new small car in India.