Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

WEI is a way to cryptographically prove to a remote website that you're really browsing it with an unmodified build of Chrome. Google hasn't said out loud yet that it's going to be used to block other browsers, but what else is there to use it for?


I don't think that's what it does. Where did you read that?


I'm curious, what do you think it does?

https://en.wikipedia.org/wiki/Web_Environment_Integrity

The use it to validate if the browser you are using is one of their signed binaries.

Of course the original intention was to detect fraudulent ad clicks, but the reality will that you will be met by captchas every step of the way if you dare to compile your own binary.


https://vivaldi.com/blog/googles-new-dangerous-web-environme... says:

> It would provide websites with an API telling them whether the browser and the platform it is running on that is currently in use is trusted by an authoritative third party (called an attester).

And https://www.xda-developers.com/google-web-environment-integr... says:

> The proposal threatens the free and open internet in a number of ways, but one of the biggest revolves around the fact that should there be a central server that attests to whether a browser can be trusted or not, it means that anything non-standard will not be trusted. In other words, new browsers would not be trusted, and legacy software would no longer be able to access much of the internet after a certain length of time. Given that it verifies the integrity of the browser, it could also technically block certain extensions (such as Adblock) if Google were to go down that route.


I understand what it could be used for - DNS and PKI as centralised structures could also be used to block things. Parler was kicked off all cloud platforms for political reasons.

But that doesn't mean that its sole purpose is to verify that you're using an official Chrome build.


DNS and PKI have a lot of other purposes, though. What other purposes for WEI can you think of?


that's what it does, it's called attestation.

It's being used to be able to tell bots from humans. A human will be required to run a browser with proper attestation that they're a human. It can be used for good (prevent bots from accessing the site) and bad (prevent humans from using anything but chrome).


How does that relate to this statement:

> WEI is a way to cryptographically prove to a remote website that you're really browsing it with an unmodified build of Chrome

What you're saying (and what I read) appears much more general than that. It could be used to block anything but official builds of Chrome, but that doesn't mean that's what it's for.


That's essentially what I said.

It's like a knife, it has lots of uses, one of them is to kill people.


The thread makes this clear. I'm arguing that "You can only use chrome to view this site." is not the only use. You seem to be agreeing, but adversarially.


well I guess fuck me for attempting to explain, no good deed goes unpunished.

adversarial indeed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: