Google is developing something called Web Environment Integrity (WEI) and people are upset about it. Links on that below. Here, let's look at WEI and see what it is.
"With the web environment integrity API, websites will be able to request a token that attests key facts about the environment their client code is running in. For example, this API will show that a user is operating a web client on a secure Android device. Tampering with the attestation will be prevented by signing the tokens cryptographically."
Google wants this because it runs major sites that make money from advertising, but it can't guarantee its ads are being seen by actual humans rather than bots.
"It is expected that the attesters will typically come from the operating system (platform) as a matter of practicality, however this explainer does not prescribe that. For example, multiple operating systems may choose to use the same attester."
"Example use cases: Detect social media manipulation and fake engagement. Detect non-human traffic in advertising to improve user experience and access to web content. Detect phishing campaigns (e.g. webviews in malicious apps). Detect bulk hijacking attempts and bulk account creation. Detect large scale cheating in web based games with fake clients. Detect compromised devices where user data would be at risk. Detect account takeover attempts by identifying password guessing."
"How it works: The web page executing in a user's web browser. A third party that can 'attest' to the device a web browser is executing on, referred to as the attester. The web developers server which can remotely verify attestation responses and act on this information."
There are no comments yet.