Google has proposed forcing a controversial Web Environment Integrity API (WEI) into Chromium. What this means, in a nutshell, is that users can be denied access for using non-approved browsers or hardware.
The WEI is effectively a Digital Rights Management (DRM) created in response to the death of Cookies. Digital rights management (DRM) is the use of technology to control and manage access to copyrighted material. The objective of a DRM is to protect content from unwanted access, distribution, or modification.
In other words, WEI API aims to ensure browsers have not been modified and that content on a webpage is accessed by an actual person. Basically, this means that Ad blockers and other custom extensions will simply no longer be allowed to run. Remember, Google’s largest income earner is revenue from Ads served on visiting websites. However, this business model is now threatened by AI and the widespread usage of ad blockers.
In the recent past, tech-savvy individuals have been using AI to scrap information from web pages. Others have used AD blocking extensions to prevent ad insertion scripts from running. Thus, it appears Google has been forced to develop the WEI API.
The goal of the project is to learn more about the person accessing content via web browser. It aims to ensure the user is not a robot. In addition, WEI will make sure the browser hasn’t been modified or tampered with in any unapproved ways. According to Google, the data will help advertisers to better count ad impressions, stop social network bots, enforce intellectual property rights, stop cheating in web games, and help financial transactions be more secure.
Any modified browser will be rendered useless. Effectively, Google wants to ensure Google Ads run on a webpage.
WEI Draws Inspiration From Mobile APIs
Based on Google’s team on admission the WEI takes inspiration from mobile experience. “This explainer takes inspiration from existing native attestation signals such as App Attest and the Play Integrity API,” wrote the team.
Android’s Integrity API verifies that your device isn’t rooted, no matter what you may use that root access for. For rooted Android devices the API will state that your device does not pass checks. Hence, people with rooted mobile phones cannot use a lot of services on their smartphones.
The proposal outlines the flow of how accessing content on a website would work. It will require a third-party certifying server. This server would most likely be owned by Google itself. When you request a webpage as you do normally, you will be taken to a test. The test is to certify your browser has not been modified and meets standard requirements.
Upon passing the “tests” you will gain access to the webpage. Failure to meet standard requirements means you will be denied access.
This proposal appears to be a threat to free, accessible, and open internet access. Having to go through a single server for verification may lock out many users. For example, people accessing the Internet on legacy browsers will not granted access to webpages. Furthermore, this centralization could give the tech giant unparalleled control over user access and data, increasing concerns about user privacy.
WEI may give the company too much control. First, Google owns Chrome, the most used browser. Secondly, it runs the largest search engine and controls the biggest web advertising network.
For now, WEI is being prototyped inside Chrome itself.