Google Web Environment Integrity Is the New Microsoft Trusted Computing

&gt; It’s not impossible to win this fight, we won the fight against Palladium, even with a well-resourced Microsoft combined with the PC industry, if not the NSA and MPAA.<p>Actually it was a pyrrhic victory, as Microsoft went on to apply their ideas to XBox, Azure Sphere, and now the change is coming back as future Windows hardware requirements for secure workstations via Pluton integration.<p><a href="https:&#x2F;&#x2F;www.microsoft.com&#x2F;en-us&#x2F;security&#x2F;blog&#x2F;2020&#x2F;11&#x2F;17&#x2F;meet-the-microsof-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.microsoft.com&#x2F;en-us&#x2F;security&#x2F;blog&#x2F;2020&#x2F;11&#x2F;17&#x2F;mee...</a><p>I bet mostly UNIX focused folks haven&#x27;t noticed that their next PC might have a Pluton CPU on them.<p><a href="https:&#x2F;&#x2F;www.thurrott.com&#x2F;hardware&#x2F;260917&#x2F;here-come-the-first-pcs-with-microsofts-pluton-security-chip" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.thurrott.com&#x2F;hardware&#x2F;260917&#x2F;here-come-the-first...</a>

The problem here is that most people don&#x27;t give a crap. I was explaining this situation to my girlfriend last night over a drink. She&#x27;s a high level academic with a strong mathematical and logical background in a different field but she didn&#x27;t really formulate an opinion on it past <i>&quot;if my stuff keeps working, why is it a problem?&quot;</i>. Which is fair, because it&#x27;s a hypothetical risk, but the side effects are a net negative and the open nature of the web is at risk.<p>As always people see the happy path down the middle of the forest, not the creatures waiting to leap out and eat them two steps down the line.

Its insane that the digital technology of Western world has come to be completely dominated by a couple of advertising companies. The conflicts of interest with societal (including economic) objectives are enormous and the solutions so simple and natural.<p>That such a pivotal issue is not handled competently with the top priority attention it deserves says more about the state of the US polity than the horned man storming the Capitol.

I grew up in India, and the majority of the population doesn&#x27;t have access to the latest hardware. If websites starts implementing these changes, a lot of these people would be cut off from the internet. Most of these people belong to marginalized communities. My country has a history of discriminating people based on their castes, and any progress we have made in this aspect would be destroyed by this change by further limiting the online resources available for people from these communities. This is outrageous.

&gt; Well, guess what? People who root their devices and use custom ROMs like LineageOS (myself included) nowadays hide root from bad apps and can pass these checks anyways. I use Google Pay all the time on my OnePlus 11 running an unofficial LineageOS build, thanks to root hiding. Does Google not realize how commonly bypassed Play Integrity is? In fact, it is easy even on Google’s very own Pixel devices, as someone who previously used multiple generations of Pixel devices, including the Pixel 7.<p>Important to note here that it&#x27;s only possible to &quot;fool&quot; SafetyNet&#x2F;Play Integrity because of compatibility with older devices. The strongest Play Integrity level (MEETS_STRONG_INTEGRITY) is simply not possible to fake on a device with an unlocked bootloader, it&#x27;s just not a big problem right now because most apps do not require it yet, since there are still many old devices that don&#x27;t pass it, because of missing hardware or outdated android versions.<p>Eventually, in a few years, a time will come where the number of non-unlocked devices not compatible with MEETS_STRONG_INTEGRITY will be low enough that apps will start requiring it, and that will be the end of bootloader unlocking for most users that still do it.

No mention of the FSF in regards to this issue is complete without a reference to Stallman&#x27;s Right to Read story:<p><a href="https:&#x2F;&#x2F;www.gnu.org&#x2F;philosophy&#x2F;right-to-read.html" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.gnu.org&#x2F;philosophy&#x2F;right-to-read.html</a><p>He wrote that 26 years ago. It&#x27;s worth reading again just to see how much he got right.

One of the &quot;issues&quot; the this is suppose to address is that advertisers &quot;need&quot; to know that humans are viewing their ads and not some robot.<p>That seems really one sided. To me that indicates that I as a user have a right to know that a human and not a robot is responsible for me seeing this ad. That&#x27;s not the case of course. What this would do is kneecap the enemy&#x2F;users and let the advertisers be the only ones with access to automation and integrity validation.<p>I doubt that many objects to see ads for powertools on a DYI forum or developer tools on Stackoverflow, seems reasonable. The objection is to being bombarded by obvious scams, micro transaction laden mobile games, online casinos and anything that in no way benefits me as a consumer. Google should perhaps focus a bit more on validating the integrity of their consumers i.e. the advertisers.

I doubt it’ll be abandoned so easily. Whilst Google has a track recording of abandoning projects, this doesn’t apply to anything directly related to selling search ads.

I&#x27;d expect world leaders to be more vocally opposed at having their citizens&#x27; (and their own) freedom being singlehandedly restricted by an american company that seems to have huffed authoritarian paint fumes.

Somehow I am not convinced that Ad blockers are such big of a problem for Google. Especially when these are not used much on Mobil, and the world is clearly transitioning to Mobil.<p>Do we know the financial impact ad blockers are thought to have?<p>I’m guessing ad fraud is a way bigger problem, although some would argue that add fraud is not googles problem, it still hurts Google.<p>Maybe it’s also a third thing I just can’t think of right now, ad blocks just seem to niche to me. How about just enforcing a stronger monopoly on user tracking?

Interesting to see a microsoft employee openly rooting for the FSF and the EFF against google. What is going on here?

No ifs, no buts. Stop using Chrome.

It&#x27;s actually worse - Microsoft wanted to use Trusted Computing to sell more software. Google wants to use Environment Integrity to control what you can and can&#x27;t see, hear and say.

I wonder how many HNers angry about this are also some combination of 1) working for bigtech 2) using iOS&#x2F;OSX&#x2F;Android instead of Linux (yeah, I know Android is technically a Linux) 3) using Chrome&#x2F;Safari instead of Firefox and 4) have endorsed, at least in the past, bigtech firms like Google and Cloudflare acting as arbiters of what is&#x2F;is not acceptable content for the internet, and even whether it should be viewable by anyone at all.

&gt; Supposedly, this is to make sure a browser environemnt can be “trusted”, but it seems Google wants this so they can kill ad blockers.<p>How would they kill ad blockers this way? I can just use librewolf browser, sites will detect it and not work. But we already have this in form of Widevine DRM. Spotify does not work in my browser without DRM. They can&#x27;t really force this on google search, because many clients will never support it (older Nokia 3x4 keyboard phones etc).

Interesting thought that this may be a “careful what you wish for” moment:<p>&gt; In many ways, if we get Web Environment Integrity, we’ll need every government to regulate Google, Apple, Microsoft, and adtech in every way possible

This will force fraudsters to build farms of &quot;trusted&quot; devices, with cameras pointing at the display with computer vision and simulated fingers clicking on the ads.

How does Google intend to implement this when they&#x27;ve been preaching for years that there&#x27;s no such thing as 100% uptime? Will they be ready to compensate operators for lost profit during the five minutes plus each year that the internet is unavailable?<p>Or was this an afterthought like everything else in their proposal?

One of the devs is using the CoC to silence criticism, even CoC-based criticism: <a href="https:&#x2F;&#x2F;github.com&#x2F;RupertBenWiser&#x2F;Web-Environment-Integrity&#x2F;issues&#x2F;131">https:&#x2F;&#x2F;github.com&#x2F;RupertBenWiser&#x2F;Web-Environment-Integrity&#x2F;...</a>

Use and support firefox

Firefox once was the only alternative to internet explorer. Then Google came along to become the new and improved alternative to the alternative and it became quite successful. MS eventually threw in the towel and their browser market share is lower than it has ever been. And most of that is now Google Chrome.<p>And now history repeats itself and we have Firefox being the alternative to the mighty Google Chrome and Google emulating more and more of what people hated about Microsoft&#x27;s stewardship of Internet Explorer and dictating to users what they must have their eyeballs exposed to. In Microsoft&#x27;s case that was obnoxious popups and popunders, shitty toolbars, and endless crap they came up with to somehow lock users into all that. Now Google is whining that nobody wants to see their shitty ads (correct) and somehow feels entitled enough that they can dictate browsers to respect their authority regarding what users can and cannot block. It&#x27;s the same behavior. And the fix is the same: abandon the Chrome ecosystem. The more users do that, the more the web will basically remain outside of the control of Google.

This is a really weak argument. Chase &quot;requires&quot; certain OSes because that&#x27;s all the QA and develop for, not for some client trust reason. There&#x27;s no reason for a bank to require a trusted environment, user authentication is sufficient. Trust environments really do matter for other cases and provide security for the user. All good tech has bad applications.

<a href="https:&#x2F;&#x2F;community.qbix.com&#x2F;t&#x2F;transparency-in-government&#x2F;234" rel="nofollow noreferrer">https:&#x2F;&#x2F;community.qbix.com&#x2F;t&#x2F;transparency-in-government&#x2F;234</a><p>All these elites always want to know what we plebs are running. The governments want Venmo to report anything that adds up to over $600 a year to the IRS. FATCA travel rule pushes all countries to do the same, for $1K but FINCEN has lobbied for as low as $250!<p>Meanwhile the Pentagon can’t account for trillions, and both parties give them more money than they even ask for. We have government officials in constant secret meetings, failing to avert disasters, then the plebs have to fight.<p>I say — we should have attestation that the server is running verified code, the one that was audited by third parties that I accept! That would be what I always wanted on the Web. Instead, they only do it the other way.<p>We the People have to rise up and demand that Google implements a standard that uses SGX extensions or whatever, to guarantee that the code managing the website matches the audited code. This is long overdue! It is also why we use smart contracts and Web3 for now.<p>All I really want, on the mobile Web, is a way to visit a URL that has a content hash, and it will load a static file matching a content hash, and save it so it’s always available locally. That’s it! So I can trust the code. Without having to install an extension. Instead Apple clears everything after 7 days, making it useless! And SRI only works for subresources. Which means the server can be hacked and serve malicious code to me anytime!<p><a href="https:&#x2F;&#x2F;arstechnica.com&#x2F;information-technology&#x2F;2022&#x2F;08&#x2F;architectural-bug-in-some-intel-cpus-is-more-bad-news-for-sgx-users&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;arstechnica.com&#x2F;information-technology&#x2F;2022&#x2F;08&#x2F;archi...</a>

I think I have become a web accelerationist. I hope this newest bit of mendacity succeeds and we abandon this flaming disaster that the modern internet will become. The <i>tiny</i> (just depressing how tiny) subset of its useful functionality can be reimplemented in any other system that might come take its place in minutes.

Is everyone ignoring that “holdback” mechanism google is introducing with the idea? Where 5-10% of the traffic behaves as if it did not have attestation enabled, I would like to understand how that does not address the “web DRM” concerns but I can’t find an explanation anywhere

This is the content of a email I have sent to a number of politicians, government agencies, and consumer advocacy groups. You are welcome to use as is, reformat or modify as you see fit, or just generally complain about structure&#x2F;grammar&#x2F;arguments etc.<p>---<p>Dear &lt;&lt;REPLACE&gt;&gt;,<p>I am a &lt;&lt;COUNTRY&gt;&gt; citizen, and I live and vote in &lt;&lt;REPLACE&gt;&gt; district. Professionally I am a software engineer &lt;&lt;blah blah blah years of exp, exp with web etc&gt;&gt;. I am writing to you with a concern about a recent planned change by Google called Web Environment Integrity (WEI). I believe this change is anti-competitive, against the open web, and a risk to our country&#x27;s security agencies.<p>Very simply WEI allows websites to verify the users browser (e.g. Chrome), and potentially the Operating System (e.g. Windows) is official and unmodified, this process is called attestation. Basically how it will work is:<p>1. User navigates to a website 2. The website executes a challenge to the browser (e.g. Chrome) asking for attestation and listing the acceptable attestation services. 3. The browser makes a request to a third-party attestation service (e.g. Google) 4. Software, an attestation agent, runs on the user&#x27;s computer. This software scans files and memory of the user&#x27;s computer or phone and sends back proof, to the attestation service (e.g. Google), the user is running an acceptable, official and unmodified browser and&#x2F;or operating system. 5. Once satisfied, the attestation service issues the user&#x27;s browser a token. 6. The user&#x27;s browser forwards this token to the website 7. The website can use this token to check against the attestation service that the user is indeed running official or unmodified software. 8. The website then permits the user to access the site.<p>In the event the attestation fails or the browser fails to provide a valid token the website will likely deny access to the site.<p>On the face of it it may seem like this is a noble goal, unfortunately it mainly entrenches Google&#x27;s position of power. Google&#x27;s browser Chrome is used by 85% of users, Google search is the most popular search engine, and Google controls the biggest online advertisement service, AdWords. Once implemented Google&#x27;s existing dominance places it in a position to push it onto websites and users. Google could deny access to GMail, Google Maps, and YouTube unless the user has this feature. Google could deny placement of ads, and subsequent payment to website owners unless those accessing their site have WEI enabled.<p>The proposal is bad for the following reasons.<p>1. Limited Attestation Services - Website owners have a list of attestation services they trust. It is extremely unlikely a large number of websites will add Joe Bloggs third-party attestation service as trusted. As a result it is likely only 3 attestation services will exist: Google, Microsoft and Apple. This proposal will further entrench these three companies as owners of the web. This is anti-competitive.<p>2. Prevents alternative browsers - Create a standards compliant browser is a monumental task which is why only a limited number exist Chrome (uses Chromium which is based off Webkit), Safari (based of Webkit), and Firefox (uses its own Gecko browser engine), most others (Brave, Microsoft Edge) use Chromium browser engine under the hood. Currently, apart from the effort, there is nothing preventing a group from creating a brand new browser engine. An extremely dedicate team could create a new browser and all websites would work with it. If WEI was implemented this new browser would need permission from the incumbents otherwise attestation would fail and users would be denied access to, potentially, most of the web. This is anti-competitive.<p>3. Prevents accessibility tools - Some people have additional needs due to disability or age and may use tools like screen readers or text only browsers to navigate the web. This involves additional software which injects itself into the browser in order to provide the functionality. This process, while legitimate, may result in attestation failing, especially after new software updates, and as a result denying marginalized users access to the web. This is against the open web.<p>4. Prevents alternative web crawlers - In order for your website to be listed in Google search an apps called Googlebot and Google crawler need to connect to your website and go through each page, this is then indexed and the results are presented based on relevant search terms. There are other web crawlers by Microsoft&#x2F;Bing and Yandex which do something similar for their search engines. While they are likely to provide themselves attestation tokens in order to continue the service and new company may invent a better way of providing internet search but in order to crawl, with WEI in place, they would need to ask permission from Google to authorize their crawler. This is anti-competitive.<p>5. Prevents legitimate scraping - Similar to crawling there are legitimate uses for scraping, which is extracting data from a webpage by an automated tool for use as some other purpose. One example is the Internet Archive (archive.org) they regularly visit millions of websites around the world take a copy of them for historical purposes. You can use archive.org to view Google&#x27;s first homepage from 1999, or Yahoo! from 1996. WEI prevents new companies or groups from creating novel tools created from legitimate scraping without asking permission from Google first. This is anti-competitive.<p>6. Prevents security agencies from doing their jobs - Government security agencies and police hack, monitor, and scrape, as permissible under law. These actions are performed by expert agents who are also supported by various scripts, bots, and custom built apps. These tools are rapidly modified and continuously changing depending on the operation. WEI would require these tools to be authorized by the attestation agent or service, while there are a number of ways this could occur, ultimately this requires Google to authorize each tool in order for the tool to successfully collect a valid token. Google could temporarily or permanently deny access to valid tokens, or change the algorithm for generating them to prevent security agencies from generating their own, which would deny security agencies from using their tools against operational targets. This is a risk to our country&#x27;s security agencies.

I hope HN has a different blog post with its own take on WEI on the first page every day until the proposal is closed and Google publishes an apology and promises never to try this again. Maybe we can get Apple&#x27;s web attestation removed too.

It seems like this solution is intended to solve the problem of bots padding numbers for sites providing advertisements on the web. This isn’t a userland problem, it’s an advertiser problem. But the user experience will be worse for it.<p>I’m seeing the biggest issue is who decides what a “trusted” browser is. Is it Google? I’m guessing the will establish a non-profit “independent” advisory board which will have members who somehow align with the interests of all major advertising stakeholders in the world. This is dripping with anti-compete potential. Some lawyers are going to get rich from this.

Note: not to be confused with trustworthy computing which was a different initiative.<p><a href="https:&#x2F;&#x2F;www.microsoft.com&#x2F;en-us&#x2F;security&#x2F;blog&#x2F;2022&#x2F;01&#x2F;21&#x2F;celebrating-20-years-of-trustworthy-computing&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.microsoft.com&#x2F;en-us&#x2F;security&#x2F;blog&#x2F;2022&#x2F;01&#x2F;21&#x2F;cel...</a>

surely if they&#x27;re successful they&#x27;ll create a market for ripping the keys out of TPMs and selling them?<p>at which point you could attest any environment you wish, across as many machines as you want<p>a nice side hustle for bored university students with access to the equipment needed<p>(currently this doesn&#x27;t happen as the TPM keys are essentially worthless)

See also <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=36875940">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=36875940</a> <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=36875226">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=36875226</a>

Finger pointing, Win11 requires TPM and not just a TPM chip but also a, special CPU. How is that not different from TCPA Palladium etc?

If it&#x27;s possible to detect the feature and reject delivering to a browser that has this feature enabled.<p>Fight.

I would argue its way worse, due to it&#x27;s far larger reach and potential consequences.

Where is the petition or letter we can sign to bring attention to this issue?

It seems like someone switched out the execs of Google and Microsoft.<p>(Specific communication)

I just contacted EFF regarding this. Hopefully many will do so to.

Given the current political climate, you could call it Google trying to Chinafy (Chinatize?) the Western internet.

There is a freedom problem, there is a hardware problem and there is a social problem.<p>The freedom problem is this: you will not be able to roll your own keys.<p>This is probably the biggest nail in the coffin for a ton of computers out there. In theory you could simulate via software the workings of a TPM. If you built a kernel module the browser would have no real way of knowing if it sent requests to a piece of hardware or a piece of software. But the fact that you would have to use Microsoft&#x27;s or Apple&#x27;s keys makes this completely impossible.<p>The hardware problem is this: you will not be able to use older or niche&#x2F;independent hardware.<p>As we established that software simulation is impossible, this makes a ton of older devices utter e-waste for the near future. Most Chromebooks themselves don&#x27;t have a TPM, so even though they are guaranteed updates for 10 years how are they going to browse the web? (maybe in that case Google could actually deploy a software TPM with their keys since it&#x27;s closed source). I have a few old business laptops at home that have a 1.X version of the TPM. In theory it performs just as well as TPM 2.X, but they will not be supported because, again, I will not be able to use my own keys.<p>Lastly there is the social problem: is DRM the future of the web?<p>Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests. Maybe the Wild West era of the web was a silly dream fueled by novelty and inexperience and in the future we will look back and clearly see we needed more guarantees regarding web browsing, just like we need a central authority to guarantee and regulate SSL certificates or domain names.

During the pandemic society as a whole showed a strong affinity for authoritarianism over freedom if it could be justified in terms of dubious safety gains. Governments and businesses took note of just how easy it was and especially how willing much of the public was to assist the authoritarians to achieve their goals. Expect a never ending series of these initiatives to make everything &quot;safe&quot;, that will coincidentally also accelerate the centralization of power over everything.

What a great way to start an article. Insult your audience.<p>&gt; If you haven’t been under a rock, you may have heard about Google’s evil Web Environment Integrity “proposal”. Supposedly, this is to make sure a browser environemnt can be “trusted”, but it seems Google wants this so they can kill ad blockers.<p>Also you misspelled environment. Surprising for a geological enthusiast.