Google's new plan for the future of the web has a lot of people worried - here's why

Chrome on Windows
Vampire in its lair (Image credit: Google)

The Internet is going crazy (while it still can) over a Google proposition that could see some form of DRM reach websites in years to come.

The Web Environment Integrity Explainer, authored by four Google workers and hosted on a GitHub page, introduces the idea that a website could be able to “request a token that attests key facts about the environment their client code is running in” in order to ascertain trust over the visitor and their browser session, and thus grant access.

The authors claim that a Web Environment Integrity API would “allow web servers to evaluate the authenticity of the device,” but many unhappy Internet users see it as nothing more than a form of DRM.

Google evaluating your device?

Passing an “environment attestation” test would give users a “IntegrityToken” under the proposed scheme, indicating that the requesting environment is unmodified and as such, clean.

The Android Play Integrity API already does this to check that your device has not been rooted. Some apps, including banking apps and a number of video streaming apps like Netflix, already use this to block access from rooted devices over cybersecurity fears and an effort to protect sensitive information.

Google, or at least the workers behind this particular explainer, “strongly feel” that device IDs and other unique identifiers should not be included. Instead, they see it as a tool to detect and prevent social media fake engagement, non-human traffic, phishing campaigns, bulk hijacking attempts, and other malicious activity.

Since the explainer, the repo’s GitHub issues forum has been awash with complaints, with one calling the idea “unethical and against the open web.” Another calls it a violation of the W3C’s code of ethics, “Positive Work Environment at W3C: Code of Ethics and Professional Conduct,” calling it out for its discriminatory nature, while another suggests forcing individuals to run specific software could be a matter for EU investigation.

When we asked Google for a comment, the company directed us to one made by the GitHub repo owner and co-author of the explainer doc, which can be found here.

  • Check out the best VPNs for greater online freedom
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!