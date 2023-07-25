



The latest web standard proposed by Google is… DRM? From the report: This commentary was written by his four Googlers, including at least one of him on Chrome’s “Privacy Sandbox” team, which is responding to tracking cookie deprecation by building a user-tracking advertising platform directly into the browser. An introduction to the Web Integrity API begins with: “Users often rely on websites that trust the client environment they are running in. This trust can assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property safe, and is transparent about whether humans are using it.”

The goal of this project is to learn more about the person on the other side of your web browser, to make sure that person is not a robot, and that your browser has not been modified or tampered with in an unauthorized way. The intro said the data could help advertisers improve ad impression counting, stop social network his bots, enforce intellectual property rights, stop cheating in web games, and make financial transactions more secure. Perhaps the most compelling line of the explainer is “Inspired by existing native authentication signals such as:” [Apple’s] app authentication and [Android] Play Integrity API. Play Integrity (previously called “SafetyNet”) is an Android API that lets apps check if a device is rooted.

Root access gives you full control over the purchased device, but many app developers don’t like it. As such, if you root your Android phone and are flagged by the Android Integrity API, some types of apps will refuse to run. They are usually locked out of banking apps, Google Wallet, online games, and some media apps like Snapchat, Netflix, etc. […] Google wants the same for the web. In Google’s plans, during a web page transaction, he may require the web server to pass an “environmental certification” test before retrieving data. At this point the browser should connect to a “third party” authentication server and pass some test. If it passes, it validates that the environment has not been modified and gets a signed “IntegrityToken” pointing to the content you want to unlock. If you pass this back to your web server and the server trusts the certification company, the content will be unlocked and you will eventually get a response containing the data you want.

