|
|
|
|
@ -35,13 +35,6 @@
|
|
|
|
|
a direction they benefit from the most.
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
<h2>Examples</h2>
|
|
|
|
|
<ul>
|
|
|
|
|
<li>Web Environment Integrity</li>
|
|
|
|
|
<li>Widevine</li>
|
|
|
|
|
<li style="color: red">TODO...</li>
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
<h2>What can I do</h2>
|
|
|
|
|
<p>
|
|
|
|
|
You should use alternative browsers like
|
|
|
|
|
@ -54,4 +47,61 @@
|
|
|
|
|
LibreWolf
|
|
|
|
|
</a>.
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
<hr>
|
|
|
|
|
|
|
|
|
|
<h2>Examples</h2>
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Web Environment Integrity</h3>
|
|
|
|
|
<p>
|
|
|
|
|
The Web Environment Integrity spec is a proposal by Google engineers
|
|
|
|
|
to add a mechanism to browsers that verifies them and the platform it's running on
|
|
|
|
|
to be trusted by third party (attester). This is often compared as being
|
|
|
|
|
<abbr title="Digital Rights Management">DRM</abbr> for Websites.
|
|
|
|
|
<br><br>
|
|
|
|
|
As an example Google Play is named as an attester for Android.
|
|
|
|
|
Of course this would enable Google to mark their own
|
|
|
|
|
Browser, Google Chrome, as trusted. Furthermore Google would be able to discourage the
|
|
|
|
|
use of Browsers that harm their business model (selling ads) like Firefox, a browser
|
|
|
|
|
that has a rich ecosystem of ad blockers and tracker protection.
|
|
|
|
|
<br><br>
|
|
|
|
|
On Windows Systems, Microsoft will likely play the role of the attester and
|
|
|
|
|
encourage the use of Edge. Which third would attest for a Browser to be trusted on
|
|
|
|
|
Linux distributions is not clear yet. There might be different attesters
|
|
|
|
|
being used in different distributions. More niche distros might have trouble
|
|
|
|
|
finding a third party to attest for their platform.
|
|
|
|
|
<br><br>
|
|
|
|
|
By implementing this spec Google is also forcing other browsers to do the same.
|
|
|
|
|
Browsers that don't implement the spec would simply not be trusted by websites
|
|
|
|
|
for demand the browser to proof it is trusted.
|
|
|
|
|
</p>
|
|
|
|
|
<details>
|
|
|
|
|
<summary>More Info</summary>
|
|
|
|
|
<ul>
|
|
|
|
|
<li>
|
|
|
|
|
<a href="https://vivaldi.com/blog/googles-new-dangerous-web-environment-integrity-spec/">
|
|
|
|
|
Julien Picalausa - <i>Unpacking Google’s new “dangerous” Web-Environment-Integrity specification</i>
|
|
|
|
|
</a>
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
|
|
|
|
<a href="https://www.theregister.com/2023/07/25/google_web_environment_integrity/">
|
|
|
|
|
Thomas Claburn - <i>Google's next big idea for browser security looks like another freedom grab to some</i>
|
|
|
|
|
</a>
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
|
|
|
|
<a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md">
|
|
|
|
|
Ben Wiser (Google), Borbala Benko (Google), Philipp Pfeiffenberger (Google), Sergey Kataev (Google) - <i>Web Environment Integrity Explainer</i>
|
|
|
|
|
</a>
|
|
|
|
|
</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</details>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>FLOC</h3>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Widevine</h3>
|
|
|
|
|
</section>
|
|
|
|
|
</main>
|
|
|
|
|
|
