Add short Web Environment Integrity explanation

pull/13/head
trivernis 1 year ago
parent 11779ab348
commit ddf5fd0ad5
Signed by: Trivernis
GPG Key ID: DFFFCC2C7A02DB45

@ -35,13 +35,6 @@
a direction they benefit from the most. a direction they benefit from the most.
</p> </p>
<h2>Examples</h2>
<ul>
<li>Web Environment Integrity</li>
<li>Widevine</li>
<li style="color: red">TODO...</li>
</ul>
<h2>What can I do</h2> <h2>What can I do</h2>
<p> <p>
You should use alternative browsers like You should use alternative browsers like
@ -54,4 +47,61 @@
LibreWolf LibreWolf
</a>. </a>.
</p> </p>
<hr>
<h2>Examples</h2>
<section>
<h3>Web Environment Integrity</h3>
<p>
The Web Environment Integrity spec is a proposal by Google engineers
to add a mechanism to browsers that verifies them and the platform it's running on
to be trusted by third party (attester). This is often compared as being
<abbr title="Digital Rights Management">DRM</abbr> for Websites.
<br><br>
As an example Google Play is named as an attester for Android.
Of course this would enable Google to mark their own
Browser, Google Chrome, as trusted. Furthermore Google would be able to discourage the
use of Browsers that harm their business model (selling ads) like Firefox, a browser
that has a rich ecosystem of ad blockers and tracker protection.
<br><br>
On Windows Systems, Microsoft will likely play the role of the attester and
encourage the use of Edge. Which third would attest for a Browser to be trusted on
Linux distributions is not clear yet. There might be different attesters
being used in different distributions. More niche distros might have trouble
finding a third party to attest for their platform.
<br><br>
By implementing this spec Google is also forcing other browsers to do the same.
Browsers that don't implement the spec would simply not be trusted by websites
for demand the browser to proof it is trusted.
</p>
<details>
<summary>More Info</summary>
<ul>
<li>
<a href="https://vivaldi.com/blog/googles-new-dangerous-web-environment-integrity-spec/">
Julien Picalausa - <i>Unpacking Googles new “dangerous” Web-Environment-Integrity specification</i>
</a>
</li>
<li>
<a href="https://www.theregister.com/2023/07/25/google_web_environment_integrity/">
Thomas Claburn - <i>Google's next big idea for browser security looks like another freedom grab to some</i>
</a>
</li>
<li>
<a href="https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md">
Ben Wiser (Google), Borbala Benko (Google), Philipp Pfeiffenberger (Google), Sergey Kataev (Google) - <i>Web Environment Integrity Explainer</i>
</a>
</li>
</ul>
</details>
</section>
<section>
<h3>FLOC</h3>
</section>
<section>
<h3>Widevine</h3>
</section>
</main> </main>

Loading…
Cancel
Save