Google kills “Web Integrity” DRM for the web, still wants an Android version

Google kills “Web Integrity” DRM for the web, still wants an Android version

a year ago
Anonymous $HYlO-3b458

https://arstechnica.com/google/2023/11/google-kills-web-integrity-drm-for-the-web-still-wants-an-android-version/

Google is killing off its proposal for "Web Environment Integrity API" as a new web standard, though Android phones may still have to deal with it. According to Google's proposal document, the primary goal of the project was to "allow web servers to evaluate the authenticity of the device and honest representation of the software stack"—basically Google wanted a DRM gatekeeper for the web. The project got widespread coverage back in July and was widely panned.

The ominously vague plan was to allow web browsers to detect if your computer was "modified" in a way that the webpage didn't like. Presumably this could be anything from a rooted/jailbroken phone to having an undesirable plug-in (read: ad blockers) installed. When you tried to access some protected content, a browser supporting the Web Integrity API would first contact a third-party "environment attestation" server, and your computer would have to pass some kind of test. After having your local environment uh... scanned? passing environments receive a signed "IntegrityToken" that points to the content you wanted unlocked. You would bring this back to the web server and would finally get the content unlocked.

Google kills “Web Integrity” DRM for the web, still wants an Android version

Nov 6, 2023, 9:29pm UTC
https://arstechnica.com/google/2023/11/google-kills-web-integrity-drm-for-the-web-still-wants-an-android-version/ > Google is killing off its proposal for "Web Environment Integrity API" as a new web standard, though Android phones may still have to deal with it. According to Google's proposal document, the primary goal of the project was to "allow web servers to evaluate the authenticity of the device and honest representation of the software stack"—basically Google wanted a DRM gatekeeper for the web. The project got widespread coverage back in July and was widely panned. > The ominously vague plan was to allow web browsers to detect if your computer was "modified" in a way that the webpage didn't like. Presumably this could be anything from a rooted/jailbroken phone to having an undesirable plug-in (read: ad blockers) installed. When you tried to access some protected content, a browser supporting the Web Integrity API would first contact a third-party "environment attestation" server, and your computer would have to pass some kind of test. After having your local environment uh... scanned? passing environments receive a signed "IntegrityToken" that points to the content you wanted unlocked. You would bring this back to the web server and would finally get the content unlocked.