Web Integrity API


Web Integrity API

A new proposal document has been pushed by a few Google employees. This proposal is allegedly intended to certify that the web browser visiting a website is being used by a human and that the browser hasn’t been tampered with.

The way it works is that before you communicate with a web server, it will require you to contact an attestation server and pass a test. Passing the test grants you an integrity token that may let you access the content. In essence, your browser needs to ask permission to a third party to see if you’re allowed to view the content you’ve navigated to and the website can decline you if they don’t trust your client.

In my opinion, this is all about greed and power, and not about security at all. I’m not so far gone to believe this is Google attempting to force everyone into using Chrome (at least not yet), but I do believe this is them trying to control the way people view content on the web and eliminate the web as an open standard.

The biggest thing I think this is trying to attack is content scrapers. Various content providers have recently been closing their APIs in fear of scripts stealing their content for AI training data. Naturally, those same services have also been updating their terms of service so they can build their own private AIs. At any rate, while they may lock down their API, one thing they can’t lock down is their website itself, which can be vulnerable to scraping. By restricting how you can talk to the web server, this loophole can be filled. Coincidentally, this can also lead to other “helpful” benefits for advertisers and Google in the long run to help them further reinforce their monopoly.

The sad thing about this though is that regular users won’t care one bit. This is too technical to show up on their radar of things to care about, and for most users, they’re just using Chrome anyway. Never the less, this is yet another nail in the coffin for the open web. For now, this is a proposal, but I’m sure they’re going to ram this standard through. Honestly, who’s going to stop them? It’d take something like the EU to stop it, Google has too much of a monopoly for the other browser vendors to do anything besides decry it until they’re forced to adopt it.

What to do?

Don’t use Chrome, and don’t trust Google. Please use virtually any other browser other than Chrome and Edge. So many of them try to make it easy for you to migrate as well.

There’s Firefox, Vivaldi, LibreWolf, Brave, Waterfox, so many choices you could go with. DuckDuckGo has also been working on their own desktop browser as well that you could try out. A web browser developed by a company which makes its money by advertising and tracking its users will not have the interests of its users in mind.

I think we should also support decentralization, encouraging federated services like IRC and Mastodon over Discord or Facebook, visiting smaller blogs, fan-made websites and forums over the StackOverflows and Reddits of the world. I believe the web is at its healthiest when knowledge is split up across many servers, not owned by any one massive company or small collection of companies.

This is one of my more extreme opinions, but please at the very least consider trying some of these other web browsers. They all respect your privacy and aren’t driven by a company which makes its money by tracking its users, selling ads, and scraping the web to only later say it’s unacceptable if anyone else does it.