←back to thread

Unpacking Google’s Web Environment Integrity specification

(vivaldi.com)
756 points dagurp | 1 comments | 26 Jul 23 11:30 UTC | HN request time: 0s | source
Show context
endisneigh ◴[26 Jul 23 17:54 UTC] No.36881965[source]
How exactly is WEI any worse than say a peep-hole on a door? At the end of the day bots are a huge problem and it's only getting worse. What's the alternative solution? You need to know who you're dealing with, both in life and clearly on the web.

I'm probably alone in this, but WEI is a good thing. Anyone who's run a site knows the headache around bots. Sites that don't care about bots can simply not use WEI. Of course, we know they will use it, because bots are a headache. Millions of engineer hours are wasted yearly on bot nonsense.

With the improvements in AI this was inevitable anyway. Anyone who thinks otherwise is delusional. Reap what you sow and what not.

edit: removing ssl comparison since it's not really my point to begin with

replies(16): >>36881994 #>>36882000 #>>36882015 #>>36882024 #>>36882088 #>>36882221 #>>36882265 #>>36882387 #>>36882539 #>>36882591 #>>36882677 #>>36883051 #>>36883062 #>>36883781 #>>36884189 #>>36884296 #
rezonant ◴[26 Jul 23 17:57 UTC] No.36882015[source]
TLS* does not allow websites to restrict users from using the tech stack (hardware, OS, browser) that they want to use. This does.
replies(1): >>36882026 #
endisneigh ◴[26 Jul 23 17:57 UTC] No.36882026[source]
Fundamentally both give a 3rd party the authority to verify the legitimacy of something, and similarly both can be avoided if you're willing to not participate.
replies(5): >>36882057 #>>36882069 #>>36882084 #>>36882131 #>>36882256 #
1. remexre ◴[26 Jul 23 18:00 UTC] No.36882069{3}[source]
TLS doesn't verify that particular software or hardware is on the other side; one could design a custom CPU on an FPGA, write their own TLS stack for it, and be able to connect to any TLS-using site as usual without needing to get those things approved.