←back to thread

Unpacking Google’s Web Environment Integrity specification

(vivaldi.com)
756 points dagurp | 4 comments | 26 Jul 23 11:30 UTC | HN request time: 0s | source
Show context
endisneigh ◴[26 Jul 23 17:54 UTC] No.36881965[source]
How exactly is WEI any worse than say a peep-hole on a door? At the end of the day bots are a huge problem and it's only getting worse. What's the alternative solution? You need to know who you're dealing with, both in life and clearly on the web.

I'm probably alone in this, but WEI is a good thing. Anyone who's run a site knows the headache around bots. Sites that don't care about bots can simply not use WEI. Of course, we know they will use it, because bots are a headache. Millions of engineer hours are wasted yearly on bot nonsense.

With the improvements in AI this was inevitable anyway. Anyone who thinks otherwise is delusional. Reap what you sow and what not.

edit: removing ssl comparison since it's not really my point to begin with

replies(16): >>36881994 #>>36882000 #>>36882015 #>>36882024 #>>36882088 #>>36882221 #>>36882265 #>>36882387 #>>36882539 #>>36882591 #>>36882677 #>>36883051 #>>36883062 #>>36883781 #>>36884189 #>>36884296 #
1. Buttons840 ◴[26 Jul 23 19:45 UTC] No.36883781[source]
WEI is really about denying the user full control of their own device. If you give people full control of their devices, you will have bots. Do you believe eliminating bots is more important than general purpose computing?

A bot is just some computer doing what its owner wants. OP is happy because WEI will eliminate bots. OP is inconvenienced by other people using computers in ways they don't like, and wants to take control of the computer away.

As strong AI is knocking on the door, we see people wanting to take general purpose computing away. All the worst outcomes involve people losing the ability to control their own computers.

replies(1): >>36885339 #
2. ori_b ◴[26 Jul 23 21:29 UTC] No.36885339[source]
> WEI is really about denying the user full control of their own device. If you give people full control of their devices, you will have bots. Do you believe eliminating bots is more important than general purpose computing?

Worse than that -- unless you disallow any sort of scripting and accessibility hooks, WEI doesn't prevent malicious requests. It just forces you to script your system via autohotkey or its equivalent.

replies(2): >>36885844 #>>36888862 #
3. Buttons840 ◴[26 Jul 23 22:07 UTC] No.36885844[source]
Yep. And what will the solution to that be?

People used browser APIs and some other people thought to take that away. When some people use autohotkey, what will the other people think about doing?

4. tjpnz ◴[27 Jul 23 04:20 UTC] No.36888862[source]
That's by design given how many ads for scams and malware Google serves.