Google’s alarming “Web Integrity API” aims to become a gatekeeper for the web by implementing DRM measures

Google's alarming Web Integrity API aims to become a gatekeeper

Google’s latest proposed web standard seems to revolve around implementing DRM. The company’s “Web Environment Integrity API” has garnered attention on the internet. The document is written by four Google employees, with one being part of Chrome’s “Privacy Sandbox” team, which is developing a user-tracking ad platform within the browser in response to the demise of tracking cookies.

The Web Integrity API is designed to verify the authenticity of the client environment used to access websites. It aims to identify human users and detect any unauthorized modifications or tampering with the web browser. The data collected through this API could be valuable to advertisers for tracking ad impressions, preventing social network bots, protecting intellectual property rights, combating cheating in web games, and enhancing security during financial transactions.

Notably, the API takes inspiration from similar features in other platforms, such as Apple’s “App Attest” and Android’s “Play Integrity API,” which are used to verify device integrity and prevent certain apps from running on rooted devices.

Google’s vision involves implementing an “environment attestation” process during webpage transactions, where a third-party attestation server would be involved. If the client passes the test, they receive an “IntegrityToken,” which verifies their environment’s authenticity and grants access to the desired content.

While Google insists that the API is not intended for malicious purposes and should not uniquely fingerprint users, it does seek to enable rate-limiting based on physical devices. The project’s non-goals include not interfering with browser functionality, particularly plugins and extensions, although this is somewhat ambiguous given the ongoing debate over ad-blockers.

Critics argue that the proposal is against the principles of an open web and question the ethics behind it. Nevertheless, Google’s substantial influence in various aspects of the internet ecosystem makes it challenging for opposition to significantly affect their decisions. Despite past projects like “Privacy Sandbox” and “Manifest V3” being met with widespread disapproval, Google has proceeded with their plans, facing only minor adjustments and delays.

At present, the Web Integrity API remains a proposal, but Google has expressed its intention to prototype the feature, indicating that it is actively working on incorporating it into Chrome for testing purposes. The feature’s development progress can be tracked on chromestatus.com, and the company has yet to respond to the public reception and criticisms surrounding the proposal.