In July, Google introduced a Web Integrity API, which some likened to DRM. However, this API was only at the proposal stage, and Google has now announced that it won’t be moving forward with it.
The purpose of the proposed Web Integrity API was to enable websites to verify the authenticity of the user and their device/browser. Websites often rely on trust in the client environment where they run, assuming that it’s honest, keeps user data and intellectual property secure, and is transparent about whether a human is using it.
This API would have allowed websites to request a token confirming key information about the client environment their code operates in. It was somewhat similar to the Play Integrity API (SafetyNet) on Android, used by apps like Google Wallet to ensure that a device hasn’t been tampered with (rooted).
Google provided various use cases for this API, such as detecting social media manipulation, non-human traffic in advertising, phishing campaigns, bulk hijacking attempts, cheating in web-based games, compromised devices, and account takeover attempts through password guessing.
However, many people raised concerns about how the Web Integrity API would introduce DRM to the open web. Google acknowledged this feedback and announced that the “Web Environment Integrity proposal is no longer being considered by the Chrome team.”
Instead, Google is testing a more narrowly scoped Android WebView Media Integrity API that only targets WebViews embedded in apps. This new API aims to ensure the integrity of embedded media within apps, especially for streaming video and audio, without sharing user or device identifiers. It is intended to maintain a diverse ecosystem of media content in Android apps, with an early access program planned for media content providers to express their interest next year.