Google’s WEI API Faces Criticism from Browser Developers, Raises Concerns About User Freedom
Google is facing backlash from internet software developers over its Web Environment Integrity (WEI) API on Chrome. Critics argue that the proposed standard restricts user freedom and undermines the core principles of the open web. Employees from popular web browsers like Vivaldi, Brave, and Firefox have taken a stance against Google’s WEI proposal, with some comparing it to digital rights management (DRM) for websites.
The WEI API is a new proposal that introduces a trust mechanism for websites to verify the authenticity of clients (browsers) and block insecure or fake interactions. This mechanism can be used to determine if a website is being visited by a human or a bot, or if a specific browser on a particular device is trustworthy. Its goal is to assist websites in determining the authenticity of the device and software stack from which they are receiving traffic and protect users from fraud by discouraging malicious online activities.
However, critics have voiced concerns about the potential dangers associated with the WEI proposal. J. Picalausa, the developer of the Vivaldi browser, labeled WEI as dangerous. He expressed apprehension about entities having the power to decide which browsers are trusted and which are not. Picalausa emphasized that there would be no guarantee that any given browser would be trusted unless it demonstrates its trustworthiness to the discretion of the attesters.
On the other hand, the Brave browser team seems unconcerned about this scenario. Brendan Eich, the co-founder and CEO of Brave, confirmed that they do not intend to implement WEI. Meanwhile, Mozilla’s Firefox engineer, Brian Grinstead, stated that Mozilla opposes the proposal as it contradicts the company’s principles and vision for the web.
It is important to note that Google’s WEI API proposal is still in the early development stage, and significant changes may occur if all stakeholders agree to its implementation. This ongoing discussion highlights differing perspectives on balancing the need for security and protection against potential threats with the importance of maintaining user freedom and preserving the core principles of the open web.
Google has yet to announce any official response to the criticism surrounding the WEI API. As the debate continues, it remains to be seen how this proposed standard will evolve and whether compromises can be reached to address the concerns raised by web browser developers.