The Chrome team says they’re not going to pursue Web Integrity but…

it is piloting a new Android WebView Media Integrity API that’s “narrowly scoped, and only targets WebViews embedded in apps.”

They say its because the team “heard your feedback.” I’m sure that’s true, and I can wildly speculate that all the current anti-trust attention was a factor too.

  • schnurrito@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    I have not followed this stuff very closely. Here’s a question. This article says:

    People took issue with how the Web Integrity API would bring DRM to the open web.

    Has there not been DRM on the web for many years by now for videos?

    • SeriousBug@infosec.pub
      link
      fedilink
      English
      arrow-up
      40
      ·
      1 year ago

      This is worse. Let’s go with an example: on an Android phone, you visit a website. The website asks for an integrity check, the browser works with Google Play Services to complete the check.

      What if you have a de-Googled phone without Play Services, or if you made modifications to restrict Google’s tracking? Then Google can refuse to verify you. What if you installed an ad blocker in your browser? Google can refuse to verify you.

      If you fail verification, the website could ask you to complete a captcha, or just refuse to show you anything.

    • 👍Maximum Derek👍@discuss.tchncs.deOP
      link
      fedilink
      English
      arrow-up
      36
      ·
      1 year ago

      This would bring DRM to everything on the internet. If you wanted to get grandma’s apple brown betty recipe even the text would be unavailable unless your browser and the page agree that it should happen. And the browser wouldn’t give the OK unless the page is advertiser friendly, and the page won’t give the greenlight if you’ve blocked any ads recently.