Skip to main content

Former Google Engineer Speaks Out Against Controversial Web Environment Integrity API Proposal

Photo: Web.Dev

Chris Palmer, a former Google engineer involved with Chrome OS Security, has called for a retraction of the Web Environment Integrity API proposal. This comes amidst the ongoing dialogue between Google's engineers and the broader developer community on the potential impacts and implications of the proposed API.

Palmer, citing his experience as a 'recent former Chromie,' expressed serious concerns about the API's effect on the openness of the web as a mainstream application platform. He argued that the proposal, while potentially serving publishers' interests, could be neutralized by browser extensions and Dev Tools, which he described as 'incalculably valuable' and non-negotiable.

"The web is the open, mainstream application platform. The world really, really needs it to stay that way... Whatever goals publishers might think this serves (although it doesn't), extensions and Dev Tools (and other debuggers) neutralize it. Extensions and Dev Tools are incalculably valuable and not really negotiable. So if something has to give, it's DRM."

He also questioned the claim made in the proposal that the Web Environment Integrity (WEI) wouldn't directly interfere with content blockers and accessibility aids. Palmer pointed out that publishers might start rejecting clients that support extensions, possibly affecting Chrome for Android, which doesn't currently support extensions.

"The document claims WEI won't directly break content blockers, accessibility aids, et c. But: (a) this will be used as part of an argument to not bring extensions to Chrome for Android; and (b) assume/realize that publishers will start rejecting clients that support extensions. Chrome for mobile platforms already doesn't support extensions, and mobile is the largest platform class. So publishers might even have a decent chance of getting away with such a restriction."

Moreover, Palmer criticized the potential for Digital Rights Management (DRM) to be circumvented and the negative implications it could have for accessibility and legitimate use cases. He warned of the negative consequences of misaligned incentives, such as fostering an adversarial relationship between customers and publishers, and even between publishers and security researchers.

"DRM will always be cracked and worked around, but that doesn't mean that implementing this will be harmless. DRM still shuts out legitimate use cases (accessibility comes foremost to mind, but not solely), even when it is broken. Everybody loses... DRM misaligns incentives: the customer is now the adversary. This is a losing move, both from a business perspective and from a technical security engineering perspective. (Do you want an adversarial relationship with security researchers? No, you do not.) WEI enables publishers to play a losing game, not a winning one."

According to Palmer, even under ideal circumstances, the WEI would offer at best a marginal, probabilistic security benefit that could easily be nullified by the holdback system proposed to prevent lockouts of specific User Agents (UAs). He further cautioned Google against jeopardizing Chromium's credibility in the safety engineering circles by implementing this proposal.

"In ideal circumstances, WEI would be at best a marginal, probabilistic, lossy 'security' mechanism. (Defenders must always assume that any given client is perfectly 'legitimate' but 'malicious'. For example, Amazon Mechanical Turk is cheap.) Holdbacks nullify even that marginal benefit, while still not effectively stopping the lockout of particular UAs and yet not effectively upholding any IP-maximal goals... Chromium has a lot of credibility in safety engineering circles. Don't spend it on this."

Palmer's comments provide a significant counterpoint to the discussion, highlighting the nuanced complexities of this proposal and its potential far-reaching implications for the web ecosystem.

Also Read

Google Engineers Propose New "Web Environment Integrity" API for Chrome Browser

Controversy Swirls Around Google API, Accused of Granting Excessive Control to Site Owners