Skip to main content

Google Engineers Propose New "Web Environment Integrity" API for Chrome Browser

Google engineers intend to prototype the "Web Environment Integrity" API for the Chrome browser.

The explainer suggests that the API would carry out integrity checks on web environments, aiming to enhance the overall security and trustworthiness of online interactions.

This process involves what the document terms as 'trusted attesters,' third parties capable of providing an 'attester verdict' about the environment's integrity.

The document claims that this feature could be particularly useful in circumstances where users must trust the integrity of the web environment.

For instance, the document notes that during online gaming, users trust that others are not cheating. Likewise, when using social media websites, users trust that engagement metrics are genuine and not artificially manipulated.

Significantly, the draft emphasizes the role of this API in maintaining user privacy.

The document points out that in the current scenario, websites are tasked with establishing a trust relationship without any support from user agents. This situation, according to the proposal, can lead to websites collecting fingerprinting data, potentially compromising user privacy.

In contrast, the new API aims to offer a privacy-preserving solution by providing "low-entropy trust signals" without the need for such data collection.

The draft presents an example of the proposed method in action.: A website might request an 'attester verdict' by calling the 'getEnvironmentIntegrity' method. This method would then connect to an attester, which performs the integrity check and returns a verdict. The website can then use this verdict to verify the environment's integrity.

The proposal also highlights that the API is designed to function only in a secure context. This stipulation, it says, is to ensure the integrity of the website and prevent spoofing.

[This is a developing story...]