zlacker

[return to "Google is already pushing WEI into Chromium"]
1. london+P6[view] [source] 2023-07-26 12:44:45
>>topshe+(OP)
One of the proposals for WEI is to make it probabilistically fail.

Ie. on a given device, for 10% of websites, WEI pretends to be unsupported.

That means websites can't deny service where WEI is unsupported. Yet it still allows statistical analysis across bulk user accounts.

If WEI was implemented like this, I would support it as being good for the web ecosystem.

◧◩
2. kmeist+bg[view] [source] 2023-07-26 13:26:38
>>london+P6
The antifraud company that worked with Google on the WEI proposal is already calling for the removal of holdouts from the spec[0], because:

- Attestation does not work as an antifraud signal unless it is mandatory - fraudsters will just pretend to be a browser doing random holdout otherwise.

- The banks that want attestation do not want you using niche browsers to login to their services.

[0] https://github.com/RupertBenWiser/Web-Environment-Integrity/...

[go to top]