zlacker

[return to "Google employee responds to negative feedbacks on WEI"]
1. haburk+Nm[view] [source] 2023-07-26 18:50:23
>>luag+(OP)
Amazingly clever that they have hold backs! Make sure to read this before going along with the anti WEI train

> WEI prevents ecosystem lock-in through hold-backs

> We had proposed a hold-back to prevent lock-in at the platform level. Essentially, some percentage of the time, say 5% or 10%, the WEI attestation would intentionally be omitted, and would look the same as if the user opted-out of WEI or the device is not supported.

So this avoids the DRM or blocking certain browsers issue. Brilliant. I’m not entirely certain but I think this avoids the main issues which people had with the proposal.

I still think a lot of people will not read this and react with vitriol but I would like to expect more from hacker news, as a forum where people don’t simply downvote opinions they disagree with.

◧◩
2. steve_+Hq[view] [source] 2023-07-26 19:04:54
>>haburk+Nm
The existence of a configuration that limits attestation to a probabilistic phenomenon seems like a very thin foundation to stand on here - if it can be changed to requiring 100% attestation rate in the future I think it will be changed as soon as it is feasible to do so.

I haven't reviewed the proposal enough to see how they implemented that, and if it was done in a cryptographic way that prevents changing to 100%, then that could work. But the fact remains that control of our browsing computing environment is diminishing under this proposal.

◧◩◪
3. haburk+BA[view] [source] 2023-07-26 19:45:23
>>steve_+Hq
It seems to me that “if it can be changed to 100% attestation rate in the future, it will be done” is a slippery slope argument and assuming bad faith on behalf of the proposal writer.

I think if it were changed to be 100% then it would be problematic. Also it seems the proposal writer would also agree that some form of opt out is required to make it viable so as to not forbid unknown clients.

I think its important to stay away from considering potential “what ifs” that completely defy the intent of the spec. For an example of why this isn’t effective discourse, we could have a potential addition to the spec to explicitly block users from certain countries. That’s not great but also its easy to understand why its not worth debating that point (even though it does sound scary).

◧◩◪◨
4. pwnna+HO[view] [source] 2023-07-26 20:39:04
>>haburk+BA
I don't understand how a probabilistic holdbacks can be effective if you can requests for the attestation token multiple times. If the holdback percentage is 10%, the probability of getting no attestation for 10 calls in a row would be something like 0.1^10 = 1e-10. This seems trivial to implement and use to block users.

Granted, I don't fully understand how they intend to holdback, but even if they cache the results of the attestation such that 10 calls in a row fails to attest, they can't cache it infinitely. Website can employ traditional fingerprinting techniques/cookies in combination with attestation to build pretty foolproof systems to not serve the user based on attestation results.

◧◩◪◨⬒
5. danShu+P11[view] [source] 2023-07-26 21:40:08
>>pwnna+HO
This too. Maybe Google is willing to say something like "okay, for the duration of today, no WEI for you"; but unless they're doing something a lot more clever than the spec suggests, the "fallback" could very well be "retry the request until it succeeds and sends an attestation token."

Google would need to make holdbacks persistent enough that you couldn't retry them and get a different result. Even if they do, there are other problems, but... I mean, randomly failing requests is definitely not enough to guarantee that attestation would be optional. And there are no details I see in the spec that suggest to me that Google is planning to do something different.

◧◩◪◨⬒⬓
6. pwnna+fz1[view] [source] 2023-07-27 01:09:43
>>danShu+P11
How would you even differentiate between retries? If you isolate it by domain, the website can redirect you 10 times, each collecting an attestation token. They could perform statistical analysis with cookies. Websites could even force logged in users to conform to a particular browser (banking apps already do this). It's difficult for me to understand how the authors can miss these implications. They even said that with holdbacks the websites can still perform statistical analysis. Statistical analysis is not just a tool for aggregate data. It can be applied to a single client with enough other identifiers.
[go to top]