> WEI prevents ecosystem lock-in through hold-backs
> We had proposed a hold-back to prevent lock-in at the platform level. Essentially, some percentage of the time, say 5% or 10%, the WEI attestation would intentionally be omitted, and would look the same as if the user opted-out of WEI or the device is not supported.
So this avoids the DRM or blocking certain browsers issue. Brilliant. I’m not entirely certain but I think this avoids the main issues which people had with the proposal.
I still think a lot of people will not read this and react with vitriol but I would like to expect more from hacker news, as a forum where people don’t simply downvote opinions they disagree with.
In other words, developers of web apps who want to know certain difficult-to-fake facts about a client's browser would not be able to rely on WEI with holdback (by design) and would be obliged to implement all the same invasive techniques they perform now -- but now just to apply them to 5-10% of users. So it doesn't save developers any time. Does it help users? It doesn't seem like it, for two reasons. Firstly, while it's nice to know that there's only a 1 in 20 chance that my browser will be fingerprinted on a given site, that means that if I browse for any reasonable length of time and visit enough sites I will certainly be fingerprinted, and my information shared with whatever ad networks the site is using. Secondly, if developers are going to implement browser fingerprinting anyway, why not just apply it to everyone as an extra signal? Sites don't take heat for fingerprinting users now, why would they care?
In summary, the holdback idea seems to be at odds with the rest of the proposal, and the only reason it sounds attractive is because it nullifies the whole thing.