惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
L
LangChain Blog
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
F
Full Disclosure
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Register - Security
The Register - Security
G
Google Developers Blog
C
Check Point Blog
GbyAI
GbyAI
A
About on SuperTechFans
V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
T
Tor Project blog
AWS News Blog
AWS News Blog
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
MongoDB | Blog
MongoDB | Blog
Latest news
Latest news
aimingoo的专栏
aimingoo的专栏
U
Unit 42
Y
Y Combinator Blog
P
Privacy International News Feed
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
S
Schneier on Security
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
C
Cisco Blogs
Webroot Blog
Webroot Blog
T
Troy Hunt's Blog
Google Online Security Blog
Google Online Security Blog
月光博客
月光博客
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
罗磊的独立博客
Cloudbric
Cloudbric
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Microsoft Security Blog
Microsoft Security Blog

Danb Blog

Cheaper Sodastream Gas with a Big Tank June 2026: What I've Been Working On · Danb Blog Running Snyk On Forgejo/Codeberg Actions · Danb Blog Tuta & Proton: An Open Source Client Does Not Result in an Open Source Service · Danb Blog May 2026: What I've Been Working On · Danb Blog 3D Printing Parts for my Greenhouse, Round 2 · Danb Blog Great Devices: Nexus 7 2013 · Danb Blog R36S Console RetroArch Stuck Menu Issue · Danb Blog April 2026: What I've Been Working On · Danb Blog Basic OpenCode Sandboxing with Docker · Danb Blog Games Played in 2025 · Danb Blog March 2026: What I've Been Working On · Danb Blog Shivam Mathur's "node-docker" Images are Awesome for PHP CI · Danb Blog February 2026: What I've Been Working On · Danb Blog Your BookStackApp project was assigned as a project for my Software Architecture course · Danb Blog My Sovol SV08 3D Printer Setup in 2026 · Danb Blog January 2026: What I've Been Working On · Danb Blog Epson Printer: The administrator password you entered was not recognized · Danb Blog Pressure to Follow Process · Danb Blog Online Shopping Email Notifications · Danb Blog My HomeLab Setup in 2026 · Danb Blog Linux Label Printing with the Phomemo D30 · Danb Blog Reporting to the CMA: Google Android Developer Verification · Danb Blog OPNsense & Dnsmasq: Responding with specific DNS servers · Danb Blog An Impromptu Introduction to ZFS Drive Replacement at 1am · Danb Blog Experience with UK Medical Cannabis for Ankylosing Spondylitis · Danb Blog Copyright Takedown for Linking to the "State of Open Source" Report · Danb Blog No, Gumroad Did Not Become Open Source Today · Danb Blog Scripting Monitors (KDE on Fedora) · Danb Blog Amber flags in Open Source & Self-Hosted Projects · Danb Blog LLMs are Directing Open Source Licensing · Danb Blog Games Played in 2024 · Danb Blog Beware of Poison in the Source · Danb Blog Common Misconceptions of the AGPL · Danb Blog Adapting GitHub action PHPUnit tests for Codeberg/Forgejo · Danb Blog Lessons from the Allotment · Danb Blog Futo, Please don't attempt to create your own Open Source Definition · Danb Blog Material You (Dynamic/Adaptive) Colors in Legacy Android Apps · Danb Blog Scripting Monitors (Gnome & Wayland on Fedora) · Danb Blog Retaining a Greenhouse Roof with 3d Printing · Danb Blog Games Played in 2023 · Danb Blog Lessons From Growing Food Indoors · Danb Blog Why the Distinction Between "Open Source" and "Source Available" is Important · Danb Blog Raspberry Pi Camera Module 3 Timelapse · Danb Blog Removing the Rear Seats on a Volvo C30 · Danb Blog Controlling Default GRUB Boot Option via USB · Danb Blog Creating a Video Home for FOSS Projects · Danb Blog Paying for Search · Danb Blog My Favourite Static Site Deploy Method · Danb Blog PhpStorm (JetBrains IDE) 2023 Linux Scaling · Danb Blog Synology Hibernation with Active Backup for Business and Tailscale · Danb Blog My 2023 HomeLab Setup · Danb Blog Redefining Open Source via "Commercial Open Source" · Danb Blog Moving to Mastodon · Danb Blog Gaining Sponsors · Danb Blog "This is a Low Maintenance Project" · Danb Blog Upgrading my CPU, Ryzen 2600 to 5800x · Danb Blog Migrating Google Photos to my Personal NAS · Danb Blog Scheduling Proxmox Storage to Reduce Disk Activity · Danb Blog Why the Term "Open Source" is Important · Danb Blog Lessons From Working for Myself (9 Months In) · Danb Blog Misrepresenting Open Source for Business Benefit · Danb Blog Cat Images in WebP · Danb Blog My 2022 Workstation Setup · Danb Blog Leaving my Job to Focus on Open Source (For a bit) · Danb Blog Quickly Getting Placeholder Images With Unsplash Source · Danb Blog A Thanks to Laravel for the LTS Releases · Danb Blog A Quick Overview of Unix-Style Permissions · Danb Blog The Power of currentColor · Danb Blog Dealing With Ankylosing Spondylitis Flareups · Danb Blog Hugo Verbose Dates With Suffixes · Danb Blog
Reporting Google's WEI to the CMA · Danb Blog
2023-07-28 · via Danb Blog

The Web Environment Integrity proposal, authored by folks at Google, has caused quite a stir over the last week, and for good reason. It’s another familiar case of:

“Here’s a thing needed for security. Sure it could be used to lock the web down to specific browsers, extensions, operating systems and devices, but I’m sure it won’t be even though there’s a lot of business interest in doing just that. We (non-legally-binding) pinky promise! We’ve even added a bit to the proposal to make it look like we’ve considered the open web!”.

I don’t deny it could maybe offer some security value, but it comes as a massively high risk to the open web. The value just doesn’t balance with the cost, unless of course it works directly in your business interests and you already have majority browser market share.

Thinking what I can do, and being in the UK, I thought of the Competition & Markets Authority (CMA). From what I’ve seen in my minor involvement with the Open Web Advocacy, and the related interactions with the CMA in regard to Apple’s browser control, the CMA are quite active and clued-up in the world of the web and technology.

WEI poses a significant risk to open markets in the browser and web landscape, therefore I though it’d worth submitting my own concerns to the CMA which you can find below. Hopefully this can at least put it on their radar to track, or show support/pressure where others have also reported this.

If you’re in the UK, you can contact them online here.

Submission

Note: the details submission box was character limited. The below is the main description I provided. The form also asks for your own details and the details of the related business for which an issue exists.

I believe Google is intending to abuse their position in the browser market, as the browser vendor with the largest overall market share, via their intent to implement Web Environment Integrity (WEI). I believe their intent to implement WEI, while under the name of security and privacy, is primarily motivated & accelerated by their business interests, while risking the significant introduction of additional monopolisation and barriers to entry for the web.

While the exact mechanisms within the proposals for WEI have been high-level & vague so far, the wider intent alone introduces a significant change to the open nature of the web, and the control balance between users and the websites they visit. From their explainer (https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md):

websites will be able to request a token that attests key facts about the environment their client code is running in […] Websites will ultimately decide if they trust the verdict returned from the attester

Whether the attester ends up being the browser, client operating system, or a third-party service, such an API introduces unbalanced control in favour of the largest existing players within those areas. If this mechanism becomes implemented within a browser with as much marketshare as Chrome, then I fear that many services on the web will decide to use this as a low-effort route in the name of added security, but at the cost of locking out “untrusted” environments. Such environments could be new browsers attempting to enter the market, existing browsers with little marketshare, browsers configured with certain plugins/extension, browsers on alternative operating systems, new devices entering the market or new mobile operating systems trying to enter the market. Those who decide where trust lays will have significant interest in favouring their business interests in those decisions, and unbalanced control of the web.

While the explainer attempts to open the question of vendor exclusion, ultimately implementation & control will be held by those with the largest browser market-share, and once WEI is implemented in general it would only be a minor further step to remove/change the potential protections discussed so far, since protection against vendor exclusion is not a core part of the fundamental functionality proposed.

It may seem early to raise this as a concern, since it’s in the proposal stage, but the language and responses from Google representatives (Bottom of https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/28) show significant desire to proceed with these proposals in some form despite web community backlash, and this is further backed up by activity already taken place to implement WEI in the chromium project for testing (https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd). Therefore I believe it’s important for fast CMA involvement since it appears Google has interest to get this quickly established.

While this submission is primarily regarding Google/WEI, it should be noted that this is something that should be considered at a wider scale. Apple has similar mechanisms within Safari (https://developer.apple.com/news/?id=huqjyh7k) already although their lesser cross-platform browser market share means they alone do not pose as much risk to open competition and the open web, at least compared to Google with Chrome’s market share.