Google Proposes Unique Web Environment Integrity API To Enhance The Internet’s Security

Tech giant Google has just put out a new proposal API called the Web Environment Integrity. This is being portrayed as the DRM for the web, as confirmed by the leading Android maker recently.

The proposal shed light on how this new offering would work its magic in keeping the internet world more secure which seems to be the need in today’s modern times.

Most users tend to focus on web pages and trust the surrounding around which they function. And this trust goes as far as making assumptions that the environment will be clean and loyal to a certain degree. They also feel that all of the things they unveil including their details would be safe and not shared with anyone else. Lastly, they keep transparency at the top of the list as they want to know what’s taking place and if humans are on the page or not.

As one can guess, these clauses linked to trust are super valuable and it’s this trust that supports the internet we use today, serving as a reminder that user safety is pivotal and can guarantee a firm’s business.

We might see a lot of similarities between this and SafetyNet APIs that can be seen on your Android device. And Google has no shame in admitting that it has gotten that sort of inspiration from there.

That API confirms to Android users that their product is not rooted, and it does not matter what or where the access is being used for. Now it does not matter if it gets used for interference alongside platforms or simply for the sake of altering a device. If a product fails to fulfill the checklist then it would be outlined.

So many users can’t make use of these services, even if that is solely linked to customization purposes. Furthermore, that means that the main objective of the new API is to make sure browsers weren’t played around with and people making use of them weren’t robots.

Proposals delineate in detail how a user linked to a webpage would work out in such a scenario. It not only needs attestation from third parties that is under the leadership of Google. For starters, browsers would request for a website as per standard practice that passes the test and proves browsers are unmodified while meeting the checklist of necessary requirements. Hence, you do end up trusting pages due to this and you are granted access.

But not all experts are giving such proposals the green light just yet as they feel device IDs must be added to enable fingerprinting. But Google says it hopes to announce indicators that allow for rate-limiting practices for products, without the need for digital fingerprints.

A lot of people have not noticed this proposal, despite it being outlined on a certain worker’s personal GitHub ID. Even the company itself is drawing very little attention to that but that does not mean preparations aren’t in full swing to carry out a proper release in Chrome in the near future.

Read next: Google Claims Patch Gap in Android Models Increases The Risk of n-days Vulnerabilities To The Same Level As Zero-days
Previous Post Next Post