Summary
- Google’s proposal, Web Environment Integrity (WEI), aims to send tamper-proof information about a user’s operating system and software to websites.
- The information sent would help reduce ad fraud and enhance security, but it also raises concerns about user autonomy and control over devices.
- The authors argue that implementing WEI could lead to websites blocking access for users not on approved systems and browsers.
- They express worries about companies gaining more control over users’ devices and the potential for abuse.
- The authors emphasize that users should have the final say over what information their devices share.
- Remote attestation tools, like WEI, might have their place in specific contexts but should not be implemented on the open web due to potential negative consequences.
- The authors advocate for preserving user autonomy and the openness of the web, emphasizing that users should be the ultimate decision-makers about their devices.
Joke:
Two pieces of string walk into a bar. The first piece of string asks for a drink. The bartender says, “Get lost. We don’t serve pieces of string.”
The second string ties a knot in his middle and messes up his ends. Then he orders a drink.
The bartender says, “Hey, you aren’t a piece of string, are you?” The piece of string says, “Not me! I’m a frayed knot.”
The attester here is really mostly Google’s Android/Play Services/(ChromeOS) team, not Google’s Chrome team. Chrome is really just responsible for passing it along and potentially adding some more information like what kind of extensions are in use, but the real validator is above Chrome entirely.
There will not really be a worthwhile key inside Chrome (there might be one that does nothing by itself); it’ll be backed by the existing per-device-unique key living inside your phone’s secure enclave. Extracting one key would just cause Google to ban it. That attestation covers the software in the secure enclave, your device’s running OS, bootloader unlock state and a couple of other things along those lines; the OS, guaranteed to be unmodified by the hardware attestation layer, then adds extra stuff on top like the .apk hash of the browser. The browser, guaranteed to be unmodified by the OS layer, can add things like extension info if it wants to.
SafetyNet/Play Integrity have both software and hardware modes, but all Android+Google Services phones released in the previous 6? or so years have been required to have hardware backed attestation support, which has no known bypass. The existing “Universal SafetyNet Fix” pretends to be a phone without hardware support which Google begrudgingly accepts… for now. But the day where Google will just screw over older phones is getting increasingly closer, and they already have the power to force hardware backed attestation for device-specific features like NFC payments and DRM support.
On Apple devices, Apple has parallels via their secure enclaves in the form of App Attest/DeviceCheck. On Windows desktops, there could be a shoddy implementation with TPMs (fortunately they’re not quite powerful enough to do this kind of attestation in a tamper-proof way; Microsoft’s Pluton chips might have some secret sauce we haven’t yet seen, though). On Linux desktops… nope, ain’t no support for this coming anytime ever.
Ok I assumed you were thinking of something like TPM on the desktop as I couldn’t imagine any other way around it. For android the hardware backed attestation support is like tpm as well, no? Surely there’s a bypass for it if one wants to but there hasn’t been a reason to do it yet.
Edit :reading up on it, a lot relies on the encryption keys baked into the hardware and being impossible to read, right? If that remains to be the case, then ye I can imagine that would be an issue. Security will once again becomes the Trojan horse for exploitation