As I understand it, this would mean I cannot customize my reading experience anymore. As I could not run my own code on websites. For example, this is how I read HN:
I can't imagine reading HN and having to manually figure out which posts I have not yet seen.
I do the same for many other aspects of my browsing experience. Change the font size, colors, remove static elements. I control it all via bookmarklets. Having all that taken away would be pretty terrible.
How would that work then? How can they achieve the goals stated in the introduction like ensuring that users who play a game don't cheat? How would this technology prevent one kind of automation but not the other?
The site also gives an example that "this API will show that a user is operating a web client on a secure Android device". That would mean the site can lock me out, as I am not using Android. So I can't use any of my bookmarklets in my Firefox browser on my Debian machine anymore.
This link is posted in bad faith -- in the doc's current state (https://archive.is/wJRDG#privacy), directly linking to the (empty) privacy section implies that the authors did not consider privacy at all. But clearly that's not true, given that the authors wrote ~500 words in their high level overview about how they would try to mitigate fingerprinting and cross site tracking: https://github.com/RupertBenWiser/Web-Environment-Integrity/....
It's obvious that this doc is just a very early working draft -- the rest of the spec is filled with TODOs as well, including TODOs for basic definitions. Yes, you might disagree with the proposal, but it's better to argue against the proposal constructively instead of bad faith misrepresentations.
7 comments
[ 3.3 ms ] story [ 16.3 ms ] threadWeb Environment Integrity API Proposal - https://news.ycombinator.com/item?id=36817305 - July 2023 (282 comments)
https://twitter.com/marekgibney/status/1551483561621979136
I can't imagine reading HN and having to manually figure out which posts I have not yet seen.
I do the same for many other aspects of my browsing experience. Change the font size, colors, remove static elements. I control it all via bookmarklets. Having all that taken away would be pretty terrible.
The site also gives an example that "this API will show that a user is operating a web client on a secure Android device". That would mean the site can lock me out, as I am not using Android. So I can't use any of my bookmarklets in my Firefox browser on my Debian machine anymore.
It's obvious that this doc is just a very early working draft -- the rest of the spec is filled with TODOs as well, including TODOs for basic definitions. Yes, you might disagree with the proposal, but it's better to argue against the proposal constructively instead of bad faith misrepresentations.