back to article Google's next big idea for browser security looks like another freedom grab to some

Googlers have proposed a way to determine whether browsers can be trusted, as a defense against criminal fraud and other bad behavior. Some in the internet community fear this is the end of the web as we know it. The proposal, dubbed Web Environment Integrity (WEI), showed up as code in April and was announced in May. It …

  1. Steve Davies 3 Silver badge


    WEI will require a fully validates Google account. Anyone who does not have (or want) one will be excluded from Google's internet of the future.

    F'k Google. Suck on this NOW!

    1. Paul Hovnanian Silver badge

      Re: Naturally...

      "WEI will require a fully validates Google account."


      In the meantime, I'm waiting patiently in line for my Google Certificate of Authenticity. Right behind all the Nigerian princes.

      1. Anonymous Coward
        Anonymous Coward

        Re: Naturally...

        We will start to see .... "Your Google account verification has been approved, please confirm via this link user.img to verify your portrait" ...

        ... Certainly security is good but security confirmation can be risky.

        1. Anonymous Coward
          Anonymous Coward

          Re: Naturally...

          A server deciding that someone is using a filthy peasant browser isn't security.

          Get ready for the Browser-caust.

    2. Jim Birch

      Re: Naturally...

      Does it have to be Google? My limited reading is that anyone can validate accounts, but the site would have to decide which validators to trust. This would end up being the big boys because it would involve a level of infrastructure and maintenance but I don't think that they would want to force their customers to get/use Google accounts.

      1. Strahd Ivarius Silver badge

        Re: Naturally...

        Commercial sites already using Google Ads to make your browsing experience awful will go to Google in a blink

        Other sites will inform any Google based browser users that they are going to get a piss-poor experience until they go to a proper command-line tool

    3. teknopaul Silver badge

      Re: Naturally...

      They already flag nay app that does not use Google play for notifications as "using too much battery".

      Eu should step up on this it's clear monopoly abuse.

    4. Anonymous Coward
      Anonymous Coward

      Naturally... It's design to make you prove they should trusy you, it is Bass Ackwards

      This should be built the other way around, or not at all.

      Got to any of the commercial sites supposedly whining for this garbage. You will see a toilet bowl full of trackers, third party scripts, crypto-miners and other garbage, all from untrustworthy domains.

      You want trust in browsers? You effing first mate.

  2. lglethal Silver badge

    Best way to kill this...

    The firm attesting that the "Environment" is safe and untampered with is legally and financially responsible for any failure in the system.

    Add in a clear penalty on top (say $50k) per failure.

    I'm sure Google would be more then happy to take on the burden...

    1. b0llchit Silver badge

      Re: Best way to kill this...

      You must make the authenticator liable for all direct and indirect costs and losses associated with any failure in process, validity and accessibility of the authentication with a minimum penalty of 1% of global turnover of the authenticator per incident.

      1. Stuart Castle Silver badge

        Re: Best way to kill this...

        I agree. Fixed value fines don't seem to me much of a detterent. Google could take a lot of $50k fines before they even notice. Even if they did, it may well be worth their while to pay the fines rather than pay whatever is required to solve the problem that caused the fines. Yes, companies do this calculation, even for things that *might* be dangerous. If the solution to a problem will cost more than they are likely to pay out in punishments, they may opt for the punishments.

        A set percentage of their gross turnover, even one percent, is a *lot* more likely to get them to solve any problems.

        1. RegGuy1 Silver badge

          Re: Best way to kill this...

          Quite. When GDPR came in the US tech company I used to work for shit themselves, and MANDATED everybody to take a training course (online, obviously) and to commit to complete it before the GDPR deadline. I had to get a certificate from them to say I'd done the training and understood my responsibilities. It was very clear if the shit hit the fan they would stand me in front of them.

          The EU's influence is global, and 'a percentage of your global earnings' is very powerful. I wonder what the EU's take on this will be? And I wonder what 'lil ol' England's response will be.

  3. b0llchit Silver badge


    It is all about control. Control the system and you control everything. Google wants to control everything. This proposal makes it abundantly clear if it wasn't clear from past behaviour.

    Monopolists will always propose to improve their hold on the the monopoly. It will always be proposed as your benefit, but only serves the monopolist's benefit. See history...

  4. jake Silver badge

    ODFO, alphagoo.

    Here's the deal: You worry about the code running on your systems, and I'll worry about the code running on mine.

    That's how the Internet works. You worry bout your end and link, and I worry about my end and link, and ElReg worries about their end (and pays somebody else to worry about their link). What ElReg and I choose to do with our ends and links are none of your fucking business, period.

    So again, I invite you to fuck off. Nobody wants your vision of a nanny state, especially not where you are the nanny. Have I mentioned you should fuck off? Now would be a good time. Just do it. Put yourself out of our misery. We don't want you. At all. Go away.

    1. FrankAlphaXII

      Re: ODFO, alphagoo.

      Probably the most upset and irritated I've ever seen your writing here Jake. And you've been around here about as long as I have so that says quite a bit.

      Regardless, I agree that trying to rewrite the rules to enforce a monopoly and browser monoculture is foolish. I don't think it's going to work, as soon as Google gets distracted you'll never hear another word about it. What worries me is a more focused company that doesn't kill its projects like it's going out of style doubling down on this.

      1. Marcelo Rodrigues

        Re: ODFO, alphagoo.

        "Regardless, I agree that trying to rewrite the rules to enforce a monopoly and browser monoculture is foolish. I don't think it's going to work,..."

        Sadly, I think it might ($DEITY protect us all).

        You see, the potential reward is much too great for Google to just drop it. I would love for You to be right, but I have my worries.... If the Chrome engine wasn't so popular, it would be easy. As it stands, this atrocity has a real chance to go forward.

        Have I already said "$DEITY protect us all"?

    2. Spamfast
      Thumb Up

      Re: ODFO, alphagoo.

      That's how the Internet works.

      Hallelujah. That's how any comms channel should work.

      Anything coming from a source or through a comms channel that isn't completely under your control needs to be treated as potentially hostile and validated and sanitised to death. You can never assume otherwise or you end up with the Morris Worm, SQL injection, JSON-as-JavaScript injection, buffer overflow exploitation (worm again) or whatever.

      As a bonus, your systems will be more reliable and robust.

      If you can't design your end to detect when the other is 'cheating' then you've done it wrong.

    3. DoctorNine

      Re: ODFO, alphagoo.

      My father taught me this important principle before there even WAS an internet. In order to assure harmonious social functioning, everybody needs to be responsible for their own end (that wasn't the word he used) and keep their nose out of other peoples' ends. Those individuals or organizations who choose not to follow this golden rule, must occasionally forcibly be reminded that there is a cost to this behavior. In his world, if people wouldn't listen to reason, violence was not out of the question. And a poke in the nose could reasonably be expected.

  5. Kevin McMurtrie Silver badge

    This is good news

    I look forward to Google mandating this and abruptly losing all control over tech standards. It's about time.

    Let me know which bar Pichai and Musk hang out at to bitch about customers and reminisce upon 'X' projects.

  6. nematoad Silver badge

    Too late!

    "This therefore starts to slide the web toward a time in which only authorized, officially released browsers will be accepted by websites."

    Tell that to the bloody BBC.

    Just lately every time I go to iPlayer the BBC demands that I "...update your browser" or come the end of the month nasty things will start happening.

    I use Pale Moon, and when I contacted the BBC complaining about them taking away my choice of browser, I was told that because the BBC has only limited resources they can only certify a restricted number of browsers such as Chrome based ones, Safari or Firefox.

    How much effort does it take to check that a certain browser meets all applicable modern standards, and what about the open nature of the internet anyway? It's not as if I am using Lynx, now is it?

    I'm old enough to remember the warning that came up saying "This site is best viewed in IE 6." No, enough of that nonsense.

    Oh, in the end I just edited my user agent string to Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0

    Bollocks to the lot of them.

    Have we got to the stage when the governance of the internet is by the advertisers, for the advertisers? If so, how long will it be before these advertisers declare that choice and control of your computer are no longer allowed and lobby for penalties against anyone foolish enough to defy them?

    1. Dan 55 Silver badge

      Re: Too late!

      Just use this.

    2. F. Frederick Skitty Silver badge

      Re: Too late!

      The Barclays Bank website also whines about an "outdated browser version". It at least let's you continue to sign in though. In my case it displays this warning despite me using the current extended support version of Firefox on Debian 12, and "helpfully" offers links to download Chrome for Windows...

      1. Tron Silver badge

        Re: Too late!

        Governments are probably behind this, taking control via Google.

        1. a pressbutton

          Re: Too late!

          Google is behind this, taking control via Governments.

          There FTFY

      2. Anonymous Coward
        Anonymous Coward

        Re: Barclays recommending Chrome for Windows?

        to a Linux User? That would be more than enough for me to use a switching service and move to a more friendly bank.

        Going to Radbook Hall was always an experience. Two mainframe teams sitting 10ft from each other who have never been in the same meeting! Shakes head in amazement.

      3. Anonymous Coward
        Anonymous Coward

        Re: Too late!

        And for Barclays, they are already testing that your phone is "acceptable" to run their banking app. None of the other banks do.

        Here's a fun thing to try if you use the Barclays app on an Android: Create an empty file called "" in your Downloads folder. I am sure many of you know what the real file is used for. You don't need to have installed it - the file just has to be there. Now try to open the Barclays banking up. Won't work, with a vague error message. If you contact Barclays, you will get nowhere - I didn't. So Barclays scan you phone for files it believes would compromise their app - which seems very much like this Google concept. I wish I could switch to another bank, but sadly, it isn't possible for me right now.

      4. Grogan Bronze badge

        Re: Too late!

        My bank here (Canada) doesn't bother me about browsers. I wouldn't exactly try to go there with some minimalist thing (e.g. something silly that can't actually handle the site) but there's no problem with Firefox, Safari, Chrome, Edge, other Chrom(ium) based browsers like Vivaldi, etc. They don't dictate, they just tell you to make sure your browser is up to date.

        However, they do fingerprint and I resent that. Same browser (same local BUILD) on two Linux OSes on the same computer. (my Arch gaming setup and my custom from-scratch setup) yet if I log in from the other it will flag my login attempt and make me verify by phone (not email like they used to). They shouldn't be knowing anything about my browser or environment outside of the cookies that they place. (I sign out of the bank site and clear them after use)

    3. Anonymous Coward
      Anonymous Coward

      Re: Too late!

      Short answers to your questions :

      1 - Yes.

      2 - Very soon.

      Satisfied ?

    4. Doctor Syntax Silver badge

      Re: Too late!

      "the BBC has only limited resources they can only certify a restricted number of browsers such as Chrome based ones, Safari or Firefox"

      In that case they should have stuck with the earlier version that worked on all browsers instead of employing kiddies who want to fix what wasn't broken. Breaking it cost them salaries. Unfortunately BBC management has never been known to be wrong. You can take their word for that.

    5. Fred Daggy Silver badge

      Re: Too late!

      Why not this? "Lynx/2.8.3rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.5a"

  7. msknight

    The pooch is there to be screwed

    "If you make your customer your enemy, you have profoundly screwed the pooch." ... but that's exactly what they want to do. The pooch is there to be screwed out of as much money as possible. That's why they see nothing wrong with what they're doing.

    The problem is those who offer up what they do, who don't want money in return, will be impacted because those who want the pooch to bend over and take it, are in the vast majority; and lets face it, nothing comes for free these days. Every web renewal I have to weigh up the cost of my personal web domains and wonder if I can afford to keep them running in these cash strapped times.

    1. Anonymous Coward
      Anonymous Coward

      Re: The pooch screw

      Don't worry, this only another way for the industry to cut it's own throat.

      As the article says, making your users your enemies is a losing prospect. They say customers, but for most of these sites that relationship is pointing the other way. The "customer" is an ad network, or an ad agency. That's where most of the money flow they are protecting is from.

      Sure in the case of subscription content like games or streaming the user and the customer may be the same person, but both of those have alternatives to browser based deployments that are less of a contentious mess.

      So. this (as it always is with Google) about ad revenue. The problem is customers access a site, and the site monetizes that traffic with ads. Most of those sites aren't providing irreplaceable content, and their customers will vote with their feet. The scammers will just bypass the protected environment, by any of a thousand means. It is literally impossible to accomplish using existing web standards and home computer hardware. So you are expecting your customers to ignore you screwing them over publicly, and insult piled on insult, you also expect them to roll over for a one way trust relationship where any shady ad slinger places restrictions on and monitoring of their machine, while providing no control or transparency to the users the system depends on.

      This is against the law in large parts of the world, so it should automatically be rejected as a global web standard. Even if it isn't it will fail, like every other hostile piece of DRM based on open computing hardware. And convincing the whole world to buy a whole new set of devices just so ad networks can screw them over? Nope don't thinks so.

      Do you want mass piracy? Cause that's how you get mass piracy.

  8. mark l 2 Silver badge

    For all of the BS passed around by the Google Devs on this 'trusted browser' tech, its clear that Alphabet have one goal for it, to make themselves more ad revenue by blocking bots, stopping ad blockers and to eliminate alternative browsers and force people to use Chrome.

    The question will be whether Apple implements this in Safari or not if Google does push it through on Chrome? Hopefully they won't and that will allow a way around it. As devs will not want to lock out Apple users from their websites as they are a large customer base, so will have to have some way of displaying it without this 'trusted browser' BS.

    But the best solution is if people just stop using Chrome, as the only reason Google are able to pull this sort of BS is because they have such as large share of the browser market. Chrome has become the IE of the modern age in which devs just assume your either using Chrome or your an Apple user.

    FYI Linux and Firefox on my devices, that why i am worried about this getting implemented.

    1. Ace2 Silver badge

      Apple has not hesitated to tell Google to FOAD lately. This doesn’t sound like something they would touch with a ten-foot Musk.

    2. Claptrap314 Silver badge

      Chrome is not IE 6. It is Flash--a constant source of security problems due to the addiction of the parent company to a data feed.

      Kill it with fire.

    3. Roland6 Silver badge

      My thoughts also; the first use of this will be to detect ad blockers.

      However, I do question the real need for this given today without it:

      Websites can block access from browsers running ad blocker etc. or running in a sandbox.

      With movies and tv advertisers are able to inhibit the playing of content due to use of Airplay, HDMI etc.

      So it would seem to be just a standard API that will make such detections even easier:

      The malware writers will use it to enhance their detection of target PCs and enhance their social engineering to get users to turn off protections.

      MS willl use this to block access to MS because you aren’t running the last version of Windows and the updates released under an hour ago…

    4. Doctor Syntax Silver badge

      "make themselves more ad revenue by blocking bots"

      If they can get paid for "showing" an ad to a bot why would they care? They're selling advertising, not the goods being advertised.

  9. Zippy´s Sausage Factory

    The moment this starts governments will want to take over that certification. And believe me, they will. Google won't know what hit them.

    /edit: thinking about the laws currently getting passed in the UK, for a start...

    1. Brewster's Angle Grinder Silver badge

      But once government take over certification, there will be plenty of holes for us to exploit.

      1. Zippy´s Sausage Factory

        There will be plenty of holes to exploit anyway, this sort of scheme is ripe for abuse, especially given the false sense of security it provides.

  10. Dev.Magpie

    Why this isn't needed. (A micro essay)

    Since the actual github issue tracker is (as mentioned in the article) locked. I figured I would post a comment on the top article on why this API is not needed, this is taken from my tweet thread on the same topic.

    Many of the use-cases are bad use cases, that is to say there are already ways to solve for them. Point's here are counterpoints to many of the explainer points.

    RE: Checking for humans vs bots: 1 there are already this thing called Captcha's, also you could probably implement something like this using WebAuthn already.

    Re: Only human interactions, Same verse same as the first, but to add, you could also require a WebAuthn sign-in. Depending on the platform you can even weed out most multi-account users since every account would require another TPM / Authenticator Key.

    RE: Trusted Game Environments: 1. it's already known no to trust the client in games. 2. VERIFICATION SHOULD BE DONE ON THE SERVER!

    And, again, bans would be done vs the hardware ID, so if you want to avoid a ban, you would need a new device.

    RE: Malware: 1. People already don't check for SSL, how would this help? 2. Malware already gets into kernel & firmware, how would this prevent it? 3. this only helps the bank to know the user's browser is fine, not the user to know they are actually viewing the bank.

    RE: Improving privacy: You are implementing a way to fingerprint / verify users. None of this prevents the fingerprinting already possible. It just adds a new factor to it.

    RE: Goals and non-goals: It's admitted that "client javascript may be modified to alter the validation result" so it wouldn't fix games.

    Not in the tweet thread but, how can you not impact browser extensions and prevent ad-blockers?

    RE: Use-Cases A: Detection of webview phishing< Does anyone do this? Also, it would be easer & faster to just add a header to webviews (and everything else) stating the app sending the request.

    RE: Use-Cased B: Mass Acct. Creation & Hijacking? WebAuthn. Cheating? See, previous. Compromised devices? This won't fix. Password guessing? **WebAuthn Physical Authenticator Exsists.**

    RE: Google Play Verification: See

    (WebAuthn can already ask for it with `android-safetynet`)

    Tl;Dr: Much of this can already be accomplished with WebAuthn, that which can't, almost certainly won't be fixed with this API. Which brings to mind the question of why it exists?

    I wouldn't mind seeing a certification chain for browsers and whatnot added to the webauthn spec, but that would be a function added to the pre-existing authentication providers. Not a brand new verification API.

    1. Anonymous Coward
      Anonymous Coward

      @Dev.Magpie - Re: Why this isn't needed. (A micro essay)

      These are not valid reasons, they are weak excuses.

      Google knows very well what they're doing. They're looking for sure ways to increase ad revenue.

    2. Sora2566

      Re: Why this isn't needed. (A micro essay)

      I agree with you in principle, but WebAuthn just means that the client has a public/private key pair. Chrome has an emulator for this built in for testing, someone making a fake browser can make fake WebAuthn accounts no problem. "Guaranteeing that the user is real" isn't WebAuthn's purpose - it's making sure it was the same user as last time.

  11. NerryTutkins

    What about Selenium?

    The claim that somehow verifying the browser is legit would stop bots or other automation from cheating on games or doing other nefarious deeds on an automated basis doesn't really stack up.

    Selenium makes it relatively easy to build automation that can control chrome and firefox via an API, those would surely show up as legit, unmodded browsers. Although Selenium is oriented towards automated testing of web systems, I've worked on projects where clients needed to scrape data from various sites (with permission) that did not have APIs and tried to frustrate scraping by having javascript and fingerprints etc. and so needed real browsers to get at the data, rather than just calling the form targets and parsing the response. Selenium has been around for a long time too, and the browser makers specifically put support for it in, so they certainly know this too.

    The proposal looks more like trying to crack down on all the webkit/blink clones to keep control of the market and stop smaller start-ups getting a slice. It solves a problem that I am not sure exists, with a solution that doesn't actually solve the problem.

    1. I could be a dog really Bronze badge

      Re: What about Selenium?

      It solves a problem that I am not sure exists, with a solution that doesn't actually solve the problem.

      The problem certainly exists, and this is almost certainly a way to solve it. It's just that the problem isn't a problem for the end user. The problem is that Google doesn't yet have enough control over "everything" (including people using ad-blockers), and this is indeed a way to solve that problem.

    2. claimed

      Re: What about Selenium?

      See also, UIPath, will use an unmodified browser quite happily thanks, I’ve used this where selenium didn’t work as it doesn’t require (though supports) using the DOM. You can just record the layout of the website and click in exact locations with conditions etc :: is this my bullshit ad? Yes, click

  12. Lil Endian Silver badge

    Bye-Bye WWW: Time For A New Internet Protocol

    Fuck off Google. Fuck off, fuck off and fuck right off.

    Okay, now I've got that off of my chest I'll try to be a bit more constructive.

    Vote With Our Feet

    So we can't make Google GTFO, and if the W3C[1] don't kibosh this shit then it's So Long, and Thanks for All the Fish.

    It's common to conflate The Internet with the World Wide Web. I'm not pointing this out as a pendant, but to draw attention to the possibility of walking away from the cesspit. WWW/HTTP was intended as a document delivery service, not an advertisers wet dream. It was intended to be unpoliced, which Google are directly ignoring. Let them keep it, and drown in it. If site owners want a penny per thousand clicks on ads, and make Google rich, they're welcome to stay on the WWW.

    The Internet can handle another application layer protocol, for document delivery, one where advertisers may be lawfully hounded and throttled.

    A pipe dream, I know, but it is feasible. All the same standards could be used, all the same tools - just without The Tools.

    [1] I'd love to hear Sir Tim's views on this.

    1. nematoad Silver badge

      Re: Bye-Bye WWW: Time For A New Internet Protocol

      I'm not pointing this out as a pendant,

      Oh are you just hanging around then?

      I think the word you are looking for is pedant.

      1. Lil Endian Silver badge

        Re: Bye-Bye WWW: Time For A New Internet Protocol

        And the prize goes to....!

        LMFAO :)

        You missed "advertisers" though, better luck next time! :D

        [Thanks for spotting that and giving me a laugh, it's being a pretty shit day :( ]

    2. Anonymous Coward
      Anonymous Coward

      The sad thing is...

      ...that there are far too many people who cannot be persuaded into voting with their feet because this issue is simply too technical and esoteric for them to give a toss about. They just want to go home from their shitty job and watch Netflix until they pass out on the couch.

      If it's just another hoop for them to jump through in order for them to consume content, they'll jump through it.

      1. Lil Endian Silver badge
        Thumb Up

        Re: The sad thing is...

        I hear you AC, like I said a pipe dream.

        But not consumer driven (directly) as in your context. When (if, and hopefully not) suppliers start losing their consumers because of browser non-compliance with idiocy like this, hopefully (and I know I'm talking fairy tales here) the suppliers will opt-out - either within the current WWW (by lobbying for sensible practises) or by opting for a cleaner communications channel. The consumers will take the path of least resistance.

        It's a top-down system: geeks provide the internetworking structure, businesses adopt it, consumers follow. The latter two did not exist 30 years ago (in context) - it was pure Geekville!

        Video killed the radio star!!!

      2. Jim Birch

        Re: The sad thing is...

        The 'hoop' would be ticking a box.

      3. Anonymous Coward
        Anonymous Coward

        Feel free to live and die as a defeatist

        but in reality, most people follow content, and if you float a reasonably robust replacement to HTML and browser shite, if you can deliver regular a stream of good content you can grow it organically pretty easily. You don't need to kill the garbage that exists, just give people an alternate path and they will start taking it.

        The problem is developers either fall into the "field of dreams pit" where they build the protocol and expect a horde of content creators to show up at their doorstep and start churning out high quality content for free, or they shoot themselves in the foot by trying to build off HTMLs worst mistakes, the lie that everything can or should be run through a browser.

        Burn HTML to the ground. It's neither good nor clever, and nothing compatible with it will ever be good. That ship sailed, and web monkeys screwed it up. As to what to replace it with? We already did with tools like BitTorrent and popcorn time. With lightweight web deployed apps. Apps which no one uses anymore because Google and Apple want to lock you into their app stores, and 90% of what is left is on Steam.

        Just build something like WebStart (you know, like Java?) for Rust and your 75% of the way there. Put a user controlled permissions framework on it, like the one that was under the hood in earlier android builds until Google found out users discovered it and started disabling auto-start on Googles spyware.

        (yes Google, we remember, and the AlphaGooglebet name change didn't trick us either.)

    3. Doctor Syntax Silver badge

      Re: Bye-Bye WWW: Time For A New Internet Protocol

      "Vote With Our Feet"

      Yes, indeed. Home page has long been DDG. Because Google, email login suddenly decided my preferred client wasn't good enough for them I switched the use (which was simply to receive the Contact us messages from a web site elsewhere). In fact almost the only email I see from gmail addresses is spam.

    4. Anonymous Coward
      Anonymous Coward

      Re: Bye-Bye WWW: Time For A New Internet Protocol

      Gemini is the protocol you're looking for. It's too basic for the advertisers, it's like the Web was in the early days and it's going to stay there. Only thing it's missing is lots of content: so far just a few hobbyist bloggers are posting on it, and it's like the internet equivalent of amateur radio (if you say "why bother with amateur radio when you can just listen to the BBC" you're missing the point). But if we can get organizations that are not interested in directly monetizing their content, such as (some parts of) the BBC and academics and governments and public services and charities (and maybe even companies who just want to talk about themselves) to cross-post things to Gemini, it could be made a much more useful environment. I tried to do my bit by creating a Gemini version of my home page although it's more or less an exact mirror of the web version....

  13. Anonymous Coward
    Anonymous Coward

    Alex Russell, partner product manager on Microsoft Edge " API design requires a journey through a problem space, and ... extrapolate to worst-case scenarios"

    And now you know why Microsoft products are so bad - they just keep the worst-case scenario APIs!

    ==> I'll get my coat as it was an intentional misquote for fun

  14. Howard Sway Silver badge

    The Google devs response : limit comments, post a Code of Conduct document as a reminder to be civil

    The absolute cheek of it - if anyone ever needed a Code of Conduct document and a reminder to be civil, it's these control freak super snoopers, wanting to destroy anything on the web that doesn't earn them an ad payment.

    Here's a code of conduct for Googlers :

    1. Stop trying to monopolise the web using your browser market share

    2. Stop trying to snoop on everything everyone ever does on the web

    3. Stop ruining the free and open web because of your obsessive desire to make money by forcing adverts on people

    4. Stop monopolising the web ad market

    5. Don't ever try and limit criticism of your terrible proposals as part of a strategy to try and force them through

    6. "Civil" doesn't just mean use of language. It also has to do with how you behave

    7. Just stop. Go away and leave the web to W3C and users

    1. the Jim bloke

      Re: The Google devs response

      Google already have a code of conduct, and everyone is aware of it.

      They have seen your comments, and all the thousands like them, and they stand firmly by their original credo.



      Be Evil..

      1. jake Silver badge

        Re: The Google devs response

        go ogle dropped their "don't be evil" motto as of October of 2015, when Alphabet decided "Do the right thing" was more appropriate. Following that, "don't be evil" was vestigial, at best, a footnote in the CoC, before eventually being quietly removed entirely.

        They don't mention what 'the right thing" is (making a profit?). Nor to whom they are supposed to do it (the shareholders?).

        But at least they admit that being evil is OK in pursuit of "the right thing". Nice to know where they stand.

        Some of us have been shunning go ogle since the year dot ... not paranoid, pragmatic.

    2. Anonymous Coward
      Anonymous Coward

      This is ultimately the problem - and ultimately the point - of all these codes of conduct. They aren't there to promote civility, but to prevent criticism and dissent.

  15. Will Godfrey Silver badge

    Arrogance without limit

    This is the monster that said W3C (you know the web standards organisation) didn't have the right to decide the minimum that browsers should support.

    Go away and die Google - as quickly as possible.

  16. Anonymous Coward
    Anonymous Coward

    "API design requires a journey through a problem space, and the best way to redirect this sort of thing isn't to extrapolate to worst-case scenarios, it's to ask that folks show their work and demonstrate value."

    Clearly a middle manager rather than an engineer; engineers don't spew such gibberish. "Journey", "problem space", "show their work", and "demonstrate value" definitely give it away.

    1. MrAptronym

      The saddest thing is when you see an engineer or scientist turn into this.

      It's like in a zombie film when your buddy gets bitten...

    2. joyful

      I thought we have had enough of MS and Google "showing their work" along these lines over the past few decades.

  17. aerogems Silver badge

    Part of me thinks this is just the usual overreaction by some. I remember when TPM was brand new and everyone in Linux world was doing their chicken little routine about how this would allow Microsoft to block any third-party OS from computers. Yet, here we are all these years later, and far from being relegated only to systems lacking TPM chips, Linux is thriving probably more than ever before.

    Not to say that they aren't right to be worried, but I think the MS engineer has the correct approach here. This is just an early draft, so offer up constructive criticism and concerns by all means, but let's see how it fleshes out a little before predicting the end times are nigh.

    1. Lil Endian Silver badge
      Holmes offer up constructive criticism...

      Don't condone a single point of failure, controlled by a profit making institution, that has no regard for existing standards or ethics.

      How's that?

      1. aerogems Silver badge

        You seem to have conflated an example the Reg Hack used in the article for what was actually in the proposal given by Google.

        The idea isn't necessarily a bad one, it could help cut down on a lot of spam and other shit we all collectively hate, but there are a number of potential use cases where if it's not very carefully thought out, it could end up being very bad. Which is why I say give them enough rope to hang themselves with if that's what they intend to do.

        Of course at the end of the day, it's their program. They control the code and can do whatever they want with it and there's fuck all we can do about it. If they want to try to force this idea on everyone, our options are either to drop trou and take it or switch to Firefox or Safari. Someone might be able to fork Chromium from before these changes were merged in, or just disable them at compile time, but who knows how long that'll last before the number of people with the right combination of skills, free time, and willingness to contribute burn out. The number of people who meet all the criteria are quite few after all.

        1. Lil Endian Silver badge

          ...switch to Firefox or Safari...

          Clearly this is a proposed standard intended to be implemented by all browsers, not just Blink/Chromium. Otherwise sites would have a choice of verifying Chromium based browsers only, and then accepting others as-is or denying them access "cos no attestation". That would create a web-within-the-web, for the special users only.

          Either way, a headache for every website in existence. I think jake hit the nail on the head in this post.

          It's still a point of failure controlled by an org serving its own best interests. It equates to corporate gated censorship. Just NO!

          [Edit: yes, there a niche cases where this could be useful, ie. browser based games, but there are already solutions available - that's not Googles motive, me thinks.]

    2. I could be a dog really Bronze badge

      Yet, here we are all these years later, and far from being relegated only to systems lacking TPM chips, Linux is thriving probably more than ever before.

      I would say "thriving" is a bit of an overstatement. Yes, it;s popular in the server market; and it's popular in a niche consumer market (the likes of you and I); but it's definitely not "the year of the Linux desktop" (still).

      We already have a situation where some computers (MS's tablets) cannot run a non-approved OS. With most common desktops/laptops/servers you now have an extra hoop to jump through to run anything not MS. By default you can't just toss an installer image in and run Linux, you need to do one of a number of options :

      - Turn off secure-boot, after which Windows won't run which is a problem for those who do need to run it and would like a dual-boot system.

      - Run a bootloader that's signed by MS, which puts you at the mercy of MS as to what their bootloader will do when they decide to tighten the controls a bit.

      - Sign your own bootloader and install a new licence key in the system, which is technically beyond the abilities of the majority of users, and also relies on the ability to install a new key remaining.

      But secure boot means that for a normal user, "Linux is broken because the systems says so" and it's not possible for them to "just run it".

      The thin end of the wedge is now irretrievably inserted, time will tell how long it takes, but sooner or later I can see that "for our own protection" one or more of the routes to running Linux must be removed.

      1. aerogems Silver badge

        Compared to pre-TPM, Linux has only increased in overall popularity. But the point is, everyone was doing their chicken little dance when TPM was proposed by Microsoft claiming it would be the death of Linux and it was an attempt by Microsoft to lock in Windows as the only OS on x86 and all these other draconian DRM ideas. Yet, you can still boot Linux, Microsoft hasn't used TPM to implement a bunch of DRM into Windows. It's a little bit more annoying, sure, but it's offset in large part by the improvements in Linux hardware support. Damn kids these days don't know the "joys" of manually entering modeline values into their XF86Config file to get their LCD monitor to work back in the day, fighting to get your soundcard to work, being brought to tears if you could get your cheap inkjet printer to just print basic text, or having to scour forum posts or FAQs trying to find answers to questions. For the most part, Linux just works out of the box these days. The major concerns now are how FOSS developers love to tear everything down and rebuild it from scratch just when they get tantalizingly close to functional parity with the leading commercial competitor.

        For better or worse, Linux is used by a lot of Libertarian types. The group that straddles the edge of the mainstream and the fringe on the political right. They always think that everything is some kind of threat to their freedom. Usually they make things out to be a lot worse than they are in their head, and, especially these days, they're prone to inhabit echo chambers where they only hear voices from other people who agree with them. Strange ideas start to develop in those kinds of scenarios as we've seen with the Qanon bullshit.

        Simple fact is, right now all we have is an early draft proposal from Google that they couldn't even really be arsed to flesh out very much. Maybe it'll get better, maybe it'll get worse, maybe they'll get bored with the idea in a week and abandon it. If it gets worse then you can get out the pitchforks and torches and storm the Chocolate Factory gates.

        1. Roland6 Silver badge

          >” But the point is, everyone was doing their chicken little dance when TPM was proposed by Microsoft claiming it would be the death of Linux and it was an attempt by Microsoft to lock in Windows as the only OS on x86 and all these other draconian DRM ideas.”

          Linux thrives because everyone did make a song and dance and so forced MS to adapt their x86 platform locks so that OS’s other than those approved by MS could be installed.

        2. joyful

          Strange that you are connecting Linux users with Libertarianism. Not long ago Linux was "communist". If you haven't noticed some libertarians would argue unrestricted freedom to Big tech and other corps without government getting in their way to violate labour rights, the environment and establishing monopolies and lock-ins, while most Linux users are likely just concerned about the freedom to run the software they wish on their devices and does not want to feel that they are being watched and tracked every second. Meanwhile the qanon types are the ones who spout baseless crap that is a distraction from real issues like what Google is proposing now that the qanon types probably are blissfully unaware of. A lot of bad conflating, associating and generalizing in your comment.

        3. I could be a dog really Bronze badge

          Yet, you can still boot Linux, Microsoft hasn't used TPM to implement a bunch of DRM into Windows.


          The wedge is in, over time it will be given the occasional tap ...

      2. The Central Scrutinizer

        Errr.... what?

        I bought a new box about 12 months ago. It came without an OS because I specified it without one. I plugged in my bootable US stick and 8 minutes later I had a fully functioning Linux system.

    3. Anonymous Coward
      Anonymous Coward

      I think a part of the Linux community finds TPM to be a good thing, in that it allows secure storage of cryptographic keys and secure boot assuming TPM can be implemented with 'open source ' hardware. The problem begins when a remote party is able to attest the boot process, and especially if this remote party is a big tech corporation. It looks very likely that the Web integrity API will need to use TPM to do browser attestation and make the attestation meaningful.

      I believe the earlier panic was about Palladium/TCPA which has reincarnated itself as Microsoft Pluton nowadays, but TPM I believe was a small subset of that. To the extent there was a panic about TPM, it does look like that was justified given what Google is proposing now. True it won't kill Linux as such, but it would reduce the merit of Linux as 'your own OS that you can modify and use in your own way:

    4. Anonymous Coward
      Anonymous Coward

      Given the fact that they have squeezed the possibilities of open standards to implement tracking and fingerprinting for serving ads, it's reasonable to think that something that has a lot more muscle and expressly stated supporting advertising as one of its intentions will be squeezed to the maximum. Why wait until that happens and the frog is boiled? Banks don't already work on non stock android OSes even verifiably secure ones like GrapheneOS. Vivaldi has to disguise its user agent string to pass some sites. It's bad enough as it is already. So what should make me optimistic that Google (and eventually Microsoft) won't have us all browse their way, and are not trying to weed out competition from smaller vendors?

  18. seven of five

    Handily eliminates adblockers as well

    Of course, any form of ad-blocking would alter the "user experience" and therefore can not be tolerated.

  19. Anonymous Coward
    Anonymous Coward

    Browser "Security" Is Only A Part Of The Hypocrisy!!!

    Quote: "Google's next big idea for browser security"

    ....and Google provided a "a reminder to be civil"....

    Try reading this, and tell me how this behaviour by Google/Deepmind can EVEN REMOTELY be called "civil"?

    - Link:

    Yup......Google wants EVERYONE ELSE to be "civil"......while slurping 1.6 million medical record IN SECRET!!

    More hypocrisy........I need to be "civil".....but Google is fine with slurping 1.6 million private medical records!!

    Pass the sick bag, Alice!!

  20. Tron Silver badge

    Google being evil.

    We no more need be civil towards Google stealing turf online than we need be civil towards Putin stealing turf offline.

    This gives Google (and those who can pull the strings of Google) too much power. We need alternatives, or we get an online dictatorship.

    Health and safety is the new way to leverage dictatorial control, offline and online. Users should have rights and if we want to do something with the data we receive, and how we receive it, we should not have to be licensed by Google to do that.

    TL;DR: Google's online fascism needs to be opposed.

  21. JavaJester

    Another Elephant in the Room - Accessibility

    Accessibility by its very nature alters the workings of the browser. Will adopting this proposal hobble accessibility by only allowing "official" accessibility functionality? Will the web become less useful to those who have accessibility issues such as poor vision? What incentive will third parties have to innovate when their work will be disallowed by the Ministry of Truth's new browser validator?

  22. Anonymous Coward
    Anonymous Coward

    Just mentionning this "solution"

    and the harm has already been done.

    It's like Apple's client-side scanning (really bad) idea. Now Apple would like to take it back but the Western governments have already adopted it in their legislative attempts to regulate the Internet.

  23. Binraider Silver badge

    That has monopoly written all over it, I'm afraid.

    Though MS are in Cahoots with Edge being a derivative of Chromium so I fully expect such an initiative to have at least been inferred from that side of the fence.

    Says me posting this from Chrome as the only browsers we have in our package manager are Chrome and Edge.

    1. Doctor Syntax Silver badge

      You need a better package manager.

      1. FrankAlphaXII

        He's likely talking about the SCCM clientside software manager. My employer only has Chrome and Edge listed in it as well, but Firefox and one of the un-trademarked Firefox rebrands is permitted and they get used fairly frequently, not least by me.

  24. StrangerHereMyself Silver badge


    "This therefore starts to slide the web toward a time in which only authorized, officially released browsers will be accepted by websites."

    I don't believe this to be correct. In the end it's in the websites' self-interest to have as many people visit as possible. Throwing up artificial barriers would quickly undermine their business model. I've seen this happen already where websites block users with ad-blockers. This often leads to an exodus of users and eventually the shutting of the website.

    In addition. the web browsers used are open-source and could easily be forged to give out a valid token whilst not playing by the rules.

    1. Jamie Jones Silver badge

      Re: Attestation

      But when the advertising companies (Google!) refuse to serve ads on a website unless they sign up to this scheme, then they'll have no choice.

      1. Lil Endian Silver badge

        Re: Attestation

        ...other than to not serve ads (with the effect of not profiting Google).

        Did you intend a /s? Sorry.

        1. I could be a dog really Bronze badge

          Re: Attestation

          And not serving ads means no income from serving ads - which is all that sustains many sites.

          Ah, but serve ads from someone else ? No way, Google is working very hard to block that route.

          1. Lil Endian Silver badge

            Re: Attestation

            And the split in revenue for MyPoorCompany versus Google? I do hear you, but that's making "the best" (ahem) out of a single option in the current environment, which serves Google more than the site.

            I get that ads leave the consumer to browse freely (as in beer), but many institutions survive in the non-web world without a massive advertising stream. How do they do that? It ain't new. I agree it's a choice for the supplier, but ads are not the only one, and it's not to be dictated by a $Corp while attempting to apply their self serving constraints upon me. There's no need to be sheep. Sheep get slaughtered.

        2. Jamie Jones Silver badge

          Re: Attestation

          No sarcasm intended. Any site that wants to make money without subscriptions or other paid services, and doesn't care about Google ethically or morally will use Google Ads.

          They don't really have much choice if they want to maximise their revenue.

      2. Doctor Syntax Silver badge

        Re: Attestation

        The rest of the advertising industry are for ever complaining about Google having a monopoly. When they see Google shooting themselves in the foot they'll be quick to remind sites there are alternatives.

        1. StrangerHereMyself Silver badge

          Re: Attestation

          Mind you that websites already have the capability to block users with ad-blockers. Very few have done so so far.

          It will be an interesting experiment to see what happens when Google starts blocking users with ad-blockers on YouTube.

  25. cdegroot

    I totally agree that there is no real need to be civil with Google. It has shown time and time again that it is willing to breach ethical boundaries to get its way and it’s long overdue to a split up.

    However, as long as everybody votes with their feet and uses Gmail and Chrome and Android and their search engine, nothing will change.

    I hope that at least everybody here uses Firefox, has their mail with Proton, searches on DDG (just naming some potential alternatives), and so on. Because market share speaks and so far, they can get away with murder because the market rewards them for it.

    1. Throatwarbler Mangrove Silver badge

      But people can't run Firefox because Mozilla made some trivial and insignificant UI changes many years ago and also broke a few extensions, so there's no choice but to throw our toys out of the pram and use the browser made by a company we profess to hate!

      1. Claverhouse Silver badge

        Just use Pale Moon, or another knock-off of Fx.

        Firefox has been far too ugly to use since Australis came in.

        And I used to literally love Firefox.

  26. Paul Hovnanian Silver badge

    This is clearly...

    ... Google's attempt to become the broker between web sites and the users. Want to reach your bank? Where's your (paid up) Google official certificate of identity?

    This is where I think the federal trust busters need to step in. If electronic credentials are so critical for the operation of a modern economy, then our government needs to step in and provide them (the Aadhaar card in India comes to mind). And that organization should also be responsible for ensuring that the path over which this identity info travels is incorruptible. So, break up Google and place Chrome and supporting web development kits under this new department's control.

    Yeah. Like that is ever going to happen. But the threat may be enough to scare off Google and show them their place in the world.

    1. Steve Davies 3 Silver badge

      Re: This is clearly...

      Elon Musk latest brainfart with Twitter (sorry X) is a threat to Google. He wants 'X' to become the world version of We-Chat and THE ONLY place where payments are made.

      If you think that Google has oodles of data on you, that would soon be dwarfed by SKUM's (Anagram of Musk) cunning plan for world domination.

      You will have an certified 'X' account. Only £25.00/month. You know it makes sense. (not)

      1. Paul Hovnanian Silver badge

        Re: This is clearly...

        "He wants 'X' to become the world version of We-Chat"

        He can't even keep his current users from jumping ship to Threads.

        1. Evil Scot

          Re: This is clearly...

          The elephant in the room is that there are other messaging platforms other than X and threads.

      2. Jamie Jones Silver badge

        Re: This is clearly...

        He may want that. I want to marry a hot model. Reality says neither will ever happen...

  27. fromxyzzy

    So if/when they implement this, what publishers are going to

    1. trust Google enough to actually use their verification and believe that they have no overlapping competitive interests that would make that a bad idea and

    2. think that customers are going to put in actual effort to comply, instead of immediately moving on to any available alternative that doesn't make them do extra steps for the same thing?

    And given issue 1, how many competing verification providers are going to be necessary for any of this to work? There's no way MS is going to use Google's internal verification, much less Apple.

    It sounds like phone-home DRM for web pages, and in the smaller markets where publishers have moved to phone-home DRM verification for computer applications (music software is a very good example, which went hard for subscription-based virtual instruments about 10 years ago) it has frustrated users to such a degree that companies are losing long-term customers due to the background overhead of running a dozen different DRM verification schemes. A similar situation would probably happen to anyone who tries to do online gambling on multiple platforms, with their location verification background apps.

  28. Ian Johnston Silver badge

    How do they avoid a browser presenting itself as vanilla to get the attestation and then doing ad-blocky things when actually used?

    1. Lil Endian Silver badge

      It's a numbers game. As long as they can prevent the hoi polloi blocking they'll get more revenue, and be smug knowing that they've made a relative handful jump through hoops to game the system. Then they'll push for that to be included under the PATRIOT Act (or whatever), with due extradition ofc.

  29. Doctor Syntax Silver badge

    Alex Russell ... took to Mastodon to urge people to withhold their judgment until WEI is more fully developed.

    "Particularly in the early design phase, lots of ideas are bad!" Russell said.

    That seems to be just the time to not withhold judgement. If bad ideas aren't stamped on PDQ they tend to stack around.

  30. MachDiamond Silver badge


    Google is coming up with methodology to protect people browsing the web from who? Google themselves is one of the biggest threats. Foxes and hen houses, am I right?

  31. Bebu Silver badge

    a framework for profoundly screwing the pooch.

    I get it but "profoundly?"

    I think I first heard the phrase in "The Right Stuff" (I vaguely recall the movie was a consequence of firmer Astronaut John Glenn trying to get elected to the US house (or senate?)) but I am guessing its Top Gun speak from long before.

    Does profoundly mean the bitches have an even bigger smile afterwards or that you respect them in the morning?

    Acusing Google of conceptual bestiality rather amuses me.

  32. mistersaxon

    This is about Ad Nauseam isn’t it?

    The plug-in that randomly clicks ad elements everywhere you go, making targeting and ad history effectively useless looks like they are just talking about it and then tried to claim their proposal would actually stop cheating in games etc etc.

    Moral of story, it’s just about making sure you can’t block ads or “misuse” them. Get Ad Nauseam now and let’s see if we can make Google go bust before Christmas.

  33. CrackedNoggin Bronze badge

    WEI - too late!

    Because LLM will be or are already able to read a screen, guess passwords or make an account, upvote, comment, etc., all from 100% honest Chrome or Microsoft Edge browsers.

    They can operate in normal human reaction time, but there could be 100's of processes each with an LLM+browser running from a single machine.

  34. Stuart Castle Silver badge

    This seems like a massive grab of rights for little or no gain (at least from the consumer side). At the moment, I use Vivaldi or Safari, but I like the fact I can use whatever browser I want. I could even write one from scratch (assuming I had the time and inclination), or I've no doubt there is source code for a number of browsers on Github I could compile and use. I like the fact I am free to do that. Websites requiring a specific browser is a step back, IMO.

    OK, so this could stop bots. Fair enough, that is a laudable goal. The bot writers could bypass it by changing tactics though. All they need is to write the bot in such a way that it reads the browser window, and sends keypresses/mouse movements to it. There are a number of legitimate applications that can do this. They can even attempt to bypass the robot checks built into some systems by moving the mouse randomly, or not taking the direct route to a link., like a human may do if browsing. In this cause, other checks may catch the bot, but WEI wouldn't because it would be communicating with an unaltered browser.

    Hackers will also probably find a way to bypass it. All they need do is find out how Google are generating whatever signature is sent to google, and fake it.. That way the pile of scripts your bot is using to access a website could appear to be a legit copy of Chrome.

    While I don't game online, so am not affected by online cheating, I can understand it is frustrating for players to be dealing with someone who cheats..

    But, this thing requires we sign in to Google. I'll come clean, and admit, I do surf the web signed in to Google. Google provide services I use (such as Youtube) and it's more convenient for me. I am aware of the tracking they do, and, TBH, it doesn't bother me that much. But, I like the idea I am free to browse the web while not signed in to any company. Sometimes, I do this. I know that a lot of the web is behind paywalls (even if they are free, some websites require registration to use), but I don't like the idea that potentially a *lot* of websites could be inaccessible if I don't sign in to Google (or any web ID provider).

  35. Anonymous Coward
    Anonymous Coward

    Blind people won't be able to use the web anymore

    It's hard enough already with CAPTCHAs, and CloudFlare blocking out any browser that doesn't fully support JavaScript (which to be fair they are doing as protection against DDoS's but it does have the side effect of stopping us from using blind-friendly tools like edbrowse; I don't know if the DDoS guys realise they are basically making more and more sites get CloudFlare protection and consequently become less accessible to the blind). Authenticated browsers is going to make it worse. If somebody brings up the subject with Google, they will probably say "oh, we'll make sure you'll still be able to use our authenticated browser with the top selling commercial screen reader for the blind", only the top selling one not any other one mind. The top selling one is called Jaws which I believe stands for just about works, it is often sold to companies because of accessibility legislation and such but it's not the one I actually want to use.

  36. Captain Hogwash

    I think we could get them to brush their tongues

    It's about driving everyone to Chrome and forcing them to log in with a Google account.

    1. Ace2 Silver badge

      Re: I think we could get them to brush their tongues

      Have you noticed how many websites are putting up giant “Log in with Google” banners all of a sudden? The banner fills half the (phone) screen.

      No, I’m not logging in to you, sod off!

      1. MachDiamond Silver badge

        Re: I think we could get them to brush their tongues

        "Have you noticed how many websites are putting up giant “Log in with Google” banners all of a sudden?"

        Google has obviously put a lot of money into that program to incentivize everybody. I'm seeing it everywhere as well and I don't have a Google account and there isn't a chance I'll sign up for one. I can't think of a more stupid way to put one's self at risk than to use an online service with one password for everything.

        Inconvenience = Security. If somebody is hawking something to make your life easier, chances are high that it's going to erode security and privacy. I save money by NOT having auto-pay. If just one time charges hit your account before the bank clears a check or your pay, you will know how fast those fees and penalties add up when they send everything bouncing back. To add some insult to the injury, the vendors you have set up on auto-pay will put the charges back through again right away triggering another round of fees, this time at a higher rate.

  37. captain veg Silver badge

    what about proxies?

    Do proxies have to be attested too? If not then the proxy can filter out of otherwise manipulate the content in just the same way.

    What about wget and curl and the like? If they're in the clear then nothing stops me implementing a proxy which curls the document, does it's sanitising thing than serves the cleaned up version to my browser of choice.

    Here's hoping.


  38. Grogan Bronze badge

    I don't use other people's binaries... I always do custom builds. If I can't compile it, I"m not using it and if I can't access a site with my browser, I'll hit the contact form and tell them to blow it out their asses.

    There's nothing I really need from anybody. I'll cancel a subscription on the spot if they introduce something that so much as irks me. I don't even care about commitments, one phone call to Visa and payments stop. They've never denied me (Canada, here). As far as I'm concerned (I don't care what your TOS or EULA says), if you change something out from under foot, my previous agreement with you is void.

    If someone like Amazon won't let me buy from their store with my browser, then I guess I don't need to shop there, for example.

    This is about Google controlling the Web. They know they can't force other browsers to disallow altering streams, so they come up with this. It'll be used for anti-adblocking too.

    Fat chance with a complacent, mostly stupid populace, but if you could get enough people to loudly say no, this would stop. When it causes traffic and commerce to go down. It's the only language they understand.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like