Google intended its Web Environment Integrity API, announced on a developer mailing list in May, to serve as a way to limit online fraud and abuse without enabling privacy problems like cross-site tracking or browser fingerprinting.
[…]
To do this, the system would need to check, via attestation, whether the visitor's software and hardware stack met certain criteria and thus was authentic. That's great until it's abused to turn away visitors who have a setup a website owner isn't happy with – such as running a content blocker or video downloader.
Technical types saw this immediately, and became concerned that Google wanted to create a form of digital rights/restriction management (DRM) for the web. One benefit could be that ad fraud might be easier to prevent; but the risk is that the API could be used to limit web freedom, by giving websites or third-parties a say in the browser and software stack used by visitors.
Apple incidentally has already shipped its own attestation scheme called Private Access Tokens, which while it presents some of the same concerns is arguably less worrisome than Google's proposal because Safari's overall share of the web browser market across all devices is far lower than Chrome's.
Google Chrome
in The Register
via Hacker News