The largest IT corporations introduce “DRM for websites”. Device attestation and privacy tokens

Google and Apple have unveiled two similar technologies “to combat online fraud and other abuse without compromising privacy.” Google’s initiative is called Web Environment Integrity (WEI). A similar technology from Apple called Private Access Tokens (private access tokens) was introduced last year, and is now integrated into MacOS 13, iOS 16 and Safari, that is, officially put into operation.

The bottom line is that Google or Apple checks the client device – and guarantees its authenticity to the server. In turn, the server gives content only to the “correct” visitors.

Some specialists considerthat device attestation is inherently harmful, as it imposes restrictions on access to content and blocks user control over their own devices (for example, you can block access to the site for users with rooted phones, old versions of applications, or ad blockers).


Site attestation is formally introduced “to establish trust between client and server” as an alternative to fingerprinting and end-to-end cookies. This trust is established through guarantees from a third-party “certifier”, which in the case of WEI is Google Play, and with private access tokens, respectively, Apple.

WEI by Google

WEI code

for Chromium appeared on Github in April 2023, and was officially announced

in May

. But it did not attract much public attention until July 21, when it was published.

draft Web Environment Integrity specification

(with the note “a collection of interesting ideas”).

In short, WEI is proposed as an API for “low entropy trust signaling on the web”. This API is based on the fact that user agents have access to the attestator and can convey guarantees of their authenticity (“environmental integrity” in the document’s terminology) to the server.

An example of an environment integrity attestation request:

// getEnvironmentIntegrity ожидает «привязки к содержимому» запроса.
// Такая привязка защищает от использования этой информации
// для другого запроса. Перед отправкой аттестуемому содержимое
// contentBinding будет конкатенировано с доменным именем и хэшировано.



const contentBinding = "/someRequestPath?requestID=xxxx" +
"Любые другие данные, необходимые для соответствующего этому запросу contentBinding...";



const attestation = await navigator.getEnvironmentIntegrity(contentBinding);



console.log(attestation.encode());
"полезная нагрузка аттестации в кодировке base-64 и подпись общим размером примерно 500 байт"



const response = await fetch(`/someRequest?requestID=xxxx&attested=${attestation.encode()}`);

The attestation token is returned as

ArrayBuffer

serialized with CBOR (RFC 8949) and signed with COSE (RFC 9052).

At the second stage, the web server verifies the authenticity of the certified information using the public key of the attester. Then, based on the information received, decisions are made:

// Этот код не является частью Web Environment Integrity API, а лишь примером,
// как можно проверить целостность среды со стороны сервера
function isAttested(attestation, contentBinding) {
if (!isAttesterTrustedByMe(attestation)) {
return false;
}



// Открытый ключ аттестатора запрашивается у него напрямую.
const attestersPublicKey = getAttestersPublicKey(attestation);



// Валидация токена с помощью открытого ключа аттестатора.
// Привязка к содержимому и защиту от повторного воспроизведения.
if (!isTokenRecentEnoughAndValid(attestersPublicKey, attestation)) {
return false;
}



// Проверить хэш contentBinding
// Принять решения на основе attestation.payload
// ...
}

The author of the Web Environment Integrity technology, Google programmer Ben Wiser in comments on Github responds to criticism from the community. According to him, “the WEI experiment is part of a larger challenge to keep the Internet safe and open, as well as to combat cross-site tracking and reduce reliance on fingerprinting in the fight against fraud and abuse.”

Apple Private Access Tokens

While the WEI debate continues, Apple has de facto implemented a similar program

Private Access Tokens

. As already mentioned, privacy tokens were introduced last year, but now they are integrated into MacOS 13, iOS 16 and Safari, that is, into all Apple devices. Of course, nothing will work without support from websites: you still need to convince developers to install device verification on their sites.

Private access tokens work according to the following algorithm:

1. The browser makes an HTTP request to the web server.
   
2. The server rejects the request and returns an HTTP 401 response with a call PrivateToken:

   HTTP/1.1 401 Unauthorized
   WWW-Authenticate:
   PrivateToken challenge=<base64 challenge data>,
   token-key=<base64 public-key>

3. The browser recognizes this and sends the validator (such as Apple) part of the call, as well as the verified data about your device.
   
4. The attester checks the device for modifications (depending on the device, but Android and iOS have ways to check) and returns a signed token to the token issuer (third party, such as Cloudflare/Fastly), which proves the legitimacy of the device.
   
5. Browser resubmits request with signed token in header Authorization:

   GET /protected-content HTTP/1.1
   Host: example.com
   Authorization: PrivateToken token=<signed token>

6. The server now knows that the client has been verified by a trusted provider (but no more) and can act accordingly.

Who needs it

Surely many websites will like this idea, because private access tokens are a more reliable alternative to traditional user agents. It allows you to block bots that waste server resources and publish fake posts. Captcha will not be needed. Gaming sites will be able to detect cheaters. Infected devices and botnets will be detected automatically. It would seem that there are only pluses. No wonder Cloudfalre

started implementing private access tokens

even last year.

In the future, in this way, it is possible not only to distinguish people from bots, but also to narrowly target the audience by gender, age, income and place of residence, etc. (see filters for advertisers on Facebook), since the “certifier” as the owner of the operating room system on the device has this information.

Sometimes it happens that initiatives conceived with a good purpose in the end do more harm than good. Unfortunately, initially good intentions do not guarantee a positive result. In this case, it is logical to assume that each large IT corporation will promote its own “attestation system”, and Microsoft will join the mentioned Apple and Google (see the example below). Trusted Windows). All this can lead to fragmentation of the Internet ecosystem, causing unnecessary problems for both developers and users.

If adopted, this standard, which compare with DRM, may inherently conflict with the open architecture of the free internet, as well as the basic right of citizens to anonymous and secure access to content. Therefore, new initiatives are perceived by the community with some apprehension.

It is believed that WEI represents another obstacle for alternative browsers. With official criticism of technology spoke Mozilla etc.

“I don’t think it’s [токены аттестации] solution to the problem, – speaks Jon von Techner, developer of Opera and Vivaldi. “The real solution is to get away from the economic model based on surveillance of people. We are trying to resist this model, to prohibit data collection, user profiling and use in advertising. I really don’t understand why it remains legal. The surveillance economy is highly toxic. It creates significant problems for society, and to refuse surveillance is, in my opinion, an obvious solution. It makes no sense to use it, there are other ways of advertising that work just as well. But for certain companies, that’s a lot of money, and they don’t want to give up what they have.”

There is a suspicion that corporations are introducing device attestation not at all to protect user privacy, but rather to expand their influence on the Internet as the sole and unique owner of user profiles. So in the end it all comes down to who will control the information that is critical to e-commerce and the advertising market.

Note. The idea of ​​“trusted computing” is not new and discussed many times in past decades. For example, see article by Richard Stallman from 2005 about TPM chips. Now the idea of ​​remote device attestation is back in a new form. Technologies are also offered as web tokens for attestation PrivacyPass, Trust Token API And UserConfidenceScore.