Hacker News new | past | comments | ask | show | jobs | submit login

Can you give me an idea as to why WEI is a bad idea for the web? Granted, it is morning, but as I am going through the notes linked ( https://googlechrome.github.io/OriginTrials/developer-guide.... ), I am not sure I understand why it is that bad.



As a general rule of thumb, web technology has traditionally separated the content and protocol from the browser ("user agent") in terms of concerns. By which I mean, a user agent needs to be able to handle any possible input without breaking, and a web server needs to be able to handle any possible request without breaking.

WEI tries to shortcut that process by creating a secured sign-off system that would allow the server to only respond to queries from a blessed hardware and software configuration. This wildly constrains the user agents that would be possible. The pro for web developers is that they wouldn't have to concern themselves with whether their server or the HTML they are. Emitting is broadly standards compliant and compatible; they can just make sure it works with the target platforms they care about and rest easy knowing no other platforms can touch their system. But this is bad for anybody who, for whatever reason, can't use the blessed platforms (user agent and hardware combinations).

Immediate practical consequences are that a lot of the screen reader solutions people use would probably break (because the screen readers wouldn't be certified user agents), a lot of clever hacks would be far less feasible (the website somebody hacked together to track whether the ice cream machine was broken at McDonald's restaurants relied upon being able to pretend it was the McDonald's smartphone app well enough to attempt to put ice cream in the shopping bag), and it would basically become impossible to build a new browser or operating system from scratch compatible with the web (they wouldn't work with the websites people wanted to use because they wouldn't be certified as authentic on any of those sites).

This proposal grossly changes the balance of power on how the web works and places most of it in the hands of the incumbent browser and computer hardware vendors.


Thank you. I can see why there is a pushback for it and also why Google would want to make it a standard. It has a feel of systemd to it ( making things easy enough that if it does manage to become a standard, people will likely accept it en masse )


Basically aims to make desktop browsers work like non-jailbroken iPhones: locked down and outside the user's control, for better and worse. You could also compare it to client-side anticheat in PC games.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: