| Hey. I know you’re well-meaning and the proposal isn’t meant to harm the web. But please, retract it. WEI’s purpose is to block out bad traffic. The question isn’t whether all website owners will block non-attesting clients once this is rolled out. It’s whether any can. If they can, some will. The most promising way to address this are holdbacks. But they can’t work, because: a) if 5% of pageloads fail, users will get used to it and adapt. When the load fails, they’ll reload. Holdbacks can’t reasonably disincentivize blocking non-attesting clients. Some websites really want to, and they will. They won’t care about losing 1-2% of visits. b) Websites can just tell users how to bypass it: “Authentication failed. Try reloading, or switch to an authorized browser.” c) Some governments (like the French) are already trying to legally mandate stuff roughly similar to WEI, though thankfully the methods they use are much milder than WEI. You’re opening Pandora’s box, just like Apple did with Communication Safety. Why couldn’t a government legally require all banks to block non-attesting clients? Then, this proposal will have enabled financial discrimination and de-banking, for something as benign as not being able to have an up-to-date browser on an “expired” Chromebook (outdated browsers would presumably fail attestation, and people with old laptops who can’t afford new ones shouldn’t be shut out of the economy). Holdbacks can’t work. There’s no form WEI can take that wouldn’t cause what (I trust) you’re trying to avoid. |