While I don't love this API's idea, I understand why they're doing it, and the API it describes really just sounds like any Captcha API today.
> Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data. At this point your browser would contact a "third-party" attestation server, and you would need to pass some kind of test. If you passed, you would get a signed "IntegrityToken" that verifies your environment is unmodified and points to the content you wanted unlocked. You bring this back to the web server, and if the server trusts the attestation company, you get the content unlocked and finally get a response with the data you wanted.
The problem with Captchas today is that there are a lot of services you can use to bypass them. You send the token to a human, human gives you the solution-token, and you pass that to Google.
I can see why they want to make this more protected. As a user, if this lets me solve captchas less for certain sites, I'm OK with that. Of course, I don't think this API should be used for the entire web, but I definitely understand its use-case.
Captchas only let you verify that the user is human, this API lets you do more: it lets you verify that your web application is going to run unmodified and that the user is going to see what you want him to see, _everything_ that you want him to see and nothing else.
Unlike captchas with this you can remove adblockers, greasemonkey/stylus edits, extensions adding download links to your youtube videos, etc, from the picture.
One key difference to Captchas is that since this new system requires no user input, the "cost" of a website requesting attestation is a lot smaller. So it will probably be used more widely.
> Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data. At this point your browser would contact a "third-party" attestation server, and you would need to pass some kind of test. If you passed, you would get a signed "IntegrityToken" that verifies your environment is unmodified and points to the content you wanted unlocked. You bring this back to the web server, and if the server trusts the attestation company, you get the content unlocked and finally get a response with the data you wanted.
The problem with Captchas today is that there are a lot of services you can use to bypass them. You send the token to a human, human gives you the solution-token, and you pass that to Google.
I can see why they want to make this more protected. As a user, if this lets me solve captchas less for certain sites, I'm OK with that. Of course, I don't think this API should be used for the entire web, but I definitely understand its use-case.