To whom it may concern,
I am writing to draw your attention to Google’s Web Environment Integrity (WEI) proposal as clear anticompetitive action on their part. I am a professional web developer, bringing more than a decade of experience to bear in this matter. Recall that Google is a provider of:
- An ubiquitous search engine
- Many popular web applications such as Gmail, Google Maps, and Google Docs
- The United States’ most popular Web browser, Chrome, with roughly 80% market share
These create an ecosystem: users of one product are drawn by Google’s marketing and integrations into the others. This is not itself anticompetitive behavior, but it amounts to many years of groundwork; with such dominance over various layers of the Web platform, Google can now really begin to exercise undue control and choke out fledgling competitors.
What follows is a little technical, but also much clearer than Google’s opaque WEI proposal. Please bear with me.
When web browsers request a page for a user, they typically send along a “user-agent string” that identifies it as Chrome, Safari, etc. Servers may note this information when logging web traffic; they may send different responses based on browser capability; they may ignore it altogether. A key property of user-agent strings is that users control them: you can choose to send whatever you want, or nothing at all. This has many practical uses:
- Researchers studying social networks can write automated tools that act like browsers to crawl Facebook and Twitter
- Mobile phone users can “Request Desktop Website” to get a bit of work done on a website not really designed for small screens
- Visitors to a website can circumvent arbitrary requirements to use a specific browser. In the 2010s sites would commonly, and erroneously, claim only to work in Internet Explorer as a cost-saving measure for their developers. (The same thing is now becoming true of Chrome).
Of course, the user-agent string can be manipulated for antisocial purposes as well. Any tool that might be called a “bot” will send a fake user-agent string. Over the years the Web has reached an equilibrium where user-agent strings are taken with a grain of salt, especially when sent from unfamiliar or unauthenticated visitors. This dynamic tension between the rights of users and servers is healthy; it promotes innovation, competition, and an open Web. In this regard, the name “user-agent” for browsers is telling. It is a precept that browsers work in the interest of their users when navigating a confusing and hostile online world.
WEI is basically a user-agent string for Chrome that Google controls. It is cryptographically signed by Google, so servers who receive a request with a “WEI token” can know the request came from Chrome. (In principle, this is an open standard. Google expects that other browsers vendors will send this information, too). Google wants this because its ad network charges by the view. Its customers do not want to pay for an ad view that actually came from an automated script.
This won’t work. WEI will prevent some low-effort bot traffic, but it’s defenseless against popular tools like Selenium that perform scripted actions inside a real web browser. For a motivated bot operator, it will be simple to extract a WEI token from a real Chrome instance and send that alongside bot requests. What WEI will do is constrain the choices of typical web users in a number of ways.
A WEI token can prove to a server that a user’s browser includes an ad-blocker. Google is adamant that it will not do this, but its proposal offers no guardrails to preclude it. When WEI is place for a few years, Google will change its mind on this issue and refuse to issue WEI tokens for Chrome users with ad-blockers installed. (We are seeing this pattern of behavior play out with Chrome's “Manifest V3” changes).
In response, users may switch to a browser that respects their interests. They will find themselves hamstrung by Google here as well. Typical Americans use Gmail, Youtube, Maps, Docs, and a whole suite of other browser-based Google products. WEI will allow Google to (silently, sporadically, and with plausible deniability) degrade or deny their services to users of non-Chrome browsers. Users of iOS Safari will be heavily incentivized to download Google’s native apps to use Google tools on an iPhone. Users of (typically lower-cost) Android phones will have even less recourse.
There will be user demand for software without Google’s strictures, and businesses will try to provide it. They may try to develop a search engine, mapping tool, or AI assistant to compete with Google’s. Especially here, the market will find itself at the mercy of WEI. Google builds its businesses — past, present, and future — on mining the Web for data. This means sending automated requests to websites using the very bots that WEI is designed to kill. Google is using WEI to pull up the ladder behind them, making it impossible for other businesses to do what they did. Webmasters will use WEI to selectively approve traffic from the Google-approved devices and Google-owned crawlers that make them money through Google’s ad network. Upstart search engines will find their scraping traffic blocked because they can offer no such kickbacks.
In short, WEI will constrain the choices of regular Americans online. It will kill competitors to Google products. Critically, it will not offer any kind of protection against even very mildly motivated bad actors, who will continually reverse-engineer Chrome and build WEI into their tools. The technologically inclined will continue their arms race against Google; the rest of us will be squarely under their thumb.
What is happening with the Web is only possible because Google, above and beyond any other major tech company, controls too many layers of it. Not every problem with the Web can be solved with regulation; I firmly believe that this is one of them. Google must be compelled to divest itself from certain layers. To me, it would be simplest for them to stop vending the world’s most popular browser so they can offer their vast, ubiquitous suite of online tools on equal footing with their competitors.
I hope that the FTC will take Google’s WEI proposal as an urgent signal that the company is on a blatantly anticompetitive trajectory. I urge you to take decisive action in keeping the Web usable for every American, regardless of their choice of browser or search engine. I am happy to answer further questions or provide testimony on this matter.