Basically it's a way for a "third party" that's chosen by the web server to verify the environment where the front end code is running meets its standards. Those standards would be up to the third party. So I'd imagine if an assessor said "hey, we can verify ads load properly" or even "we verify this extension isn't running" then many sites would possibly choose those assessors. It also is blatantly deceitful because of all the issues it suggests it can fix, it doesn't actually fix any of them. And many of them aren't even that big of a problem.
Is there anything that would prevent some kind of proxy stripper? I'm thinking something that loads the page with a clean agent, strips out the shit and serves a nice clean page?
Definitely beyond pihole as it stands, but doable.
It would need something that would trick the checker into reporting an all good when local extensions fiddle with the rendered page. Not impossible IMHO but I'm wayyy to dumb for that shit. I was a sre not a developer.
Yes and no. They can freely enforce a specific DNS server and reject any browser with a custom one as "tampered with". Just like they can freely enforce any part of your system being like they want it to be "or else".
No, but that only works if the ads are being served by known ad hosts, so you should expect that adtech will get hip to that and proxy their traffic through the same hosts as the content.
That being said, it’s pretty easy to check if a user has network blackholing going on in clientside JavaScript, you just do a test request to a popular ad network and see if it resolves, no special browser support needed.
No that should still work. The server will send a page to your browser, and when the browser renders it, it will request the ad. And your pihole will block the request.
Unless WEI somehow changes how page rendering works but I don't think so.
Not really. The environment could easily include resolution of an ad server. If a site uses two ad servers and neither resolves, the attestor could decide to fail the environment. The problem is the attestation is left open for the attestor to create. It could check web browser, extensions, operating system, etc. I fail to see how this is at all privacy protecting to begin with.
Yes, it works well. There are some ads, like those built in to apps and pages for self-promotion (Microsoft having an ad for office on their own website, for example), that cant be blocked without disabling the service itself because the ad dns is the same as the content dns, but otherwise it works well.