> In that sense it would allow quite a bit of flexibility in what 'untampered' means based on the trust source which would be a good thing.
The problem is that the APIs for botting are the same APIs that are used for browser automation and extension support and that are implemented by experimental browsers that are building new tools for the web.
You're correct to bring up that people didn't trust Google; that's part of it. But there's a more fundamental problem: there is no way to restrict someone from using APIs to automate a browser without also killing a lot of more traditionally accepted use-cases for those APIs.
Every accessibility API and presentation API is an adblocking API. Every web extension and request redirector is a bot API. Google didn't seem to understand this; they came into the discussion believing that as long as they could get people to believe Google wouldn't abuse the API, everything would be fine (whether or not that was an honest claim is another discussion, the problems with WEI were numerous). But beyond the discussions of Google's motivations, at a fundamental level what critics were saying was that there was no such thing as a working version of this API that would be effective at reducing bots without reducing user freedom. Making the API more Open or getting more implementers on board wouldn't change that.
It simply isn't possible to truthfully verify to a server that a user environment is "trusted" without blocking the user from accessing normal browser APIs.
The problem is that the APIs for botting are the same APIs that are used for browser automation and extension support and that are implemented by experimental browsers that are building new tools for the web.
You're correct to bring up that people didn't trust Google; that's part of it. But there's a more fundamental problem: there is no way to restrict someone from using APIs to automate a browser without also killing a lot of more traditionally accepted use-cases for those APIs.
Every accessibility API and presentation API is an adblocking API. Every web extension and request redirector is a bot API. Google didn't seem to understand this; they came into the discussion believing that as long as they could get people to believe Google wouldn't abuse the API, everything would be fine (whether or not that was an honest claim is another discussion, the problems with WEI were numerous). But beyond the discussions of Google's motivations, at a fundamental level what critics were saying was that there was no such thing as a working version of this API that would be effective at reducing bots without reducing user freedom. Making the API more Open or getting more implementers on board wouldn't change that.
It simply isn't possible to truthfully verify to a server that a user environment is "trusted" without blocking the user from accessing normal browser APIs.