Google Cloud Fraud Defence is just WEI repackaged

Original Article ↗ Hacker News Discussion ↗

Overall sentiment

  • Strong backlash to Google Cloud Fraud Defense / WEI-like attestation.
  • Many see it as another step toward a locked‑down, surveilled web controlled by a few platforms.
  • A minority argue the bot/fraud crisis is real and something like this may be inevitable.

Privacy, surveillance & identity

  • Device attestation is viewed as de‑facto persistent identity: stable hardware IDs can track users across sessions, browsers, and “private” modes.
  • Critics say this enables panopticon‑style surveillance and elite carve‑outs, layering identity, devices, communications, and platforms into a comprehensive control stack.
  • Some favor privacy‑preserving, anonymous verification; others argue identity verification is central to accountability.

Monopoly power & governance

  • Many frame this as abuse of dominance by the Chrome/Search/Android duopoly (plus Apple), making access to the web contingent on proprietary hardware and OSes.
  • Calls for antitrust: breakups, limiting size, higher taxes on mega‑corps, and faster legal remedies.
  • Skepticism that governments will act, given dependencies on big tech for surveillance and propaganda.

Bots, fraud, and technical debate

  • Everyone agrees bot/LLM‑driven abuse is worsening; disagreement is over solutions.
  • Critics argue device attestation is security theater: bot farms already use cheap phone farms and residential proxies; attestation only raises costs somewhat.
  • Supporters note tying fraud to unique devices changes attacker economics and helps risk systems.
  • Alternative proposals: proof‑of‑work CAPTCHAs, micropayments, stricter AI regulation, accepting a non‑zero “optimal” fraud level, or more paywalled/sponsored models.

Accessibility, usability & abuse risks

  • QR‑code flows are seen as hostile to non‑technical users and people with disabilities.
  • Incident‑response practitioners warn this normalizes “scan this QR to continue” and will supercharge phishing/QR‑based scams, especially on unmanaged personal phones.

Browser & platform ecosystem

  • Concern that attestation cements only two viable mobile OSes and sidelines non‑Google browsers, especially on mobile.
  • Some urge mass migration off Chrome and Google services; others report trying and failing due to UX, compatibility, or trust issues with alternatives.

Meta: AI & content

  • Several commenters suspect the critical blog post itself was LLM‑generated, debate how to detect AI text, and worry trust in online discourse is degrading.