Google Cloud Fraud Defense Repackages Rejected Web Integrity Plan
Original: Google Cloud Fraud Defence is just WEI repackaged
Why This Matters
Google bypasses web standards process to implement device attestation commercially
Google launched Cloud Fraud Defense in May 2026, requiring QR code scanning with certified Android or iOS devices. Critics claim it repackages the Web Environment Integrity proposal withdrawn in 2023 after opposition from Mozilla and EFF.
Google Cloud Fraud Defense launches as 'the next evolution of reCAPTCHA,' requiring users to scan QR codes with phones to prove human presence. The system only accepts 'modern Android devices with Google Play Services installed, or modern iPhone/iPad.' This mirrors Google's 2023 Web Environment Integrity (WEI) proposal, which used device attestation to verify unmodified browsers on certified hardware. Mozilla opposed WEI as creating 'a gated internet controlled by OS and device vendors,' while EFF called it 'Chrome's Plan to DRM the Web.' Google withdrew WEI after three weeks following standards body objections. The new system relies on Google Play Services' Play Integrity API for device attestation, effectively requiring Google-certified hardware. Unlike WEI's public review process, Fraud Defense launched without industry consultation.