Website authors opting in to letting another server serve content "as" their own domain isn't anything new: it's what CDNs do. The Signed Exchanges standard is actually a huge step up because the website authors get to cryptographically sign their content. With normal CDNs, if the CDN is malicious or gets hacked, the CDN is free to serve modified content on the original domain.
"Harmful" is a rather poor summary of [their actual position][1], which is closer to "this is a big change and we don't know what kind of effect this will have, so we're going to wait and see":
> There is a lot to consider with web packaging. Many of the technical concerns are relatively minor. There are security problems, but most are well managed. There are operational concerns, but those can be overcome. It’s a complex addition to the platform, but we can justify complication in exchange for significant benefits.
> [...]
> Big changes need strong justification and support. This particular change is bigger than most and presents a number of challenges. The increased exposure to security problems and the unknown effects of this on power dynamics is significant enough that we have to regard this as harmful until more information is available.
I think that's a reasonable position. I certainly wouldn't summarize it the way they did though.
I can already smell the fake news from hacked keys, and authoritarians demanding keys from media sites. Congrats, we found just another way to break the resilience of decentralisation
If an attacker gets a key for a site, I believe they can only serve the Signed Exchange claiming to be the site to a user if the user is at the attacker's own site and then navigates from there to the victim site. And then if the user refreshes, I assume that might force the request to go to the real site.
If an authoritarian can man-in-the-middle network connections and demand keys, it would be much simpler to just MITM the sites without doing anything with Signed Exchanges.
A CDN that you have no choice but to use if you want to reach mobile users, otherwise your site will be so artificially de-ranked nobody will click it.
A CDN where active content is extremely limited, and advertising is effectively limited to Google.
A CDN entirely under control of the biggest search engine, who has a direct, a perverse incentive to take as much traffic from you as they can (see info boxes).
Presenting Google AMP as "just" a CDN is very dishonest.
