Look, I hate this proposal from Google as much as anyone else here, but let’s stick to the facts.
As the “assembly” part indicates, it’s intended to be as hard to analyze
The “assembly” is just a reference to machine instructions, a.k.a “assembly language”.
Minified javascript, on the other hand, is made with the express purpose of obfuscation and as well, minimize load times, but mainly obfuscation in practice.
That’s to say, you don’t need webassembly to make it hard to reverse engineer. At least webassembly is a standard.
First there was Java, then there was Flash, now there is Webassembly
First, there were machine instruction, then people invented handy mnemonics for those and called “assembly language”. Then there was C, then C++ (let’s skip the basic, pascal, etc) and those weren’t meant to be hard to analyze, they were and still are meant to be close to the machine, to be fast. Webassembly has similar goals. They can be relatively easily decompiled, just as much as webassembly I’m sure, unless they are purposefully obfuscated.
Just like native machine code and javascript, it can be decompiled/reverse engineered, and also obfuscated, but that’s not its goal, not as stated nor in practice.
Is there a way to stop the existing abuse without introducing a different kind of abuse? Ideally, that’s what we should aim for, if possible at all.
If that’s not possible, restricting people’s freedoms in the digital world (or the real world, for that) to prevent some from abusing such freedoms doesn’t sound such a great proposition. As for “which abuse is better”, I’d argue that if I have to be abused one way or another, I’d prefer to be free and in control so I have a chance to stop it myself ;)
(what freedoms, you might say? freedoms to run my own choice of operating system, my choice of browser, etc. on a computer that I own, maybe even built myself, and not be prevented from accessing the internet at large)
And I’m sure some of those companies, or some of those companies’ employees, wrote some viruses themselves ;) But really, we can only speculate. Most are definitely legit and helpful.
The key here is, who is in control: the user of the software, or the company that made it? I’d say even for antiviruses, the user is in control, can choose a different antivirus or no antivirus at all (like me). In this Google proposal, it seems Google and other big corporations will be in control and not the user. That’s the reason why it’s bad. If I have to be abused, at least I like being in control so I can (try to) prevent it.