dashboard login authentication scheme
The EFF warns that it’s not so
much about Google’s end goal as it is about what it means to require a specific
system, by default, for all browsers, because it will either cause problems or
completely prevent users from using some services. For instance, it might be a
lot more efficient for Facebook to switch from Mozilla Firefox to Google Chrome
than it would be for Facebook to simply ask for permission every time you
access a service on Google
Chrome.
Google has published a White Paper about its intention to start requiring
Internet Explorer and Chrome users to use Google Chrome, Safari, or Opera
instead of any other browser. While the EFF and others are obviously unhappy
about this, it’s not so much about a specific end goal as it is about what it means
to require a specific system, by default, for all browsers.
Mozilla has published a blog post that clarifies what it is that
they are concerned about:
Given that Google is using a browser choice to deny choice, we are asking
Google to agree not to require an agreement with any other browser makers for
Google Chrome. It’s too soon to determine what the consequences of this will be
for users. That said, it’s clear that forcing browser choice on users is a bad
idea. What is clear is that the Internet as we know it will be a lot less free
if we agree to this.
Meanwhile, the Mozilla Foundation and Mozilla Corp have posted a
response, which notes that:
Mozilla does not, and never has, sell your browser preference to anyone,
including Google. Mozilla is a nonprofit organization, and as such, we are
dedicated to your privacy and security.
They also note that they don’t believe forcing browser choice is a good idea
at all, and give a solution that would still allow Firefox and other browsers
to work.
What we asked Google to agree to do was that users could click a “skip
this” link and get back to browsing the web using any of their supported
browsers. In the end, that would’ve just sped up the Firefox-Chrome transition
for a small number of users, but it would have saved all users from a bad
experience. There’s no harm in making it faster, safer, and more secure for
users who have to make the switch.
As usual, I think it is more important to know what Google’s intentions are,
rather than just to list off the various objections one might raise to it. The
EFF notes that it’s more important to understand what Google’s intentions are,
because it’s much easier to address issues like that. I would agree with that,
but unfortunately, I think most users just want to use the browser they prefer,
and it’s a bit unfair to blame them for that.
Below, for instance, is a screenshot from a Facebook chat showing how Google
Chrome, Microsoft Internet Explorer, and Safari are functioning at the same
time.
Image by TalkaboutLabs.
I think it would be a lot more enlightening to know if Google is willing to
accept the possibility that people could switch to Internet Explorer instead of
Safari, even if they are Chrome users.
So, we’re all looking forward to hearing Google’s response to the EFF, and
I’ll keep you updated.
Update: The EFF has responded:
Google, though, says that its plan is more about improving performance, not
tying up more of users’ web browsing time. The platform, after all, is a
browser choice. So, we asked if all browsers, not just Google Chrome, would be
blocked on different sites (other than Google’s) that are using the HTTP
protocol, which is designed to get Web applications out of the way. This is
important because the majority of major Web sites, including Facebook, Wikipedia,
and The New York Times, require the use of HTTP (and hence are subject to the
“slow-load” attack) and only support browsers with support for this
protocol.
While it would’ve been great to have a response to the suggestion that HTTP
is insecure, and would certainly have slowed things down on the Internet if all
browsers were forced to use it, the good news is that Google agrees that users
should be able to decide for themselves if they would prefer HTTP over HTTPS.
“We agree that that’s a fair tradeoff. We simply need to make
sure people aren’t running into problems while using HTTP on top of
HTTPS,” the company writes.
As a side note, it would seem that Internet Explorer, which has historically
been notorious for the fact that its browser blocked websites that didn’t
support it, would have actually made the fast switch less likely. In response
to this, Google writes:
A number of companies do require the use of HTTP on top of HTTPS. While it’s
not a “default” requirement of Google or
our users, for security-sensitive sites, a better approach would be for
companies like Google, Apple, Mozilla, and others to simply stop serving those
sites altogether. That would allow users to retain a good browser choice and
also make the security of the Internet more robust.
That response is great, and it’s good to see Google at least acknowledging
that there are people out there using HTTP. But now I just need them to
actually stop serving HTTP sites altogether.
June 11, 2022
515