dashboard login authentication scheme The EFF warns that it’s not so much about Google’s end goal as it is about what it means to require a specific system, by default, for all browsers, because it will either cause problems or completely prevent users from using some services. For instance, it might be a lot more efficient for Facebook to switch from Mozilla Firefox to Google Chrome than it would be for Facebook to simply ask for permission every time you access a service on Google Chrome. Google has published a White Paper about its intention to start requiring Internet Explorer and Chrome users to use Google Chrome, Safari, or Opera instead of any other browser. While the EFF and others are obviously unhappy about this, it’s not so much about a specific end goal as it is about what it means to require a specific system, by default, for all browsers. Mozilla has published a blog post that clarifies what it is that they are concerned about: Given that Google is using a browser choice to deny choice, we are asking Google to agree not to require an agreement with any other browser makers for Google Chrome. It’s too soon to determine what the consequences of this will be for users. That said, it’s clear that forcing browser choice on users is a bad idea. What is clear is that the Internet as we know it will be a lot less free if we agree to this. Meanwhile, the Mozilla Foundation and Mozilla Corp have posted a response, which notes that: Mozilla does not, and never has, sell your browser preference to anyone, including Google. Mozilla is a nonprofit organization, and as such, we are dedicated to your privacy and security. They also note that they don’t believe forcing browser choice is a good idea at all, and give a solution that would still allow Firefox and other browsers to work. What we asked Google to agree to do was that users could click a “skip this” link and get back to browsing the web using any of their supported browsers. In the end, that would’ve just sped up the Firefox-Chrome transition for a small number of users, but it would have saved all users from a bad experience. There’s no harm in making it faster, safer, and more secure for users who have to make the switch. As usual, I think it is more important to know what Google’s intentions are, rather than just to list off the various objections one might raise to it. The EFF notes that it’s more important to understand what Google’s intentions are, because it’s much easier to address issues like that. I would agree with that, but unfortunately, I think most users just want to use the browser they prefer, and it’s a bit unfair to blame them for that. Below, for instance, is a screenshot from a Facebook chat showing how Google Chrome, Microsoft Internet Explorer, and Safari are functioning at the same time. Image by TalkaboutLabs. I think it would be a lot more enlightening to know if Google is willing to accept the possibility that people could switch to Internet Explorer instead of Safari, even if they are Chrome users. So, we’re all looking forward to hearing Google’s response to the EFF, and I’ll keep you updated. Update: The EFF has responded: Google, though, says that its plan is more about improving performance, not tying up more of users’ web browsing time. The platform, after all, is a browser choice. So, we asked if all browsers, not just Google Chrome, would be blocked on different sites (other than Google’s) that are using the HTTP protocol, which is designed to get Web applications out of the way. This is important because the majority of major Web sites, including Facebook, Wikipedia, and The New York Times, require the use of HTTP (and hence are subject to the “slow-load” attack) and only support browsers with support for this protocol. While it would’ve been great to have a response to the suggestion that HTTP is insecure, and would certainly have slowed things down on the Internet if all browsers were forced to use it, the good news is that Google agrees that users should be able to decide for themselves if they would prefer HTTP over HTTPS. “We agree that that’s a fair tradeoff. We simply need to make sure people aren’t running into problems while using HTTP on top of HTTPS,” the company writes. As a side note, it would seem that Internet Explorer, which has historically been notorious for the fact that its browser blocked websites that didn’t support it, would have actually made the fast switch less likely. In response to this, Google writes: A number of companies do require the use of HTTP on top of HTTPS. While it’s not a “default” requirement of Google or our users, for security-sensitive sites, a better approach would be for companies like Google, Apple, Mozilla, and others to simply stop serving those sites altogether. That would allow users to retain a good browser choice and also make the security of the Internet more robust. That response is great, and it’s good to see Google at least acknowledging that there are people out there using HTTP. But now I just need them to actually stop serving HTTP sites altogether.
June 11, 2022