Google Chrome Security, Privacy, Technical Issues

The newly released Google Chrome has several issues which I believe makes it unusable.

Chrome claims better security than other browsers as each tab acts as a “jail”. Unfortunately, it’s very easy for a malicious website to download files onto your desktop or your download directory.

The “carpet-bombing” security issue

It takes nothing more than the following line of code:

<iframe src=”RandomFile.exe”></iframe>

Google Chrome then downloads RandomFile.exe into your downloads directory without any user prompt. For many people, the download directory is the Desktop. Being an executable file, it can have its own icon. So potentially, visiting a website through Google Chrome could lead to malicious executable files appearing on your desktop, which may disguise themselves as utilities such as browsers. Not only that, it takes just one click on an icon to launch it from Chrome without any warnings.

Privacy Issue with the Omni-Bar

The address bar (Omni-bar) has built in Google Suggest. This means anything you type into the address bar, including partial URLS, are sent to Google’s servers. Not only that, requests from the Omnibar send your Google cookies. That is, Google can link every single thing (URLs and searches) you type in the address bar back to your Google account and hence your personal identity.

The Coderrr Blog has some examples of requests sent to Google’s servers. It’s pretty scary.

It’s worth mentioning Firefox 3 and Google Toolbar’s auto-suggest features will do the same thing. However, they will only send search queries whereas Chrome sends URLs too. The Electronic Frontier Foundation are worried.

Stability Issue

You can crash Google Chrome by typing :% in the address bar. Don’t ask me why, I have no idea. Interestingly enough, Google Chrome has already crashed several times in the short amount of time I’ve had it. Firefox hasn’t crashed in a long while.

Technical Issues

Google Chrome can’t physically work on a Mac. There is no way to have multiple process rendering to one window on the Mac platform. And it looks like Firefox’s new Javascript engine is beating Google Chrome in benchmark tests.

Conclusions

Google Chrome is a new product and so I don’t think we should be too harsh on it. But what’s true is that there are siginificant security, privacy and technical issues with Google Chrome as it stands at the moment. I feel it’s partially irresponsible of Google to be promoting Chrome to end users on their Google homepages when the latest release of Chrome has so many issues.

What’s more, the browser was initially released with a clause in the EULA which granted it “a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through” the browser. It’s been removed now.

Recommendation: Stick with Firefox for the time being.

Google Chrome Easter Egg: about:internets

I haven’t seen much about this on the internet, so here goes. There is an easter egg in the Google Chrome browser – type in about:internets to see it.

Robert Accettura worked out how this was implemented by exploring the Chrome source code. All Chrome does is to call the Windows Screensaver inside a tab.

If you don’t understand this easter egg, this is what Wikipedia has to say:

Series of tubes” is an analogy used by United States Senator Ted Stevens (R-Alaska) to describe the Internet in the context of network neutrality.[1] On June 28, 2006, he used this metaphor to criticize a proposed amendment to a committee bill. The amendment would have prohibited Internet service providers from charging fees to give some companies higher priority access to their networks or their customers. This metaphor (along with several other odd choices of words) was widely ridiculed as demonstrating Stevens’ poor understanding of the Internet.

Oh, and Mozilla’s new Javascript engine beats Google’s V8 Javascript engine in tests.

Firefox 3 Victory, Release on June 17

Mozilla Developer News announces that Firefox 3 will be released on Tuesday June 17. Take part in the Download Day to break a world record (the server admin for Mozilla must be pretty brave to encourage everybody to download all at once).

To celebrate, the guys at Mozilla have created an absolutely awesome movie-style Victory poster:

Firefox 3 Victory

See a larger version. Apparently there will be a limited edition 18×24″ poster at the Mozilla Store soon.

I absolutely love the Firefox 3 robot branding!

Opera Market Share Eclipsed by Unreleased Browser

Net Applications has just released their browser usage statistics for May 2008. The statistics show a 73.8% market share for Internet Explorer, 18.4% for Firefox and 6.3% for Safari. Opera is stuck on 0.7%.

Feed the Firefoxes
Creative Commons License photo: Glutnix

An in-depth analysis shows something quite interesting. The unreleased Firefox 3 already has a market share of 0.78%. With the quite addictive Awesomebar, fresh new interface, revamped bookmarking system and lower memory use, that’s not such a surprise. Firefox 3 is simply a fantastic product.

Opera 9.x, first released in June of 2006 (that’s 2 years ago) has only managed to accumulate a market share of 0.73% in that time.

Week beginning May 25th, 2008

Firefox 2: 17.53%
Firefox 3: 0.78%
Opera 0: 0.73%

That’s right: Opera 9 has had it’s market share eclipsed by a browser which hasn’t even been released yet.

Mozilla’s Asa Dotzler says:

I wonder if Firefox 3 will be able to break 1% global share before it’s even released. That would be pretty crazy.  With millions of people already using the pre-releases of Firefox 3 and the enthusiasm around the arrival of the final release, I have no doubt that we’ll see Firefox well above 20% global market share in the very near term.

Test your website in Internet Explorer 5.5, 6, 7 and 8

A big headache for web developers is testing websites in different versions of Internet Explorer. In Windows you can only have one copy of Internet Explorer installed.

To get around this limitation, some developers use IECapture which takes a screenshot of your webpage in Internet Explorer. It’s great for a quick test but it’s impractical during development: you can only see part of the page and if doesn’t help you debug anything.

Another option is to use Microsoft’s virtual machine or the Standalone IE program.

IE Tester

A little application called IETester can simplify the process. It features the rendering engines for IE 5.5, IE 6, IE7 and IE8. You can open up a tab for each rendering engine, hence switching between different rendering engines seamlessly. It also allows you to split the view and to see your website in the different rendering engines at once.

An interesting user interface design too… An odd blend of Firefox 2 icons with an Office 2007 ribbon.

Yahoo! Search in Opera Speed Dial

I’ve been giving Opera a bit of a spin lately as a browser to replace Internet Explorer as my secondary browser. Anyway… Opera has a nice “Speed Dial” feature which appears when you open the browser. It features screenshots and links to 9 websites that you can preselect. By no means a killer feature and you can get a similar feature in Firefox via an extension but a nice feature none the less.

What I don’t understand is why there is Yahoo! Search functionality built into the top of the Speed Dial whilst Google Search functionality is provided in the search box in the top right corner. It makes no sense to me that a browser would offer you both a Yahoo and Google search box.

Opera Speed Dial

If somebody really wanted to use Yahoo!, they can switch to Yahoo! using the dropdown menu next to the search box.

I’d hazard a guess that this redundant, and quite frankly confusing, piece of user interface exists as Yahoo! have paid Opera to include their search box on the speed dial.

Apple EULA forbid install of Safari on Windows

This is pretty funny. Apparently after Apple installed Safari through the backdoor on millions of computers, it turns out the EULA for Safari actually said that users are only permitted to install Safari on “a single Apple-labeled computer at a time.” In other words, it’s illegal to install “Safari for Windows” on a Windows computer.

Now, if everybody has indeed installed “Safari for Windows” knowingly in the ways that Apple fans claim: users read through the dialogs and specifically choose to install Safari, it is a surprise that it has taken a week for somebody to notice this clause in the EULA. I mean, if a couple of million of people have agreed to a license they obviously haven’t read (and this clause is near the top), what are the chances that anybody even bothered reading the software update dialog, finding out what Safari even was and whether they wanted it on their computer?

The EULA has been updated since this story broke.

Apple Safari Backdoor Install "Wrong"

Since I wrote about Apple installing Safari on people’s computers through the backdoor on Thursday, there has been a lot of reaction.

Mozilla CEO John Lilly said:

Apple has made it incredibly easy–the default, even–for users to install ride along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices.

It’s wrong because it undermines the trust that we’re all trying to build with users. Because it means that an update isn’t just an update, but is maybe something more. Because it ultimately undermines the safety of users on the Web by eroding that relationship. It’s a bad practice and should stop.

I certainly agree with the assessment that it borders on malware distribution. I remember installing GoZilla! or some kind of file download manager on my Windows 95 PC when I saw it recommended in a computer magazine. Little did I know, a spyware application was bundled with the program. After that incident, I disabled Windows Update and started installing all my updates manually. It wasn’t until I switched to XP did I finally allow my system to download updates but I still wanted to know what was being installed before it completed the process.

I know that Safari isn’t a piece of malware. It’s a nice little browser: very fast, standards-compliant. But let people decide that: tell them about Safari so they can install it and then use it. Don’t distribute it through an automatic update system where it’ll probably won’t benefit Safari at all… users won’t know it’s there and Safari gets a reputation as bundled malware.

It has been argued that IM distributors such as MSN and Yahoo also bundle toolbars, etc. That’s true. But they ask you whether you want to do it during the installation process where you expect new applications to be added. And you give the green light for the toolbars to be installed. With Apple’s Software Update, I certainly do not expect a new piece of software to appear on the computer.

Apple pushes Safari as iTunes Update

CyberNet News reports on Apple pushing Safari 3.1 on Windows as an update to everybody who has iTunes installed. Now fair enough pushing an update to Safari for people who’ve installed it. But to people who haven’t? Steve Jobs said:

How are we going to distribute this? We don’t really talk to these customers, do we? There are over 500,000 downloads of Firefox a day. What are we going to do? Well, it turns out, there are over 1 million downloads of iTunes a day. As a matter of fact, there have been over a half a billion downloads of iTunes to Windows Machines. Over half a billion. And so we know how to reach these customers and we are going to do exactly that.

So I wouldn’t be surprised if we see 500 million copies of Safari for Windows installed soon. Whether anybody will use it and whether this is an ethical thing to do given that Firefox has gained it’s users through word of mouth and actually being a better product is another question.

Firefox 3 Feature Plan

The Mozilla Wiki has a page of Firefox 3 Requirements. It’s an interesting insight into what we may see in the next version of Firefox.

Just a glance at the document indicates the following features labelled as "mandatory":

  • Improved Addon install, configuration and management.
  • The addition of YaCy to the browser. I’ve never heard of this before but its an open source distributed search engine.
  • Better content handling and plugin support.
  • Better and simpler printing.
  • Improved password/identity manager e.g. OpenID, Microsoft CardSpace
  • Redesign of Security/Privacy UI
  • Replacing the existing proprietary closed-source Talkback application with Google’s open source Airbag.

In the highly desirable priority 2, we have features such as:

With the integration of a serverless and open source search and instant messaging tool, Firefox would be taking a bit of a step away from the philosophy that it just provides a browser and no more. However, if done correctly, it could be a really powerful force to make the web just a bit more democratic.

An instant messaging tool could open up a lot of new possibilities especially with the "social web" and "Web 2.0". We could see all kinds of new applications exploiting the social networks and connections such as "web of trust" and social bookmarking.

Of course, I’m extrapolating a lot from the feature plan, but Firefox 3 could be Flock "done right".