Last update: 2018-02-09

Google is using Chrome to shape the web in their image

Anyone who's been around technology for a bit remembers Microsoft's troubles with the DOJ back in the late 90s, when they used their monopoly position to force Internet Explorer onto people. By developing their own standards like ActiveX and not supporting what other browsers were doing at the time, it caused endless headaches for web developers, not counting making Netscape go out of business. Unfortunately, Google is now doing the exact same thing with Chrome.

Google's browser isn't very old, but it grew quickly in adoption thanks to its aggressive push for features, web standards and performance. But it quickly became clear that the company didn' t just provide an alternative browser, they actively pushed people to use their products. It started slowly, with a dismissible notice on Gmail's site about the new browser, but now even goi ng to Google's search page with something other than Chrome gets you an ad for you to switch. And now that it has a big enough audience, Google has started making sweeping changes that are o nce again causing headaches for developers and system admins.

  • Last year they announced that Chrome would be dropping NPAPI, the browser API that every browser provides for plugins like Java, Silverlight, Unity and others. Now, the latest Chrome browser doesn't support it anymore. You can turn it back on if you know where to look, but soon even that will be no longer available. Google's advice to all companies making plugins requiring this type of API? Use NaCL, a Chrome-only extension.

  • Chrome now marks SHA-1 certificates as untrusted, displaying a big red X on the URL bar for sites using it. They say the reason is that SHA-1 is insecure, but there has never been any demonstration that it is. In fact, Google's own intermediary certificate used to sign Gmail uses SHA-1 to this day, yet isn't being blocked by Chrome because Google's domains are white listed, in a particularly ironic move.

  • After it was revealed that one of China's official Certificate Authority subsidiaries had issued malicious certificates, Google banned not only that subsidiary, but all of CNNIC, in a draconian move, citing a joint investigation of the events b y Google and CNNIC, without any specifics, making most Chinese sites unable to use encryption for Chrome users. This move was followed later on by Mozilla but not the other browser maker s.

To be clear, Google's stance on all of these changes is security, and there are arguments to be made that they are right. However, the way each change is being done is extraordinarily heavy handed. It's very much a case of do it our way, or have your site broken by all users of Chrome. Since Google updates the browser automatically in the background and on a frequent bas is, that means the changes come fast and to everyone using Google's browser. You can't easily opt to stay with a previous release, and it's likely that these technology pushes will continue.

© 2007-2019 Patrick Lambert - All resources on this site are provided under the MIT License - You can contact me at: