My new project: Tact, a simple chat app.

Google Chrome: a great new browser with much improvement potential in security UI

September 03, 2008

I had the luxury/annoyance (depends on how you look at it ;) ) of having to sit at home all day, being forced to wait for some plumbers who never came. But, today was also the day when Google Chrome was released. So, not only did I go through their comic book, but I also learned about the webcast and watched it. And downloaded the thing itself and played with it too.

Marketing

I like the “comic book + webcast” approach. I don’t think their webcast was intended for a lot of distribution beyond the press, and some questions asked were outright silly (I don’t think mentioning Tor browsing at this stage was very relevant), but it showcased the browser very nicely. It surely didn’t have the reality distortion and hype aspects of what Steve Jobs does with Apple (the next Apple event is Tuesday Sep 9 btw), but it made it clear that the browser is about speed (new V8 JavaScript virtual machine), stability (multiprocess approach), security (checking URL-s against blacklists and sandboxing) and new UI (there is very little, er, chrome). It had a lovely homebrew feel to it, with the big teleprompter visible to the viewers, and Lars Bak going “errr… so what else is there to say?”, but it was all for good.

User interface

A lot has been said about the UI already and I won’t do a comprehensive review. There are a lot of tidbits to be worked out. Here are just a few random observations that are interesting to me.

The first impression is very good. It feels very stable and pretty snappy. The pages that I regularly visit render very well.

The Options dialog is a mess. Upon installation, Chrome picked a language for the UI which I do not want. I had non-English regional settings in Windows, but I want apps to be in English. It took a while to figure out that to change it, you need to “Options”, go to “Minor Tweaks” tab and click “Change font and language settings”. I don’t think that the UI language is a “Minor Tweak”; for me, it is a pretty big deal. So in general the Options of Chrome feel very Internet-Explorer-esque in the worst sense of the word, meaning that tabs are arbitrary, the options don’t make sense and it is hard to find anything. One more bad thing about the Options: it shows me the passwords I have stored, but what if I have said “Never remember passwords for this site”, and later want to reverse the decision? There’s no place for this in Options. So, in general, dear Google, please rework the whole Options part of Chrome.

I like the “Omnibar”. This is the first browser in a very long time that does not have separate search and address bars. It just has one bar, and I think that’s the way it should be. It started with Firefox 3’s “awesomebar”, that can do quickfiltering based not only on URL-s, but recently visited sites’ titles, which is already awesome. But Chrome keeps pushing it and builds up history based on what you visit and can then filter from there. I like. I’m not a very good bookmarks maintainer, but often I want to go back to sites that I’ve been to before. So I think this Omnibar approach is great to me, and in general, confuses people less. Novices are known to be confusing the two boxes. I shouldn’t have to pick.

Someone in the webcast asked about snapping tabs “in” and “out” of separate windows. This works well, but there is a trick. It is easy to drag tabs out – just grab the tab and drag it away and lo and behold, you got a new window with one tab in it. But if you want to get the same tab back to the other tabs, you can’t just drag the window title back to the tabs – you need to grab the solitary tab itself from the new window and drag it back. A bit confusing, but works fine once you figure it out.

There’s a lot of nuance work put into the UI. For example, there is a dynamic mini-status-bar in the bottom right, and when you hover over a link, it displays the destination URL. Nice.

Notice, though, that if you move your cursor to the bottom left of the window to hover over something that is covered by the status bar, the status bar notices this and shifts itself out of the way below the content window. :) Cute.

The address bar gives me mixed feelings. I think there’s a lot of color games going on there. Look at this.

I think the green “https” is supposed to be indicating a secure connection, and the domain name is always shown in black, vs the rest of the URL that has a subtle gray color. And if the connection is secure, the background is yellow, whereas otherwise it’s white. I think a lot of this is too subtle (in the semantic sense). And I sure hope that they did readability tests with older people, because a lot of advertising tells you to type in “www dot something dot com slash something”, and it is hard to see the non-domain parts of the URL (it’s light gray even as you are typing).

Google services tie-in

People like Matt Cutts go to great lengths to explain that there’s no tie-in with Chrome and other Google services. You can use Google or any other search engine, there are no ads, and there’s very little history generation going on. Which all sounds fine to me.

But let me ask it in an opposite way: what if I want the tie-in to happen? There should be some opt-in mechanism of collecting and reusing my own history on multiple machines (with proper authentication towards my Google account, of course). They explain that a lot of value of this browser comes from the way it stores and reuses my browsing history, but I generate a lot of history across different (real and virtual) machines. I would be able to recycle it, similarly to how Google Browser Sync synced my bookmarks (but I had to throw it out because it started acting up). I hope there will be an opt-in method for this. Maybe also from the Chrome iPhone version that I hope they’re working on ;)

Security UI

I specifically want to talk about the security UI. Security is broken in all modern browsers, and we continue to see a lot of cybercrime. I don’t think that I’m overexaggerating when I say that browser security will become a national security question for modern nations very soon, as it is already causing huge financial losses to people and businesses. It is hurting economies, and will continue to do so. (See a recent F-Secure video for some education on this.) And a new browser like Chrome would be a great opportunity to also push the boundaries here.

I don’t think they’ve done enough on the UI side yet in this version. From what I understand, they have an excellent sandboxed platform in place that will help prevent some classes of security problems. Which is great. But the UI side needs to keep up with it.

Here’s an example. If you go to some HTTPS sites, here’s the address bar you’ll see.

Contrast it with the above Bank of America example. The background is white, not yellow; https is gray, not green; and there’s a somewhat scary looking warning triangle in the end. Once you click on it, this is what comes up.

Let me re-type what the middle portion says.

Your connection to twitter.com is encrypted with 128-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look or behavior of the page.

Errr…. what?

Now, what this actually means for those who understand the jargon, is “you are on a HTTPS page, but some embedded resources are plain HTTP, so there’s a risk of man-in-the-middle attack for them”. But you need to have a solid security background to work this out. For Joe Schmoe, I don’t think this text is very useful. What am I supposed to do based on this info? (The right answer is “get the provider to have all embedded resources served as HTTPS”, which is these days fortunately the case for many online banks and e-government sites and other such sites that actually matter.)

Also, what’s this thing about “You have never visited this site before today”, and why is it a warning? Well, once you have a background in antiphishing, you know that your visit patterns to the site are a useful factor in helping to determine whether it’s phishing or not. If it looks like a banking site you regularly go to, but there’s no visit history for this domain or URL, there’s reason to be suspicious. But again, the user side of things could be much more worked out and explicit here. Basically, what the user wants is a “yes/no” kind of help – should I proceed or not. “Two warnings out of three” doesn’t really help. I imagine that if there’s an actual phishing site that matches the blacklist, something more explicit pops up.

The visit history warning sort of showcases an idea I had for a while – why not have a whitelist of sites, instead of a blacklist? I suspect that for Joe Schmoe, there’s a limited list of sites that they regularly go to, and they only rarely stray outside those. The browser could do some work here to make this distinction more specific and adopt a more secure whitelist-based approach.

All in all, the above are just a few observations when the browser has been out for less than a day. Go try it yourself. I am looking forward to the Mac version so that I could try it as my main daily browser, and I’m sure we’ll hear a lot more about Chrome. :-)