Web browsers play a crucial role for both web designers and everyday users. They serve as our window to websites and play a part in so much of what we do online. In a single day, a browser might facilitate our ability to (among other things) shop, bank, communicate and search.
In all of this, security is a huge priority. This is an area where some browsers have struggled over the years. For instance, how many security flaws did good old Internet Explorer face? It seemed like there was always some hole to be patched.
But that was then. Things have changed in recent years. Browser vendors have taken security to heart. They’re becoming increasingly assertive in their aim to keep us safe from malicious actors.
However, some developments in this area seem to have blurred the lines between user safety and a “nanny” state. More than ever, web browsers are trying to reshape the web and how we use it. But, have they gone too far?
Pushing (Or Dragging) Websites Forward
The first really big move in this direction was Google’s 2016 announcement that, through their market-dominating Chrome browser, non-https websites would be marked as “Not secure” in the address bar.
Now, it’s hard for me to argue that Google was in the wrong here. With the proliferation of free and cheap SSL certificates, it’s not a huge burden in terms of cost. And the added security, along with the user confidence that goes with it, is something most websites should be taking advantage of.
The competition certainly felt it necessary to follow along, as Firefox added similar warnings in 2019. Now, the web is a more secure place – yay!
In reality, it’s only a harmless warning. And it’s probably bound to only affect people who pay no attention to their websites. Everybody (but a few inattentive website owners) wins.
But, wait a second. This seemingly-altruistic act helps browser vendors put a giant foot through the door when it comes to assertive behavior.
Oh, well. Maybe I’m being a bit worked up over nothing. It’s probably just the paranoia talking…
Going to the Next Level
As it turns out, the “Not secure” message was only the beginning. In 2019, Firefox began blocking known trackers. Of course, they were piggybacking onto a strategy Apple implemented on Safari two years earlier. Again, not much to complain about (unless you’re a tracker).
But the pièce de résistance of assertive behavior belongs to Google. The mega-corporation is planning to block “insecure” downloads. That is, non-https files that load onto an https website.
Google plans to start somewhat slowly, by warning users who are trying to download executable files (such as .exe or .apk). Eventually, these files will be blocked by default. But, surprise, they’re going to ratchet this up even further.
Down the line, other popular file types are going to get the same treatment. Look for .docx, .pdf, .png, .mp3 and a host of others to face blockage.
This is where the slope begins to get just a tiny bit slippery.
Where’s the Limit?
In a relatively short period of time, we’ve gone from being warned about certain content to having it blocked by default. With this shift, the web begins to look less and less like the wild west and more like a corporate, you aren’t downloading that on our time, locked-down network.
Now, there’s certainly an argument to be made on behalf of the browsers. Security is a minefield and there are a lot of sloppy websites that aren’t as secure as they could be. Not to mention the dangerous reality of malware, ransomware and the like.
In order for the web to become safer, something has to give. And perhaps these companies are doing what they feel is the only realistic thing they can to reduce risk.
But this hasn’t always been under their purview. Up until now, we’ve had to install separate security software on our devices to block out potentially undesirable content. That is no longer a requirement – at least on the web.
But by automatically blocking items that aren’t known to be malicious, the browser becomes a gatekeeper of sorts. Chrome, without asking, now asserts itself as an arbiter of what we can and can’t see. Not on the level of an authoritarian government, mind you, but there is a tinge of that same behavior. It’s as if they must save us from ourselves.
The question becomes where these companies draw the line. Google and Microsoft, for example, are ripe for conflicts of interest in this area. Google’s decision to block non-https Word documents is, while justifiable in terms of security, might also be seen as anti-competitive. What’s to stop the next version of Microsoft Edge from blocking certain aspects of Google Docs?
Users Must Act
While we certainly hope for responsible practices, we can’t assume that everyone will act in the best interests of users. In the end, it’s up to us to hold these companies to account.
When they go too far, we must push back and switch to a browser that knows when to stay out of our way. This can, we hope, help keep browser vendors focused on toeing the line.