I figured Google would do something cosmetic (again, that's all that I think they really needed to do) to clear up the misconceptions here, but they've added a Matthew Green switch (which is what we all need to call it from now on). That's better than I'd hoped for.
Not so much from a privacy angle but from more of a 'Chrome has lots its way' angle.
A lot of our software's more complex interfaces are Chrome-first since its faster to develop - yesterday was the first time I made a serious consideration to change that approach.
Glad to see they are listening to user feedback and reacting quickly.
I consider an opt-out as paying lip service to the feedback. Clearly they feel the default is more important than the generated angst. Reaction clearly needs to be even stronger to affect real change. An opt-in (e.g. a dialog on next Google login from Chrome asking for feature enable) is a compromise, an opt-out is to appease the temporarily upset while keeping all that they added in place and defaulted.
This is not an olive branch, don't accept it, condemn the continued incremental marriage of Google browser+services, and continue to move on and de-google yourself where you reasonably can.
Much more common, though, I'd say, is the type of user who will accept whatever the default is, because they just don't care.
Compare: the organ-donor registry. When it's opt-in, most people don't opt in. When it's opt-out, most people don't opt out. Most people just don't care.
If you think something is good for people, you have to consider the large group of users who don't want to put in the time/energy to evaluate whether the thing is good for them, but just want the program to shut up and do what it does by default—whatever that is.
When I flush all cookies from my browser session, and open a new session, I am a new user to google's various tracking mechanism. If I am an authenticated google user, then I am not.
In other words, you had half of HN claiming to be leaving Chrome over something they had no reason to believe had any privacy implications, and in reality, has either 0, or really close to 0, actual privacy implications.
I made a claim about HN being a small group in the grand scheme, and someone countered by claiming that most users didn't understand what was changing. But I think the funny thing is that the average user, who had the understanding that "literally nothing" was changing, would have been closer to the truth of the situation than the average HN commenter.
Not to say that the result of the hullabaloo was bad, I actually think this set of updates only improves things over where they are now, but its still a really strange sequence of events.
This is kind of what I mean, you can't talk about this without hyperbole.
The whole point of the feature was just that:
1. “are you logged into your Google Account from the perspective of Gmail et al” is now the thing the browser chrome itself reports; and
2. you now need to be logged into your Google Account in the cookies sense for Chrome sync to function; logging out of your Google Account turns off Chrome sync.
Before, people could be in a state where they have Chrome sync enabled with foo@gmail, but are not logged into foo@gmail from a cookies perspective, and are potentially even logged into bar@gmail.
This is the state that has been eliminated—now, the browser chrome’s login state reflects your Google Account web-cookie login state, because they’re one-and-the-same; and every method that logs you out of your Google account from a web-cookie perspective, also logs you out of Chrome (and vice-versa.)
Consider the privacy implications of someone who logs out of Gmail, but is still logged into Chrome sync as said Gmail user; and then lets someone else use the computer. That is what is no longer possible.
It’s a privacy improvement targeted at the people who expect “logging out” of their Google account to be one unilateral action that frees a computer of all artifacts related to their original logging-in. Which, until recently, wasn’t true: if you originally logged in by entering your credentials into the “new Chrome profile wizard” (where they set up the credential as both your synnc and web-cookie credential), and then logged out of one, it wouldn’t affect the other.
That Google are announcing walking this back within days of release and publicity suggests some measure of the storms roiling the 'Plex presently.
For you, it may be a no-op, but for many users, it is a net increase in privacy (people who use multiple accounts or who use accounts on shared computers).
>That Google are announcing walking this back
Erm, sort of, I guess. There are some small changes.
What numbers, precisely, do you have on this? Because it sounds to me as if you're arguing from a position of ignorance.
There might be some benefit to the small number of users who 1) have multiple devices and 2) share one or more of those amongst several other people in the same account in ways that this Chrome feature ... might address. But this doesn't strike me as some overwhelmingly large use case.
The system for user separation on shared computers is called ... user accounts. Which every mainstream consumer operating system has supported for the past 17 years (Windows XP being the latecomer to this game.)
Otherwise, this is a broadening of Google's ever-expanding ingestion of user data, either directly or by way of one more (or an incremental series of) "small change". If I notice my enemy maneuvering me to his advantage, I counter that maneuver. In my case, it's meant uninstalling Chrome and Chromium from any systems on which that's possible.
(My much-regretted purchase some years ago of an Android tablet being the primary exception, though I'm resolved to not repeat that mistake, despite a dire lack of viable market options presently. Purism and Ubuntu may be nearing useful products.)
In the Universe in which I inhabit, Google specifically addressed user feedback and sign-in changes. I cannot find your characterisation of their announcement as accurate under any charitable interpretation.
Certainly, for you or I, user accounts (and incognito windows) solve most of the problems that this change fixed. But most users aren't you or I.
Therein lies the disagreement - Google thinks it is good for people to log in to Google services via their browser, and to always be logged in (it's certainly good for Google!), therefore they choose these defaults, opting in to login and to tracking.
Most people don't know it exists or that they have an option. You cannot care about something if you don't know it's there.
Most people won't know that these chrome features exist. Most people don't go digging through options and settings, they just download chrome and go, go, go.
To fix this, the “remove cookies” button would also have to sign you out of chrome which would also feel weird from a UX perspective.
All in all I think this was just released a bit early before all UX edge cases could be tackled (or even discovered. Sometimes you find things only in wider rollouts)
Then maybe tying the Google state to the browser state was a mistake and should be reverted?
Heh, I wonder if the next privacy blunder from Google will make you further reconsider your "voluntary vendor lock-in" approach :)
I've been using Firefox as my main dev browser for years and it has a huge, practical advantage:
- Usually it Just Works in every mainstream browser (had one single case in the last year where it broke in another browser).
My colleagues who use Chrome has to fix QA bugs more often than me it seems ;-)
Bonus: Support a good cause (cross browser compability)
I fear that changes like this will eventually make it impossible to effectively explain to an average user even the basics of how the web works.
With G Cookies also deleted, I may wonder "Why is my picture in the top right but no Google services are using it??". To us, it's clear that chrome sign-in is different from google sign-in, but to others, it may not be.
The logical thing to do, if your real aim is to have browser sign in state reflect cookie state, is to sign out the browser when someone clears their cookies.
That would make total sense to users.
I think this is clear evidence that Google made this change to keep more users signed into Google so they can collect more of your data without telling you.
I could be mistaken, however, so I'm curious - what data does Google collect without telling the user, at least by making that data collection transparent?
That’s why people are complaining - they see that google clearly wants to privilege their own sites and logins in chrome and push the users to always be signed in with google across any site. Great for google, bad for user privacy and the open web.
What happened to their very vocal concern over net neutrality from last year?
I highly doubt the common person knows what a cookie is, let alone how to clear them.
A simple solution would be to add an extra step when clearing cookies that asks if you would like to stay signed into your Google session and clear or keep those cookies based on your selection.
But the fact that they are different things is precisely the reason why they should remain separate, not conflated into one soggy, confusing mess.
Also, in my (admittedly, n=1) experience, Sync was enabled automatically, perhaps because I had tried it at some point.
When the enemy of their enemy becomes their friend, the question then is who their common foe is. Microsoft is actively working to push the needle in the same direction as Google on ignoring and removing user choice in their products. An ex-Chrome dev at Microsoft defending dark patterns from his former team by mocking user concerns (as you are, with your "Matthew Green switch") is hardly an objective slam dunk.
Google is free to do integrate their online environment into their client, but it's dishonest to continue to call it a web browser much longer.
I don’t want to be logged in in my browser at all
I mean I know it from the companies perspective of course. They want to consolidate as much data about you as possible. And tie you into their ecosystem.
But what is the user facing benefit? Syncing your bookmarks across devices?
Syncing bookmarks, recently opened tabs, passwords, autofill(?). These are genuine benefits when you're working with laptops, desktops, phones and tablets. Whether they're worth the cost of data mining is another matter of course.
These are genuine benefits when you're working
with laptops, desktops, phones and tablets.
The thought that Google wants to send my 'recently opened tabs' to their servers makes me shudder. So they get the whole browsing history of every one of their users? Of all the pages that have nothing to do with them?
Same with passwords. So they have a gigantic database with all of their users passwords for all the services the users use? Even those totally unrelated to Google?
So... you're happy that they're giving you the option to turn it off then, right? I mean, you appear to concede that someone users want this. You want the option to turn if off, which you're getting. That seems like good news.
Except your tone doesn't seem to match your logic.
FWIW: I use Firefox too. But... I mean come on folks. They messed up, they're fixing it. The obsession with hatred and flamage is getting a little out of control.
Perhaps you have never visited passwords.google.com :-)
> Passphrases are optional. Your synced data is always protected by encryption when it's in transit.
Data is protected when in transit and passphrase is optional. How is this a good feature?
When you use a passphrase, your data will presumably be encrypted with your passphrase and thus only be visible to you with knowledge of the passphrase. Not even Google could see the data while it would be stored on their servers.
Encryption during transit means that no bad actors like hackers, unscrupulous ISP's or overzealous governments can access your data _while_ it travels over the wires towards Google's servers but Google can still do what it wants with your data.
(I work for Google but on nothing remotely related to this.)
I'm looking at something on my desktop, have to go somewhere, so I just send the tabs to my phone and continue consuming. If I forget to do so, I can also use the url bar to search through common history, so that I could enter a few words from the title and go back to that article.
That being said, I personally wouldn't trust Google to do this, so I use Firefox that I believe encrypts data client-side by default.
They claim sync data is end-to-end encrypted. However they would already have your browsing history if you have address bar suggestions enabled.
Distributed, and it pays for itself using AdSense.
Here's one way: there's not a singular axis that users wanting sync and users not wanting sync can be placed on and compared.
The other poster expressed how the feature sucked for their purposes. But the feature wasn't made to punish them, it was made after evaluating the preferences of many users, which is what my question is getting at.
Specifically as to sync: I would love to be able to sync certain elements of browser state between my systems.
Not between one of my systems, some arbitrary third party of questionable trust and intentions, and another of my systems. But directly between my systems.
Google actively thwart this.
A feature of most early browsers was the ability to save bookmarks to a file, and import that elsewhere. By slight extension, a browser session or tab state can be saved, either directly, or as bookmarks.
Chrome does not do this, either at all, or on all platforms. It's most resistant to this on the consumption-only platform of Android.
This has been a major point of frustration to me for a year and a half as I've been wanting to dump user state from one system to another, without Google intermediating that exchange for me. I've found no means of accomplishing this.
That is one element of the tyranny of the minimum viable user, as well as of Google cattle-prodding its users into the feed chutes.
If the company supplying these features are forcefully making these decisions on behalf of me, I can assume that there are other intentions and motivations for providing these services to me for "free".
The next step in this equation is even more frustrating - people who's default workflow to signing in is to click 'I forgot my password', and proceed through those steps to instil a new password. And then the cycle continues.
How is that ironic? People who can't remember their password would have the most reason to let an external apparatus save it for them.
I understand healthy skepticism of Google, but essentially claiming password managers (which is what this feature is) are bad, for the sake of criticizing Google, is bad.
A good password manager is a great tool and more secure than a few simple memorable passwords. But when I use it, I'm making a conscious trade-off between memorable passwords and secure ones, but usually I'll at least need to memorise a master.
I'm fact just thinking about it - if Chrome's signin affinity is turned on, and I have chosen "remember me", AND I use the password manager, isn't that effectively equivalent to having your entire password manager with a "remember me"?
That's also one of the situations it's most useful in, as having your saved passwords already present on your phone when you try to log into a site you generally don't from your phone is extremely helpful.
I actually value and use sync. Google sees most of by browsing through page-hosted GA anyway! But at best, this was really lazy product management that smacks of condescension about less technical users (don't worry your head about these cookies). And at worst, it's testing the waters on some really nefarious strategies.
I do have a Firefox account which syncs up my passwords, history, etc. so in a sense I'm still logged into the browser.
I do trust Mozilla more than I do Google with my personal data, though.
One more reason to go with Firefox.
"The security model of Firefox Sync ensures that your sync data is encrypted before it ever leaves your machine, and that the password to unlock this encryption is never transmitted to the server. Not even Mozilla can access your sync data, so while we transmit it all over TLS for additional security, we do not depend on the confidentiality of TLS to keep your data safe."
"When you sync Chrome with your Google Account, we use your browsing data to improve and personalize your experience within Chrome. You can also personalize your experience on other Google products, by allowing your Chrome history to be included in your Google Web & App Activity."
OK but I expect that most Chrome users feel different about that. Most are probably happy that this UI change makes things less confusing.
Second, and probably more important, software is about trust. [...] And what google did is to shatter that trust by sneaking that change discretely.
Why did the UI change shatter trust for you? It doesn't enable syncing so I don't see what the big deal is. With syncing out of the equation, I can imagine that you don't like being logged in in the browser for aesthetic reasons or something, but to have one's trust shattered?
They've achieved so much ubiquity, that their offerings are becoming incompatible with an open web.
into /etc/chromium/policies/managed/test_policy.json (for debian linux) seems to do the trick for now,
unsure how long it lasts...
How did you expect them to announce a change they probably perceive as a minor UX improvement? Also this has been brewing for months in canary/beta, it's not like they actually snuck the change as you imply.
Just because you split a large change into a set of minor UX improvements and have different excuses for each individual change, that doesn't make the direction of travel any less damaging.
To be clear, the direction of travel is for Google to abuse their de-facto monopoly on search and browsers to own SSO across the web and track their users completely, at which point they will pretty much own your entire web experience (logins, browser history, maps, news, search, tracking, analytics - all this data will form a huge moat making it hard to compete and hard to resist decisions made by google about the web) - even if you don't use them they'll own the experience of the majority of your customers. This is why these small changes are so pernicious, and why people have reacted badly to them. This is why people reacted so badly to AMP.
This is not an argument over technicalities or quibbles over UX, this is a fundamental question of who owns the web.
Google have built up a lot of trust over the years by keeping the browser independent of their other operations, and making great technical progress with Chrome, but these changes (and others like starting to abuse their search monopoly by privileging certain google results) show that is not going to last - they are now at the monetising phase of their lifecycle, and nothing can stop it - a huge corporation has a momentum of its own.
No - because they are free, ubiquitous, and often installed by default. People choose their browser as they would choose a hat, from the limited selection available.
Given that, their reaction on their blog seems above and beyond to me.
Edit: Downvoters, reply with how this is incorrect instead of downvoting.
I hope this is a wake up call that privacy implications need to be seriously considered during product design (even if the intent was better UX), and hidden changes without any UI/notice is going to make issues blow up far more than if there was clear in-app communication.
To be honest, it’s best to use an independent company for your internet browser. Google’s incentives and business model no longer matches web browsing for someone who cares about privacy.
Chrome was introduced by Google with the idea of improving performance of webbrowsers in general so they could do more with web-apps. That did seem somewhat reasonable at the time.
But since Chrome became the market leader, the incentives have changed.
And KHTML team in a cave.
Do you mean "I haven't used *Chrome" ..."? Otherwise I don't understand what you're trying to say.
Google software seems to be chrome-optimized, but it's usually only slightly slower on Firefox - it still works.
Maybe am too cynical, but I think it would be a wake up call to hide such features better in the future. This is Google we're talking about here.
There's just too much to keep up with at this point.
I'm happy about this change, it's a big move in the right direction. But it doesn't give me any confidence for the future. It's crazy that users have to do this every single release. It can't continue like this.
I have no idea anymore what it would take to get me to switch back to Chrome or to start recommending it to friends and family. I feel like Google is actively training technical communities to distrust them. It's going to turn into some kind of Pavlovian response.
Edit: Permalink to the relevant comment: https://bugs.chromium.org/p/chromium/issues/detail?id=883038...
One week it's the domain hiding, another week it's cookie clearing. Who knows what Google is planning to change next time? It's not sustainable for us to go reactive every month.
There's an awfully big disconnect if the makers of the world's most-used web browser are routinely trying to change it in ways that users force them to immediately revert. That's not what good stewards do.
Just look at how they do product naming. How many times have we seen Google or Facebook launch projects with the same name as an existing project and just use their size to steamroll over refernce to the existing work?
E.g. the Go programming language or Facebook’s Flow checker for starters.
It's not exactly a secret. Go download Canary and see what's in the pipeline.
You can do that, but it's time consuming and exhausting. You're better off switching browsers.
I still think you're misunderstanding. The problem is that Google as an organization has the incentive to pull shady shit. It may be noticed, but watching Reddit/HN to see if your browser, which should protect you/be trustworthy, is pulling shady stuff, or whether you may've missed a story of it doing so is still exhausting and keeps you wondering.
A recent example: Hackers hate the idea of removing "www". Why? Because it's less accurate and we love accuracy. We think about what happens to the DNS if the www isn't a CNAME for the root, and how this isn't technically accurate.
Real users don't care. The UI is cleaner and make important information like what domain they're actually on more pronounced. This may help reduce phishing attacks and make URLs more legible.
Integrating sync is the same way. I'm not surprised that hackers hate it, but end users will appreciate the convenience. Android had the feature for years already.
We need to get out of this bubble and stop assuming we're the core audience. It isn't evil to design for somebody that isn't us.
> Thanks for the feedback so far. We plan to collect additional feedback, particularly about the enterprise use case, before launching the feature. We will not be launching the "www" elision in M70.
Note: “before launching” the feature post-M70.
As you correctly point out, it’s not necessarily cancelled forever.
The statement applies to any delay within the range of "soon" and "not forever".
The last that I heard, it was temporarily removed in Chrome 69, and `www` would be reintroduced in 70. Unless things have changed again since then, `m` was the only change that was actually shelved.
Many of the complaints that Chrome has gotten are not specific to technical communities. People were mad about `www` not because the technical communities have a thing for seeing the subdomains, but because there's a risk that average Joes can be phished when they're removed, and because on some domains the removal makes technical support for people like Joe harder. Similarly, the Web Audio complaints were not merely that the technical community wanted more control, it was that the changes broke the web for non-technical users in a way that commercially advantaged Google's own properties.
Secondly, Google's external PR has never taken this stance. Google invests a lot into interfacing with the dev community and positioning Chrome as a dev-friendly browser. I very much doubt that any Chrome dev on Twitter would agree with what you're saying. They would say that Chrome is trying to be a browser for both casual and advanced users.
As long as Google advertises Chrome that way, I don't see the problem with the technical community demanding a certain level of consideration. How many people on HN use Chrome (or at least did a week ago ;))? If Chrome isn't designed for people like them, than it seems like the obvious solution is for any tech savvy communities to en masse switch to Firefox and do the majority of their development/testing there.
But again, most of the changes that people are mad about aren't tech-specific concerns. I don't use Chrome for daily browsing; I'm mad that Google made a change that made it easier for them to spy on my parents. I'm responsible for protecting them. I'm responsible for mitigating Chrome's technical problems when they impact nontechnical users and customers that I care about.
This time, somebody decided the only clean path out was to be responsive: to make changes which reflected community concern and to tell people about them
Which I think, is good. I vastly prefer the google which tells people it listened, to the one which says it listens but doesn't tell us whats happening to the inputs we give.
(thats the one which lies behind any three-dots 'send feedback' hooks in almost any google app or s/w I use: I never get the sense anyone reads it, cares about it)
Communication about it seems to be. The actual code changes seem like they'll roll out in um... 3 or so months from now?
Looking again, yep mid-October. So, no rush then. A couple of weeks worth of extra data collection it is then.
When company and customer interest are misaligned this is the result. There are plenty of cases where a strong leader in the company with a strong ideology can hold this stuff back, but companies normally outlast those individuals and eventually there's nobody left to stand in the way.
It's wonderful that we were able to make enough noise and fuss that the cost/benefit shifted sufficiently but this will happen again, and then again, and so on... And eventually, we'll be tired of yelling or won't be able to yell loud enough.
Vote with you attention and your data and your money. Switch to Fastmail or Protonmail. Use Firefox or Brave. Buy a System76 laptop instead of yet another not-so-great-for-developers-anymore Apple macbook pro. Choose these options even if they aren't as good because if we don't support the handful of companies who are trying to do something other than gobble up all of our attention and data we're in for a really dark future for the web.
They're building in features that integrate their browser into their web pages.
As far as I'm aware no other major browser holder has done anything of that sort, but I'm probably missing some examples.
I imagine more and more so called convenient features might come where Chrome can suddenly install entire Windows apps, clean my files, and replace my OS. Then again, why not. Who am I to tell Google how to compete, maybe they can replace Windows with something better by gradually bloating up Chrome into an OS inside an OS.
If the HN backlash is anything to go by, a lot of people see it the same way as you (me included).
Every company will act in it's best interest not ours, particularly in the case of Google who are blatantly building out a vision of what they want the web to be for 1 singular purpose: to more closely monitor you for the purpose of selling your online activity to the highest bidder.
This much influence being concentrated is bad for the web.
Viva la revolución!
HN isn't representative of most users of Chrome. I doubt that we qualify as "a lot" to Google. An extremely vocal minority, at best.
Once you annoy enough of the tech literate, word will start to spread. Slowly, then quickly. How do you think Chrome got its foothold to begin with?
And about how Chrome got a foothold in the first place, I distinctly remember Google agressively advertising their own product on their search engine page, and bundling the binary with everything under the sun (Adobe Reader, anti-virus, etc...). Every time you installed software, there was a good chance Chrome was included with it. Tech influencers had their part in the success of Chrome, but it definitely wasn't the only factor, or maybe even the most important one.
I really want to know who the internal champion was for getting the cookies to be perma-stored in the first place. It has to be someone relatively high up and I’m genuinely curious how high it goes.
My cynicism kicks in and I feel like they know exactly what they’re doing, but the bottom line is more important than anything including causing a PR storm on HN and tech blogs.
Strip down emperor’s clothes and truly reveal the nature of big corporations and their greed to ruin everything for the benefit of the shareholders and their bonus targets - ethics, privacy and environment.
Perhaps I have a problem with extreme levels of cynicism.
Just look at the state of Android. Try being a cell phone OEM who wants to use Android but without Google integration. Impossible.
- Auto sign in and the "Google account indicator": this is almost certainly the result of discussions between the Chrome security team (security indicators, phishing, etc) and Google UX requests. Heck, they even say that the indicator was motivated by user research around session management.
- Tracking: I'm not sure what extra tracking was added to Chrome beyond the existing telemetry they've had since the beginning of the project.
- Google cookies: explained above - a reasonable idea at some manager or UX designer's local scope that got misinterpreted.
If they really wanted to sneak in goodies to supercharge their ad business, it would look a lot worse (and be a lot less obvious) than this. For instance, there's nothing stopping them* from automatically enabling Chrome Sync and removing the option for encrypted syncs tomorrow... which is another issue, but a different scope of discussion.
* Aside from their entire legal department, of course.
Tell that to Vivo, Oppo, Honor, Huawei, Xiaomi, Meizu, OnePlus, Lenovo, Qiku, Smartisan, Amazon, etc.
Not in China. Some of them have an "International ROM" with play store, but not because they have to, just for non-Chinese users convenience.
How can you have one without the other? Google services exist to drive advertising. Anything to make a Google service better for the user has a corresponding impact on Google's ad business.
We deeply appreciate all of the passionate users who have engaged with us on this. Chrome is a diverse, worldwide community, and we’re lucky to have users who care as much as you do. Keep the feedback coming.
There'd probably be a blog post about how Chrome 70 will automatically create fresh Google cookies to keep you logged in to the browser after you delete them.
Maybe I'm just being pedantic and there's no real-world difference, but I'm a little more okay with the browser creating new cookies whenever they're cleared vs not clearing cookies when asked.
Not entirely okay with it, mind you. Especially since browser logins are now two-way.
It must certainly is a stupid idea.
> We’re also going to change the way we handle the clearing of auth cookies. In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared. We will change this behavior that so all cookies are deleted and you will be signed out.
 https://chromium.googlesource.com/chromium/src.git/+/master/...  https://chromium.googlesource.com/chromium/src.git/+/master/...  https://chromium.googlesource.com/chromium/src.git/+/master/...  https://chromium.googlesource.com/chromium/src.git/+/master/...
I tried to switch to Firefox, but was stymied by a bug where Firefox consumes 100%+ CPU on MacBook Pro Retinas.
Firefox is basically unusable with this bug; Facebook takes forever to load, and even Reddit r/firefox shows "A webpage is slowing down your browser" bar at the top.
Active relevant bugs are here: https://bugzilla.mozilla.org/show_bug.cgi?id=1404042
But apparently this has been going on for 2+ years and Mozilla hasn't been able to fix it.
Given rMBPs (I would think) would be a fairly large market share of people who work at Mozilla or use Firefox, it's both concerning and surprising that a bug of this proportion has gone on so long.
Edit: Jeff from Mozilla has reached out. I sent him a perf log and a screenshot. Tracking here: https://bugzilla.mozilla.org/show_bug.cgi?id=1494186
If you're actually experiencing 100% cpu usage, post a profile using https://perf-html.io/ and I can try tell you why.
1) Pick a rMBP. Any one.
2) Set display options - "more space" under System Preferences.
3) Run Firefox. Load any website. No extensions; safe mode doesn't matter.
4) 100%+ CPU, fans kick up and run high, system gets hot and slows to a crawl.
Chrome and Safari run totally fine under the same conditions.
It's documented pretty thoroughly in the first Bugzilla link I posted; the second one is an offshoot where they're trying to solve this specific issue. If you do happen to work at Mozilla, would really appreciate your help escalating.
EDIT: I now have a perf file showing significant issues when clicking on a YouTube video. It gives an error when trying to upload it to the site, but if you contact me through email (in my HN profile), I can send it over.
2) My display options are set to "more space"
3) I loaded this hackernews thread.
4) Firefox and it's child processes are using <1% cpu.
If I aggressively scroll this page I can push the cpu usage up. We have a variety of fixes in the pipeline that will help with this (https://bugzilla.mozilla.org/show_bug.cgi?id=1429522, https://bugzilla.mozilla.org/show_bug.cgi?id=1265824). That being said, only 4.7% of our users are on MacOS so it's more difficult to justify prioritizing work specific to that platform.
If that second number is substantially higher (and I personally suspect it is, but I don't have data backing that up) I think it would be very reasonable for Mozilla to prioritize MacOS. Getting web developers to use firefox makes firefox work better for everyone because it makes more sites work well with firefox.
On that note, one of the key motivators behind WebRender (our new graphics backend) is that it provides hardware acceleration across all platforms, including mac (whereas our current Direct2D acceleration works only on Windows). So Mac graphics performance should generally improve once we get that shipped.
Draw from that what you may, but I bet that dynamic is happening in other places.
However, I would like to ask... 4.7% translates to how many millions of people?
Actually I just checked and the Windows 7 machine doesn't do it any more. I'm not sure if maybe a Firefox update fixed that here. I'll double check at work tomorrow too
Edit: For people who want to compare notes: High Sierra 10.13.6, Firefox 62.0.2, resolution is set to "Default for display" (which I think does mean it's doing interpolation of some sort). Automatic graphics switching is enabled. I don't have any trouble watching YouTube videos.
I'm not sure what to say. I'm sure the issue is real, but it seems like we're missing something in the triage. There has to be something else that makes a difference.
I've got a 15" "late 2013" rMBP, set display options to "more space." I've got a total of 45 tabs open between a couple different windows (I use the userChrome hack to re-enable multiple tab rows.) Cycled between tabs, refreshed, navigated around FB, GMail, etc. Can't get the CPU to do anything out of the ordinary.
Most developers in their early 20s seems plausible, but even there, I surveyed my team’s younger cohort, and it was less than 50%.
On the flip side, I've had a recurring bug in Chrome (until very recently) where for any long running session the Browser process will consume 100% of 1 core. I've had it across multiple machines and profiles, including a completely clean profile with no extensions - I've never managed to be able to nail down the common elements.
Firefox with one tab (with gmail opened) takes 20% CPU.
(and a helper process "FirefoxCP Web Content", which takes 50% CPU, wow.)
Chrome with some 20 tabs, ~4-5% with all its processes (but a lot of ram, which I am fine with)
This is for a 2015 13-inch Macbook pro.
Facebook has also replaced forums for our industry (cell phone/computer repair), so it's how we find out about the latest trends and innovations. Yesterday I used a document posted on a private FB group to fix 3 2011 15" MacBook Pros with failing GPUs (previously considered "unfixable.")
For the industry and business I'm in, there's no substitute.
Private groups on FB can be more discerning about their membership, which is also what makes them interesting.
Many of the cell phone repair groups I'm in require you to have a repair business, so the groups don't get flooded with what they call "plz bro" posts. (i.e. "How do I fix an iPhone screen?" beginner posts.)
It also forms a tighter community; we pretty much all know each other on there, so we refer business back and forth a lot, and use Messenger heavily to buy, sell, and just chat about really obscure or weird repairs that come in the door.
Personally, browsers don't need users to signin. They can sync data laterally with other instances. I suppose Google hasn't heard of bonjour.
I wouldn't use those words. I would replace that with "when the backlash is large enough"
Also I read several comments in that thread about how all of that feedback was pointless because the "vast majority of users don't care."
This type of comments always come up after anything a bad company does. You don't need the majority of users to force a change. In fact no movement ever starts with a majority.
That said, Google can no longer be trusted not to screw over Chrome users in the future. Trying to track users this aggressively and then only backing down after a large backlash doesn't really tell me that Google will be playing nice from now on.
Nice to at least see they're making it opt-out, but the damage has already been done.
I just tested again now, and took screenshots this time, and once again, it didn't automatically turn on Sync.
I've been using Gmail without signing into Chrome. Post-update, I am signed in, but sync is still off.
Many people _purposefully_ don't want to sign into Chrome. The change suddenly signed them in, without notice or confirmation. That's problematic.