Hacker News new | past | comments | ask | show | jobs | submit login
Google Chrome to remove detailed cookie and site data controls (lapcatsoftware.com)
962 points by giuliomagnifico 47 days ago | hide | past | favorite | 345 comments

> By the way, before anyone runs off and yells "Switch to Safari" or something like that, keep in mind that Safari is actually in a worse state and doesn't have detailed cookie and site information at all.

It does, but it's split between two places. You can see a list of all sites that have stored data in Preferences > Privacy > Manage Website Data... (no option to view here, just delete).

You can also navigate to the site in the browser and then view the detailed data:

- Check "Show Develop menu in menu bar" in Preferences > Advanced

- Develop > Show Web Inspector

- Navigate to the Storage tab

On the left you'll see options for Cookies, Local Storage & Session Storage.

> You can also navigate to the site in the browser and then view the detailed data

The author addresses this point (or has now addressed it) in the addendum to point out an "observer effect" shortcoming:

This information can be seen with the web inspector in both Chrome and Safari.

Yes, but the crucial difference is that you have to navigate to an individual site in a browser window in order to see the site data in the web inspector. Whereas in the Preferences, you can get to the site data, for every website, without having to load the sites. And remember, the very act of loading a site can make the site data change, so there's an "observer effect" if you try to examine or delete it in the web inspector.

Not that I think this has actually been applied by anyone in the wild, but it'd be fun to make a site that take advantage of this

You can detect developer tools being open in Chrome pretty reliably, so detect dev tools have been open then "clean up your act" before there's a chance to view anything of note

This has absolutely been used "in the wild". One particularly nasty strain of ad-block-evasion scripts would detect the developer tools being opened, and would reload the page and disable most of its features to prevent them from being analyzed.

Way back when, we thought about this for Firebug. One thing that came out of it was browsers started adding the console object (also because devs forgot to remove the calls on it).

Even so, we added CSS and stuff to highlight elements and that was easily found.

What do people look for today?

The two big ones are:

1. Watching window.innerHeight/innerWidth for sudden, large decreases, indicating that the user just opened the inspector.

2. Logging objects to the console with toString methods and checking if that method gets called.

1. That could also be triggered by browser sidebar windows opening though. All of my browsers open dev-tools in a separate window so this is far from foolproof.

2. Ahhh, clever!

1. should be trivial to avoid, by opening dev tools in a new window

but 2. I have no idea, except the browser vendors would add a "stealth dev mode"

2. JSON.stringify(object)

But isn't the point that you want to detect what the foreign code does?

So your solution would require inject your code into the code that wants to hide from you ... ?

I think the idea is you patch the console to display the objects without calling their toString methods.

I don't think that works

I might be off here, but I imagine console.log early exits if there's no console open, so it doesn't call toString

If that's the case you can just write to the console in a loop and immediately know if one is open

> I might be off here, but I imagine console.log early exits if there's no console open, so it doesn't call toString

The point is to avoid calling toString when the console is open, by using some other way of displaying logged values.

I'm saying you can't avoid calling toString.

Their code will call console.log(object) every X ticks.

As soon as you open the console, console.log fires instead of early exiting => object.toString is called => they know the console is open

Well… you can on a lot of things. We never did .toString() on a whole lot. However, I was big on .displayName (as an override on .name which is found on functions)

My memory is fuzzy, but I also had a different function I would call if frameworks added it so instead of “Object {}” it was “Backbone.Model {id=1}”.

I put these in and used them in firebug extensions I wrote for frameworks.

Later I asked chrome to add something, which is why there is a “enable custom formatters” option for the console. Really needs to work in the debugger though.

Do you not understand that it's not your code and that their code wants toString to be called?

Someone else is writing code that they want to have react to the console opening.

So they will intentionally force the call as soon as the console is open, as a result toString is called regardless of if you yourself have made a call to it.

> console.log fires instead of early exiting => object.toString

The point is that you patch the console to not do that.

How does "JSON.stringify(object)" patch the console not to do that without first opening the console?

For 2 my first thought is the opposite. Fire the detected method even if devtools isn't opened.

The ad-block thing is where I first saw it, that and DRM for less-than-legal sites to prevent downloading (stops streaming if the dev console is open)

I mean more specifically taking advantage of the awkward UI to cover up your tracks on local storage, it's something that's just devious enough that if you get caught (which is not difficult) it'll be hard to explain what you were doing, and you'll be trying to explain it to technical people

Discord does this. Try to find the login cookie.

When discord loads, it copies it out of localstorage into a js var and deletes the localstorage. So if you examine localstorage it will be empty. On page unload it copies it back into localstorage. So if you want to see the value, you have to make sure no discord tabs are open in your browser.

I believe one reason for this is to prevent self-xss. It's hard for a malicious person to write a snippet of js to steal the login cookie now that it's no longer in localstorage. Another reason might be to prevent bots. It's hard for someone to automate a discord account if there's no way to get the account's login cookie.

Wouldn't this cause problems with multiple tabs/windows?

Like, if I have one Discord tab open (so localstorage is cleared) and I open a second one in parallel, will I be logged out in the second one?

I didn't look into it too deeply. Maybe if there are multiple windows they can communicate with each other in some way.

"in some way" --> probably postMessage to send the variable to the new tab.

Service workers would be the solution to that problem, wouldn't they?

Could you see the original cookie by inspecting the headers of the network request? This would presumably be the value before the page loads and gives access to document.cookie or a change triggered by a server-side header.

Consider using something like https://mitmproxy.org/ to deal with a site so devious as to detect browser-level tools being used to inspect headers/cookies/etc.

Not trying to defend anyone here, but I wonder if there's a non-nefarious reason for this.

Specifically, there have been a lot of changes to cookies lately because malicious actors (malware/adware) figured out how to access the cookie store and infer/determine cookie information from other sites.

I suspect that maybe this cookie store is kept in a more secure part of the application and only the cookies relevant to the site you visit get pulled out of it. It may even be a risk to have the information for all domains even loaded into memory for the application.

With all that said, there should be some way to manage/introspect that cookie store from outside of the browser imho.

Let's remain serious. It is entirely within the capability of modern computers to admit a dialogue which would let the user view their cookies without magically exposing them to websites. There is no non-nefarious reason for this.

Thank you. The pretence (naivety) of "there must be a good reason" has to stop

There’s usually a “good reason” — however that “good reason” is subjective to the people maintaining the application and might not align with the preferences of its users.

Reasons don’t really matter to users though. It’s pointless arguing if we should assume innocence or guilt because irrespective of the developers motives, if a particular feature is a show stopper for you then you switch to a platform that supports said feature. Anything else added to colour the discussion is irrelevant.

I agree with what you pointed out about subjectivity. I think it’s still worth discussing though to serve as a warning to others who act with their own best intentions only to have them get bitten. Without calling this out it just always leans on the malicious side which doesn’t trend with reality in my experience.

In terms of end users driving decisions ultimately, I agree. That said, this is a discussion forum so I figured it was open for discussion and assumed that folks would be deciding on their own how to react to the change.

I guess this all depends on what we think we’re having a discussion about!

The problem is any such discussion is going to be entirely speculative. Sure, you can discuss what you presume the developers motives might have been but it reveals more about the opinions and personalities of the people holding the discussion than it does about the developers since all you’re doing is projecting your own story to fill in some pretty sizeable blanks.

But what many others in this thread have done is just as speculative, assuming malice, and to be clear, I think it could very much be the case, but I’m sharing another perspective based on a lot of experiences I’ve had where external parties assumed malice when internally it was far from it. Take it or leave it. This is the internet and I’m typing into a box.

I agree, but I suspect this was also what was believed when they originally did it and adversaries found very clever ways to find that cookie store - that part at least is true, which is why I bother mentioning it, given the complexity of browsers it is likely very daunting to redesign this kind of thing around the existing features. Anyways, I'm glad I'm not working on browsers, it seems like an ever-losing cat and mouse.

Those two things are unrelated if there is such interaction and the fix was removing the dialog I would be scared to use that browser.

So whether your theory is true or not, no one should use Chrome.

I agree.

Chrome already has functionality to put different sites in different processes and sandbox the processes, so that if there's a renderer bug, the attack is stuck in the sandbox of a single site and can only access that site's data. This also helps with CPU speculative execution bugs.


> Not trying to defend anyone here, but I wonder if there's a non-nefarious reason for this.

The tools are designed for developers who often want to manually edit cookies on pages they are debugging.

I recently had to develop a feature that would have been much easier to develop and debug had I been able to view the contents of Local Storage and Session Storage before loading the site.

A particular feature of a web application (shopping cart) had different behaviour depending if the page was loaded as "an initial pageview on revisit", e.g. the user coming from [search engine|other link|bookmark|url bar] or from normal site browsing. By storing data in both Local Storage and Session Storage, and comparing the two on page load, I could determine if the user, who had been to the site in the past, had just come back. This all had to be developed in the dark as the major browsers have no method of viewing Local Storage and Session Storage for websites not loaded.

I know that. It seems like a given for this forum and topic specifically that I am not ignorant of that.

If the browser is designed properly (this does not apply to Safari), the UI can and should have totally different permissions from the site executor/renderer.

>If the browser is designed properly (this does not apply to Safari),

Slow clap. Well done.

Why Safari? The only sane choice is Firefox.

> Why Safari? The only sane choice is Firefox.

I use Safari because of keychain and continuity. For example my Mac Mini can autofill 2FA tokens sent to my phone.

I use Firefox for web development and for sites I don’t trust and don’t want tracking me.

I only use Chrome for Gmail and YouTube.

I use Firefox mobile because it provides the best YouTube experience.

Adblocking, background playback.

Is there any other reason then in case of using a mac OS?

Or Brave. Safari gives me too many issues. Brave has all the compatibility you'd expect from chromium.

Brave is just a shitcoin mining, referral link hijacking reskin of Chrome.

By default it doesnt, and although I'd certainly advise going over all Brave's settings once, then you have the safest (as in not outdated like some other privacy forks) and privacy respecting Chrome based browser around.

_xy8h 47 days ago [flagged] [–]

Stop drinking the kool aid, buh.

If you have to go over the settings... A safe, privacy respecting browser wouldn't resort to any shady tactics in the first place.

brave's default settings are almost certainly exactly what a privacy-oriented person would choose. it does not mine crypto, and it only pays you in crypto to view notification ads if you opt-in. i even gave the ads a shot but decided it wasn't worth the $2 a month or whatever, so now i just have a maintained, de-googled chrome, which is basically a description of the optimal browser in 2021. does firefox ask you if you want to install pocket yet?

I'm not drinking any koolaid, I just have not found anything better, apart from Firefox.

They also run the only decent, independent search engine that has _its own_, _uncensored_ index. DDG was perceptibly worse than Google, but Brave Search is about on par, and the latency seems to be better as well. I maybe have to go to Google once or twice a month now instead of several times a day DDG would require. I know a bit about Google search, and frankly I'm stunned by what Brave was able to pull off here.

I'm actually not against Firefox either, but they refuse to implement a profile switcher, and I need one to be able to fully and unambiguously isolate my work and personal accounts. What's particularly grating is that they already have profile support. Just not the UX to switch the profiles without pain.

Don't understand the downvotes, but brave search is a pretty decent product so far. Competition is always good, especially in the area of search.

I've just tried brave search and it does seem to be a good product actually - my only concern with all these providers is what is the monetisation strategy will be (Brave has called out ads, but it's not in their product at the moment). Looking at Brave's monetisation strategy for their browser it seems pretty shady (effectively steal the revenue from site owners for referral links and replace the websites ads with their own ads). They haven't tried monetising search yet so - Brave if you are reading this - please please please choose a different monetisation strategy and use the opportunity to be different to Google!

I would love a company like DuckDuckGo or Brave to offer a paid tier where I can just subscribe to an ad-free search engine (I would love Google to offer a 'Google Premium' with this, but let's be real that's not happening!).

i.e. If you are competing with Google by releasing a free search engine with Ads, you have to provide better search results with Ads mixed in than Google which will be tough. If you found a monetisation strategy that didn't involve Ads, theoretically it should be easier to offer a better quality search result and better quality product than Google (because you are actually focussing on delivering the best quality results rather than the right mix of good-results and Ads to optimise revenue).

Why do you post false stuff like "replace the website ads with their own ads"? We never did that and would not unless website were partnered and getting 70% of the gross.

The affiliate link autocomplete for finance.{us, com} was a bug and fixed immediately.

Browsers other than Brave have a hard time surviving without being captured by a search or other big-tech power. We're the only user-first, private browser with opt-in revenue sharing.

I might be confused, but was the below article just false? If so you should probably ask them to put a correction on it.



These seem pretty cut-and-dry, but if they are false they should definitely retract.

> We're the only user-first, private browser with opt-in revenue sharing.

I personally don't want revenue sharing - I just want the first browser that is user-first and private. The issue with me being advertised to isnt that I want a cut of the revenue, it's that I don't want to be advertised to. That's the whole point of my post - if you need revenue just charge me for it. Why can't we just have a search company that will just let me pay them money in a straightforward 1950's-style transaction.

All I'm saying is - Please don't try to beat Google Search at being Google Search with the same ads-in-search model - you have such a great opportunity, and clearly the experience, to do something different! I personally hope you choose a different path that allows you to have a better ad-free product. Maybe you will succeed going down the ad-route, but I personally want a different option to having my results stuffed with ads, rather than just a new (either better or worse) Google.

As soon as you do a paid version of search I'll be a subscriber, as long as there is a guarantee that it is privacy-preserving, will never have ads, is a sensible price and isn't linked to some weird crypto stuff.

Binance (spellcorrekt turned it into “finance”).

So would I. I'd gladly and voluntarily pay, say, $10/mo for a family subscription, paid with crypto. I'm not sure why they aren't offering that.

Yeah, I don't see what the downside is either.

For companies - It doesn't sound too hard to implement and seems like it would be a good source of revenue. Plus paying subscribers will be more 'loyal' in terms of moving their searches across.

For users - you get more of a guarantee that the companies statements about privacy and impartiality are true, because there is less incentive for them to break that.

Especially considering that crypto is already built into their browser.

The founder of Brave was canceled by the left for his religious opposition to calling gay unions "marriage". FWIW, I voted to call it that in my state, but I have no problem with someone holding a different opinion. That's sorta how democracy works. People get to have different opinions and then duke it out by voting. The authoritarian left can't have that, you must prostrate yourself before the one true dogma completely.

> The founder of Brave was canceled by the left for his religious opposition to calling gay unions “marriage”.

Insofar as he was opposed by “the Left”, it was for his political actions in opposition to equal rights. The religious basis of that action was probably important to Eich, but it was immaterial to the opposition.

> FWIW, I voted to call it that in my state, but I have no problem with someone holding a different opinion.

Good for you.

> That’s sorta how democracy works.

In a liberal (in the classical, Enlightment-derived sense, not either of the narrower senses it is used for factional positions within the US political system) democracy, you are absolutely permitted to have a problem with, and (peacably) take action based on such a problem, with unwelcome political actions, including actual or threatened refusal to participate in economic exchanges with the perpetrator.

This kind of thinking can go quite far if taken to its logical conclusion. The question therefore is, do _you_ want to live in a world where everyone is fighting everyone else over the most irrelevant of actions or even wrongthink? I know I don't.

I much prefer to be persuaded to vote for or against something than have to state my opinions under the barrel of a proverbial gun. After a free and fair election, I accept the results and move on, even if things do not go my way. Seems more civilized and less painful than all known alternatives.

> This kind of thinking can go quite far if taken to its logical conclusion

The logical conclusion of it being permitted is...that it will be done when the utility of the impact it is perceived as likely to have outweighs the perceived disutility of the protest action, including any beneficial exchange foregone. Which is, all in all, not very much, which matches pretty well with observed behavior.

> After a free and fair election, I accept the results and move on, even if things do not go my way

Well, when there is a free and fair election to strip you of fundamental liberties, and you lose, try to keep that attitude in mind.

Bet it looks like that if your "protest action" is confined to Twitter and TikTok. From where I sit, your "protest action" over the past year achieved NEGATIVE results. Murders and crime are UP. Segregation is UP. Racial strife is UP. I fail to see the "impact" other than several billions in damage, rising crime, and a senile octogenarian in the White House, who is the direct cause of incarceration of hundreds of thousands of African Americans due to his own misguided "legislation" from the 80s. Wonderful, wonderful "impact".

Any mention of Eich gets downvoted to hell, it's part of the "cancelling".

Parent is 100% correct.

> I'm actually not against Firefox either, but they refuse to implement a profile switcher


Alternatively, Profile Switcher for Firefox provides a Chrome-like interface:


I couldn't tell from the link, but does it let me run two profiles side by side?

This is the only thing that makes FF awkward for me when not using a Mac.

Yes. With the extension, you can launch any other profile and a new window under that profile will be opened. There is no limit to the number of profiles that can be simultaneously active. The extension menu also lets you add, remove, and edit profiles.

Thank you, I'm going to add this.

You can bookmark about:profiles and click "Launch profile in new browser" under each profile to open it in a new Firefox window.

If you are using GNOME desktop you can also try this to integrate the profiles into the launcher. I wrote it when still using Ubuntu but I'm on Fedora now and it's the exact same steps: https://www.tombrossman.com/blog/2020/launch-firefox-profile...

this would fall under the "awkward" way of changing profiles.

Isn't the containers does the same job? https://addons.mozilla.org/en-US/firefox/addon/multi-account...

Does not isolate logins/passwords. A requirement for what I need it to do.

Multi-firefox is great, but is unfortunately Mac only.

These days Google just takes you to the site with the most ads. The quality of the search results has nosedived in the last ten years.

Not just "today". In late 00s folks at Microsoft Bing noticed that every time they'd release relevance improvements, Google within a couple of days would boost its search relevance just enough to stay a pace ahead. The running theory at MS was that they had a lot of gas in the tank relevance-wise, but artificially hobbled it, so that it's just above Bing's. Why? Because fewer people will click on the ads if the results are _too_ relevant. They'll click on the links instead.

If Brave is keeping Chromium updated, then it is possible that this will effect them also.

I dont know much about Brave but thinking of moving to Brave on Mobile for ad blocking. Is Brave trustworthy for saving my Google credentials and credit card in the Browser?

Also check out Bromite, which is chrome with ad blocking for android.

imo the adblocker isn't as good as ublock, which you can install anyway, so there's no major advantage there. the good part about brave is that you get the benefits of an up-to-date chromium browser without google recording your activity. you can take or leave the rest of the stuff, but there are a couple of neat extras like tor support for incognito and auto-detecting 404s and linking to archive.org.

Vivaldi? I certainty trust the people behind that one.

Same engine, they can cripple it easily.

Sure, but a lot of features in Vivaldi run separately from Chromium (like sideloading extensions). I don't see how they would be accepting this change into their fork.

In those network analysis comparisons they didn't score well. And, they're sorta half open source, which is a bit weird. I can't say the facts bear their credentials out.

Safari is also generally trending in the right way, while Chrome is headed in the wrong way.

Why so?

Apple doesn’t make money from ads (yet), so there is no harm and a lot of marketing benefit in pushing privacy from ad trackers. Google is an ad company, so good privacy controls in Chrome hurts them.

Safari privacy is a joke until I can install UBlock Origin on MacOS and iOS Safari. Until they support proper browser extensions outside of their App Store, Safari will remain a privacy leaking toy compared to chromium and gecko browsers.

Also the amount of bugs and missing features I face in Safari as a web developer is a nightmare.

Cute animations though.

I’d argue that Apple’s incentives are mostly aligned for privacy on Safari, but the incentives for it to spend its resources on Safari in general are not aligned. Apple has long had a native-app only outlook which has hampered its work on browsers for a long time.

>Apple doesn’t make money from ads (yet)

Apple doesn’t make money from web ads (yet). Although even that is changing as Apple now offer personalised Ads in Apps, they might one day offer that on the web as well.

From the blog it sounds like Chrome's will be in a similar state after the update. Just another thing I'll have to navigate to in a tedious manner.

Use Firefox?

I'm into watching telemetry data using tools like Pihole, Wireshark, DNSLookupView. Firefox is the only browser which does not invoke spontaneous connections and gives the user the Freedom to inspect and clear the cookie data. Google notoriously creates VPN tunnels to hide what it is sending and receiving. Your browser preference might determine many people's privacy if the narrative is limited to not so important things to me like speed and ease of use.

> Google notoriously creates VPN tunnels to hide what it is sending and receiving.

I’ve never heard about this, could you provide a source?

The due diligence starts with research on the topic 1e100.net for example https://superuser.com/questions/75841/what-is-1e100-net-and-...

No comments I can see there seem to address VPNs; one notes that if you DNS block one of their domains, they connect via IP. But there's no discussion of VPN tunnels. I made sure to view all comments. Do you think you could forward a link that makes that claim?

Unless you just mean that sending data over plain HTTP to these servers is in some sense a VPN tunnel because the resulting servers could forward it elsewhere?

I don’t see the VPN claim either, as expected.

Most HN comments about these topics are plain FUD, and despite mentioning a bunch of intricate networking tools, the commenter still fails to address reality.

They are running their own privacy games as well. But try LibreWolf or ungoogled chromium.

https://librewolf-community.gitlab.io/ https://chromium.woolyss.com/

Sure, both browsers have developer tools. This is much more opaque than a Settings menu.

What a weird design. Listing and viewing would often be done when you want to "clean things up, but not everything.

Disclosure: never used or saw safari, and i don't have a mac, nor the mac nature.

What is the mac nature?

It's either an internally consistent UX or matching belt and shoes, depending on who you ask.

Same for Chrome so not sure what this article is about.

The article is quite clear. The question is, why did they go backwards on functionality. They took a simple user interface and removed a single useful feature from it, and what remains is a much more tedious way to do the same thing. Why? What was the benefit? The author speculates that it's to make user cookie control more difficult.

The reason was probably that no one ever needs to delete just a subset of cookies from a site. I certainly never have, and I'm a pretty technically-minded user. (Other than for development, in which case I'm using dev tools anyway.)

Counterpoint: I've many times had to fix presentation of or access to a site by purging just specific cookies. Two sites that have previously had these problems are RingCentral's web interface and AutoTask. Maybe a dozen or more others, but admittedly not many…however, when I've needed it, the problem has been persistent, requiring multiple fixes per day, over a few consecutive days or or even a couple weeks.

Needing to delete specific cookies does arise occasionally, and we have dev tools or the cookie viewer under the lock for that.

However, needing to delete those cookies without first viewing the page due to side effects - that is a very niche use case.

Is it? I feel like most of my atrocious cookie hand fix cases end up being broken redirects where you get redirected to some new url that errors, so loading the page doesn't help to get rid of the offending cookie.

That would be an atrocious bit of engineering from the developer. But I suspect that even in that case, holding Escape as you load the page would kill the redirect.

Not who you were responding to, but I've had that happen on Microsoft flows.

Manually interrupting most flows is practically impossible. Too fast, and can chain across a half dozen (sub)domains near instantly. The web hasn't been that slow or simple in a long time.

> I've had that happen on Microsoft flows.

Yes, as mentioned, from atrocious engineering.

See also that Windows can break the desktop due to their own advert.

The feature was already created. What could be the harm of keeping it?

I think they prepare for cookieless in favor of FLoC.

Use Firefox?

I don't get why people think this is a move with some agenda, most likely they just don't think enough people use the single cookie deletion functionality to warrant having it in the settings vs the dev tools.

Exactly this. All the functionality is already built into Chrome right here:


Contrary to the headline, Chrome isn't removing the ability to do anything -- they're just removing it from the preferences interface, where I'm not sure it really ever made sense to include in the first place.

Truly, editing/deleting individual cookies isn't something any regular user ever needs to do -- just clearing per-site, which continues to exist in preferences.

> deleting individual cookies isn't something any regular user ever needs to do

I disagree. A problem just recently with a gov site req'd you delete their cookies to resolve it (as an interim solution until they get around some year to fix the issue).

The change is for clearing individual cookies. You can still clear cookies per site.

Don't know if the same government but I can't access the site to pay the taxes which I have to pay monthly without clearing cookies.

Or also twitter, where it is unusable without logging in/blocking cookies (Which you can do from the preferences)

Right, so clear all the cookies for the gov site. Previously you could do that and now you can do that. Nothing has changed for this use case.

Settings vs dev tools does make a huge difference imo.

The settings pane gives you a cleaner ui for quick changes (debatable, but I certainly feel this way). Dev tools can break your browser if you do things wrong. They are made for development and deep changes, not routine stuff.

That is not "nothing has changed".

You can still clear cookies for a single site by clearing all data for the site. Does not require devtools. If a site is bad enough to require clearing cookies, clearing the cache & stored data is probably not a bad idea.

If your site needs users to clear cookies, then you should fix your site. Clearing cookies is not a routine thing.

You can still clear all cookies for a given site from within preferences.

They're removing the listing of individual cookies for each site. So you can still remove all cookies from, e.g. Hacker News, but will no longer be able to see the individual names of the cookies, e.g. `ph_6CDb7STpzm64A_...`.

Dev tools absolutely cannot break your browser if you 'do things wrong'.

Hmm, I've never had devtools break my browser despite using it fairly extensively. I think I confused myself once by forgetting about a local override I had turned on, or accidentally cleared more cookies than I intended to, but that's about it.

I have had locally compiled builds break my profile data once or twice, but that's a seperate issue.

You can still delete per site cookies in the preferences no?

It is still in 'Settings', guys. It's in chrome://settings/content/all instead of chrome://settings/siteData . Read the third and fourth sentences of the linked article. You will literally be able to browse to it in Settings.

I do have to commend you on the bold tone while being so misleading, though. Haha, good stuff. I propose a Law of Increasing Internet Indignation: indignation is a monotonically decreasing function of knowledge.

Regarding renewiltord's law.

Physician heal thyself.

> If you click the disclosure triangle for one of the entries, you see… well, basically nothing about the site data. And there are no delete buttons for individual cookies. The only button is "Clear data", an all or nothing option.

Site guidelines suggest that you ought to assume good faith on the part of your conversational partners and responsd courteously to the good faith interpretation of their words.

I suggest you have simply misunderstood what people are complaining about.

I picked my words kind of carefully. "Clear all the cookies for the gov site". It'll solve the problem. Then the other guy misunderstood and thought it was a DevTools not Settings issue. Literally the problem does not require "clear one cookie" functionality.

That's not good faith interpretation. That's wholesale misinterpretation which is either incompetence or malice. If you want to play the whole "good faith" game, you actually need good faith.

You're all privacy groupies. You don't know anything about actual privacy. You're just an outrage squad. You know it. I know it. But you're performing for some absent audience that supposedly can't tell.

Fine, this site is yours. Keep it. I'll go play with the shellfish.

> where I'm not sure it really ever made sense to include in the first place.

So move it somewhere where it makes more sense.

> Truly, editing/deleting individual cookies isn't something any regular user ever needs to do

No true Scotsman? If the user needs to do this, they're automatically not a regular user, or what?

Anyway, hard disagree.

> So move it somewhere where it makes more sense.

>> All the functionality is already built into Chrome right here: https://developer.chrome.com/docs/devtools/storage/cookies/

It can't both be redundant and be solved by moving one of the interfaces somewhere else. Either you meant to say it's not redundant and is needed but didn't list any reasons why you think this or your idea of simply moving the redundant interface elsewhere doesn't change the point made as it'd still be rudundant and not needed, just elsewhere.

> No true Scotsman? If the user needs to do this, they're automatically not a regular user, or what?

The "No true Scotsman" fallacy comes after redefining the group once a valid counterexample from the original group is defined. It's not a fallacy in itself just to claim a group has an attribute, the claim is still falsifiable and testable by bringing forth the counter case to why a non-developer needs or wants to use a separate settings UI for it. "non-devoloper" wording chosen instead of "regular user" particularly because the ability is still in the developer UI and maybe that'll make the claim about "regular users" a little more defined.

If this were disabling the ability for users to clear cookies for a single site I'd hard disagree but I'm wracking my brain to find a realistic case a non-developer user needs/wants to view and clear individual cookies instead of site based cookies or all cached objects for that specific page. It's seemingly by definition only useful when identifying and fixing bugs from reviewing the source/dev console logs and "clear the cookies for the specific site" is already seemingly rare enough for a user to be told to do by generic troubleshooting. If being told to do it by a developer or support agent the console is still there and again I think it's fair to say we are veering far from typical things that user cares to have in a settings UI vs where it is in the dev console.

> It can't both be redundant and be solved by moving one of the interfaces somewhere else. Either you meant to say it's not redundant [...]

I never said it was redundant. Perhaps you mixed me with someone else?

Regardless of how you call the fallacy, I think there still is one since the vagueness of the term "regular user" seems to implicitly define out the users that would need to access the cookie dialogue.

If the wording is switched to "non-developer", then I once again disagree with this conclusion. Non-developers should definitely retain the ability to view, edit and delete their cookies.

I view this mostly as a matter of power. Yes, non-developers won't be editing or deleting individual cookies most of the time. However, if a website starts misbehaving and attempts to seize control of some part of experience from the end user, the end user must have the ability to counter that.

Having the ability to delete and edit pieces of information stored by websites on the user agent is a crucial part of that. If you take this ability away, then you ever so slightly took control out of the hands of the end user. In the end, you are making the user powerless and submitting them under your control.

The hyperbole in this thread is insane. I would wager that none of the furious "this is pure evil!" commenters in this thread even knew this particular settings page existed before today (and I'd bet they still don't know the information is already exposed in the URL bar).

Nobody who isn't a web developer is out there trying to guess what individual cookie names/values mean or wants to delete individual ones. At most, they just want to be able to clear them per-site (or across the entire browser).

Anyone else will use the Developer Tools UI that's better suited for the task.

Deleting cookies for a group of sites is essential, though, and they're removing that.

Think facebook.com, fbcdn.net, etc.

I end up having to delete cookies for Cars.com every other week, because sometimes the search function would corrupt something and every page would return a blank white screen.

No they're not. That feature exists on chrome://settings/content/all, which the article states they're keeping (as it's preferred over the separate menu being removed).

It's a self fulfilling prophecy. Make a useful feature difficult to discover, then remove it when few people discover it. The (not insignificant) current barrier for normal users to selectively remove cookies will be made even higher if you ask them to use dev tools.

One could imagine a browser vendor who made this workflow easy because they thought it was in the users' best interest. Obviously, that browser vendor is not Google.

I recall being quite pissed when Chrome decided to remove the pick-character-encoding feature essential for digging through archives of older CJK sites. Odd things keep rolling out of the Chrome team with telemetry as their justification. Ah well, how am I supposed to argue against “data”?

>Make a useful feature difficult to discover, then remove it when few people discover it.

How many people do you really think would ever need this feature in day to day use, even if it were extremely easy to find? The number is probably vanishingly small.

Millions. Big world out there

Percentages are all that really matter here.

Maybe it's changed, but walking a customer through clearing some specific cookies was a common help desk thing. To deal with shitty websites...PayPal had this problem for a long time where you would get an obscure error until you manually cleared a cookie.

This will be harder, especially where you need to clear cookies on different domains like a login page, saml page, account page, etc.

You had to clear one cookie on Paypal and leave the rest? Jesus Christ, what a nightmare! Do you happen to recall what situation that was? Just curious to read in a Daily WTF sense, not challenging you to prove it.

You could clear "all cookies for all sites", but that tends to piss customers off, as pre-filled fields for many websites are no longer pre-filled.

If I remember right, clearing it for one site didn't help because clearing "login.paypal.com" cookies didn't clear "some-other-thing.paypal.com" or "www.paypal.com". They seem to use www.paypal.com for everything now.

Google for: "paypal Your browser sent a request that this server could not understand" for one example

Or "paypal your last action could not be completed" for another.

I googled for those and it's funny but sadly not as entertaining as I'd hoped. All the responses involve clearing all cookies for paypal.com at al.

> If I remember right, clearing it for one site didn't help because clearing "login.paypal.com" cookies didn't clear "some-other-thing.paypal.com" or "www.paypal.com". They seem to use www.paypal.com for everything now.

Right, but that's not a problem that this particular change is going to do anything about. Previously, you had to find all the different paypal domains and whack their cookies and now you have to do the same. The functionality you can't do in the Preferences window now (but you can in DevTools) is find a single cookie in a single site and whack that one. That's the one that would be Daily WTFy.

Ah, got it. I read the screenshots as the "search" was also going away. I do have that 'single cookie' thing with another service where I have to delete one called TICKET_something, but I'll fumble through it I suppose, or use an extension.

I've mostly used this functionality to get my cookie out for Phantombuster.

Seems like this capability would be better served with an extension. Most (as in nearly all) users will never play with individual cookies and the people that need to can turn to quality extensions with more capability than the browser is ever likely to build in.

Yeah no. This is used by a lot of the population, may be not enough to register in their measurements but it’s a good number. Not just that, this is a functionality that existed for so many years in every browser, why remove it? At this point the code comes almost free. The only explanation is they want to prepare their users to a time when cookies are gone.

Chrome in 10 years will be like a TV... all you will be able to do is switch between a few hundred channels

Browser dev tools are more powerful now than ever before, and they're only a single key press away.

Dev tools are next... same argument... not many people use them.

You can't have consumers without producers. Dev tools are an integral tool to building websites and webapps today. They're still receiving considerable investment from browser vendors. I see new features in almost every release.

Browser tools could certainly be un-bundled from the browser itself and distributed behind a "Google Developer" account, with your access cut off if you do something that threatens any of Google's numerous businesses.

I believe this is how iOS development works.

Admittedly we are very far away from this scenario, but let us not delude ourselves into thinking (a) that it's impossible, or (b) that it's not in Google's interest to do this once they are confident enough in their market power.

To what end? What benefit does google get by preventing developers from developing for their product?

They won't prevent developers from developing their product. The change will be an "improvement". It'll be "a new developer focused tool for testing and developing your web sites" or some other marketing speak. Or it'll be an app you install from the chrome store.

lol. Because it's such an unimaginable hassle having to keep this code lying around in the codebase.

Firefox Nightly is a pretty good browser imho

Also it just so happens that there are extensions that allow you detailed (read: raw and editable) cookie data for each website you visit!

I use & love Firefox, too, but do note that the author's criticism directly applies to it, too: AFAIK, FF will not show you the individualized cookies, or all you to act on them individually.

Now, as you say, you can download an extension (and indeed, I do!), but I think there is some merit to it being in the base app. (E.g., not having to trust an extension. But also, it's part of Firefox's data, and FF should provide decent tooling for itself.)

That data is available in the developer tools, under the Storage tab. Individual cookies can be viewed, edited, and deleted. Not very useful for the average user, but the option is there and I doubt the average user even knows what cookies are, except that they're something you constantly have to click "yes" to nowadays.

Firefox used to show individual site cookies in the Manage Data dialog, this was removed at some point.

I'm running the latest developer build and it still has this. It only shows number of cookies by domain and allows deletion by domain, and you'd have to use dev tools if you wanted to look at or delete a single individual cookie.

> I'm running the latest developer build and it still has this.

Hmm, are you sure about that? IIRC, Firefox 90 had ability to remove cookies per exact subdomain in that view (i.e. account.google.com), since version 91 there's only an option to remove cookies for whole google.com domain...

I don’t think so, but can’t test right now, pretty sure I deleted cookies and a cache for one particular domain recently.

The chrome change doesn't stop you from being able to delete cookies and cache for individual domains, it's the ability to inspect specific cookies.

For what it's worth, Firefox's official abbreviation is Fx, not FF.

You don't even need extensions, that's available in the stock developer tools. Though you have to be on the site at the time to access it.

Firefox crippled extension support several years ago, denying them access to the internal APIs for JS code.

... this, despite the fact that all the APIs are there, and internally, FF is essentially a bunch of "chrome extensions" on top of the C++ core. That is, the only thing that was removed was the ability to _load_ extensions.


Minus the routine kernel panics it's causing on my M1.

Or is that defective hardware?

How can you blame a kernel panic on an unprivileged userspace program? That doesn't make sense. I.e., Firefox can maybe trigger a kernel panic, but the blame lies either with the kernel or, indeed, with defective hardware.

I'm privacy conscious but would not consider looking at such detailed information. For me it's delete all site state on exit. Do people actually look at this stuff?

Developer bias, but being able to delete individual cookies is invaluable.

Non-developer hat: PlayStation Network store also had a bug where you'd be logged in, but unable to buy anything. Instead of deleting all data you could delete one cookie and it would temporarily resolve the issue.

I've run into that bug (I think) on lots of sites, including two of my credit card issuers. They set so many cookies, and new ones on every visit, with long expirations, until the cookie header is so large that either the browser or server is cutting it off and you can't pick up the cookies to log in any more. I go wipe out some cookies to fix that too.

Just fyi, you can delete individual cookies in the developer tools.

> Just fyi, you can delete individual cookies in the developer tools.

While I very much agree with the point you're making, I can count on one hand (with fingers to spare) the number of family members I have who know what the developer tools even are, and that's because I showed them when troubleshooting an issue they were having. They aren't going to learn or remember how to access the dev tools to manage cookies, but they do know what it means to delete individual cookies and the current process to do so, and if they forget the exact steps they could certainly figure it out in settings/preferences.

What they're not going to do is think "well, I can't find the thing I used to use to deal with cookies, I'd better go muck around in the developer tools." I'd imagine a very large percentage of non-technical people who have heard about cookies fall into the same category as my relatives, but that's my own bias talking and YMMV of course.

If they're a non-developer, the ability to clear all of the cookies (or data) for a given site should be adequate to cover their needs (and if they're a developer, obviously they'll just use Developer Tools > Application for individual cookie manipulation).

If a non-developer is in a situation where they need to delete a single cookie by name but deleting _all_ of that site's cookies would be ruinous for some reason, then something's horribly wrong.

Read the parent answer, it explains when deleting individual cookies is useful (even for non-devs)

Not really? Cookie names/values are usually inscrutable to anyone who hasn't worked on the site in question, and the idea that a non-developer would need to selectively delete individual cookies to work around a bug in a site is just silly (those users are much better served by simply clearing all of that site's cookies and logging in again).

(And when the need truly does arise, there's a perfectly-good tool for that which is no harder to find than the sub-menu being deprecated.)

I have never known anyone to need to delete an individual cookie vs all for a site. Certainly I've never needed that.

Only time I have (probably ever) deleted an individual cookie was for testing during development, and in those cases I already use the dev tools to do so.

You have never lived

Which Does Not Exist On Mobile.

(90% or more of most sites' organic web traffic is mobile.)

We have a bug like that in our internal systems at work. If I can't delete an individual cookie, I'll switch to firefox for work stuff. (I currently use chrome for work stuff b/c we have some helpful extensions which are chrome only)

I always just used incognito windows for these kinds of issues.

I don't really interact with cookies at all. What are your uses cases? What is the value? If you're so enthused with it I'm wondering if I should be, basically.

I've looked at it before - to delete a specific cookie, or see what a website has stored. Deleting specific cookies can sometimes fix broken websites.

What's the intersection of "users who want to delete a specific cookie" and "users who cannot open Developer Tools"? For the average user, deleting all of a site's cookies seems like all the granularity you need (and will be a more effective troubleshooting tactic anyway).

I don't think many non-developers use the dev tools for tasks, while people merely interested in technology (gamers and such) will get a gentle introduction to how cookies work from looking through the cookies in the normal interface. Those people might go on to become developers eventually.

Effectively zero. Ridiculous that anyone would think this an issue even worth discussing.

I use FF, uBlock and Privacy Badger. Of those - while uBlock is most powerful - I value Privacy Badger the most. It shows me 'number of cookies' in the toolbar icon on every page, and in the dropdown I can quickly toggle any 'suspicious' domains to be blocked. Only much less often do I take the time to do more intricate stuff using uBlock Origin.

Anecdata point - I had trouble logging into a site recently and was able to solve the problem by clearing cookies just for that site, thus preserving my other stored logins.

I do.

Not just on exit - cookie autodelete is awesome. 10s after I switch site all past cookies are gone

It's useful in specific cases and certainly nice to have in the main UI. I understand their reasoning for moving them, but I still disagree

Absolutely. I delete specific cookies regularly.

Through this UI? What's wrong with using Developer Tools for this?

Anyone here ever wanted a UI outside of the Devtools for deleting individual keys out of a site’s localStorage?

No? Didn’t think so.

If this individual-cookies-manager settings page didn’t already exist, would you think it worth it to introduce one? More worth it than an individual-localStorage-keys-manager (which clearly nobody is scrabbling for)? If so, why?

Ummm loads of time I end up in weird redirect loops that I solve by deleting cookies one-by-one.

When dealing with cookies I don’t want to just wipe all of them! Sometimes I just want to deal with some of them. Not as a developer but as a user of the SSO multidomain 20-redirect hellscape

Maybe you didn't understand the rhetorical intent of my question. Let me restate.

There are just as many weird problems with websites that cannot currently be fixed in this "pick and choose" manner, because the corrupted state is a single key in the site's localStorage. Instead, the current solution is "blow away the site's localStorage as a whole." (And, in fact, it's usually even less granular than this; you'd usually hit "clear Storage" in the Devtools, blowing away localStorage, AppCache, and a number of other things, all at once.)

Sites' localStorage is thought of as a kind of opaque per-site database—not something to be picked through by users, but rather something that's either in a valid state, or in a corrupt state where it should be purged.

And, as far as I know, that paradigm has been working just fine for everyone! Nobody knows enough about a site they didn't develop themselves to make a change to a single key in a site's localStorage that will take it from a corrupt state to a valid state. The average user—even the average developer—is only likely to corrupt the state further, by making changes roughly at random. We all just "purge localStorage" as one of the "the site is doing weird shit" debugging steps, and never ask for a finer scalpel than that—because that fine scalpel would essentially be akin to picking through the site's memory one raw address-value pair at a time. There'd be no context. It'd be useless, unless-and-until you went through a laborious brute-forcing process.

It's great that you've figured out how to delete particular individual cookies for a site, but you must realize that you learned what worked in each case by brute-force trial and error, in ways that likely corrupted the site's state innumerable times before you created a new valid state. That what you were doing was essentially akin to creating a Game Genie code for the website, poking and prodding at its (opaque!) memory in the hopes that you'll get a useful result, rather than a program crash.

And the argument being put forward in this comments section, is that the mindset required to create a Game Genie code or something like it, automatically implies that the right "home" for said process is the Devtools UX anyway. The Devtools UX gives you the tools needed for iteration and experimentation (a REPL; a live view of the site as you poke at it; etc); while the Settings UX is for knobs and switches where you know what button you want to press from the start, and just need an efficient navigation hierarchy that will let you find it and press it.

By deleting individual cookies within a site's cookie jar, you're debugging that site—poking and prodding at it iteratively—whether you call it that or not. So why expose a secondary, non-iterative interface for doing so? You'd just be encouraging people to do an inherently-iterative process more painfully by using a non-iterative interface.

Is it possible that they are combining the pages and will still have the same functionality? I personally find it very confusing that Chrome has two different pages for managing cookies. I pretty much always want the manage individual cookies page, but each time I find the other page first which only lets me clear all cookies and have to track down the page I really want.

Out of couriosity: Does anyone know how such decisions are made inside Google? It all seems very opaque.

I'm a Googler working on something else, but I think the rough process will be the same:

1. Product management decides which audiences should get special attention.

2. UX researchers get hold of a number of users matching those audiences. Interview them what are their pain points with the product and observe them stumble through a bunch of critical journeys.

3. UX designers design how that should go instead.

4. Eng (including UI) design how to make that happen.

5. The design doc goes through approvals from all the above, but also legal, security, privacy and other stakeholders.

After that, it's a simple matter of programming.

I'm pretty sure you will not get an answer to this on a public forum.

Cookie quick manager is a pretty good extension for managing cookies in Firefox. It gives you fine-grained control on all cookies for each domain.


Are we even sure what the final page is going to look like? "We're deprecating the old one" doesn't necessarily mean "We're finished building the new one."

OF COURSE they would remove that option! Google is one of the worst abusers of cookies:

If you use any Google app on iOS, it makes you sign in through a web view, which sets some system-wide cookies.

Meaning if you just want to sign into YouTube, and later search something in Safari etc., you will find yourself signed into Google Search!

I always have to go into the cookies settings and filter by “Google” and remove all of them to get that scummy tracking off my ass.

Same thing with any Google service on desktop browsers.

Seriously, Fuck Google.

A bit off topic, but I frequently just delete all cookies on all browsers on my devices. Since I just use Safari on iOS/iPadOS/macOS and Chrome on Linux, this is such a quick thing to do.

I also try to make using a private browser tab or page as my normal way to do web browsing.

Agreed. Duck Duck browser on Android has a very prominent "burn" button next to the URL bar which deletes everything. It's great!

Same with Firefox focus on Android. Has a trash can ready to reset the browser.

We're getting into the scary space now where it's becoming feasible for sites to insist on Chrome and drop support for other browsers. I've hit two such apps in the last month where not only did the app not work on FireFox, but the experience was completely broken (blank page, etc). So they aren't even bothering with enough testing to put up a "please use chrome" message.

I use FireFox for everything personal and Chrome for development. I'd encourage others to do the same. Apart from expressing a "vote" for web standards and interoperability, it also ensures that by default you are separating personal from work / dev which makes things a lot easier when you want to nuke all your browser settings / cache / cookies etc.

Same, I switched to FireFox recently as well. Lol if they think they can make these changes, and remain dominant (speaking Apple as well), then they should look at what happened to Freenode. Personally, I'm really just lazy, but I can go back to compiling my own Linux distros if it means I can control my system.

I wonder how many of us do this. I used to use Firefox for everything personal (e.g. social media) and opera for anything that's completely impersonal (e.g. I'd log into news sites) and work related. Lately Brave has replaced FireFox for everyday use; I only use Firefox for things that require being logged in to Google, like Google Calendar and YouTube.

If someone says they are a developer but do not test other browsers I don’t take them very seriously as a developer at all.

I wholeheartedly think it’s a good idea to split browsers between work and personal just so to get familiar with other browsers.

I worked on a project that a company decided to be Chrome only. This was during times when IE was still popular. We were spending a lot of time on cross browser compatibility and at one point the start-up didn't have money to spend on that. We picked Chrome as at the time offered best performance and it was fairly easy to make the app look as intended. We had to help some customers install Chrome and after that we had amazing velocity and we could focus on features rather than worrying why some customers can't see something etc.

This is the slippery slope we're on. You only have to get a little bit down the pathway of the dominant browser departing from standards and the cost of maintaining cross compatibility goes up exponentially. Your experience is absolutely real and it's actually the reason why we have to be vigilant not to get in that state in the first place.

I ONLY use Chrome when x-browser testing. I browse in Safari and develop and test in FF first. If anyone else’s site or app doesn’t work in Safari or FF, they lose me as a user/customer.

Demand the break up of Google! Now!

Email your reps.

Tell them this is dangerous and that Google shouldn't be allowed to run the entire web. Take chrome away!

The issue here is that "making a web browser" isn't a sustainable business. You could force Google to spin off Chrome...and then what? The new "Chrome Inc." would probably need to either start integrating ads or start charging money to even have a chance at not immediately going under.

The only reason Firefox is even able to exist is Google propping them up with lots of extra money.

It's not sustainable because Google props up its browser with money from other sources. I used to pay for a browser (Omniweb, that I still yearn for) because it was worth it. Most software is worth paying for, strangely.

If people won't pay for Windows, good luck getting them to pay for Chrome or Safari.

There are some interesting experiments around Firefox forks funded by Patreon. Though not sure how viable they are against a hostile web.

Just how much of a middle finger can they give to users before people wake up and move to Firefox? There was a time Firefox had some performance problems but that time has passed, it works every bit as well as Chrome does now, if not better.

Firefox is not as performant as Chrome is. This is something a web developer will have come across, if not an average user.

While Chrome performance is obviously better for browsing, somehow opening DevTools makes it work much slower. As for casual user, installing ad-blocker makes web browsing way faster.

If you leave Disable Cache checked under the network tab, the web will be substantially slower with dev tools open. This is (likely) the default setting, because it's important for testing.

Damn. And we lost Servo just when it was getting close to being not shitty. While everything else is moving towards more shitty.

Servo was never supposed to be a browser. It was a testbed for new browser tech/components, some of which got ported into Firefox. I had hopes that Servo would also be an embeddable browser engine, but not sure if that was ever a serious goal.

Servo still exists and has been spun out of Mozilla's org (https://github.com/servo/servo/). Certainly development will be slower without a dedicated, paid team behind it, but it's still alive (last merge to master was 9 days ago). And perhaps without Mozilla's direct control, it will actually end up becoming the browser you hoped it would be.

I give Firefox browser engine 5 years top before Mozilla becomes Chromium based. Servo WAS meant to be the future had Mozilla continued to fund its development, there is no way around that fact. Yes, it was experimental, but so where every other browser engines/forks when they started. Mozilla lost a lot of goodwill when they fired Servo team and most of the Rust developers.

Why we need two Chrome's?

I don't think we do, but I think there's value in another large-minority browser that is based on Blink (not Chromium). It should have all the compatibility that Chrome has, but none of the privacy issues. Mozilla could potentially pull that off, but it'd likely mean more or less starting from scratch (not sure how much of the UI they could reuse, if any), so I wouldn't expect that to happen except as a last resort.

I do feel like most of the arguments against Firefox boil down to either website compatibility or performance issues. Using Blink as their rendering engine would kill the first concern completely. I'm not sure if Firefox's current performance issues (real or imagined) are due to the rendering engine or UI, so not sure where that would land.

We lost the servo team, but isn't servo complete enough to simmer in maintenance?

Not nearly complete enough if you want a browser.

MAYBE, if you want a browsing engine / "webview".

That's exactly what Servo was/is, an embeddable browser engine. It was never aiming to build a usable reference servo browser with the engine. The packaged nightly binaries were just to demo the current state of the embeddable engine which is why they were so barebones.

Yes, you're correct, but the ancestor comments kind of implied it being a hope for browsers at large.

Bad phrasing from my part too, sorry.

Ahh, i'm talking about the surviving parts that were adopted by Firefox:


I remember it clearly because Firefox got a big performance boost in it's renderer when quantum was released, often it's faster than Chrome.

What features would a browser need on top of regular webview APIs?

No, not even close.

Why not, It's in Firefox, I'm literally looking at it right now.

Some parts of Servo are in Firefox, but not the whole thing.

Swapping your VW Beetle's wheels for a Ferrari's doesn't make it a Ferrari! Even if it improves handling (or whatever I'm not a car person, it's just an accessible analogy)

No it isn't. Some parts of Servo were adopted into Firefox, but "Servo" is not in Firefox.

If you compile servo and point it at the homepage of google, I doubt it renders right now. It was constantly broken even when it had a full-time staff.

There is some activity in the donations:


Not sure why you're saying Servo, we still have Firefox.

Firefox only can compete with Chrome/Chromium-based clones only if it has a unique edge (pun intended). Being completely written in Rust is that edge, reducing work required for debugging, while Chromium team would be still busy with memory bugs, etc. Thus the complete port/rewrite is the only future it has. Genius Mozilla management voluntarily gave it up.

Sounds like Chrome is moving more toward being a surveillance tool and ad delivery platform that also browses the web (well, more than it is right now anyway).

It’s more and more obvious we need competition in the browser space. Firefox as an excellent and performant alternative. Personally I use Chrome for work and Firefox for personal stuff.

Firefox, and the Mozilla organization itself, has its own fair share of issues.

I really wish more people would look at and help develop NetSurf[0] or other lightweight browsers with their own layout engines More importantly, I wish that regular users would stop going with the 900 pound Chromium/Blink gorilla, and instead use a greater variety of browsers/engines. This browser monoculture is just pure death.

[0]: https://www.netsurf-browser.org/

It will need Windows support to gain any real traction.

I've had decent luck with Vivaldi lately.

Please note, that it is Chromium based as well.

Do other Chromium based browsers like Brave count? Or do they need be completely separate browser architectures like Firefox and Opera?

Opera uses Chromium nowadays.

Why not use Edge if you need to use a chromium based browser?

I refuse to use it out of spite in response to how hard Microsoft has tried to force Edge down everyone's throat: resetting the default to Edge after a windows update, making start menu searches go to edge regardless of the default browser, etc.

It's like Chrome, but better in pretty much every way. Never thought I'd say this but Edge is actually pretty good!

Very frequent and large feature updates, deepening ecosystem integration that uncharacteristically doesn't get the way if you don't use it.

I always get a bit anxious when one of these massive enterprises suddenly gets up and starts moving with newfound focus, and MS is pretty much sprinting on Adderall at this point.

I use edge on Windows and it never gets in the way like Chrome. No annoyance whatsoever and felt zippier too

Unfortunately on Mac, I have to run some JS heavy apps and Firefox's performance on those is dismal. Jetstream benchmark for Chrome is 102 vs Firefox at 65.

It’s been that way since they forced logged you in on Chrome whenever you logged in to any Google website.

That's what happens when a browser made by an advertising company becomes dominant.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact