Hacker News new | past | comments | ask | show | jobs | submit login
Microsoft broke a Chrome feature to promote Edge (gizmodo.com)
432 points by adrian_mrd on May 2, 2023 | hide | past | favorite | 315 comments



Wow, this is much worse than I assumed:

> In fact, we were able to circumvent the issue just by changing the name of the Chrome app on a Windows desktop. It seems that Microsoft threw up the roadblock specifically for Chrome, the main competitor to its Edge browser.

From the beginning of the article, I was led to believe Microsoft had changed an API around checking/setting the default browser to show Microsoft's dialog instead. Which doesn't seem great to change an API without warning, but maybe you can make an argument that it ensures a "neutral" choice rather than apps pushing the choice on users.

But this shows it's specifically against Chrome. Regardless of whether it's legal or not, it's unforgivably anti-competitive behavior. It's a truly shameful tactic.


Eh, both Google and Microsoft have been using dirty tactics against each other for awhile.

Remember the entire reason Microsoft scrapped their own browser engine was because Google kept breaking YouTube video acceleration in Edge/IE.


Sorry, but I have had it with Microsoft. They produce an operating system. If I decide to use $browser treat me as an adult and actually let me use $browser.

Or you know, make it extra hard to change the default application and "forget" what I told you every now and then, bring that edge icon back to the task bar after every update etc.

It is not a platform that can be trusted. And maybe in 2023 there is value in a digital platform that can be trusted.


I have had it with both of them. I even moved my gaming computer over to Linux because I got tired of the constantly resetting defaults, I have been using Firefox and you.com (search engine) for a while.



They’re both wrong


Yes but in this specific case Google is more wrong. MS implemented a security feature where user applications aren't allowed to change the default browser. You can disagree with it and it's sketchy as hell but it's there and supposedly to prevent the bundled-with-java problem.

Breaking it is basically guaranteed to lead to plugging the hole and blacklisting the misbehaving app is easier than getting out the real fix. You can be all like "rebel chrome is taking on big operating system" and that's fine and makes total sense but "how dare MS enforce their own rule" is a weird take. You can't be like "hey, they weren't supposed to do it back" when you intentionally abuse your elevated privs to bypass security measures.


This kind of sounds true in a vacuum. Unfortunately we're not talking about a security thing in a vacuum. We're talking about 2 browsers, both of which are just making the user experience horrible in slightly different ways. Therefore all users are losers in this pre-school food fight.


[flagged]


Microsoft would be pulling these stunts against Firefox too if it were more popular.


Absolutely, I recommend neither.


And how google killed windows phone on purpose


Unclear as to how but as a windows phone user (there were dozens of us!) I say good riddance.


Borking things like google maps and email based on windows phone user agent when it works fine if you change the user agent.


It doesn't hurt that (old) Edge had a worse UX than IE. The rendering was nicer, but I do not need a browser where back/forward/stop etc all just queue up and wait for the rendering engine to finish. The whole point is the page is taking too long to render and I want out.


No, technically the issue that was supposedly the straw that broke the camel's back was simply placing a transparent div on top of the video. That is not an entirely unreasonable thing to do on a video player that supports overlays captions and other features. The reality is it didn't really make any sense to develop a competing browser from scratch when they could simply fork Chrome instead.


> it didn't really make any sense to develop a competing browser from scratch

I don't think they were doing it from scratch. Their scratch happened all the way back.


YouTube frequently need to update their anti scraping and anti piracy tech. There could be valid reasons why they don't inform Microsoft of the changes.

Microsoft cannot market they OS as developer friendly and then take steps against a specific developer.


It's funny, every now and then (at least in gaming circles) there is always some fanboy yelling "but MS isn't the old evil company as they were, look, they did X or Y". But it's just same bullshit under new manager.

MS. MS never changes.


I prefer the "old evil" MS. At least they weren't so eager to participate in massive surveillance of their users, unlike the "new" MS.


Oh that's only because tech wasn't there yet, 90's MS would totally do.


So, total rumor, but I've heard from a few sources on the grapevine that one of the reasons for their antitrust spat with the DoJ was actually as a proxy battle, and the main thing the DoJ cared about was Microsoft's unwillingness to play ball wrt data collection and "lawful intercept".

The sense I've gotten is that Microsoft of the time really did have a very libertarian core thought process that wasn't really into spying on it's users.


Yes. That is indeed a total rumour.


> The sense I've gotten is that Microsoft of the time really did have a very libertarian core thought process that wasn't really into spying on it's users.

I think this sense is mistaken. Microsoft has always been pretty hostile to users and not so keen on things like user rights. Their customers were (and still are) businesses.


The tech was there but there were much stronger objections to apps plucking random data from devices and send it to corporations for evaluations. And developers are as guilty here.

Yes, there can be benefits to diagnostics, but then you failed to acknowledge what this data collection is about.


Back then, they wanted to be selling a product, not turning users into the product.


wrong, the tech was there, but users' expectations weren't - it's a sad state of affairs really


> MS. MS never changes.

I'm going to assume that you intended this to be read in the Fallout voice [0].

[0] https://youtu.be/uPMyttdUvfg


What surprises me about this stuff is that no one has ever tried to get a definitive answer to this sort of question with the help of reverse engineering. It's always this guesswork for some reason. It does not have to be guesswork when the ground truth is right there inside your C:\Windows folder.


you act as if reverse engineering is easy. I guarantee you its not, especially something like edge is a rats nest of packages, assemblies, 3rd party components, config files, all neatly bundled in something unreadable for security reasons.

Browsers are hard to reverse engineer


I specialized in reverse-engineering binaries for a few years (it's shockingly common for companies to lose the source code for their own products), and I second this.

Reverse-engineering is difficult and time-consuming. Reverse-engineering something as large and complex as a browser would be a huge project all by itself.


What about getting ahold of the binary or whatever raw version of Windows you can get (C++, assembly?), and look at the diff from before this change and after. Would that drastically narrow down what you should look at? Moreover, if there is a literal CONSTANT that says "Chrome", is it possible that it's not obfuscated and sitting in the code in plain sight?


So the opening of the dialog happens when user association hash verification fails if I recall correctly.

Shell32.dll has the code for it under QueryUserAssocAndVerifyHash I believe. Perhaps they've interfered with the hash interpretation for Chrome or Chrome is hooking into it in a different way - Firefox directly computes and writes a new hash to the registry.


Raw diffs of binaries may or may not help, depending, but it's not likely to help as much as you might think. If you can get the source code (C++, assembly, whatever), then there's no need to reverse engineer anything.


I would think it would be the Windows equivalent of `grep -a Chrome -R C:/Windows`, right? Then, when it finds the file, just hexdump and/or disassemble it to learn more. Maybe they're scrambling the executable somehow?


I wonder if there's any stability there given compiler features like LTO and PGO


Currently writing a talk about loss of institutional knowledge.

Can I quote you? Also, if you're comfortable, can you give me more background on yourself so I won't just be quoting a rando on the Internet?


Raymond Chen has some about it, too, on his blog (also search Microsoft pinball).


Ah, thank you!


I suspect that it’s worse than that, it’s somewhere in windows. So you’d probably have to start by hunting for a task then find the binaries associated and hope it’s not too high up in the OS mess.


I don't know why it's surprising. Reverse engineering an executable is quite a jump in skill level from guesswork.


That, and Windows is *huge*. The best bet would probably be to reverse engineer the patch in question, but if it’s a typical combo patch then you’re probably looking at changes across a dozen system files. If you’re unlucky, the patch is just flipping a flag or something for a feature that already existed: it wouldn’t surprise me if Windows already had hacks specifically for “chrome.exe” (for compatibility or anti-compatibility reasons). In that case it becomes much more time consuming to isolate the one component that is responsible for the problem.


I’d reverse engineer the API they were calling. Generally this kind of thing yields good results quickly.


"Reverse engineering" is vague and means anywhere from "poke at it randomly to see what it does" to "read the binary".


Isn't the more widely accepted meaning to de-compile it back to source code (of some form), and go from there?


Wow, drive letters in 2023.


It looks like they're going back to the days of "DOS isn't done until Lotus won't run," alright. Very shady.


There was a post on here about that phrase a few years ago: https://news.ycombinator.com/item?id=10432608

Lots of interesting discussion in there, even if the phrase didn't come out of Microsoft as the article anecdotally suggests it didn't.


I posted this below, but I suspect the scoping for Chrome.exe was done because Chrome was misusing an API.

According to the article:

"the worst was reserved for users on the enterprise version of Windows. For weeks, every time an enterprise user opened Chrome, the Windows default settings page would pop up. There was no way to make it stop unless you uninstalled the operating system update. It forced Google to disable the setting, which had made Chrome more convenient."

Enterprise maybe didn't like settings getting changed that way (conflict with group policy?). If it was constantly opening new windows, it's probably because it was constantly calling an API (probably in the wrong or an undocumented way). So it would make sense to change how the API works based on a known bugged application. It wouldn't be the first time Windows changes how something works based on application name [0].

Keep in mind there's also more than just the documented Win32 API exposed to applications on Windows (and who knows if Chrome was misusing these undocumented ones) [1].

[0] https://devblogs.microsoft.com/oldnewthing/20031224-00/?p=41...

[1] https://learn.microsoft.com/en-us/sysinternals/resources/ins...


Chrome has used an undocumented Windows API before: https://www.hanselman.com/blog/the-weekly-source-code-33-mic... After someone noticed this the comment was mysteriously deleted from the Chrome source code.


Browsers use undocumented APIs all the time. Doing so is unfortunately close to necessary.


But it can lead to instability. There's a reason these are not documented.

Also, we know Chromium used some. There's a proprietary Chrome layer on top of it that might be using more under the hood. Unless someone decompiles there's no way of knowing (but considering how it broke Enterprise, wouldn't be surprised it was doing undocumented stuff under the hood).



Nothing new under the sun.

Edge ain't done 'till Chrome don't run...


>it's specifically against Chrome

I have not encountered any other browser that has a button like Chrome put in. Back in the day, a browser and email apps could set themselves as default, on their own. A long time ago.

This was bad. I don't want an app to be able to make itself default for something, and just magically trust that the app will ask me first. There is an OS control for that - I don't want apps to be able to do that on their own. So MS fixed it, and all was good, for a long time.

Chrome then somehow found a sneaky way to get that back. Truly a shameful tactic.

Well guess what "google" - you're not allowed to do that, and there's a reason the functionality was removed for all apps. You're just a browser app, I don't want you to screw with or even have access to screw my OS settings.

Microsoft fixed a security hole. Good on them. For now, they specifically fixed it for the malicious actor. Hopefully they'll fix it OS-wide eventually.


In a fight of Microsoft against Google, I support the fight.


I don't. In a fight we all as end users lose. Competition is beneficial to the end user, fighting, where they sabotage each other or bar each other or their own apps from platforms is not.

Did end users benefit when YouTube was blocked from being used on Amazon Firesticks? Did they benefit when Roku and HBO were feuding and you couldn't use HBO Max on Roku devices?

Be careful what you wish for.


In Dutch we have a saying "when two dogs fight over a bone, a third runs off with it". I support the fight if it will weaken both Microsoft and Google.


Of course, the third dog need not be better than the other two.


I thought about it. Carefully. If google and microsoft went bankrupt tomorrow i wouldn't miss a thing and would be feel abundance of joy. The world would be a much better place without then.


That's a combined 400,000 employees out off a job in one day. I wouldn't wish that hardship on those people all of a sudden, and that's before we consider the wider ramifications to the economy from those people being unemployed. Then there's all the people and companies, non-profits and NGOs that use theiur services which would run into major problems.

I would be be tempted to think perhaps you just glossed over that, because the alternative appears to be a complete lack of care for others, but as you've noted you've thought about it. Carefully.


Alternatively, that's 400,000 working in businesses that actually contribute to the world, and likely plenty of new start-ups as well.

The "in one day" thing would likely suck for the unprepared ones though. :/


Peak HN, when we want to pretend that Google and Microsoft provide nothing useful to the world.


Each of those companies does indeed seem to be a net negative.


That’s not quite what the comment you were responding to said.


Well, they weren't responding in good faith to what I said so DILLIGAF. ;)


It would take excruciating gymnastics to justify a claim like this. And I'm not a fan of either entity.


Well, what are the positives they bring to the world?


giving people tools like Word/Docs, Excel/Sheets, etc that they can use to express themselves and calculate things? Providing email for people? Giving people "it just works" (albeit not as well as Apple's stuff) operating systems (Windows/ChromeOS/Android) that they can use without having to deal with the complications of getting Linux working (although you could argue in recent days Ubuntu does this as well)? VS Code? Creating widely used programming languages (C#, TypeScript, Golang, Dart)? Paying people to work on open source projects? Google search, which, while far from perfect, does still enable people across the world to easily access information that is useful to them?


k. And you feel those things benefit the world more than the negatives yeah?


Would the income currently going to Apple, Google, Amazon and Microsoft for various services be better off going to 10,000 businesses employing 100 people each? That would give more choice, equal number of jobs and a stronger middle class


I think you're missing the point, which is that to make such a change in a day would be chaotic and problematic. I'm not saying Microsoft and Google need to stay, I'm saying that it's not something that could change overnight without extreme hardship caused to many people. It's not just the change, it's how it happens. Many more people are able to work from home now than a few years ago, but I doubt most people think the cause of that was worth it. Do I think we'd all be better off with less mega corporations and more SMBs? Yes. Getting from here to there in a way that makes sense and doesn't cause major problems is important I think though.

Either the person I replied to above was being flippant and callous in their wording in a way they should have been aware of if they thought carefully about it, or they didn't think all that carefully.


Given that Chrome is aggressively pursuing privacy sandbox, which is roundly rejected by everybody in the web privacy community, is aggressively user hostile, and designed solely as a means to leverage chrome’s (current) dominance to support google ad business, it’s fair to start treating chrome as malware.


What part of this description of privacy sandbox doesn't apply to what Microsoft has been doing with Windows? I think it's time to treat Windows 11 as malware as well.


technically those two are not mutually exclusive


Honest question, why is the privacy sandbox user hostile? I assume it's because Google is using it to collect your information but blocking everyone else from collecting it?


> Honest question, why is the privacy sandbox user hostile?

From the horse's mouth, "privacy sandbox" is explicitly designed "to build thriving digital businesses."

https://privacysandbox.com/intl/en_us/

At face value they claim it's designed to eliminate tracking techniques like fingerprinting, it's actually a system explicitly designed to collect the users' private information. From the horse's mouth.

"To provide this free resource without relying on intrusive tracking, publishers and developers need privacy-preserving alternatives for their key business needs, including serving relevant content and ads."


That’s literally written by a PR team, see the quote I pasted from the w3c decision.


So, it's tracking just not intrusive tracking?


It sounds like it's plain old tracking, but pushed and owned by Google through it's control over Chrome.


No it's objectively less intrusive.

The proposals involve reducing UA data, ip tracking, etc.

But still allows for some amount of targeting. From my understanding instead of you being an identifiable individual via fingerprinting, the aim is to make you "probably one in [large group] of technology people".

I'm not saying I think it's a good thing, but on the surface it does appear _better_.


Does Privacy sandbox prevent fingerprinting completely (for example, canvas fingerprinting, WebGL fingerprinting, audio fingerprinting)? Or the advertisers would be able to use both fingerprinting and newly provided data?

I don't understand why we need to trade here. Just block figerprinting and do not provide any alternatives for advertisers. This is the best for users.


You can't block fingerprinting completely without breaking a ton of useful features. But the sandbox has a concept called the privacy budget which tries to determine if a site is collecting too much information. It should allow sites that actually use some of these features to continue to work.

The idea is that if sites that query fonts, engage canvas, read the user agent information, etc, they are likely trying to build a fingerprint, so the browser will start to return generic data.

Presumably - hopefully - it would allow users to set their own privacy budgets. Even better if it supports granular per-site control, which may be needed for certain specialized websites.

https://github.com/mikewest/privacy-budget


> You can't block fingerprinting completely without breaking a ton of useful features.

Many of those features are not so useful and their main use is fingerprinting, for example:

- WebGL is mostly used for fingerprinting

- enumerating installed fonts is mostly used for fingerprinting

They should be put behind a permission popup, so that only those sites that really need them (e.g. graphic editors, text editors) can use them. So nothing gets broken.


"Just block fingerprinting" is also not trivial to do while providing a good user experience.


Put WebGL, enumerating installed fonts, web audio, etc. behind a permission. In rare cases when they are really needed not for fingerprinting, the user will grant a permission and nothing gets broken.


Have you been around for the past 10-15 years of Android? Manual permissions don't solve the problem. People will just say why yes, I do indeed want to read this clickbait article/use this flashlight app, go ahead and give the server my GPS location so it can follow me around. The only reason you don't get much of this anymore is the limits the app stores enforce these days.


We "need to trade here" because Google is an adtech business


To a certain extent yes but…

There’s absolutely no way a browser should be tracking the topics a user is interested in and then providing them to any script that asks

You can opt out but how many people will actually know they can

The Topics APi is what you get when an Ad company owns the most popular browser


> I assume it's because Google is using it to collect your information but blocking everyone else from collecting it?

It isn't so much a privacy sandbox, it's an anti competition sandbox.

Google is designing standards and practices under the auspices of user privacy but in reality these changes simply lock others out of accessing data while serving it up to Google.

* Not only are they locking out competition, but they're preventing the user from stopping or mitigating collection of data as well.


I think you can have a lot of debate on it, but for me personally it can be summoned down to the following: the privacy sandbox wants to block tracking on everything that isn’t of “high user interest”. But as a user I don’t want “any” privacy intrusion.

On one hand it’s better than what’s going on now, on the other hand it’s not going to give you privacy and it’s likely going to further Google’s advertisement monopoly on much of the internet. Which is where a lot of the debate can be had, but as a user, do you really want any company to track you? If not, then you most likely don’t want control of who gets to track you in the hands of the biggest advertisement company on earth.


That's true, but Edge is literally the same codebase and architecture, rebranded and with slightly tweaked UI, plus additional MS tracking. So Edge should get the exact same treatment.


Since people seemed to believing Google PR at face value here is the w3c position in rejecting the proposal:

The intention of the Topics API is to enable high level interests of web users to be shared with third parties in a privacy-preserving way in order to enable targeted advertising, while also protecting users from unwanted tracking and profiling. The TAG's initial view is that this API does not achieve these goals as specified.

The Topics API as proposed puts the browser in a position of sharing information about the user, derived from their browsing history, with any site that can call the API. This is done in such a way that the user has no fine-grained control over what is revealed, and in what context, or to which parties. It also seems likely that a user would struggle to understand what is even happening; data is gathered and sent behind the scenes, quite opaquely. This goes against the principle of enhancing the user's control, and we believe is not appropriate behaviour for any software purporting to be an agent of a web user.

The responses to the proposal from Webkit and Mozilla highlight the tradeoffs between serving a diverse global population, and adequately protecting the identities of individuals in a given population. Shortcomings on neither side of these tradeoffs are acceptable for web platform technologies.

It's also clear from the positions shared by Mozilla and Webkit that there is a lack of multi-stakeholder support. We remain concerned about fragmentation of the user experience if the Topics API is implemented in a limited number of browsers, and sites that wish to use it prevent access to users of browsers without it (a different scenario from the user having disabled it in settings).

We are particularly concerned by the opportunities for sites to use additional data gathered over time by the Topics API in conjunction with other data gathered about a site visitor, either via other APIs, via out of band means, and/or via existing tracking technologies in place at the same time, such as fingerprinting.

We appreciate the in-depth privacy analyses of the API that have been done so far by Google and by Mozilla. If work on this API is to proceed, it would benefit from further analysis by one or more independant (non-browser engine or adtech) parties.

Further, if the API were both effective and privacy-preserving, it could nonetheless be used to customise content in a discriminatory manner, using stereotypes, inferences or assumptions based on the topics revealed (eg. a topic could be used - accurately or not - to infer a protected characteristic, which is thereby used in selecting an advert to show). Relatedly, there is no binary assessment that can be made over whether a topic is "sensitive" or not. This can vary depending on context, the circumstances of the person it relates to, as well as change over time for the same person.

Giving the web user access to browser settings to configure which topics can be observed and sent, and from/to which parties, would be a necessary addition to an API such as this, and go some way towards restoring agency of the user, but is by no means sufficient. People can become vulnerable in ways they do not expect, and without notice. People cannot be expected to have a full understanding of every possible topic in the taxonomy as it relates to their personal circumstances, nor of the immediate or knock-on effects of sharing this data with sites and advertisers, and nor can they be expected to continually revise their browser settings as their personal or global circumstances change.

A portion of topics returned by the API are proposed to be randomised, in part to enable plausible deniability of the results. The usefulness of this mitigation may be limited in practice; an individual who wants to explain away an inappropriate ad served on a shared computer cannot be expected to understand the low level workings of a specific browser API in a contentious, dangerous or embarrassing situation (assuming a general cultural awareness of the idea of targeted ads being served based on your online activities or even being "listened to" by your devices, which does not exist everywhere, but is certainly pervasive in some places/communities).

While we appreciate the efforts that have gone into this proposal aiming to iteratively improve the privacy-preserving possibilities of targeted advertising, ultimately it falls short. In summary, the proposed API appears to maintain the status quo of inappropriate surveillence on the web, and we do not want to see it proceed further.

https://github.com/w3ctag/design-reviews/issues/726#issuecom...


Unfortunately, "rejecting the proposal" seems to be an incomplete description for that.

From reading that GitHub thread further, the comment you're quoting seems to be an "initial review" only.

Further down the thread are various people (Google, etc) downplaying it, and trying to get around it. Not unsuccessfully.


It’s unequivocally not happening in other browsers and they are doing it anyway. Call it what you want.


How is it user hostile when it protects people's privacy while also meeting the needs of advertisers? It's a win win.


Because in reality, "meeting the needs of advertisers" is not a prerequisite to "protecting people's privacy." It's a false premise that Google constructed and which only exists because the dominant browser is created by an advertising company.

A browser that truly protected people's privacy would definitionally not meet the needs of advertisers, because those needs are in direct opposition to people's need for privacy.


Protecting people's privacy is not the sole job of a browser. The web in general needs to look at the needs of all of the stakeholders and come together to find a solution that all parties can find agreeable. A browser should care about not just the users, but also the rest of the people in the ecosystem. If Chrome shipped an update that blocked all ads it would kill many sites and would cause a disaster to the health of the web ecosystem. Chrome should try and improve the ecosystem.


> A browser should care about not just the users, but also the rest of the people in the ecosystem.

Hard disagree. A browser is supposed to be my user agent. It is supposed to work for me. It should not be engaging in compromises to my wishes in order to benefit others.

> Chrome should try and improve the ecosystem.

I think that there is much disagreement about what "improving the ecosystem" would look like.


>I think that there is much disagreement about what "improving the ecosystem" would look like.

Sure, but enabling sites to be financially viable to run is almost universally considered good. If something is not viable on the web either it will be built on another ecosystem or it won't be built at all. It ends up making the web a worse place to be and strengthens the competitors to the web.


If an industry in a very competitive market is polluting rivers we don't find a way to maintain its ability to pollute, we stop the pollution through rigorous action while trying to keep it competitive.

If collectively we decide that intrusive advertising has to go and we need to more directly pay for labour online, then so be it. It doesn't necessarily have to stay the old way forever.


> enabling sites to be financially viable to run is almost universally considered good.

That isn't what's on the table, though. This impacts the ability to target ads. Targeted ads are absolutely not required for a website to be financially viable.

> If something is not viable on the web either it will be built on another ecosystem or it won't be built at all.

The history of the web demonstrates that this isn't true. There's an excluded middle there.

> It ends up making the web a worse place to be and strengthens the competitors to the web.

What are the competitors to the web?

But aside from that, in my opinion, advertising has made the web a much worse place as it is. Advertising has made the web more like interactive cable TV, and limits the variety of activities because only the ones advertisers approve of are effectively allowed.


>Targeted ads are absolutely not required for a website to be financially viable.

There is a subset of sites where it is required. Or at least it is with how much resources they are investing into the site and free services they offer.

>What are the competitors to the web?

The biggest competitors are Google's Play store and Apple's App store.

>Advertising has made the web more like interactive cable TV, and limits the variety of activities because only the ones advertisers approve of are effectively allowed.

The existence of sites with advertising doesn't mean that sites without advertising can't exist.


>Protecting people's privacy is not the sole job of a browser.

I will never use a browser that serves anyone's desires over mine. That's absurd.


The econmics don't work out for someone making a browser specifically for you and no one else. Products typically are designed to support the needs of many people instead of optimizing for a single person at the detriment of everyone else.


If that is the metric you want to go by, users outnumber advertisers by several orders of magnitude, so in this sense, anything that makes online ads easier is optimizing for the few at the expense of the many.


It's trying to increase the privacy of the users while not upsetting the advertisers.


"The advertisers can go f*k themselves" is probably the nicest way to put things. ;)


It's trying to make privacy invasions more palatable to people.


That person isn't alone, though.

In any case, why in the world would I want to use a browser that is working against my interests and in favor of the interests of an industry that has done nothing but been abusive for a very long time?


> If Chrome shipped an update that blocked all ads it would kill many sites and would cause a disaster to the health of the web ecosystem.

I think this would be the best thing that could possibly happen for the health of the web, tbh. Imagine Google search results if every blogspam page plastered with ads no longer had a financial incentive to exist.

EDIT: It would kill some useful sites too, undoubtedly, but I think it would be worth the cost.


Blog spam sites are not expensive to host and they would just pivot to referral links. What it hurts are sites that generate user value and give it away for free by subsidizing it with ads.


Sure, the whole spam industry could just pivot to referral links, just like that.

Referral links are a terrible business, with even less money and at the same mercy of the oligarch next door.

Intrusive ads disappearing would be transformative and good for the web for a good long while.


> give it away for free by subsidizing it with ads.

If those ads are targeted, then they're not giving it away for free at all. They're just demanding a different currency.


It costs $0. Happy?


Remember, the nickname "Browser" was invented after the fact, to describe the program that loads URLs and displays them to the user. The proper name of such a program is "User Agent". It is a program that acts as the agent, or the servant, of the user.

My "browser" runs on my computer, by me, for me. It is not beholden to "all of the stakeholders", or "the rest of the people in the ecosystem". If my agent acting in a manner that User Agents were originally intended to, only fetching the URLs that I - the user - want it to fetch, "would cause a disaster to the health of the web ecosystem", then maybe the current web ecosystem is bad and deserves to meet with disaster.

The web managed to explode in usefulness and popularity before surveillance capitalism became a thing, not because of it.


A web browser implements the web standards. The web standards are put together by organizations that do respect all stakeholders. If the web ignores stakeholders then people will migrate off the web. This is how you get into a world where you have to use mobile apps and the web is near barren.


> This is how you get into a world where you have to use mobile apps ...

Are you meaning something different from the current state of affairs?

Because, that seems to describe things currently.


Currently you often have the option to use either, but in theory the option to use the website could go away from many services if it's not worth it to have.


And the other browsers rejected Topics as an API so it’s not a standard


> If Chrome shipped an update that blocked all ads it would kill many sites and would cause a disaster to the health of the web ecosystem.

That's complete bullshit.


Part of protecting my privacy is not sharing what I'm doing with advertisers.


It doesn’t protect “privacy”, it at best limits a subset of reidentification attacks, and only in a vacuum where other fingerprinting vectors don’t exist.

If it’s so great it would be any easy opt-in for users. But it’s not.


Because it doesn’t protect people’s privacy… other sites should have no rights to see what topics I’m interested in


It is definitely about meeting the needs of advertisers, by implementing new methods to violate user privacy. Every other browser has simply blocked advertisers from collecting this information, but Google is an ad company, and hence is anti-consumer at heart.


Because it doesn't really "protect privacy" and it legitimizes and institutionalizes advertiser tracking (albeit at a more controllable level).


Can Google sued Microsoft for doing this? I'd imagine the Justice Dept might come calling if Edge takes #1 spot in the future.


Can Google be sued by Microsoft in return for breaking YouTube for years on non-Chromium browser?


Yes.


Anyone can be sued for damn near anything; but can they win a suit? That would be a harder one.


Yes.

Any chance you're familiar with their last antitrust suit?


Except the world has changed a lot in 20 years.


"Embrace, extend, and extinguish"


It's quack.exe all over again.


Or virus.exe as seen on Office Space.


Trying to set yourself as the default handler for anything should pop up a system preferences box. Beating a dead horse perhaps but in the Apple world this works quite well: there are various permissions like “read folders”, “capture keyboard input”, “access location” and so on. When a programs wants to use these, all it can do is put in a request, and pop up a dialog box offering to take you System Preferences. When you’re in System Preferences you can look at e.g. “read folders” permissions and see all the programs that have requested this, and you can check or uncheck each program to decide its access. This is how default handlers should work, too (although it doesn’t in MacOS at the moment, probably because they couldn’t solve the UI issue of having a list of every possible file type, each with a sub list of every program that can open it).

If that was what Windows was intending, and Google found a way around it with sneaky automatic API calls, and Windows fixed the exploit which then resulted in those sneaky calls popping open Settings every time, that would be fine and Google would be the bad guy.

Sounds like that was not what happened here, Windows did some ugly hack (up to and including ‘relying on a Chrome.exe process name’, like, come on) and in fact doesn’t even have a “make request then approve in Settings” workflow, so yeah Windows is the bad guy here. Google is still a little bit bad - you’re fucking up my UI by forcing a self-promotion button into my tab bar, that’s not cool - but overall this situation is a point against Microsoft.

(Personally I’m glad the extent of browser wars for Mac is some apps doing some trick to make you choose between “Chrome”, “Safari”, or “the default browser [Safari]” every time you click a link. I want to use the default option every time automatically, that’s what default means.)


> make you choose between “Chrome”, “Safari”, or “the default browser [Safari]” every time you click a link

Apple oughta put a stop to this nonsense.

1. There's a global default browser setting: follow it.

2. Almost no app needs an embedded SFSafariViewController just to open random links

2b. Extend this to photo pickers (especially those that expect access to the entire library)


I actually like chat apps that embed SFSafariViewController, mostly because I get sent a lot of links in the middle of conversations that I’d like to go back to.


> Sounds like that was not what happened here, Windows did some ugly hack (up to and including ‘relying on a Chrome.exe process name’, like, come on) and in fact doesn’t even have a “make request then approve in Settings” workflow, so yeah Windows is the bad guy here. Google is still a little bit bad - you’re fucking up my UI by forcing a self-promotion button into my tab bar, that’s not cool - but overall this situation is a point against Microsoft.

I suspect Chrome was misusing an API, because according to the article

"the worst was reserved for users on the enterprise version of Windows. For weeks, every time an enterprise user opened Chrome, the Windows default settings page would pop up. There was no way to make it stop unless you uninstalled the operating system update. It forced Google to disable the setting, which had made Chrome more convenient."

Enterprise maybe didn't like settings getting changed that way (conflict with group policy?). If it was constantly opening new windows, it's probably because it was constantly calling an API (probably in the wrong or an undocumented way). So it would make sense to change how the API works based on a known bugged application.


Eh, iOS doesn’t allow any alternative rendering engines, which isn’t exactly user choice.


Ah yes, the Henry Ford of user choices.

"Any customer can have a car painted any color that he wants so long as it is black".

-Henry Ford, My Life and Work (1922)


Te be honest, the most unreasonable part wasn't choosing a single colour, it was choosing black over grey.


The better to hide the oil... those early cars were very messy.


But not so much the bird shit from needing to park in the shade.


I believe it was a limitation of paint technology at the time. Colored paints took more skill and time to apply than black. Additionally, the color would chip and deteriorate in a short amount of time.


iOS <> MacOS


Android is back and forth on this. Some items just get a simple prompt, and others get "no you have to get forwarded to a built-in system page within the settings system and set the value there". Generally, things that an app is "unreasonable" to ask for (like background use of camera or mic, avoiding being cycled out when in background, or access to the filesystem) need to go through the full OS settings menu, while common things (active in-app use of GPS or Camera) get a simple pop-up prompt.

Which makes sense.


> (up to and including ‘relying on a Chrome.exe process name’, like, come on)

I would bet this is an application shim of some sort. Hardcoding behavior like this into the shell is risky. Shims often target based on process name and executable path on disk (but can be configured to also match resource info).

I would dig into it, but I cannot repro the issue on Win10.


On one hand, Microsoft has been ridiculously scummy lately in regards to Windows and Edge (e.g., dark patterns everywhere) and I downright abhor what Edge has become. On the other hand, programs probably shouldn't be able to silently change a user's default programs. But back to the first hand, it seems like this was targeting Chrome specifically rather than actually improving the API, so more scummy nonsense from Microsoft.

While Chrome included a button to ask users beforehand, they could've just as easily changed the default browser without asking. I'm not saying Google would do that, but maybe they shouldn't have the ability to do so regardless of intention.


That sounds like it should be up to the OS to prompt with a confirmation when the software tries to change a global setting. That's what mobile devices do.


I'm not sure what to switch to at this point... disabling the shopping suggestions, fine.. but this bing sidebar and the giant button, even if you disable the ever-present mode is annoying to say the least.

I really liked edge, but that didn't last long... I'm trying to minimize the Google in my life as well, beyond search which is less and less useful itself. Not sure what to use. Keep seeing Vivaldi mentioned, and I do use Brave on my phone.

And no, I don't find Firefox "good" ... I do like having bookmarks and plugins sync'd though. Anyone have an extension that syncs bookmarks... I keep my passphrases in Bitwarden, not the browser as it is.


I found the same recommendation. While I haven’t gotten to daily-driving yet, I am pleased and impressed with the settings Vivaldi exposes and the reasonable defaults included out of the box.


Vivaldi is really good feature-wise if you don't mind closed source, but I find that it crashes the most of all the Blink browsers I've tried. It really is a spiritual successor to Opera, even in this. ~


I use most of the major browsers quite a bit (including Vivaldi) and don't really ever experience crashes. I can't remember the last time I did honestly. They've all gotten really stable from my experience.


I suspect it might have something to do with routinely having 100+ tabs open. But that is also one of the things that Vivaldi actively promotes as a feature.


Try Brave!


I wonder if the workaround you mentioned in your second paragraph is bait Microsoft left for Google PMs?


Applications should not be able to register themselves as the default handler for file and uri types.

Google should be forced to open the system settings panel that allows users to change the default browser, not do it for them. If this window unfairly favours one browser over another, I'd say that would be anti-competitive, but requiring to go through said window is not.


But it makes sense contextually for users to set defaults from within the app they're using, that's when they're thinking about it. It's more intuitive UX.

The best solution is a system permissions dialog to confirm the change, so an app can't change anything silently.

Because using a control panel for all handlers isn't a particularly user-friendly experience, scrolling through 60 file types to hunt down the one you're looking for and then locate the appropriate .exe file. I mean the panel should exist but for power users.


It should work exactly as camera and microphone permissions work.

No 3rd party app should have write access to system configurations.


The natural time to ask to set a default browser is:

  - The user attempts to open a link in the default browser and it isn't set.
  - The user installs a new browser.
  - The user uninstalls a browser that is set as the default.
Inside the app there is no way to tell the difference between wanting to use that particular app for this one specific task, or preferring this app above all others. (An adaptive UX could notice that the user has manually opened an app many more times than others and suggest setting it as default.)

The problem here is Microsoft gives no way to uninstall Edge. So the only way to know if the user wants to stop using it as default, if they didn't switch when installing another browser, is for the 3rd-party app to reach in and claw back the default setting.


It is most convenient by far to set defaults from within the app, but I don’t think it makes the most sense, it produces too much “spooky action at a distance” where e.g. because you clicked a button in Edge, now when you’re in Chrome and click on a pdf, Edge opens up, or vice versa.


On Windows, it is normal for applications to set themselves as the default for whatever files they open. The honest ones ask for user consent first. The dishonest ones just hijack file types.

I don't see anything anti-competitive about Windows coming with a Microsoft browser or Microsoft setting it as the default as long as we're able to download other browsers and go to the system settings to change the default. Pretty much the first thing everybody does after installing Windows is use Edge to install Chrome although that's probably not necessary these days since Edge is just a Chrome reskin that is integrated with the Microsoft ecosystem instead of the Google ecosystem.


It was normal, like 10 years ago. But, precisely because some apps would do it silently, the corresponding APIs were removed.

The problem here is that the new APIs - to open the UI to let user manage stuff - as well as that UI itself, keeps changing in various unhelpful ways.


I get the risk here. But it has to be balanced against the downside of the OS being able to say: "Oh, you'd like to change the default file handler for X? Sure, just follow this 7-step process to make that happen."

If applications can't change this, then an OS with a competing application can just implement a high-friction process that discourages most people from completing the switch.


> Google should be forced to open the system settings panel that allows users to change the default browser, not do it for them.

Why is it not enough that the user clicked on the button to change the default browser?

> If this window unfairly favours one browser over another, I'd say that would be anti-competitive, but requiring to go through said window is not

Making it harder for users to switch from the default browser to another browser unfairly favours the default browser over non-default browsers.


> Why is it not enough that the user clicked on the button to change the default browser?

It’s a button in Chrome, intuitively it should only be able to affect things inside Chrome. If you want to affect system-wide (user-wide…) defaults, that should be done in System, not Chrome. A analogy might be “turning your house lights’ dimmers to maximum brightness shouldn’t also set your car’s headlights to high-beam”.


I agree with this take, at a theoretical, hypothetical, utopian level. But I think its only the right path when we can trust that the vendors of the operating system are neutral stewards; when they act to at least a useful degree in the service of their customers, both the users and the application developers, versus their own network effect self-interests. Unfortunately, the majority of operating system developers out there are everything except neutral.

In the absence of this utopia, you have to ask if its a better world that Microsoft retains unilateral control over its users' ability to set a default browser (or, any other decision of a similar caliber). I'd rather no one have control; that it just be some file content on the disk that any program can edit, and I'll adopt the responsibility of trying to make sure the programs I install can be trusted with that power.

The alternative smells more like Apple's Security Dystopia than a utopia. Microsoft has already proven to be a bad steward of this functionality: there was a time (which may still be the case, I don't know) where changing the default browser would prompt you to "give Edge another shot" no short of three times. There was a time when even Googling "Chrome" in the Edge browser would re-write the HTML to list the Edge website first (I'm pretty sure they've removed this). Click on a link in any of Windows 11's useless widgets will always open Edge, even if you've overridden the default browser.

The better analogy is possibly: Turning your house's lights to maximum brightness maybe should also set your car's headlights to high beams, if the car manufacturer prompts you to install their own more expensive, worse headlights every time you adjust their brightness in the car.


It used to be possible for apps to just say "I'm gonna be the default for this, kthxbye" on Windows in the past. It did not go well in practice. Most users aren't going to be able to muck around ACLs on some config file; they'll just have their defaults silently hijacked, in the worst case by outright malware.

The sensible approach here is 1) a stable API to allow the app to request this, 2) a sane UX provided by the OS that makes it clear to the user what's going on and requires their explicit and definite consent, and 3) a legal crackdown on all abuse of market-dominant position - such as those injected Edge banners.


>In the absence of this utopia, you have to ask if its a better world that Microsoft retains unilateral control over its users' ability to set a default browser

You are running on Microsoft's operating system, they will always outrank you in decision making. Even if they expose an API for you to use, nothing can stop them from perverting that API if they want to harm you. You can only hope that the users prefer that they have final say, which at least used to be Microsoft's policy.


You can give browser vendors an API to throw up system UI to make it "just as easy".


That's literally how you're supposed to do it, Google just doesn't and instead fumbles with Windows internals directly.


What about photoshop and .ps files

Perhaps we should add "for unregistered file types" there but if I am installing a software, I am probably wanting it to associate themselves for relevant files and I wouldn't want to go through settings to find all relevant files

The proper ux is peovably a "this application wants to open these file types" system pop up


Lots of applications (specifically dev-oriented ones to be fair) will have a part in the Windows Installer where you can tick a box that says something like "open .xyz with APP_GETTING_INSTALLED". Some better ones give you a list of file extensions that you'd like to open with the installing app.

Been a while since I've seen the WinRAR install screen, but pretty sure it does exactly what I described


I can see an argument for a warning if your new app is taking over a file type that an old app was handling; but if you have no app to handle it I don't see it matters much.

The reality is nobody makes ad revenue from WinRAR opening .ZIP files so nobody cares.


That's fine, if Edge has to do the same.


Some programs, like 7zip, handle dozens of file extensions, I don't want to have to manually change all of them.


Another example is mpv. It also handles a very significant amount of extensions. Maybe unpopular opinion, but I actually like how even batch scripts are able to register default apps for file extensions.


The year is 2023. Everyone who believes either Microsoft or Google are the good guys here is either not paying attention, or works for either of the companies (not so unlikely on Hacker News). Both companies use every imaginable dark pattern to trick users into agreeing to whatever tracking bullshit they added last week. With one company controlling the OS and the other the browser, the question is just which dark patterns preempt the other company's dark patterns in the battle for user attention and data in the advertisement wars.

I long for the days where I was able to pay for a piece of software. The nature of the transaction ensured that the software did what I as a user wanted it to do, and served no hidden agenda. But those days are gone, possibly forever.


I have no illusions about Apple being “good guys”, but this is why I use MacOS and Safari - both of those exist to sell Apple hardware, which is at least a little better than existing to sell my eyeballs. Not great, but not Microsoft or Google bad (yet).

Basically, I am paying the Apple tax because I get to be a few cycles behind the state of the art in software commoditizing their users.


Yeah well I just use Firefox on Linux


Also a good option. Edge and Chrome are definitely on the biting edge of this particular ratchet, while Firefox and Safari are at least half a whole rotation behind. (We could split hairs about who is a click behind whom, and how much of that is because of development velocity rather than intention, but the difference is minor compared to where Chrome and Edge are at.)


I use Lynx on OpenBSD.


I wold have problem with Lynx on OpenBSD, but Iridium on FreeBSD is quite ok, as long as I add obligatory ublock origin, umatrix and cookie autodelete extensions.


Why ublock and umatrix?


ublock to block ads, umatrix to block (by default, with ability to unblock) any resources outside visited domain and its subdomains.


What do you use for a mobile phone?


For last 3 years Firefox works great on Android and does have working ad-blokers.


Unfortunately, Firefox‘s security on Android is .. not the best

(https://madaidans-insecurities.github.io/firefox-chromium.ht...)


Wow that article that completely misses the point, yes, Chrome has better sandboxing, which offers it marginally better security, but that has nothing to do with Firefox's far better privacy features.

For people who are not spies or hoarding millions worth of cryptocurrencies on their desktop PCs, they're not likely running across zero day exploits on the regular. They are however running across trackers galore and Firefox's tracking protection and anti-fingerprinting features are likely to make a larger difference in practice for all but the most targeted of individuals.


It's not just Android.

Unfortunately.


Are you using one of those de-Googled custom Android ROMs or stock?


I am - GrapheneOS is excellent. I do unfortunately run sandboxed Google Play Services for access to Google Maps & Google Play through which I get my banking app. Pretty much everything else (launcher, podcasts, VLC, Firefox, FluffyChat&Element for Matrix messaging, ntfy.sh/UnifiedPush) is via f-droid, and works great.


On a Pixel or something else?


Used Pixel 4, yeah - I think the later pixels have better security features & support from Graphene, but this way I also help reduce ewaste.


Just interested because I like Graphene but don't want to use a Pixel. I'd love to run it on a FairPhone honestly. Looks like DivestOS is my best bet.


Honestly nope. I mostly need phone for banking apps that thanks to Google DRM (SafetyNet) dont play too well with custom ROMs. Yet Firefox work quite well across Windows, macOS, Linux and Android and it has huge advantage of having proper adblocking. So it's mostly no brainer which browser to use.


I’m running Firefox on both iOS & macOS.

Also installed it on my pc.


Firefox. My phone runs Linux (postmarketOS).


I use Fennec F-droid on android


> I get to be a few cycles behind the state of the art in software commoditizing their users.

Have you been on the App Store lately? macOS and iOS are relatively clean, but the most apps in the stores are out to get you.


I think Apple has a better ethical compass, but I have no illusions about it, either. Their business model is selling hardware, and they've found that they do well at that by not compromising the user experience.

Apple isn't an angel, but they don't tend to do shit like this. Macs also don't come with a shitload of goofy ads in the Dock, like every consumer build of Windows. Opening a new Dell is like entering a shitty mall.


They compromise the user experience all the time to sell more hardware. Oh you want to use a non-Apple smartwatch? Well here's a subset of features of what the device actually supports. Use an Android phone? Well we can't be bothered to implement MTP like everyone else so go track down 3rd party app. No, you can't use Bluetooth file transfer but Airdrop works well on our devices, RCS? Just buy your mom an iPhone etc. It's a bunch of subtle compromises to push you towards more Apple branded gear.


See, I don’t care about any of that, because the user experience on those other devices is so poor.


Really? My iPhone and iPad would nag me about subscribing to iCloud and Apple Music. I don't see that kind of thing on my Samsung phone or my Android tablets. They let me run whatever apps I want without Papa Cook's permission, I can plug them into any non-Mac and drag files on or off. Much faster than the iPad where getting files on involves some cloud service and then "sharing" them or mucking about in some submenus of iTunes. My Garmin watch is controlled by physical buttons so it works with gloves and it works when the screen is wet. My non-same brand products work together which is a pretty great user experience IMO.

Windows having ads does suck but I solve that by just not using Windows. My devices still work fine with Linux and I'm not trapped into buying one brand. I'd argue only playing nice with yourself is not a great user experience but actually user hostility.


Yeah, really.

I already use iCloud and Apple Music. I can run whatever I want on my Mac; I enjoy that the iOS experience is curated.

I never manually move files between devices because it's 2023, and I use a syncing provider that gives me access to my files on whatever device I'm on.

I have no use for a Garmin watch because I'm mostly a cyclist, and bike-specific head units are superior. For hiking, my Apple watch does a fine job without having the clunky, awful interface I hated when I used Garmin units on my bike.

Creating a whole-set experience is a value unto itself. Sure, it's easier to use the Apple stuff, but I'm not picking their music service, or their watch, or their phone, just because I'm in this ecosystem. I'm in this ecosystem because, by my lights, all those options are simply BETTER than those on offer from other people.


iCloud is objectively the best cloud service in your opinion? You're really not just picking that because you're using Apple products and thats the only one that allows backing up an iOS device (funny that) for example? Would you seriously consider using it if you weren't using a Mac or iPhone?

If you're okay with the compromises that's okay but they are there.


> iCloud is objectively the best cloud service in your opinion? You're really not just picking that because you're using Apple products and thats the only one that allows backing up an iOS device (funny that) for example?

Had my phone stolen. Bought a new one the next day. First boot took several minutes but when it did boot, everything was there - all my documents and pictures, all my apps, all my preferences and settings (not only for the phone itself but for each app too), even the background image and app icon layout was the same. IIRC I didn’t even have to re-login to many apps, just the security-conscious “trust this new device?” ones.

Such a seamless backup and restore experience is remarkable in and of itself, and I don’t think if Apple allowed third-party backup services they would get to that level of seamlessness. I don’t know for sure that Android (or Windows/Linux, same seamless backup on Apple laptops) don’t have a backup service with a comparable levels of seamlessness and thoroughness, but I don’t think they do.

iCloud backup is a genuinely impressive service and I have to respect it.


Ah, confusing names!

iCloud as a service has several aspects, of which Dropbox-style file sync is only one. I actually don't use that part AT ALL, in part because I was an early adopter of Dropbox and continue to find it meets my needs well, even when I have to use Windows.

However, iCloud is the best choice for me to use to sync what we used to call PIM data between desktop and mobile devices.

iCloud for iOS backup has also been really good to me. I trust it fine. But I also trust that all the key data being backed up to iCloud from iOS is also being backed up from my desktop or by other means, so I mostly just use iCloud for "pim data" sync and, obviously, to move into new phones when I buy them.


You mean your leasing a Mac from Apple to use it in a manner consistent with and approved by them.



Weird. I dunno about you, but I own my Macs, and am able to do anything I want with them.


The way Google released "experimental" features behind prefixes instead of configuration for years always seemed like a way to get developers to break their sites in non-Chrome browsers as much or more than a way to test features.

I assume that Google's takeaway from the Internet Explorer anti-trust case was that they needed plausible deniability for their non-standard browser features.


> The way Google released "experimental" features behind prefixes instead of configuration

This was not a "Google" thing - vendor prefixes were a common practice in the industry. Webkit was using -webkit- prefix before Google was using it.

Many years ago the harm of this was recognised and browsers did move these to configuration/feature flags instead.

https://developer.mozilla.org/en-US/docs/Glossary/Vendor_Pre...


> The way Google released "experimental" features behind prefixes instead of configuration for years always seemed like a way to get developers to break their sites in non-Chrome browsers as much or more than a way to test features.

Apple, Mozilla, Microsoft, and Opera all were doing that before Google even had a browser; there never even was a Chrome-specific prefix, all of the features included in Chrome this way were -webkit- prefix and, IIRC, implemented in the WebKit shared codebase.


Judging by Google's sloppy handling of evidence related to their antitrust suit, it seems your assumption is entirely on the money.


Historic tidbit: Mozilla had a slew of "internal" prefixes to be used in their UI and extensions, but Apple really broke new ground and made them mainstream when the iPhone came out and really needed CSS to be useful. That's when stuff like -webkit-transition` and the fabulous `-webkit-box-reflect` were pushed out without waiting for anyone.

-ms- wasn't really a thing until IE10 if I remember correctly, when they started prefixing their own IE5-era properties like the DirectX-based `filter` [citation needed]


Absolutely. The moment it became clear to me was back when Google completely broke gmail and search for WebOS devices. It served the most rudimentary, broken WAP like version of Gmail and a stripped down version of search. Gmail was basically unusable.

The fix? as simple as changing the browser's user agent to look like Android/Chrome.


> The fix? as simple as changing the browser's user agent to look like Android/Chrome.

I'm not defending Google here, but once I worked for a company whose web support strategy consisted of explicitly supporting a specific subset of browsers, and have a user-agent allowlist to pick if a request loaded the current version of the page or a legacy, feature incomplete but broadly supported version. The guiding principle was that we would have to draw the line in the sand regarding which browsers we'd cover in our test matrix, and instead of risking subjecting users who used unsupported browser to broken experiences then it was preferable that we assured they would experience an old but bulletproof version of it.

We started off by showing a "this browser is not supported, please upgrade" page, until some other department in our company complained up and down the org tree because they used thin clients with outdated browsers. Thus instead of showing a "please upgrade" page we fed the old version, and everyone was happy.

I see how this looks like intentionally feeding a degraded experience to subsets of users, but having been in a decision-making process that led to the same outcome, let me assure you there are real-world scenarios where this outcome does not originate in malice or any ulterior motive.


Why not give the user the option? If it then looks fine, they can keep the newer website, and if it doesn’t they can switch to classic.


> Why not give the user the option?

The users affected by this case were at the tip of a very long tail of unsupported user agents. Those who want to circumvent the issue can either upgrade or resort to tricks like faking user agents. The key take here is that we could not possibly support all browsers or the old version, so for the very rare cases we kept the lights on in a very old and unmaintained version of the app. In my company there was no sneaky ulterior motive, it was just that we couldn't afford maintaining obscure platforms that, even if we really wanted to, we couldn't possibly test.


They did the same multiple times for Windows Mobile. They support iOS because iOS only ships for Apple devices, it isn't really a competitor in the OS space. But they are absolutely brutal towards any company which might offer a way out for OEMs from the Google prison.


> I long for the days where I was able to pay for a piece of software.

You can pay for software, but you'll still be the product. Just like how it's the case here with Windows.

It's ironic how the best software are often made by unpaid volunteers. Compare that with commercial software. Most of them are bloated and user-hostile.


I don't think people are rooting for Google here, it's more of the "I don't want X (Google) to win I just want Y (Microsoft) to lose" mentality. Neither are the "good" guy here, but in this specific interaction there's definitely one party at fault who should be punished/prevented.


The definite party is almost certainly Google, who probably implemented an unsupported API to hack this feature, and then are expecting people to blame Microsoft when it inevitably changes. (News about Microsoft adjusting how default apps are set went out like two months ago.)

Microsoft has, whether you like it or not, a documented and official way to set your app as a default app. And apps which growth hack around that will probably have problems.


Yep. I use GMail and Safari on iOS. When I open links from GMail, every so often it shows a popup saying "would you like to install Chrome and open this link with Chrome instead of Safari"? It only appears intermittently, not on every link (fortunately), but there's no way to disable it.


Have you tried: settings > default apps > disable ask me each time?


Yes, it's disabled. Evidently the two options are "ask me each time" and "ask me intermittently"; there doesn't seem to be an option for "don't ask again".


"Antitrust: Commission fines Microsoft for non-compliance with browser choice commitments", European Commission 2013:

https://ec.europa.eu/commission/presscorner/detail/en/IP_13_...

We need more legislation it seems.


That’s how the headline spins it but reading the article suggests the opposite: this is Google trying to avoid using the standard browser choice interface put into place in response to those legal requirements, which is rather less sympathetic.


For a long time (I'm not sure if this is still the case): There effectively was no "set a default browser" interface in Windows 10/11. The closest thing was a file handler to program association screen, where you had to manually set Firefox or Chrome as the default application for every possible filetype a browser could open (IIRC there were maybe 8 or 10); and one of them with an unassuming and non-obvious name was the "magic" one which caused the browser to become the default for opening links (I think it was ".html files" or something like that).

Point being; there's history and context to this fight, and I don't think that sympathy is a valuable experience to hand out to any megacorporation. Both Google and Microsoft can be in the wrong; its not binary.


> Point being; there's history and context to this fight, and I don't think that sympathy is a valuable experience to hand out to any megacorporation. Both Google and Microsoft can be in the wrong; its not binary.

Agreed - I mentioned that only in the sense that the article seemed to be portraying it very much in Google’s terms and this has more history as you mentioned. I’d especially feel it worth mentioning how for years Google used their sites to push Firefox, Safari & Edge users to switch to Chrome so it’s rather dubious that they’re suddenly deeply concerned with consumer choice.


It is Google allowing the user to set the default browser using its own interface, using the API Edge uses to allow the user to set the default browser using its own interface.

Microsoft loves to complain about applications doing things it doesn’t like, while its own applications are doing those exact same things. According to Microsoft the rule is that the rules just don’t apply to Microsoft Office and Microsoft Edge.

Microsoft likes to pretend they play fair. But when they can’t win by playing fair, the facade quickly drops.


Except we know from the time that Windows source code leaked that the reason Microsoft internal products use undocumented features or APIs is that the Office team is a bunch of incompetent hacks that ignore all the documentation and do things the wrong way all the time. There are literal comments in the code cussing out the Office team for doing something so wrong that the kernel team has to hack around it like they do for other popular misbehaving apps.

They are purposely separate teams because if it were any other way, IBM would have sued them into the ground for anti-competitive actions.

At least, this was the case ten years ago.


> the kernel team has to hack around it like they do for other popular misbehaving apps.

Like Google Chrome? Or is that not a popular app?

If you think the Office team doesn’t have access to the source code of the rest of Windows and doesn’t get special apis to do things you aren’t supposed to do, you’re in for a surprise.

Where do you think that crazy crypto code Chrome uses to set itself as the default browser comes from? It’s obviously decompiled code from a Microsoft app that sets itself as the default. Because they have privileged access and can do the things they prevent others from doing. And exactly the same goes for Office. Little tricks to set the defaults, to allow their windows to pop up when others are blocked from doing so, privileged access to the update system, preinstallation with the OS, the list goes on and on.

They are superficially separate teams for legal reasons.


Please, Google has explicitly made their products not work correctly in other browsers for years. This is totally playing fair, it’s just Google getting back what they give.


So Microsoft gets to use their monopoly powers to play the standards judge, jury and executioner?


I’m fine if they go tit-for-tat to be honest.


Where were all the commenters when YouTube was silently breaking (old, Trident-based) Edge, Firefox and Safari with user-agent detection completely ignoring actually supported browser capabilities? Somehow they are able to get away with this while other companies don't.


Where? How about right here and on every tech site?


Can you link to what you're referring to? Firefox has always worked fine for me on YT, in fact I'm using it right now.


One example that I personally remember is when Gmail and Youtube is stopped working on Opera browser. But if you customize user agent to any other browser (like Firefox) it suddenly start to work. [1]

It happened decade ago tho.. Now Google is practically leader in web standards so there no need to use this practice anymore.

1. https://www.reddit.com/r/operabrowser/comments/e6e7x/google_...


I've seen them on every tech site I visited. Were you under a rock ?


Whataboutism.


Are we just going to ignore the time Google was caught slowing firefox with useless loops (well, actually turning on a client side noise reduction algo IIRC) in google meet and docs to make it look like chrome was faster? could also be 'fixed' by changing user agents to chrome.

...countdown to downvotes and replies asking for source for something that is easy to find online.


I don't doubt that it happened, I just don't understand why you're bringing it up.


It's a reminder that both of them are the bad guys.


I'm no more a fan of this than I was of Google trying to shove Chrome in my face any time I used to visit any of their properties with a different browser. These 2 deserve each other. For now I just avoid both of their products.


> “For information on this, please see this blog post about Microsoft’s approach to app pinning and app defaults in Windows. Microsoft has nothing further to share,” said Miranda Davis, a Microsoft spokesperson. The post describes the company’s “long-standing approach to put people in control of their Windows PC experience.”

There's a little typo in there. They wrote in - but what they actually meant was under our.

Common mistake. The keys are right next to each other.


After what I think was the same Windows 10 update last month I noticed a giant Edge search bar planted in the middle of my desktop which I did not ask for. I've since rolled back the update and group policy disabled Windows Updates entirely


Disabling updates in a recipe for malware - you can remove the search bar in 4 clicks.


You can remove windows in quite a few more clicks, but it's ultimately worth it. Though I wouldn't put it past Canonical to add ads to the default desktop at some point.


Hey did that in the past with the amazon integration


At some point it's going to be worth calculating whether malware (the vast majority of which is mitigated by not running as admin) or the latest update is going to be more disruptive to your workflow.

At least on the systems I manage, workstation updates have been responsible for a lot larger share of the same kind of problems (data loss, availability loss, etc.) that I am starting to get questions that I don't have very convincing answers for.


I would rather have malware ---- at least it happened under my control.

However, I really wonder what kind of attack surfaces I may have, if I have zero exposed ports, never plug in any drive from untrusted sources, and always double and triple check any program before running? I haven't used any antivirus(including windows defender) since I got my first computer and never got any virus, also I monitor my running processes frequently and have an adequate knowledge of windows internals. Malwares are not like COVID-19...


   > never got any virus
That you know of...

   > I monitor my running processes frequently
PSA: Search for something called lolbin. Short for "living off the land binaries". Not every malware needs to have it's own process or will be easily identifiable when looking at a process list.

Anyways, you can simply disable feature updates on Windows and keep the security ones until that specific version reaches EOL: https://www.bleepingcomputer.com/news/microsoft/take-control...


> you can remove the search bar in 4 clicks.

On every major update. It's just a nag.


I tried to read all the links, but there are still some questions:

So Google has a button to make it the standard browser and a group policy to do that automatically. This computes the userchoice hash based on the SID, obfuscated formulas, the create time of the registry key (minute only, retrying when the minute has changed while writing).

Now MS publishes an update which breaks this (But how?). Gizmodo says it only happes to "chrome.exe". Google implemented the userchoice hash algorithm, but now they disabled "the experiment".

And now?

When will Google come up with another solution? Does the group policy still work? What exactly did the update from MS change? Did the userchoice algorithm change somehow?

Does the button in Chrome to set the default even still work?

Here's how userchoice is or was implemented: https://chromium.googlesource.com/chromium/src/+/0dfc676a46a... https://chromium.googlesource.com/chromium/src/+/58e203f9ba9...


I thought the whole point of the hash was it could change arbitrarily with windows updates to stop programs reverse engineering it and then setting file associations or browser choice directly in the registry.

Although not sure if it has ever changed before though just by quickly scanning the change log for this app people were using to set it https://kolbi.cz/blog/2017/10/25/setuserfta-userchoice-hash-...


Offtopic, but I started using Edge because of Bing integration, which turned out to be terrible (just give me exact gpt4-based copilot, not the watered-down version), but stayed for the side-tabs: sticky permanent tabs that allow to quickly reach you popularly use. I haven't found a browser that offers this functionality either natively or as a well-supported plugin.

I'd love to ditch Edge, any recommendations?


If you mean side-by-side split screen, The Old Opera had multiple document interface. If you mean opening (mobile/full) site in a side panel, The Old Opera had side panels. If you mean vertical tabs, The Old Opera had vertical tabs. Browser that follows the path of The Old Opera exists, and is called Vivaldi.


I think edge is doing the most interesting customer focused features for browsers that I’ve seen in a long time. I get that some might feel it’ll get bloated but most are configurable.

It’s not for everyone but it’s interesting to see someone trying new things.


Vivaldi, arc browser or the new Opera


Can you share a screenshot of the feature you are talking about?


Rough edges like this are what make people like the experience better on other operating systems. Edge is a nice browser. But I want to use something else, and these kinds of things make me not want your software. As a developer, I just stop using the OS's "open url" call and add a setting to select the app to use to open links.

At my company, we're Mac for everything not engineering and linux for engineering. Every new hire at first hates the new thing, but after a few months, I'll ask them if they'd like to switch to Windows... and the answer is usually something between "no" and "for the love all that is good and wholesome, no!" The issue with Windows is lots of tiny spikes and sharp edges that interrupt your workflow.


Hey, I heard there are open-source OS'es where this bullshit is not possible because it would be out in the open ::looks at penguin::


How many people remember the days of "DOS isn't done until Lotus won't run"?


Ok, so par for the course, absolutely nothing has changed since the previous round of the browser wars. But what really, and I mean really surprises me is that the open source movement so far hasn't taken a much harsher stand against Microsoft acquiring GitHub. Google is capable of defending itself just fine but with GH Microsoft has essentially acquired all of the open source code stored there irrespective of the license it is shipped under because somehow magically their TOS seems to supersede the GPL and they can do what ever they please with the code. That doesn't sit right with me, no matter how many goodwill parties Nadella & company attend.


Is it also possible that MS has a "budget" to promote Edge as the default/only option among its enterprise customers -- you know, supplying the IT departments with marketing material, mailers, talking points, and all sorts of "incentives" for adoption.

I ask because we saw a huge campaign by our corporate IT (large 50,000+ userbase) recently to eliminate Chrome for all company assets -- with mailers touting the superior security features of Edge.

If they simply said we cannot / donot want to support multiple browsers -- it would be forgivable. But the mailers seemed to be rather persistent in justifying why Edge -- sounding like PR from MS.


Microsoft gonna Microsoft.


Looks like someone in Windows land has had enough:

A principled approach to app pinning and app defaults in Windows (windows.com) [1]

[1] https://blogs.windows.com/windowsexperience/2023/03/17/a-pri...

* Insert comic of different parts of Microsoft pointing guns at each-other *


Windows ain't done till Chrome won't run!


Also it seems that associating a file type with a program also change its icon, you cannot have separate icon and file association.

For example, I want a separate icon for .txt .py .cpp, and all open them with sublime text. I tried many things, but I just gave up. Once I associate with ST again, it sets to another icon.

There are really few things holding me back to windows, really.


It's definitely possible, IrfanView lets you customize the icons for each file or at least at the icon 'pack' level and have all the images open with IrfanView. For instance PNG files can have the IrfanView logo with PNG written across it.


Funny cus edge is chrome anyway right?


Privacy-wise, yes.

Upstream source is Chromium.


Looking at the comments, it's clear other people read a completely different article than I did. I recently canceled my LinkedIn account as LI refused to allow me to upload images when using Firefox. I have no desire to live in the MSFT-centric world of the 90s they seem to be re-creating.


If 123.exe then fail


This is exactly how some "anti-virus" products behave.


Can you cite a source? I got the reference but failed to corroborate it. How did it fail?


It's unsurprising that they try, it's surprising that they get away with it. Blatant market manipulation by several big tech players with zero consequences. Which then emboldens them to go even further.


"What a convenient coincidence. Mind you, it was absolutely uncorrelated. Everybody knows that everything <a big corp> does is for better security." - a typical bitter sarcasm nowadays.


Chrome and Edge are both hot garbage. Install Firefox and never look back.


This is an honest question: What does Microsoft gain from a user on Windows using Edge over Chrome? Market share muscle driving browser direction?


Tracking, ad dollars, and influence over web standards


How is this Microsoft fault? Google presumably made their browser go around the usual interface for changing default browser( via some sneaky api manipulation?). Microsoft patched it to require more than a single click.

The only reason Edge or whatever Microsoft is pushing these days didn't trigger the issue is because their browser didn't make the API call on every new window event and not because of some sinister plan to increase their market share.

Back in the day trying to do things as silently as possible was reserved for malware.


According to the article this does not seem to be the case:

> Gizmodo was able to replicate the problem. In fact, we were able to circumvent the issue just by changing the name of the Chrome app on a Windows desktop. It seems that Microsoft threw up the roadblock specifically for Chrome, the main competitor to its Edge browser.

> Mozilla’s Firefox has its own one-click default button, which worked just fine throughout the ordeal.

so no, this doesn't appear to be about an app using a backdoor API, it's specifically targeted at Chrome.


Both can be true, though. In this case, Chrome does, in fact, try to work around the standard OS API to register default apps (because it opens a screen where the user is then supposed to actually pick things instead of one-click "it just works"):

https://chromium.googlesource.com/chromium/src/+/refs/heads/...


Breaking it for everything would be one thing, but in this case, the update only impacted the application when it was named Chrome.exe. Changing the name or doing the same thing with Firefox still worked the way it had with Chrome. This would point to a deliberate action on Microsoft's part to stifle one particular competitor.


Sorry you're getting downvoted.

A little dive in the original feature would reveal a bunch of unfortunate time-bombs of behaviors taking dependencies on _write time to the registry_, adding arbitrary retry loops to overcome time resolution, and circumventing the standard path in the platform.

https://chromium-review.googlesource.com/c/chromium/src/+/37...

The conspiracy theory is wild, and seems to be based largely on the changing of the name, but if you read the patch, it's dependent on the file.

The comments on the review that were rejected by the author could easily be the conditions that changed and a plausible cause.

The whole thing smells like sensationalist FUD, particularly given the content of this patch.


> dependencies on _write time to the registry_, adding arbitrary retry loops to overcome time resolution

For what it's worth, around this time Microsoft's own API (which will only set Edge as default) messed this up occasionally if you ran it on the edge of a minute. When I implemented the equivalent feature for Firefox I checked the time, only one retry instead of Chrome's 5 and it's still not perfect, though my approach doesn't write the potentially out of date values first. That was already sufficiently stable that I couldn't make it fail.


The design seems pretty wild, I have much sympathy for you implementers


Chrome does not automatically set itself as the default browser.


Lately HN reminds me of Slashdot. Everything in the universe is MS' fault. Chrome is an adware. It tried to use a bug in Windows to sneakily install itself as the default browser. MS is looking out for its users and suddenly MS is the evil guy.


> MS is looking out for its users

Yes, installing Candy Crush and a version of solitaire filled with IAP or filling the start menu with MSN news cruft is really looking out for its users. The only entities that Microsoft gives half a shit about is their shareholders.


So far, I've seen nothing in these comments promoting Chrome, or Google more generally. They (Google and Microsoft) are both the tech equivalent of boogeyman, but this article focuses on specific anticompetitive behaviour from Microsoft. I think it's safe to generalize and say that nobody here thinks Google a saint.


Not suddenly the evil guy, historically.


Remember: since the Reagan era, the law has said that monopolies are A-OK as long as consumers don't pay higher prices.


Like google never did the same to other browsers on gmail/main search page? Who're they're trying to fool?


Which would be a good reason to chastise Google when they do such things.

It’s no response to MS’s anti competitive behavior.


All I know is that my work windows computer now has ads in the start menu. Edge should not be bundled with windows.


"Not Ballmer's Microsoft anymore, they're good now." I never believed that from the start.


It's all a game to Microsoft and you are just the product


One more reason not to use Windows if possible.


"Party like it's 1999"


An overreacting ad. Nothing more. Calling it a 1990s behavior is like calling the entire internet behavior of dark patterns monopolistic.


I'm struggling to understand your comment, both of those claims seem valid to me


I agree it is an overreacting ad, and it is like a dark pattern. But it is not monopolistic like the article alludes to.

Dark patterns are not monopolistic.


Right, but I think what people mean when they say that is that dark patterns are being leveraged to further monopolistic goals


> Chrome is, it bears repeating, the world’s preferred internet browser

I see that journalism remains second oldest profession.


doesn't that what happen between blink and geeko/webkit?


Consumers never win.


sabotage?


I love browser wars. Google is getting taste of its own medicine. They also have endless message "Install google chrome" when we go to google.com or youtube.com.

I think Microsoft should do more to Google. Meanwhile, I am happy with Firefox.


They are allowing a Trojan horse application on their platform two of the main purposes of which are to convert paid MS Office users to paid Google Suite users, and to convert Windows users to ChromeOS users. I think Microsoft is being quite generous, patient, and tolerant, if anything (although to a large degree probably because they are required to act in this way by naive, ignorant, and/or Google-funded regulators).


We live in dark times if we unironically talk about Microsoft "allowing" certain executables in Windows.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: