While lately I’ve been endlessly streaming the latest news with horrified fascination, this morning my calendar unexpectedly popped up a reminder set over a year ago… Today is the fifteenth anniversary of my big-league blogging debut on the Internet Explorer Team’s blog. My first post there, “A HTTP Detective Story” remains one of my favorites.Continue reading “Celebrating Fifteen Years”
Author Archives: ericlaw
Enigma Conference 2020 – Browser Privacy Panel
Brave, Mozilla Firefox, Google Chrome and Microsoft Edge presented on our current privacy work at the Enigma 2020 conference in late January. The talks were mostly high-level, but there were a few feature-level slides for each browser. My ~10 minute presentation on Microsoft Edge was first, followed by Firefox, Chrome, and Brave. At 40 minutesContinue reading “Enigma Conference 2020 – Browser Privacy Panel”
“Can I… in the new Edge?” (Un-FAQ)
This post is intended to collect a random set of questions I’ve been asked multiple times about the new Chromium-based Edge. I’ll add to it over time. I wouldn’t call this a FAQ because these questions, while repeated, are not frequently asked. Last Update: Sept 25, 2024 Can I get a list of all supportedContinue reading ““Can I… in the new Edge?” (Un-FAQ)”
Bypassing AppProtocol Prompts
Starting in Microsoft Edge 77 (and Chrome 77), the prompt shown when launching an AppProtocol from the browser was changed to remove the “Always allow” checkbox. That change was made, in large part, because this prompt is the only thing standing between every arbitrary site on the Internet (loaded inside your browser’s sandbox) and aContinue reading “Bypassing AppProtocol Prompts”
Browser Password Managers: Threat Models
All major browsers have a built-in password manager. So we should use them, right? I Do Should You? The easy answer is “Yes, use your browser’s password manager!“ The more nuanced answer begins: “Tell me about your threat model?” As when evaluating almost any security feature, my threat model might not match your threat model,Continue reading “Browser Password Managers: Threat Models”
Demystifying Browsers
Last update: October 29, 2024 Web browsers are conceptually pretty simple, but their code and the ecosystems that arise around the platforms they expose are immensely complicated. I started building browser extensions more than 22 years ago, and I started building browsers directly just over 16 years ago. At this point, I think it’s fairContinue reading “Demystifying Browsers”
App-to-Web Communication: Launching Web Apps
In recent posts, I’ve explored mechanisms to communicate from web content to local (native) apps, and I explained how web apps can use the HTML5 registerProtocolHandler API to allow launching them from either local apps or other websites. In today’s post, we’ll explore how local apps can launch web apps in the browser. It’s Simple…Continue reading “App-to-Web Communication: Launching Web Apps”
Microsoft’s Three Browsers
It’s an interesting time. Microsoft now maintains three different web browsers: Internet Explorer 11 Microsoft Edge Legacy (Spartan, v18 and below) Chromium-based Microsoft Edge (v79+) If you’re using Internet Explorer 11, you should stop; sometimes, this is easier said than done. If you’re using Legacy Microsoft Edge, you should upgrade to the new Microsoft EdgeContinue reading “Microsoft’s Three Browsers”
My New Chromium Build PC
While I do most of my work in an office, from time to time I work on code changes to Chromium at home. With the recent deprecation of Jumbo Builds, building the browser on my cheap 2016-era Dell XPS 8900 (i7-6700K) went from unpleasant to impractical. While I pondered buying a high-end Threadripper, I couldn’tContinue reading “My New Chromium Build PC”
Security Zones in Edge (and Chrome)
Last updated: 25 March 2025 Browsers As Decision Makers As a part of every page load, browsers have to make dozens, hundreds, or even thousands of decisions — should a particular API be available? Should a resource load be permitted? Should script be allowed to run? Should video be allowed to start playing automatically? ShouldContinue reading “Security Zones in Edge (and Chrome)”
text/plain 