A bit of GREASE keeps the web moving

For the first few years of the web, developers pretty much coded whatever they thought was cool and shipped it. Specifications, if written at all, were an afterthought. Then, for the next two decades, spec authors drafted increasingly elaborate specifications with optional features and extensibility points meant to be used to enable future work. Unfortunately,Continue reading “A bit of GREASE keeps the web moving”

META CHARSET

Someone complained that a Japanese page is garbled in Edge/Chrome, but renders with the correct characters in Firefox and IE: The problem is that Chromium is using an unexpected character set to interpret the response in the HTML Parser. That happens because the server doesn’t send a proper character set directive. To avoid problems likeContinue reading “META CHARSET”

Client Certificate Authentication

While most HTTPS sites only authenticate the server (using a certificate sent by the website), HTTPS also supports a mutual authentication mode, whereby the client supplies a certificate that authenticates the visiting user’s identity. Such a certificate might be stored on a SmartCard, or used as a part of an OS identity feature like WindowsContinue reading “Client Certificate Authentication”

Analyzing Network Traffic Logs (NetLog json)

Previously, I’ve described how to capture a network traffic log from Microsoft Edge, Google Chrome, and applications based on Chromium or Electron. In this post, I aim to catalog some guidance for looking at these logs to help find the root cause of captured problems and otherwise make sense of the data collected. Last Update:Continue reading “Analyzing Network Traffic Logs (NetLog json)”

Debugging Proxy Configuration Scripts in the new Edge

I’ve written about Browser Proxy Configuration a few times over the years, and I’m delighted that Chromium has accurate & up-to-date documentation for its proxy support. One thing I’d like to call out is that Microsoft Edge’s new Chromium foundation introduces a convenient new debugging feature for debugging the behavior of Proxy AutoConfiguration (PAC) scripts.Continue reading “Debugging Proxy Configuration Scripts in the new Edge”

Enigma Conference 2020 – Browser Privacy Panel

Brave, Mozilla Firefox, Google Chrome and Microsoft Edge presented on our current privacy work at the Enigma 2020 conference in late January. The talks were mostly high-level, but there were a few feature-level slides for each browser. My ~10 minute presentation on Microsoft Edge was first, followed by Firefox, Chrome, and Brave. At 40 minutesContinue reading “Enigma Conference 2020 – Browser Privacy Panel”

“Can I… in the new Edge?” (Un-FAQ)

This post is intended to collect a random set of questions I’ve been asked multiple times about the new Chromium-based Edge. I’ll add to it over time. I wouldn’t call this a FAQ because these questions, while repeated, are not frequently asked. Last Update: May 14, 2021 Can I get a list of all ofContinue reading ““Can I… in the new Edge?” (Un-FAQ)”

Bypassing AppProtocol Prompts

Starting in Microsoft Edge 77 (and Chrome 77), the prompt shown when launching an AppProtocol from the browser was changed to remove the “Always allow” checkbox. That change was made, in large part, because this prompt is the only thing standing between every arbitrary site on the Internet (loaded inside your browser’s sandbox) and aContinue reading “Bypassing AppProtocol Prompts”

Browser Password Managers: Threat Models

All major browsers have a built-in password manager. So we should use them, right? I Do I use my browser’s password manager because it’s convenient: with sync, I get all of my passwords on all of my devices. This convenience means that I can use a different password for every website, improving my security. ThisContinue reading “Browser Password Managers: Threat Models”

Demystifying Browsers

Last update: May 25, 2021 I started building browser extensions more than 22 years ago, and I started building browsers directly just over 16 years ago. At this point, I think it’s fair to say that I’m entering the grizzled veteran phase of my career. With the Edge team continuing to grow with bright youngContinue reading “Demystifying Browsers”