Celebrating Fifteen Years

While lately I’ve been endlessly streaming the latest news with horrified fascination, this morning my calendar unexpectedly popped up a reminder set over a year ago… Today is the fifteenth anniversary of my big-league blogging debut on the Internet Explorer Team’s blog. My first post there, “A HTTP Detective Story” remains one of my favorites.Continue reading “Celebrating Fifteen Years”

Enigma Conference 2020 – Browser Privacy Panel

Brave, Mozilla Firefox, Google Chrome and Microsoft Edge presented on our current privacy work at the Enigma 2020 conference in late January. The talks were mostly high-level, but there were a few feature-level slides for each browser. My ~10 minute presentation on Microsoft Edge was first, followed by Firefox, Chrome, and Brave. At 40 minutesContinue reading “Enigma Conference 2020 – Browser Privacy Panel”

“Can I… in the new Edge?”

This post is intended to collect a random set of questions I’ve been asked multiple times about the new Chromium-based Edge. I’ll add to it over time. I wouldn’t call this a FAQ because these questions, while repeated, are not frequently asked. Last Update: Sept 30, 2020 Can I get a list of all ofContinue reading ““Can I… in the new Edge?””

Bypassing AppProtocol Prompts

Starting in Microsoft Edge 77 (and Chrome 77), the prompt shown when launching an AppProtocol from the browser was changed to remove the “Always allow” checkbox. That change was made, in large part, because this prompt is the only thing standing between every arbitrary site on the Internet (loaded inside your browser’s sandbox) and aContinue reading “Bypassing AppProtocol Prompts”

Browser Password Managers: Threat Models

All major browsers have a built-in password manager. So we should use them, right? I Do I use my browser’s password manager because it’s convenient: with sync, I get all of my passwords on all of my devices. This convenience means that I can use a different password for every website, improving my security. ThisContinue reading “Browser Password Managers: Threat Models”

Demystifying Browsers

Last update: Sept 30, 2020 I started building browser extensions more than 22 years ago, and I started building browsers directly just over 16 years ago. At this point, I think it’s fair to say that I’m entering the grizzled veteran phase of my career. With the Edge team continuing to grow with bright youngContinue reading “Demystifying Browsers”

App-to-Web Communication: Launching Web Apps

In recent posts, I’ve explored mechanisms to communicate from web content to local (native) apps, and I explained how web apps can use the HTML5 registerProtocolHandler API to allow launching them from either local apps or other websites. In today’s post, we’ll explore how local apps can launch web apps in the browser. It’s Simple…Continue reading “App-to-Web Communication: Launching Web Apps”

Microsoft’s Three Browsers

It’s an interesting time. Microsoft now maintains three different web browsers: Internet Explorer 11 Microsoft Edge Legacy (Spartan, v18 and below) Chromium-based Microsoft Edge (v79+) If you’re using Internet Explorer 11, you should stop; sometimes, this is easier said than done. If you’re using Legacy Microsoft Edge, you should upgrade to the new Microsoft EdgeContinue reading “Microsoft’s Three Browsers”

Security Zones in Edge

Browsers As Decision Makers As a part of every page load, browsers have to make dozens, hundreds, or even thousands of decisions — should a particular API be available? Should a resource load be permitted? Should script be allowed to run? Should video be allowed to start playing automatically? Should cookies or credentials be sentContinue reading “Security Zones in Edge”

Retiring Internet Explorer

Prelude In late 2004, I was the Program Manager for Microsoft’s clipart website, delivering a million pieces of clipart to Microsoft Office customers every day. It was great fun. But there was a problem– our “Clip of the Day” feature, meant to spotlight a new and topical piece of clipart every day, wasn’t changing asContinue reading “Retiring Internet Explorer”