Mozilla has joined Microsoft in questioning the logic of a new Google plug-in that turns Internet Explorer into Google Chrome. But unlike Redmond, the open source outfit actually presents a well-reasoned argument.
In a Monday night blog post, Mozilla vice president of engineering Mike Shaver said that, like Google, he longs for a world where IE runs more like Chrome, Safari, Firefox, and Opera. But he's adamant that Chrome Frame isn't the way to get there.
"Running Chrome Frame within IE makes many of the browser application’s features non-functional, or less effective," he says. "These include private browsing mode or their other security controls, features like accelerators or add-ons that operate on the content area, or even accessibility support."
Shaver's view was buttressed by a second post from Mozilla chief Mitchell Baker, who sees Google's plug-in splintering the web rather than pulling it together. "The overall effects of Chrome Frame are undesirable," she writes. "I predict positive results will not be enduring and - to the extent it is adopted - Chrome Frame will end in growing fragmentation and loss of control for most of us, including web developers."
Though Microsoft has finally joined the HTML5 effort in earnest, IE has yet to adopt the proposed standard. And that's a problem for Google as it prepares to expand access to the preview version of Google Wave, a new-age communications platform that leans so heavily on HTML5.
When Internet Explorer users visit the new Google Wave preview release - due out Wednesday - Google will suggest they either install the new Chrome Frame plug-in or switch to another browser. What's more, Mountain View has encouraged other developers to rejigger their web applications so that they too will run inside Chrome Frame.
Predictably, Microsoft released a statement badmouthing the plug-in, but it was short on particulars - and long on FUD. "Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take," it said.
Mozilla's Mike Shaver avoids the scare tactics, arguing that Chrome Frame will not only sidestep security tools built into Internet Explorer, but also muddle the way users think about security. "As a side-effect, the user’s understanding of the web’s security model and the behaviour of their browser is seriously hindered by delegating the choice of software to the developers of individual sites they visit," he says.
"It is a problem that we have seen repeatedly with other stack-plugins like Flash, Silverlight and Java, and not one that I think we need to see replayed again under the banner of HTML5."
Mitchell Baker sees such confusion spreading even further. "If you end up at a website that makes use of the Chrome Frame, the treatment of your passwords, security settings, personalization all the other things one sets in a browser is suddenly unknown," she says. "Will sites you tag or bookmark while browsing with one rendering engine show up in the other? Because the various parts of the browser are no longer connected, actions that have one result in the browser you think you’re using won’t have the same result in the Chrome browser-within-a-browser."
Then she envisions a world where others follow the Google lead. "Imagine having the Google browser-within-a-browser for some sites, the Facebook browser-within-a-browser for Facebook Connect sites, the Apple variant for iTunes, the mobile-carrier variant for your mobile sites - all injected into a single piece of software the user thinks of as his or her 'browser,'" she continues.
"The result is a sort of browser-soup, where a given user action serves up some sort of response, but it’s not clear what the result will be... This makes the web less knowable, less understandable, and certainly less manageable."
Google has yet to respond to our requests for comment on the Mozilla posts. But in an earlier note to The Reg, it at least defended the security of the plug-in itself. "Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users, providing strong phishing and malware protection (absent in IE6), robust sandboxing technology, and defenses from emerging online threats that are available in days rather than months," a company spokesman says.
But for Mozilla, this isn't about the plug-in's security. It's about the plug-in itself. Turning a Microsoft browser into a Google browser, Mozilla argues, is inherently a bad idea.
But it may be a stretch to say that the open source outfit has sided with Redmond. "It would be better for the web if developers who want to use the Chrome Frame snippet simply told users that their site worked better in Chrome, and instructed them on how to install it," Shaver says. "The user would be educated about the benefits of an alternate browser, would understand better the choice they were making, and the kudos for Chrome’s performance would accrue to Google rather than to Microsoft." ®