X Y Z // G A R B A G E F I L E

A production of Skrzyk Labs.

Google Intentionally Blocking Browsers

Update: 2019-12-17

There have been various outets that have reported this since this article (e.g. 9to5google.com). They all cite the two sources listed in this post and really don't have much to add outside of mentioning that changing the user agent gets around the restriction.

Google has been found to be blocking browsers from its services. This is not okay.

Rather than let the issue drop from awareness to see how it plays out, I'm jumping straight in. I will post spoilers early: This looks bad, and does quite a bit to accelerate my ongoing “De-Googleization”.

First, some links:

While presenting arguments based personal experience and opinion, there's always a risk in going straw-man. So let's go with a best cases first here. These are not my views on it, but in the absence of information, it is at least worth considering these views. We will see what facts line up.

Google could have a genuine security concern.

There are cases that I have run into where users connecting with outdated clients can be detrimental. A recent example for cryptocurrency fans was the Electrum client. This client had a flaw that allowed phishers to trick users into compromising themselves. Servers had to block the client from connecting.

The problem with how this is being handled, however, is the lack of transparency. I am not seeing any indication in my (albeit quick) research to show that Google has made any disclosures of security risks, or any announcements that they are deprecating the use of certain browsers.

2019-12-17 - Now that we know that all it takes to circumvent the restriction is a trivial user agent change it is unlikely this is due to a serious security concern. Anyone attempting to exploit their services would likely be obfuscating user agent already. I would like to assume Google engineers are not incompetent, and this is not a strong defense if this is a serious security concern.

You could argue that these are their services, and they can do with them as they choose. I would not disagree with that, but it is the kind of move that makes your eyes narrow. My counter argument to this best case is that they have handled it poorly given the growing and valid arguments of their bad faith, monopolist like behavior.

Google could also be lowering their support costs

Developing products cost money for companies, especially when there is a support expectation. User experience is a consideration and there could be some motivation to improve all of this by guaranteeing that the user has a good experience without tying up help channels to do so.

Again, the counter to this is that it could have been handled transparently. Google has become big enough that they are indifferent to people's concerns on changes especially when it constitutes a smaller part of their user base.

More Likely, in my opinion

Google is big enough that they can do what they want. They are big enough to not care that their roots are ultimately in the GNU/Linux revolution that changed computing. They exist largely because of that operating system and their infrastructure requires it, which just makes me glad they had the wherewithal to drop “Don't be evil” from their corporate mission statements.

This instead reinforces a suspicion on my part that Chrome is really a long term Embrace/Extend/Extinguish move. Google has been able to steer web standards and practices through the ubiquity of the client, much in the way Microsoft attempted with Internet Explorer. After watching all the shenanigans that browser got up to after in a network capture convinced me of that, and the more I have read from people smarter than me, those concerns were understated.

I see this is as potentially accomplishing several goals for them:

  • They block out non-revenue generating clients that
    • Block ads
    • Block cookies
    • Are used by users likely able to (or ready to) exit.
  • They solidify the position of their services with lock-in
  • They are aggressive in failing out their own products, and believe they are in a position to EEE (Embrace/Extend/Extenguish).

They already have much of our identity just through search and email, as well as ad and tracking revenue. Making a play to control the client we use to access most of the internet, and thereby becoming the gatekeeper of the internet does not bode well. I would go even further and speculate that perhaps our concerns about Net Neutrality, while valid, failed to also consider that a slow-burn corporate land grab was under way.

The sum up is that this is bad behavior, plain and simple. I don't trust them and I don't think anyone who does has been paying attention. I will be focusing in the coming days and weeks about posting about viable alternatives to their services.

It's time to realize that the net is ours, and we have a say in how we use it.