Sadly my experience is that when it comes to security measures, user control often runs contrary to security. While we definitely should have the choice, you have to make it a bit difficult and non-obvious to disable security features, or people will unwittingly disable them for all sorts of bad reasons.
Thank you for the link. I understand somewhat what you mean about security, but also I get the other side too - security for who, and for what purpose? Google seems to have decided that it wants security to deliver ads to your browser, and also to track you everywhere you go (while offering no paid options to surf the internet without ads or tracking afaik?). This may fall under the umbrella of “security”, but not for the sake of the users, whose traffic is being monetized, and the only option is to go over to some other browser like Firefox, which now, conveniently for Google, seems to be doing the same? Or at least could, if anyone could spoof the service and pretending to be Firefox, ask for security adons to be disabled? Maybe I’m simply too jaded to easily trust anymore:-P.
Security for the user is obviously what we are talking about. Regular people do not have the knowledge or patience to make informed decisions regarding their technical security; any model that relies on that is going to fail because people will click whatever they need to make stuff work. Even people who do understand the technology do stuff like disabling SSL verification, rather than going through the effort of adding the new CA to their cert list.
Firefox is not doing the same as Chrome. Firefox is adding a feature to disable unverified add-ons on particular domains to stop attacks from malicious add-ons. Chrome is adding a feature that tracks the sites you visit and shares them with other sites to improve ad tracking.
You can absolutely disable this feature, Mozilla provides instructions for how in their article https://support.mozilla.org/en-US/kb/quarantined-domains
Sadly my experience is that when it comes to security measures, user control often runs contrary to security. While we definitely should have the choice, you have to make it a bit difficult and non-obvious to disable security features, or people will unwittingly disable them for all sorts of bad reasons.
Thank you for the link. I understand somewhat what you mean about security, but also I get the other side too - security for who, and for what purpose? Google seems to have decided that it wants security to deliver ads to your browser, and also to track you everywhere you go (while offering no paid options to surf the internet without ads or tracking afaik?). This may fall under the umbrella of “security”, but not for the sake of the users, whose traffic is being monetized, and the only option is to go over to some other browser like Firefox, which now, conveniently for Google, seems to be doing the same? Or at least could, if anyone could spoof the service and pretending to be Firefox, ask for security adons to be disabled? Maybe I’m simply too jaded to easily trust anymore:-P.
Security for the user is obviously what we are talking about. Regular people do not have the knowledge or patience to make informed decisions regarding their technical security; any model that relies on that is going to fail because people will click whatever they need to make stuff work. Even people who do understand the technology do stuff like disabling SSL verification, rather than going through the effort of adding the new CA to their cert list.
Firefox is not doing the same as Chrome. Firefox is adding a feature to disable unverified add-ons on particular domains to stop attacks from malicious add-ons. Chrome is adding a feature that tracks the sites you visit and shares them with other sites to improve ad tracking.
How are these features comparable at all?