Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

The problem is Google appears to label this as a security feature. I'm fine with the feature existing, but it should say something like "require Chrome" or "block Firefox" not "require a secure browser (wink wink we actually mean Chrome)"


The wording here is bad, but basically CAA supports non browser specific policy and, in some cases, browser specific policy (GSuite offers a "Managed Chrome" policy). Firefox users can leverage much of the non browser specific policy, they obviously can not be a part of the "Managed Chrome" offering.


There's no contradiction here; it's totally possible for a company to make a feature configurable so that it doesn't block their competitors but also intentionally design and market it in a way that's misleading in ways that will lead to their competitors getting blocked. When we're talking about a company as large as Google and a product with as much market share as Chrome, I don't think it's that crazy to think that things like this add up to encouraging even more hegemony, and when that happens to align perfectly with the incentives of the company making said product decisions, I also don't think it's crazy to think it's unlikely to be a coincidence.


If the argument is that Google has built a product that encourages use of Google products, of course. The question is whether that's some sort of trickery or odd or bad. "Google offers Managed Chrome as a service" hardly seems controversial to me.


Google offering managed chrome as a service is a completely sensible thing. The problem is that they are nearly a browser monopoly, and making Google Workspace work in such a way with Google Chrome feels to me like anti-competitive practices. If we didn't have one giant megacorp that did both things, it would be different.

Of course, so far the only workable model for web browsers is having a giant megacorp fund their development and maintenance. Which is a huge issue, and we will do basically nothing about it.

(Don't get me wrong. I have high hopes for Ladybird and even Servo, but they may come too late if effectively-proprietary features force most users to stick to Chrome anyways.)


I'm not sure what the alternative is. Is there will from Firefox to support a "standard browser config", at which point GSuite could add support for managed Firefox config? If you want managed Firefox, Mozilla could offer that as well (they have something but it's different enough).


The alternative that we've used for the past 100+ years is to force such companies apart. Is Google Docs allowed to offer a "managed chrome" policy? Sure. Is Google Chrome allowed to be a browser? Absolutely!

But if either side is close to a monopoly, both cannot be part of the same company, even if that means breaking an existing company up.


I think it's fine to advocate that Google should be split up but I don't think that CAA is a good example of a company abusing power.


There's really nothing particularly wrong with the Chrome feature itself. There is a bit of a problem with the way it inherently results in browser vendor lock-in (regardless of whether it is a stated goal) with Google Workspace, which is by the same company. That's the main problem.

I may be missing something because I feel like this specific point has been reiterated a few times in this thread but I haven't seen it actually rebuked directly.


There is no Chrome feature here? We must be talking past each other, yes.


The Chrome feature is the support for Endpoint Verification that is used by CAA. That is quite literally the reason for this HN post.


Endpoint Verification is not a Chrome feature, nor is CAA. Endpoint Verification is an extension, CAA is a GSuite feature.


Look man, this is absolutely getting into the semantics phase. I know you're not stupid, don't treat me like I am.

Firstly, some Chrome features (like Chrome Remote Desktop) are delivered partly as extensions. This does not make them not features of Chrome. It makes them features that happen to be delivered in some part as extensions.

Doesn't matter. Let's say Endpoint Verification is not a Chrome feature. Thankfully, we don't actually need that for our argument. The crux of this argument is simple:

- Google Workspace depends on proprietary Chrome features,

- Chrome has specific proprietary features designed to support Google Workspace (and other proprietary Google offerings.)

What is the proprietary features I am referring to? Well, I'd just say "Endpoint Verification", but we can go a layer deeper. In order to implement Endpoint Verification, we need privileged, private extension APIs. These APIs are not for use with non-Google extensions, and Endpoint Verification uses enterprise.reportingPrivate.

You can disagree that it is a problem that Google Chrome and Google Workspace are developing proprietary integrations with each-other, that's your prerogative, but I'm not humoring this gaslighting attempt.


I'm not trying to treat you like you're stupid or to gaslight you. There is a "slice" of this that is absolutely a native, Chrome-only interface, but I just don't think that this is particularly exceptional. These sorts of Firefox-only APIs exist as well in order to support Mozilla's goals, and this is quite normal - you wouldn't expect every single aspect of the browser to be built in lockstep with every other browser.

For the most part, Mozilla could build out Endpoint Verification (and it supports a subset of the APIs anyways). Similarly, there could be a web proposal for device attestation APIs that are more generalized, etc, which I think would be great.


It is a security feature. In a corporate environment, you generally don't want users installing their own software. If it's a remote access thing from a personal device, you still generally want to be able to establish some kind of baseline. I don't like Chrome - not even a little bit - but I will admit that they have a pretty damn good security track record. I'd rather my remote users be on there than some crusty Firefox installation with 40 extensions. Organizations have the right to make these decisions when they are the ones that own the data. For example, when I was still in that world, we required personal phones to be encrypted to access corporate email. This was when a lot of people would still walk around with devices without a pin. People complained, but it was non-negotiable.


Literally the only reason they can argue Chrome is more secure than Firefox in that kind of setting is because they can Google can push Google Chrome profiles via Google Workspaces but they’ve never working with Mozilla to create an interop for Firefox.

When Microsoft did this with Windows, AD, and Internet Explore, it was deemed a breach of anti-trust laws. The question is whether such laws apply to Google given they don’t have a monopoly in the identity services domain.

If you’d asked me 5 years ago, I’d have said “no way”, but recent judgements with Apple and their App Store lead me to think there is still hope. Regardless of how remote that might be.


And Google would probably say the same thing Microsoft used to say back in the day. Their customers aren't asking for the ability to manage profiles in Firefox. I wouldn't doubt for a second that it's true.

Almost nobody outside of the minority of internet users fighting against chromium hegemony cares about Firefox. Firefox lost its casual users years ago. Hell, even most of those people sticking with it out of principle are doing it while gritting their teeth. It's been a subpar browser for a long time and the Mozilla organization kinda sucks.

Why would any for-profit enterprise waste their time or money on Firefox?




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: