Musings on Chrome, the rebirth of the location bar and privacy in the cloud

Imagine a browser of the web, by the web, and for the web. Not simply a thick client application that simply opens documents with the http:// protocol instead of file://, but one that runs web applications (efficiently!), that plays the web, that connects people across the boundaries of the silos and gives them local-like access to remote data.

It might not be Chrome, but it’s a damn near approximation, given what people today.

Take a step back. You can see the relics of desktop computing in our applications’ file menus… and we can intuit the assumptions that the original designer must have made about the user, her context and the interaction expectations she brought with her:

Firefox Menubar

This is not a start menu or a Dock. This is a document-driven menubar that’s barely changed since Netscape Communicator.

Indeed, the browser is a funny thing, because it’s really just a wrapper for someone else’s content or someone’s else’s application. That’s why it’s not about “features“. It’s all about which features, especially for developers.

It’s a hugely powerful place to insert oneself: between a person and the vast expanse that is the Open Web. Better yet: to be the conduit through which anyone projects herself on to the web, or reaches into the digital void to do something.

So if you were going to design a new browser, how would you handle the enormity of that responsibility? How would you seize the monument of that opportunity and create something great?

Well, for starters, you’d probably want to think about that first run experience — what it’s like to get behind the wheel for the very time with a newly minted driver’s permit — with the daunting realization that you can now go anywhere you please…! Which is of course awesome, until you realize that you have no idea where to go first!

Historically, the solution has been to flip-flop between portals and search boxes, and if we’ve learned anything from Google’s shockingly austere homepage, it comes down to recognizing that the first step of getting somewhere is expressing some notion of where you want to go:

Camino. Start

InquisitorThe problem is that the location field has, up until recently, been fairly inert and useless. With Spotlight-influenced interfaces creeping into the browser (like David Watanabe’s recently acquired Inquisitor Safari plugin — now powered by Yahoo! Search BOSS — or the flyout in Flock that was inspired by it) it’s clear that browsers can and should provide more direction and assistance to get people going. Not everyone’s got a penchant for remembering URLs (or RFCs) like Tantek’s.

This kind of predictive interface, however, has only slowly made its way into the location bar, like fish being washed ashore and gradually sprouting legs. Eventually they’ll learn to walk and breath normally, but until then, things might look a little awkward. But yes, dear reader, things do change.

So you can imagine, having recognized this trend, Google went ahead and combined the search box and the location field in Chrome and is now pushing the location bar as the starting place, as well as where to do your searching:

Chrome Start

This change to such a fundamental piece of real estate in the browser has profound consequences on both the typical use of the browser as well as security models that treat the visibility of the URL bar as sacrosanct (read: phishing):

Omnibox

The URL bar is dead! Long live the URL bar!

While cats like us know intuitively how to use the location bar in combination with URLs to gets us to where to we want to go, that practice is now outmoded. Instead we type anything into the “box” and have some likely chance that we’re going to end up close to something interesting. Feeling lucky?

But there’s something else behind all this that I think is super important to realize… and that’s that our fundamental notions and expectations of privacy on the web have to change or will be changed for us. Either we do without tools that augment our cognitive faculties or we embrace them, and in so doing, shim open a window on our behaviors and our habits so that computers, computing environments and web service agents can become more predictive and responsive to them, and in so doing, serve us better. So it goes.

Underlying these changes are new legal concepts and challenges, spelled out in Google’s updated EULA and Privacy Policy… heretofore places where few feared to go, least of all browser manufacturers:

5. Use of the Services by you

5.1 In order to access certain Services, you may be required to provide information about yourself (such as identification or contact details) as part of the registration process for the Service, or as part of your continued use of the Services. You agree that any registration information you give to Google will always be accurate, correct and up to date.

. . .

12. Software updates

12.1 The Software which you use may automatically download and install updates from time to time from Google. These updates are designed to improve, enhance and further develop the Services and may take the form of bug fixes, enhanced functions, new software modules and completely new versions. You agree to receive such updates (and permit Google to deliver these to you) as part of your use of the Services.

It’s not that any of this is unexpected or Draconian: it is what it is, if it weren’t like this already.

Each of us will eventually need to choose a data brokers or two in the future and agree to similar terms and conditions, just like we’ve done with banks and credit card providers; and if we haven’t already, just as we have as we’ve done in embracing webmail.

Hopefully visibility into Chrome’s source code will help keep things honest, and also provide the means to excise those features, or to redirect them to brokers or service providers of our choosing, but it’s inevitable that effective cloud computing will increasingly require more data from and about us than we’ve previously felt comfortable giving. And the crazy thing is that a great number of us (yes, including me!) will give it. Willingly. And eagerly.

But think one more second about the ramifications (see Matt Cutts) of Section 12 up there about Software Updates: by using Chrome, you agree to allow Google to update the browser. That’s it: end of story. You want to turn it off? Disconnect from the web… in the process, rendering Chrome nothing more than, well, chrome (pun intended).

Welcome to cloud computing. The future has arrived and is arriving.

20 Comments

  1. at 7pm on Sep 2nd # |

    This is a tradeoff, of course. Just like in school you have to provide certain up-to-date information and there’s ultimately not a ton of “privacy” because it works against you (isn’t a part of school supposed to be the safe sharing and challenging of ideas?). You still own your identity, but it is agreed that you’ll share. Kind of like a properly functioning society.

    The issue around forcing updates is something we’re pretty much used to now. I remember how devastating it was when Gmail “upgraded” and broke the one add-on I really needed: label macros (it still doesn’t work right, but that’s another story). We’ve been heading down this road for a while…

    But yes, folks need to tune in to the New Web Order or little by little they are going to wake up in a completely different landscape.

  2. Arjun Ram said
    at 7pm on Sep 2nd # |

    It is amazing how google continues to find innovative ways to get people to the search results page where they can sell ads. The search results page is a big cash cow for them! I wouldnt be surprised if they integrate google desktop results into this URL bar! Think of the possibilities .. In one swiping move they would integrate the windows explorer and the browser. More likely that people would use Chrome to search their filesystem.

    To get an idea of how this would play out just look at the google app on the iphone..

    Source code being open is definitely helpful .. Lets see how it plays out ..

    Google’s tentacles are far reaching and it is sad that there is not much competition from Yahoo & Microsoft right now!

  3. Matt Cutts said
    at 8pm on Sep 2nd # |

    Hey Chris, I imagine the Chrome folks thought hard about this topic, but given the number of “average” users out there who might be exposed to malware/security issues otherwise, I personally think it’s the right choice. Since Chrome is open-source, it wouldn’t be hard to change the browser so it didn’t update.

  4. Jim Pick said
    at 6am on Sep 3rd # |

    Taking away the option to not have to upgrade is fundamentally a bad thing.

    It gives Google the power to either unintentionally or intentionally break any plugin or extension developed for this thing.

    If Google builds a sandbox (like Apple has done with the iPhone), and an enterprising developer figures out a jailbreak — then Google can shut them down. Good for security, but bad for openness.

    Ultimately, that’s taking power away from the end users.

  5. Todd said
    at 9am on Sep 3rd # |

    Made this screen shot of Google Chrome/Gears/geolocation API vs. Fire Eagle:

    http://farm4.static.flickr.com/3032/2824453767_8ae6f06ca0_o.jpg

    I am worried that Chrome is a preview of things to come for Android/Mobile AdSense. Let’s hope I am wrong.

  6. at 10am on Sep 3rd # |

    @Matt: I actually agree. It’s in some ways no different than using McAfee or Symantec — you’re subscribing to their service presumably because you trust them to be aware of threats and to keep you safe. I don’t really have a problem with this service from Google.

    @Jim: I disagree, from a “typical user” perspective. Seriously, most people ignore taskbar notifications that there’s new software to update to. Especially if the changes are not to the interface, but instead improve the rendering engine display of webpages and improve performance and compatibility, I think this is going to be something that people actually want.

    It’s not an idea that’s palatable today, but when a website redesigns (except in the case of Facebook), we don’t have the choice to go back. That’s the nature of the web. I know desktop software is arguably and historically different, but I think this is where we need to break with how we’ve thought about software-as-downloadable in the past and think about it as an extension of a web service.

    @Todd: I’m excited about that possibility! AdSense already geolocates you based on the servers you’re connecting to… with the built-in geolocation API, that means that ANY website could take advantage of knowing where you are, IF you grant it such access. That’s huge!

  7. Todd said
    at 10am on Sep 3rd # |

    “I’m excited about that possibility! AdSense already geolocates you…”

    I am not excited.

    Google isn’t giving us users enough control over how much information to expose ( per the screen shot in my comment above ) when compared to super double plus awesome Fire Eagle. Chrome’s user controls for privacy suck, and that’s just for a stationary desktop browser…Android may be just as bad.

  8. at 11am on Sep 3rd # |

    @Todd: That interface looks pretty clear to me. Unless you check off “I trust this site”, you only have the choice to Deny… what about that don’t you like?

    I can tell you that OpenID’s greatest challenge is usability and making the site-to-site flow make sense and feel more customary.

    How do you feel the Gears UI compares with the current iPhone authorization UI? http://www.flickr.com/photos/factoryjoe/2825038419/

    What would you like instead?

  9. Jim Pick said
    at 11am on Sep 3rd # |

    @Chris: I guess we disagree. But this is a major pet-peeve I have with modern software. I think good software is software that is done. Everybody has been trained like dogs to accept half-done software. There is no need to update software that is complete and correct. Think about the way Donald Knuth handles the version numbering in his software (TeX and Metafont).

  10. at 11am on Sep 3rd # |

    @Jim: I guess I don’t believe that good software, that isn’t monolithic, is ever “done”. I wish there were such a thing as immaculate software, but that’s the nature of technology — it’s always changing.

    Now, I would offer support to the notion that the web might make folks more lazy, since they can always update their website and everyone immediately has the latest version… so they can push incomplete work (see MobileMe)… but I actually think that in general, this trend will lead to more interesting, more innovative and more responsive companies that don’t simply rest their best models on version lock-in (see Microsoft).

    I also think that the browser has a LONG way to go before it can compete with desktop-based applications… to get there, it’s going to need to continually be updated and improved. The web is changing much faster than desktop environments — ideally this will lead to better software, even if it means that there will be bumps along the way (again, Windows hasn’t been without its numerous service packs and patches — but maybe that’s not a great example).

  11. Todd said
    at 11am on Sep 3rd # |

    @Chris Messina

    I want the same thing I get in Fire Eagle:

    http://farm4.static.flickr.com/3096/2825286776_e17a6ba760_o.jpg

    The Google/Gears/Chrome/geolocation API’s “all or nothing” is too black and white. Its also missing FE’s “temporary off”, “delete trail” and “expiration date”.

  12. Jim Pick said
    at 11am on Sep 3rd # |

    @Chris: You make a good point. Google made this browser so that they would have a better environment for things like Gmail, Google Reader, Google Docs (none of which are open source, BTW). It’s all good software, but I fear that control is slipping further and further away from the user. The model is no longer going to be the traditional one of users installing a bunch of small apps that they like. Instead, it’s going to be one of users “opting in” to the mega-platform from the company that they trust the most.

  13. at 12pm on Sep 3rd # |

    @Todd: Ok, fair point, but as the Gears documentation talks about, their API is just an abstraction already available on many mobile handsets. It’s unclear to me who already has access to your location (if you use one of these devices) and whether you’re ever prompted to authorize access to that information (say, if you install a third-party app).

    I also worry about the user experience — where you might decide to provide only city-level access to your location (playing your cards close to your chest) but then expect great results when you look for directions to a nearby restaurant and you’re prompted to type in your location. The problem, I suppose, is that without complicated and time consuming previews of potential functionality, it’s hard to know what level of permission to grant… and so you’ll either end up granting all access (like many people probably did with Facebook apps) or little to none, defeating the purpose of the API in the first place.

    Unfortunately to convenience you, you’re inconveniencing developers, who would need to work around people having varying degrees of location specificity. It just doesn’t seem like that’s going to be the best option forward — although I am still sympathetic to your case.

    @Jim: I’m not entirely sure about that. I use Fluid apps to achieve similar types of functionality that’s built into Chrome, and I didn’t have to sign up to a monolith (though I do use many Google apps). I guess my point is that there is a general trend towards web-based delivery of services… and downloadable software is becoming less relevant as browsers get better. This is especially true if your primary computing device is NOT a PC or laptop (i.e. mobile device/PlayStation, etc).

    We need our data and our services available wherever WE are… NOT where our computers are. That’s a fundamental change that’s coming — and yes, in that case, it does mean picking a monolith of sorts — even you self-host.

  14. Todd said
    at 1pm on Sep 3rd # |

    “…to convenience you, you’re inconveniences developers.”

    Sounds perfect since they get paid $100.00+ an hour to code the service, and I get paid $0.00 to use the service! Adam Smith was right! :P

  15. at 2pm on Sep 3rd # |

    @Todd: ! Ha! Well, I guess if you’re willing to pay for the browser, then I guess I’ll agree with you!

  16. Ross Hill said
    at 5pm on Sep 3rd # |

    Search is definitely a big one – so many people already type urls into Google, and keywords into location bars. This will make life easier for them!

    I also think this is a major play on web apps (of which google has many).

  17. at 11am on Sep 5th # |

    @Chris: In this post you make a compelling argument. The tool change make us change our workflow; a phenomenom Joshua Porter coined as co-evolving.

    So most of us will “embrace tools that augment our cognitive faculties, and in so doing, shim open a window on our behaviors and our habits”. A collateral concern is if this shimming open is to be abused by corporations.
    It is in the nature of organizations to push their advantage. “Everything” you do on the internet would go through Apple, Microsoft or Google.
    I propose that it is better if we keep a foundation (Mozilla) as important player. Google could selectively avoid proposing Chrome to the people landing on their homepage — depending on their current browser. This is very easy to do. (Here is an example in PHP.) They don’t.

    @Victor: I understand that your mention of a New Order hints on the political. Sorry if I miss some language subtleties. So i’ll respond in kind.
    Accepting continuous updates is a choice. You are not compelled to move in the direction you are given. My usual browser is the latest Firefox version but this comment is being posted on Epiphany — a browser that is switching from Gecko to Webkit.
    A better answer to you is the 1st comment from Jim Pick.

  18. at 11am on Sep 5th # |

    @Matt: Chromium is open source. Where is the source of Chrome?

  19. aryan.charismatic1@gmail.com said
    at 3am on Oct 7th # |

    Absolutely rocks in every way. Google has once again proven that it has what is needed to deliver great products. it’s a decent browser…download time may be a dash slower than other browsers but the app load time, smooth rendering, space utilization etc are great.

  20. Other Matt said
    at 8pm on Dec 8th # |

    While I think the combo URL/search box constitutes novel UI…I think it stinks as an implementation of the opensearch.org specification when compared to Firefox or IE (let’s not even talk about lame Safari that eschews it altogether).

    Here’s why:
    1) There is no way to switch search engines on-the-fly once you’ve typed a query
    2) Editing your search engines (right-click on the URL/search box field, “Edit Search Engines”?) is hard to find
    3) If you have figured out #2 for how to add a non-Google search engine, the trick of invoking your non-default by typing “Bing query term” just won’t work for my mom. Or brother even. It’s command-liney. Cool for geeks, but that’s it.
    4) (related) there’s no visual way of seeing which search engines you can choose from when typing a query

    It’s hard not to draw this up into a conspiracy theory: Google makes itself the default search engine, but makes it really hard to switch to another search provider, all the while “supporting” OpenSearch.

6 Trackbacks

  1. [...] Musings on Chrome, the rebirth of the location bar and privacy in the cloud – Factory Joe (Chris Mes… [...]

  2. [...] Factory City: Musings on Chrome, the rebirth of the location bar and privacy in the cloud [...]

  3. [...] yesterday afternoon I joined the rest of the internet and downloaded Google’s new browser, [...]

  4. [...] Musings on Chrome, the rebirth of the location bar and privacy in the cloud (tags: privacy google chrome dataownerschip databrokering databanks vrm vendorrelationshipmanagement chrismessina factoryjoe cloudcomputing webservices) [...]

  5. Privacy Issues « jasperger on Sep 7th at 3pm

    [...] again with Google’s Chrome this seems to be the issue. But as Chris Messina [...]

  6. [...] A few more points he expands in the original and subsequent post: [...]