Every feature of their apps needs to be easily integrated into whatever random POS every single food truck uses! I should be able to buy tacos from any taco vendor through the Taco Bell app. They're a monopoly!","title":null,"type":"comment","url":null},{"author":"handoflixue","children":[{"author":"vel0city","children":[],"created_at":"2026-06-20T14:42:45.000Z","created_at_i":1781966565,"id":48609579,"options":[],"parent_id":48608848,"points":null,"story_id":48600345,"text":"What if it was they bought a car brand and added a transponder to the car so owners of taco bell cars could be auto-identified and had their favorite orders already ordered for them while all other models of cars were still free to use the normal drive through process? Would that be a "monopoly" somehow?
Isn't that more of what's going on here? An optional feature people can use if they choose to use the holistic platform?
This isn't forcing anyone to choose Chrome. The customer can still use any browser they want with Workspace. They get an extra feature when they use Chrome though.","title":null,"type":"comment","url":null}],"created_at":"2026-06-20T12:46:04.000Z","created_at_i":1781959564,"id":48608848,"options":[],"parent_id":48602839,"points":null,"story_id":48600345,"text":"I would actually be pretty concerned if Taco Bell bought Ford and would only allow Ford cars to use their drive-through or parking lot.
Imagine a world where 95% of grocery stores insist on you driving a Ford car.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:22:12.000Z","created_at_i":1781900532,"id":48602839,"options":[],"parent_id":48601618,"points":null,"story_id":48600345,"text":"Taco Bell is a monopoly because they restrain the trade of tacos because they ask me to take my taco truck elsewhere when I park in their parking lot to sell tacos. Never mind there are other places I can set up my truck, never mind there are tons of other taco shops, Taco Bell is a monopoly as now I need to go find a different corner to sell my tacos, they're restraining the trade of tacos.
Everything is a monopoly these days. Its practically meaningless in these conversations.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:29:15.000Z","created_at_i":1781893755,"id":48601618,"options":[],"parent_id":48601037,"points":null,"story_id":48600345,"text":"The Sherman Act says that any action by an individual, or conspiracy of a group of individuals, to "restrain trade" or seek a monopoly is illegal.
Monopolies aren't a prerequisite for antitrust action, they're the failure state when you should have acted sooner.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:42:19.000Z","created_at_i":1781890939,"id":48601037,"options":[],"parent_id":48600999,"points":null,"story_id":48600345,"text":"You don't have to have a monopoly to be monopolistic.","title":null,"type":"comment","url":null},{"author":"naturalmovement","children":[],"created_at":"2026-06-19T17:58:05.000Z","created_at_i":1781891885,"id":48601259,"options":[],"parent_id":48600999,"points":null,"story_id":48600345,"text":"I doubt Microsoft would qualify as a monopoly under present-day excuses being made for Google yet here we are with Internet Explorer Part Deux.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:38:55.000Z","created_at_i":1781890735,"id":48600999,"options":[],"parent_id":48600830,"points":null,"story_id":48600345,"text":"Google doesn\u2019t have a monopoly in workspace applications.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:23:34.000Z","created_at_i":1781889814,"id":48600830,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"Seems like a monopolistic move.","title":null,"type":"comment","url":null},{"author":"chmod775","children":[{"author":"pjmlp","children":[],"created_at":"2026-06-19T17:25:39.000Z","created_at_i":1781889939,"id":48600854,"options":[],"parent_id":48600843,"points":null,"story_id":48600345,"text":"You mean the same that gave Chrome its market share, by adopting ChromeOS features, and shipping Electron apps?","title":null,"type":"comment","url":null},{"author":"JoeAltmaier","children":[{"author":"chmod775","children":[{"author":"pjmlp","children":[],"created_at":"2026-06-20T05:35:32.000Z","created_at_i":1781933732,"id":48606623,"options":[],"parent_id":48600908,"points":null,"story_id":48600345,"text":"We used to deal with what browsers users chose on their end, then came IE market dominance.
After the lawsuit against Microsoft, and the raise of Firefox, Safari and Chrome we had it all good again.
Then devs had to get comfy with Google offerings, including shipping Chrome packaged with their pseudo native applications.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:30:25.000Z","created_at_i":1781890225,"id":48600908,"options":[],"parent_id":48600859,"points":null,"story_id":48600345,"text":"Yes, that is the price developers will have to pay. Development will be harder, but users are going to prefer somewhat broken sites over being outright refused entry.
At the end of the day user-preference is what dictates which browser is used and how it is configured. Developers will have to deal with what users choose to do on their end.
You can only patronize people for so long before they look for a way around silly restrictions. Trying to keep someone safe by putting up walls, whether the threat is real or imaginary, is pointless when it is in the user's power to trivially defeat those walls - and when extension and browser developers are going to line up to sell them demolition tools (see ad blocking).
Advice is going to go much further than roadblocks, long term.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:26:06.000Z","created_at_i":1781889966,"id":48600859,"options":[],"parent_id":48600843,"points":null,"story_id":48600345,"text":"And yet, claiming support for a feature doesn't tell all. Different implementations can have subtle differences. Knowing the browser and version can allow a client to survive that.","title":null,"type":"comment","url":null},{"author":"edoceo","children":[],"created_at":"2026-06-19T19:57:24.000Z","created_at_i":1781899044,"id":48602574,"options":[],"parent_id":48600843,"points":null,"story_id":48600345,"text":"What is the process to aggressively stub features? Does that mean pushing patches to Firefox and/or Ladybird and/or Servo?","title":null,"type":"comment","url":null},{"author":"ThatMedicIsASpy","children":[{"author":"neop1x","children":[],"created_at":"2026-06-20T07:24:44.000Z","created_at_i":1781940284,"id":48607117,"options":[],"parent_id":48604281,"points":null,"story_id":48600345,"text":"Happens to me too. They are probably able to infer it is not a Chrome from the TLS handshake or they run their javascript fingerprinting and found out that the browser didn't have some Chrome features or behaved differently.
Sadly, it is much more difficult to pretend being on a different browser than it was in the past. :/","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T22:58:14.000Z","created_at_i":1781909894,"id":48604281,"options":[],"parent_id":48600843,"points":null,"story_id":48600345,"text":"Cloudflare blocked me with a chrome windows useragent on Firefox+Fedora","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:24:46.000Z","created_at_i":1781889886,"id":48600843,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"It appears website developers desperately want to return to a world where browsers actively pretend to be another browser*.
Want to check for DBSC? Enjoy not knowing whether the browser vendor decided to just roll a simple software implementation.
Nothing good comes from browser detection over feature detection anyways. It's time to do away with user-agents and other overt identifying markers, and if we're still not in a better place, aggressively start stubbing features.
* to some degree they still are. Firefox still ships with an user-agent override list for certain websites that have outdated user-agent sniffing for feature detection (and other fixes in about:compat).","title":null,"type":"comment","url":null},{"author":"lokar","children":[{"author":"saagarjha","children":[{"author":"insanitybit","children":[{"author":"saagarjha","children":[{"author":"eli","children":[],"created_at":"2026-06-19T19:01:09.000Z","created_at_i":1781895669,"id":48601962,"options":[],"parent_id":48601819,"points":null,"story_id":48600345,"text":"I don't think Google should also be allowed to remain in charge of Chrome at all but here we are.","title":null,"type":"comment","url":null},{"author":"insanitybit","children":[],"created_at":"2026-06-19T19:01:23.000Z","created_at_i":1781895683,"id":48601966,"options":[],"parent_id":48601819,"points":null,"story_id":48600345,"text":"Uh, why? Context Aware Access is a policy attestation service. Managed Chrome is exactly the sort of thing you'd have policies for.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:48:05.000Z","created_at_i":1781894885,"id":48601819,"options":[],"parent_id":48601468,"points":null,"story_id":48600345,"text":"I don\u2019t think Google should also offer a product that detects \u201cmanaged Chrome\u201d","title":null,"type":"comment","url":null},{"author":"hobofan","children":[],"created_at":"2026-06-19T22:08:40.000Z","created_at_i":1781906920,"id":48603842,"options":[],"parent_id":48601468,"points":null,"story_id":48600345,"text":"Organization admins may roll out hardened Firefox settings via their MDM solution, and then based on that want to restrict usage to Firefox.","title":null,"type":"comment","url":null},{"author":"makeitdouble","children":[{"author":"lokar","children":[{"author":"aaomidi","children":[{"author":"lokar","children":[],"created_at":"2026-06-20T00:46:31.000Z","created_at_i":1781916391,"id":48605110,"options":[],"parent_id":48605040,"points":null,"story_id":48600345,"text":"I don\u2019t think that\u2019s true. They support OS verification for windows and Mac. If Firefox implemented verification (I doubt they would) and there was customer demand I think they would support it.","title":null,"type":"comment","url":null}],"created_at":"2026-06-20T00:36:25.000Z","created_at_i":1781915785,"id":48605040,"options":[],"parent_id":48604684,"points":null,"story_id":48600345,"text":"I mean the issue here is Google using its dominant power to push for a specific browser within a security software they control.
This is a difference between America and Europe in mentality towards this.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T23:45:42.000Z","created_at_i":1781912742,"id":48604684,"options":[],"parent_id":48603929,"points":null,"story_id":48600345,"text":"You don\u2019t have to use managed chrome to use gsuite","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T22:18:03.000Z","created_at_i":1781907483,"id":48603929,"options":[],"parent_id":48601468,"points":null,"story_id":48600345,"text":"Google offering "Managed Chrome" is probably the root issue.
Call me old school, but wedging an already dominant browser to be the only full fledge option in GSuite using companies reeks anti-competition.","title":null,"type":"comment","url":null},{"author":"schuyler2d","children":[],"created_at":"2026-06-20T01:51:22.000Z","created_at_i":1781920282,"id":48605528,"options":[],"parent_id":48601468,"points":null,"story_id":48600345,"text":"Microsoft has a chrome and Firefox extension for similar management lockdown","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:18:28.000Z","created_at_i":1781893108,"id":48601468,"options":[],"parent_id":48600994,"points":null,"story_id":48600345,"text":"Google offers "Managed Chrome" as a service. What would you like them to do, offer "Managed Firefox"? Should AWS offer "Managed GCP"?","title":null,"type":"comment","url":null},{"author":"Macha","children":[{"author":"lokar","children":[],"created_at":"2026-06-19T23:46:24.000Z","created_at_i":1781912784,"id":48604690,"options":[],"parent_id":48601474,"points":null,"story_id":48600345,"text":"Yep, there are a lot of high risk settings, especially extensions","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:18:44.000Z","created_at_i":1781893124,"id":48601474,"options":[],"parent_id":48600994,"points":null,"story_id":48600345,"text":"Because Google is able to configure Chrome to the admin's liking.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:38:10.000Z","created_at_i":1781890690,"id":48600994,"options":[],"parent_id":48600851,"points":null,"story_id":48600345,"text":"Why is there a policy to require \u201cChrome\u201d and not a policy to require another browser, hmm?","title":null,"type":"comment","url":null},{"author":"Tostino","children":[],"created_at":"2026-06-19T17:52:27.000Z","created_at_i":1781891547,"id":48601153,"options":[],"parent_id":48600851,"points":null,"story_id":48600345,"text":""wow look at all these options available...to limit users to only use software provided by the same corp" you are missing the point entirely.","title":null,"type":"comment","url":null},{"author":"whateverboat","children":[],"created_at":"2026-06-19T18:20:35.000Z","created_at_i":1781893235,"id":48601498,"options":[],"parent_id":48600851,"points":null,"story_id":48600345,"text":"Unrelated to this news, but this is so rudimentary, when the correct solution instead is:
1. Make it ridiculously easy to install hardware vendor keys and register it with OS of choice. (like a standardized dialog box in UEFI and a standardized/regulated IPMI-like interface)
2. Allow for only measured boot on those devices.
3. Provided facility to verify signatures.
Do this on consumer and enterprise laptops and desktops alike and all of these weird set of conditions just go out of play and replaced by something much much simpler.","title":null,"type":"comment","url":null},{"author":"realusername","children":[{"author":"bigfatkitten","children":[{"author":"handoflixue","children":[],"created_at":"2026-06-20T12:42:01.000Z","created_at_i":1781959321,"id":48608820,"options":[],"parent_id":48604079,"points":null,"story_id":48600345,"text":"Can you provide a link or screenshot of that feature? Because other people are saying no you cannot","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T22:33:19.000Z","created_at_i":1781908399,"id":48604079,"options":[],"parent_id":48603058,"points":null,"story_id":48600345,"text":"If you wanted to, yes.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:45:51.000Z","created_at_i":1781901951,"id":48603058,"options":[],"parent_id":48600851,"points":null,"story_id":48600345,"text":"> The Org admin can put all sorts of restrictions on who can do what based on the client device setup.
can you put a restriction to ban Chrome and force Firefox then?","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:25:13.000Z","created_at_i":1781889913,"id":48600851,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"Is it not:
https://knowledge.workspace.google.com/admin/security/create...
The Org admin can put all sorts of restrictions on who can do what based on the client device setup.","title":null,"type":"comment","url":null},{"author":"bgc","children":[{"author":"dijit","children":[{"author":"SoftTalker","children":[{"author":"dijit","children":[{"author":"SoftTalker","children":[{"author":"SpicyLemonZest","children":[{"author":"insanitybit","children":[],"created_at":"2026-06-19T19:35:00.000Z","created_at_i":1781897700,"id":48602346,"options":[],"parent_id":48601252,"points":null,"story_id":48600345,"text":"That's correct, there is no way to say "only allow Firefox" in CAA because the attestations are either browser agnostic or chrome specific (as part of the managed Chrome offering that GSuite supports).","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:57:46.000Z","created_at_i":1781891866,"id":48601252,"options":[],"parent_id":48601227,"points":null,"story_id":48600345,"text":"It's not clear to me that Context-Aware Access is as configurable as you're implying. At a glance, the docs seem to suggest that Chrome is the only browser you can force standardization on, which IMO does push this towards being Google's fault.","title":null,"type":"comment","url":null},{"author":"michaelmrose","children":[],"created_at":"2026-06-19T18:20:20.000Z","created_at_i":1781893220,"id":48601490,"options":[],"parent_id":48601227,"points":null,"story_id":48600345,"text":"It's not a little over the top its an antitrust issue and clearly and obviously wrong.","title":null,"type":"comment","url":null},{"author":"kolinko","children":[],"created_at":"2026-06-19T18:24:07.000Z","created_at_i":1781893447,"id":48601544,"options":[],"parent_id":48601227,"points":null,"story_id":48600345,"text":"Not a little over the top, it is anticompetitive behavior.","title":null,"type":"comment","url":null},{"author":"rpdillon","children":[],"created_at":"2026-06-19T18:45:09.000Z","created_at_i":1781894709,"id":48601772,"options":[],"parent_id":48601227,"points":null,"story_id":48600345,"text":"> This was for a Google Workspace Business Plus account and workspace, from an up to date browser and OS.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:56:20.000Z","created_at_i":1781891780,"id":48601227,"options":[],"parent_id":48601132,"points":null,"story_id":48600345,"text":"We don't know. The author doesn't mention how current the Firefox browser is/was.
If the organization is indeed enabling a specific check for Chrome that seems a little over the top but they're the ones supporting their users and if they want to make their life easier by only dealing with one browser that's their decision to make. It's like saying that everyone has to use Windows, or a specific line of laptops, or any other standardization to simplify the support workload.","title":null,"type":"comment","url":null},{"author":"jstummbillig","children":[{"author":"dijit","children":[{"author":"SoftTalker","children":[{"author":"recursivecaveat","children":[],"created_at":"2026-06-19T19:53:16.000Z","created_at_i":1781898796,"id":48602539,"options":[],"parent_id":48601798,"points":null,"story_id":48600345,"text":"I mean, they claimed to be for browser diversity when it was not them on top lol. Underdogs want the race to tighten up, 85% market leaders want to stay out in front.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:46:59.000Z","created_at_i":1781894819,"id":48601798,"options":[],"parent_id":48601617,"points":null,"story_id":48600345,"text":"Chrome was created because Google felt that the IE monopoly was hindering the advancement of web standards and improved browser capabilities. I suppose you could argue that was a different Google at a different time, but at one point they did feel that browser diversity was a good thing.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:29:11.000Z","created_at_i":1781893751,"id":48601617,"options":[],"parent_id":48601583,"points":null,"story_id":48600345,"text":"you\u2019d probably say something different if it were microsoft.
I don\u2019t see why I should give affordances of good will to Google here.
They\u2019re not stupid, they know that this is an effective lever to further cement full-fat chrome as the default browser for the internet.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:26:29.000Z","created_at_i":1781893589,"id":48601583,"options":[],"parent_id":48601132,"points":null,"story_id":48600345,"text":"If we are meant to believe that this is a Chrome-invasion-move, it's the least effective lever of all times. Most of the time the more plausible explanations are just the likely ones.","title":null,"type":"comment","url":null},{"author":"ibejoeb","children":[],"created_at":"2026-06-19T18:54:48.000Z","created_at_i":1781895288,"id":48601900,"options":[],"parent_id":48601132,"points":null,"story_id":48600345,"text":"No, not at all. The implication is that the organization is dictating the software that employees are to use. There's nothing unusual about this.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:50:01.000Z","created_at_i":1781891401,"id":48601132,"options":[],"parent_id":48601113,"points":null,"story_id":48600345,"text":"Is the implication that Firefox is not maintained or?
The issue presented doesn\u2019t seem to be \u201can up to date browser check\u201d it seems to be a \u201cis it latest chrome\u201d check, which is a very different thing.","title":null,"type":"comment","url":null},{"author":"subscribed","children":[],"created_at":"2026-06-19T20:08:45.000Z","created_at_i":1781899725,"id":48602702,"options":[],"parent_id":48601113,"points":null,"story_id":48600345,"text":"Strawman argument. Firefox is maintained and up to date browser.
Why did you even compare it to IE6, out of the curiosity?","title":null,"type":"comment","url":null},{"author":"Karliss","children":[],"created_at":"2026-06-19T22:02:42.000Z","created_at_i":1781906562,"id":48603794,"options":[],"parent_id":48601113,"points":null,"story_id":48600345,"text":"If that's a the goal, then IT department should start by blocking user ability to install Firefox or other unapproved software not by blocking access to google workspace. Blocking access to google workspace using Firefox doesn't prevent using it for everything else. It's not like the google services are going to exploit a vulnerability in Firefox, everything else might.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:48:46.000Z","created_at_i":1781891326,"id":48601113,"options":[],"parent_id":48600951,"points":null,"story_id":48600345,"text":"Using a maintained and up-to-date browser is a reasonable requirement for an IT department (should be for anyone really). Would you suggest they should be allowing IE6 just because a user might prefer it?
Of course Google is going to suggest using Chrome, if they detect that the browser might be out of date.","title":null,"type":"comment","url":null},{"author":"insanitybit","children":[{"author":"tux3","children":[{"author":"insanitybit","children":[{"author":"tadfisher","children":[{"author":"insanitybit","children":[],"created_at":"2026-06-19T19:35:40.000Z","created_at_i":1781897740,"id":48602357,"options":[],"parent_id":48602257,"points":null,"story_id":48600345,"text":"We're talking about a device managed by a corporation. I have no idea what your point is.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:27:56.000Z","created_at_i":1781897276,"id":48602257,"options":[],"parent_id":48602146,"points":null,"story_id":48600345,"text":"Understand that, in this conversation, your use of "attacker" is referring to "end user of the hardware". Which might be part of the Chrome team's definition, or might not, but gosh it would be nice to cater to the folks who are using the dang computer.","title":null,"type":"comment","url":null},{"author":"tux3","children":[{"author":"insanitybit","children":[{"author":"Brian_K_White","children":[],"created_at":"2026-06-19T21:18:01.000Z","created_at_i":1781903881,"id":48603343,"options":[],"parent_id":48602373,"points":null,"story_id":48600345,"text":"If it can't prove what it purports to prove, then it is not policy enforcement, because it is not anything enforcement.
But someone thinks it is, which is harmful to them on top of being an annoyance to everyone else.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:37:17.000Z","created_at_i":1781897837,"id":48602373,"options":[],"parent_id":48602297,"points":null,"story_id":48600345,"text":"My point was that CAA's threat model is flexible based on your requirements. If your requirement is "an attacker with the ability to make arbitrary network requests from the host can not pretend to be Chrome", CAA does not work unless you have OS/Hardware support (which ChromeOS provides).
I just don't think that matters much. CAA is policy enforcement, it is not a full MDM solution, nor is it antimalware.","title":null,"type":"comment","url":null},{"author":"saghm","children":[],"created_at":"2026-06-19T19:41:50.000Z","created_at_i":1781898110,"id":48602413,"options":[],"parent_id":48602297,"points":null,"story_id":48600345,"text":"> But who outside of Google is running exclusively ChromeOS?
I think Chromebooks are pretty common in school settings","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:31:09.000Z","created_at_i":1781897469,"id":48602297,"options":[],"parent_id":48602146,"points":null,"story_id":48600345,"text":"I haven't dug into the native helper to see how much it checks, I can believe that ChromeOS does full remote attestation. If it's anything like Android Play Integrity, there's not a lot of flexibility without hardware exploits.
But who outside of Google is running exclusively ChromeOS?\nMy impression from looking at the JS part is that it's mostly obfuscation, with the possible exception of ChromeOS.
I feel like the secure connect client being closed source would have been an effective deterrent 5 years ago, but these days everyone's throwing LLMs at everything. So an attack that would have taken effort doesn't present nearly as much of a barrier anymore. At least as long as there remain some platforms that don't enforce full attestation...","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:16:27.000Z","created_at_i":1781896587,"id":48602146,"options":[],"parent_id":48602037,"points":null,"story_id":48600345,"text":"That's not entirely true. For example, on ChromeOS CAA is hardware backed. But obviously CAA is not intended to be our entire MDM solution, an attacker in a position to spoof your entire browser can bypass some of the policies on some operating systems. Similarly, attackers in that same position can bypass TLS. An attacker who owns the kernel can bypass much of your MDM. An attacker who owns the hardware can bypass just about anything.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:07:01.000Z","created_at_i":1781896021,"id":48602037,"options":[],"parent_id":48601463,"points":null,"story_id":48600345,"text":"CAA is completely based on trust, it's not one of the most powerful security feature. It's completely voluntary reporting by the browser, and any attacker who cares can just lie without issues.
You can make Firefox pass CAA if you want. You take the Chrome "SecureConnect Reporting" (Context-Aware Access) plugin, port it to Firefox with some light changes, and you can report whatever you want to CAA.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:17:40.000Z","created_at_i":1781893060,"id":48601463,"options":[],"parent_id":48600951,"points":null,"story_id":48600345,"text":"CAA is one of the most powerful security features you can enable in an org. You can manage browser extensions, device password policy, encryption, configuration, cookie attestation, etc.","title":null,"type":"comment","url":null},{"author":"ktm5j","children":[{"author":"dijit","children":[{"author":"lern_too_spel","children":[],"created_at":"2026-06-19T18:54:03.000Z","created_at_i":1781895243,"id":48601889,"options":[],"parent_id":48601558,"points":null,"story_id":48600345,"text":"If a corporation with my data allowed access to its internal tools using any browser running any arbitrary and possibly compromised third party extensions, that's a data leak and class action lawsuit waiting to happen.","title":null,"type":"comment","url":null},{"author":"ktm5j","children":[{"author":"saghm","children":[{"author":"vel0city","children":[{"author":"dminik","children":[{"author":"vel0city","children":[],"created_at":"2026-06-19T21:25:04.000Z","created_at_i":1781904304,"id":48603413,"options":[],"parent_id":48603320,"points":null,"story_id":48600345,"text":"Sure. But there's generally no standardized function ensuring they're actually only using that specifically configured browser when logging in. What happens when they try to log in from some other device? What happens when they manage to load a browser on to that machine?
This feature supposedly ensures (or at least pushes users to) only the approved browsers running approved configurations are allowed to log in to the company's instances of Workspace.","title":null,"type":"comment","url":null},{"author":"thewebguyd","children":[],"created_at":"2026-06-20T02:50:19.000Z","created_at_i":1781923819,"id":48605888,"options":[],"parent_id":48603320,"points":null,"story_id":48600345,"text":"It can, along with a bunch of other GPOs in an admx template.
But how many companies are running Workspace + Windows with on-prem AD? I suspect that number is shrinking pretty rapidly. You can do it with InTune as well, but it starts to get real messy if your users aren't on Windows or you have non-windows endpoints.
If you're a mac shop, on google workspace, and using something like JamF (or even Intune+EntraID), you are stuck deploying .plist files to each endpoint, you don't get compliance reporting back, and you lose a ton of visibility.
These are all things that don't matter to each individual user, but are hugely important to IT/security in the company, and Firefox unfortunately just doesn't have any centralized management platform for it.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T21:14:53.000Z","created_at_i":1781903693,"id":48603320,"options":[],"parent_id":48602742,"points":null,"story_id":48600345,"text":"I'm pretty sure Firefox is configurable using AD. So is automatically updating (not sure about freezing versions).
If you don't want your user to run whatever version with whatever extension you can do that.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:12:09.000Z","created_at_i":1781899929,"id":48602742,"options":[],"parent_id":48602379,"points":null,"story_id":48600345,"text":"> Can you elaborate on why you think that Firefox is inherently insecure in some way for accessing Google workspaces?
Allowing users running who knows what version of Firefox (or any "non-validated"/unmanaged browser, not necessarily just Firefox) browser running who knows what extensions can be pretty unsafe. There are lots of malicious extensions out there that are stupid simple to install.
In the Workspace world, Chrome can be configured and enforced to have certain kinds of settings applied. Only allowing certain extensions. Ensure certain version ranges. That sort of thing.","title":null,"type":"comment","url":null},{"author":"rabeener","children":[],"created_at":"2026-06-19T20:15:09.000Z","created_at_i":1781900109,"id":48602771,"options":[],"parent_id":48602379,"points":null,"story_id":48600345,"text":"I don\u2019t think anyone is saying Firefox is inherently bad. What I\u2019m reading, and what I believe, is Google just has a better product for secure enterprise browsing because of the controls they offer
The browser is where basically all your work happens, especially as a Workspace customer\u2014think about how much of your work is done in the browser. That makes it a huge, attractive attack surface. And attackers don't even need a browser vulnerability; they can just convince an employee to install a malicious browser extension, and suddenly they can steal passwords, watch everything you do, and hijack your sessions on other sites.
So security teams need visibility into what's happening in the browser. Google does a decent\u2014not great\u2014job of providing this through Managed Chrome: centralized logs, control over which extensions can be installed, even alerts when someone reuses their Workspace password elsewhere.
Firefox, Safari, and most others don't offer these business controls, which means a security team allowing them is flying blind. And a blind security team is gonna have a bad time\u2026 mmmkay.
On support: someone mentioned using Firefox to verify their app works across browsers\u2014god's work, truly. But not every vendor does that, so IT ends up fielding "this site just isn't working" tickets that turn out to be browser compatibility issues. Fewer supported browsers means a smaller surface to support and a better experience all around.
This can't be enforced where you're not using your corporate identity. A Dropbox account on your personal email is still accessible from any browser.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:37:58.000Z","created_at_i":1781897878,"id":48602379,"options":[],"parent_id":48602028,"points":null,"story_id":48600345,"text":"> It's understandable that organizations want to require chrome for their employees to access their workspace in the interest of security, but it's not the default.
Can you elaborate on why you think that Firefox is inherently insecure in some way for accessing Google workspaces?
> It's a paid product, they are actually allowed to do this.
If that were the only metric, then no monopoly would ever be broken up for any reason (which I guess is the way regulation seems to work nowadays, but at least in theory it's supposed to be possible for it to happen sometimes). The idea that using market pressure from one product a company sells to squeeze out competition in another is totally fine as long as the first product is paid is not a premise I agree with.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:06:22.000Z","created_at_i":1781895982,"id":48602028,"options":[],"parent_id":48601558,"points":null,"story_id":48600345,"text":"It's a paid product, they are actually allowed to do this. Google is obviously going to focus on security testing with their own browser. It's understandable that organizations want to require chrome for their employees to access their workspace in the interest of security, but it's not the default.
There is zero problem here guys.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:24:59.000Z","created_at_i":1781893499,"id":48601558,"options":[],"parent_id":48601519,"points":null,"story_id":48600345,"text":"Google and Microsoft shouldn\u2019t be giving levers that bake you more into their ecosystem regardless.
Your corporate serfdom is not in question, but I disagree with that notion too.","title":null,"type":"comment","url":null},{"author":"cmeacham98","children":[{"author":"insanitybit","children":[{"author":"saghm","children":[{"author":"insanitybit","children":[{"author":"jchw","children":[{"author":"insanitybit","children":[{"author":"spwa4","children":[],"created_at":"2026-06-19T20:56:52.000Z","created_at_i":1781902612,"id":48603153,"options":[],"parent_id":48602898,"points":null,"story_id":48600345,"text":"The alternative that we've used for the past 100+ years is to force such companies apart. Is Google Docs allowed to offer a "managed chrome" policy? Sure. Is Google Chrome allowed to be a browser? Absolutely!
But if either side is close to a monopoly, both cannot be part of the same company, even if that means breaking an existing company up.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:29:20.000Z","created_at_i":1781900960,"id":48602898,"options":[],"parent_id":48602546,"points":null,"story_id":48600345,"text":"I'm not sure what the alternative is. Is there will from Firefox to support a "standard browser config", at which point GSuite could add support for managed Firefox config? If you want managed Firefox, Mozilla could offer that as well (they have something but it's different enough).","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:54:38.000Z","created_at_i":1781898878,"id":48602546,"options":[],"parent_id":48602390,"points":null,"story_id":48600345,"text":"Google offering managed chrome as a service is a completely sensible thing. The problem is that they are nearly a browser monopoly, and making Google Workspace work in such a way with Google Chrome feels to me like anti-competitive practices. If we didn't have one giant megacorp that did both things, it would be different.
Of course, so far the only workable model for web browsers is having a giant megacorp fund their development and maintenance. Which is a huge issue, and we will do basically nothing about it.
(Don't get me wrong. I have high hopes for Ladybird and even Servo, but they may come too late if effectively-proprietary features force most users to stick to Chrome anyways.)","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:39:13.000Z","created_at_i":1781897953,"id":48602390,"options":[],"parent_id":48602364,"points":null,"story_id":48600345,"text":"If the argument is that Google has built a product that encourages use of Google products, of course. The question is whether that's some sort of trickery or odd or bad. "Google offers Managed Chrome as a service" hardly seems controversial to me.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:36:14.000Z","created_at_i":1781897774,"id":48602364,"options":[],"parent_id":48601692,"points":null,"story_id":48600345,"text":"There's no contradiction here; it's totally possible for a company to make a feature configurable so that it doesn't block their competitors but also intentionally design and market it in a way that's misleading in ways that will lead to their competitors getting blocked. When we're talking about a company as large as Google and a product with as much market share as Chrome, I don't think it's that crazy to think that things like this add up to encouraging even more hegemony, and when that happens to align perfectly with the incentives of the company making said product decisions, I also don't think it's crazy to think it's unlikely to be a coincidence.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:36:34.000Z","created_at_i":1781894194,"id":48601692,"options":[],"parent_id":48601593,"points":null,"story_id":48600345,"text":"The wording here is bad, but basically CAA supports non browser specific policy and, in some cases, browser specific policy (GSuite offers a "Managed Chrome" policy). Firefox users can leverage much of the non browser specific policy, they obviously can not be a part of the "Managed Chrome" offering.","title":null,"type":"comment","url":null},{"author":"jm4","children":[{"author":"hnlmorg","children":[{"author":"jm4","children":[],"created_at":"2026-06-20T01:12:04.000Z","created_at_i":1781917924,"id":48605272,"options":[],"parent_id":48602835,"points":null,"story_id":48600345,"text":"And Google would probably say the same thing Microsoft used to say back in the day. Their customers aren't asking for the ability to manage profiles in Firefox. I wouldn't doubt for a second that it's true.
Almost nobody outside of the minority of internet users fighting against chromium hegemony cares about Firefox. Firefox lost its casual users years ago. Hell, even most of those people sticking with it out of principle are doing it while gritting their teeth. It's been a subpar browser for a long time and the Mozilla organization kinda sucks.
Why would any for-profit enterprise waste their time or money on Firefox?","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:21:51.000Z","created_at_i":1781900511,"id":48602835,"options":[],"parent_id":48602655,"points":null,"story_id":48600345,"text":"Literally the only reason they can argue Chrome is more secure than Firefox in that kind of setting is because they can Google can push Google Chrome profiles via Google Workspaces but they\u2019ve never working with Mozilla to create an interop for Firefox.
When Microsoft did this with Windows, AD, and Internet Explore, it was deemed a breach of anti-trust laws. The question is whether such laws apply to Google given they don\u2019t have a monopoly in the identity services domain.
If you\u2019d asked me 5 years ago, I\u2019d have said \u201cno way\u201d, but recent judgements with Apple and their App Store lead me to think there is still hope. Regardless of how remote that might be.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:05:13.000Z","created_at_i":1781899513,"id":48602655,"options":[],"parent_id":48601593,"points":null,"story_id":48600345,"text":"It is a security feature. In a corporate environment, you generally don't want users installing their own software. If it's a remote access thing from a personal device, you still generally want to be able to establish some kind of baseline. I don't like Chrome - not even a little bit - but I will admit that they have a pretty damn good security track record. I'd rather my remote users be on there than some crusty Firefox installation with 40 extensions. Organizations have the right to make these decisions when they are the ones that own the data. For example, when I was still in that world, we required personal phones to be encrypted to access corporate email. This was when a lot of people would still walk around with devices without a pin. People complained, but it was non-negotiable.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:27:18.000Z","created_at_i":1781893638,"id":48601593,"options":[],"parent_id":48601519,"points":null,"story_id":48600345,"text":"The problem is Google appears to label this as a security feature. I'm fine with the feature existing, but it should say something like "require Chrome" or "block Firefox" not "require a secure browser (wink wink we actually mean Chrome)"","title":null,"type":"comment","url":null},{"author":"wslh","children":[],"created_at":"2026-06-19T18:47:46.000Z","created_at_i":1781894866,"id":48601814,"options":[],"parent_id":48601519,"points":null,"story_id":48600345,"text":"I would say it's common to find dark patterns that involves ambiguity like the discussion we are having here. We can't know for sure but Google can increase the probability of being on their ecosystem.","title":null,"type":"comment","url":null},{"author":"jchw","children":[{"author":"charcircuit","children":[{"author":"jchw","children":[{"author":"charcircuit","children":[{"author":"jchw","children":[],"created_at":"2026-06-19T23:03:10.000Z","created_at_i":1781910190,"id":48604317,"options":[],"parent_id":48604173,"points":null,"story_id":48600345,"text":"I dunno, it just seems like the set of circumstances that would be needed to overcome the inherent friction in a "healthy" ecosystem is a lot more gymnastics than the current situation where the browser company with the vast majority of marketshare is the company that has conflicts of interest to fuck with the browser.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T22:43:47.000Z","created_at_i":1781909027,"id":48604173,"options":[],"parent_id":48603758,"points":null,"story_id":48600345,"text":">browsers don't really have a good incentive
Why wouldn't money be an incentive. If businesses are willing to pay to have locked down browser access their cloud files, and the cloud file website wants to make money by charging businesses for this feature it makes sense that they may pay a browser to develop such a feature to use with their website.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T21:57:56.000Z","created_at_i":1781906276,"id":48603758,"options":[],"parent_id":48602694,"points":null,"story_id":48600345,"text":"I didn't mean it would be physically impossible, which is hopefully implied, I mean, it would be de-facto impossible. Absent the perverse forces of anticompetitive behavior, browsers don't really have a good incentive to diminish the open nature of web standards by doing partnerships that bypass standards altogether. If you are not affiliated with Google and there is a healthy ecosystem of browsers, you just simply can tell them to bug off if they want some web feature you feel wouldn't be good for the health of the web. The interaction between browser vendors and certificate authorities has traditionally been a great example of how things can work out between different entities in an ecosystem, though outside Mozilla I am guessing most of the browser vendors are also CAs (but still have very little to no incentive to compromise or weaken the system.)
Meanwhile, in our current reality, both Google and Apple have or currently are shoehorning platform level attestation into the web in various different ways, something they are mostly able to do because they have so much control over multiple major ecosystems (among platforms, browsers, web services.) Mostly, even making them "standards", which would be hilarious if it wasn't literally evil. (Apple's approach to sneaking this in is innovative, in that it technically is a hardware platform attestation mechanism, but it was sold and initially implemented as a convenience feature. That and the underlying PAT technology can be used in strictly non-evil ways, like Kagi's rather clever application.)
It's a lot of words to say that I didn't mean literally impossible, but if we're going to get pedantic then a lot of words it is.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:08:06.000Z","created_at_i":1781899686,"id":48602694,"options":[],"parent_id":48601944,"points":null,"story_id":48600345,"text":">only possible
Two different companies can partner together and release features in both of the company's interests.","title":null,"type":"comment","url":null},{"author":"xnx","children":[],"created_at":"2026-06-20T14:46:38.000Z","created_at_i":1781966798,"id":48609605,"options":[],"parent_id":48601944,"points":null,"story_id":48600345,"text":"Is that worse than if Microsoft Exchange only worked with desktop Outlook?","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:58:59.000Z","created_at_i":1781895539,"id":48601944,"options":[],"parent_id":48601519,"points":null,"story_id":48600345,"text":"Note that making lock-in features like this effectively proprietary to the Chrome browser is only possible because of the fact that it's the same company making Google Workspace and Google Chrome.
I absolutely see many problems with this and you really ought to as well.","title":null,"type":"comment","url":null},{"author":"abyssin","children":[],"created_at":"2026-06-20T05:33:10.000Z","created_at_i":1781933590,"id":48606615,"options":[],"parent_id":48601519,"points":null,"story_id":48600345,"text":"It\u2019s a good reminder of the fact that capitalist companies aren\u2019t democratic places, despite how much time and energy is spent there by workers.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T18:22:11.000Z","created_at_i":1781893331,"id":48601519,"options":[],"parent_id":48600951,"points":null,"story_id":48600345,"text":"It's their organization. They are allowed to make decisions about what software their employees use. I'm a die-hard Mozilla fan, but I don't find this unreasonable.","title":null,"type":"comment","url":null},{"author":"farbklang","children":[],"created_at":"2026-06-19T18:55:38.000Z","created_at_i":1781895338,"id":48601910,"options":[],"parent_id":48600951,"points":null,"story_id":48600345,"text":"Well - it does make sense. If an organisation that contracts me has to chose between a) BYOD - but restrict downloads, etc, enforce export control, directly in the browser - I happily take that, vs getting a Windows laptop that is locked down and forced to work with that.","title":null,"type":"comment","url":null},{"author":"Doohickey-d","children":[{"author":"AlexandrB","children":[{"author":"zchrykng","children":[],"created_at":"2026-06-19T20:44:01.000Z","created_at_i":1781901841,"id":48603043,"options":[],"parent_id":48602890,"points":null,"story_id":48600345,"text":"Not really a serious argument when you are accessing a Google product. Sure, don't want to interact with Google? Don't interact with Google, but logging into Google workspaces with Firefox definitely isn't protecting your data from Google.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:28:10.000Z","created_at_i":1781900890,"id":48602890,"options":[],"parent_id":48602064,"points":null,"story_id":48600345,"text":"Unfortunately the malicious actor I want to protect my cookies from is Google.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T19:09:44.000Z","created_at_i":1781896184,"id":48602064,"options":[],"parent_id":48600951,"points":null,"story_id":48600345,"text":"Well, it could als also be argued that Chrome _is_ more secure, for example because it uses app-bound encryption using Windows DPAPI system, for cookies, so that it at least tries to protect cookies from malicious applications running on the device. Firefox does not do this: https://security.stackexchange.com/questions/279629/are-cook...
If course the reverse can also be argued, for example that Firefox supports proper adblocking.","title":null,"type":"comment","url":null},{"author":"sandeepkd","children":[],"created_at":"2026-06-19T19:19:42.000Z","created_at_i":1781896782,"id":48602182,"options":[],"parent_id":48600951,"points":null,"story_id":48600345,"text":"Its a normal choice, given a checkbox on page which advertises that checking it would make your security posture more safe. The IT person is safeguarding their own job.
Other way to look at it is, the company is paying for everything, and they get to make decisions based on what suits their security needs.","title":null,"type":"comment","url":null},{"author":"ArnoVW","children":[{"author":"dijit","children":[],"created_at":"2026-06-19T20:32:03.000Z","created_at_i":1781901123,"id":48602931,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"while valid points, my company uses Microsoft products and they are pretty abysmal in whatever domain they have products in. Edge for example being one of the weaker browser options. (though better than it was in the IE era).
Being forced to use various tools for compliance is frustrating, doubly so if it helps create a stronger monopoly position, because a monopoly position creates stagnation, which makes worse products.
But those worse products are forced on users, even when better ones start to come about.
This is the crux of my issue, Microsoft is the king of this behaviour, and they are using this a lot which is squeezing the metaphorical testicles of almost all companies in Europe.","title":null,"type":"comment","url":null},{"author":"chinathrow","children":[{"author":"ArnoVW","children":[{"author":"DANmode","children":[],"created_at":"2026-06-19T21:20:17.000Z","created_at_i":1781904017,"id":48603374,"options":[],"parent_id":48603069,"points":null,"story_id":48600345,"text":"Edge: Chromium with Google Chrome-like data collection, but with data going to Microsoft instead.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:46:52.000Z","created_at_i":1781902012,"id":48603069,"options":[],"parent_id":48602953,"points":null,"story_id":48600345,"text":"I have a handful of endpoints, used by staff that represent a low level of risk, that use Firefox for that precise reason.
But really, we have a couple of million enterprise end-users, some of which surely using Edge. If we as much as move a button without telling them about it three months in advance, it's the end of the world. In 10 years time, no customer has raised it.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:34:17.000Z","created_at_i":1781901257,"id":48602953,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"If you run a SaaS, large parts of your orgs should be on all major browsers regularly.","title":null,"type":"comment","url":null},{"author":"lol768","children":[{"author":"flir","children":[{"author":"remus","children":[{"author":"nazgul17","children":[{"author":"flir","children":[],"created_at":"2026-06-20T16:46:05.000Z","created_at_i":1781973965,"id":48610672,"options":[],"parent_id":48604663,"points":null,"story_id":48600345,"text":"Bingo.
I figure they had a switch they could toggle and they thought no further about the tradeoffs. Because their primary concern is their own liability, not what's best for the org their contract is with.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T23:42:47.000Z","created_at_i":1781912567,"id":48604663,"options":[],"parent_id":48603878,"points":null,"story_id":48600345,"text":"Not GP, but I think the point was that no extensions => no ad blockers => major malware vehicle unlockable, short of disabling JS","title":null,"type":"comment","url":null},{"author":"michaelt","children":[{"author":"radley","children":[],"created_at":"2026-06-20T01:42:37.000Z","created_at_i":1781919757,"id":48605462,"options":[],"parent_id":48604753,"points":null,"story_id":48600345,"text":"> 99% of security experts I know use ad blockers.
But if they all use Chrome, wouldn't those be really weak ad blockers?","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T23:56:39.000Z","created_at_i":1781913399,"id":48604753,"options":[],"parent_id":48603878,"points":null,"story_id":48600345,"text":"99% of security experts I know use ad blockers.
When there are unpatched browser vulnerabilities, attackers will use ad networks to inject attack code into reputable-but-ad-laden websites. And even when there aren't unpatched vulnerabilities out there, many ad networks will happily accept scam ads, ads that trick people into downloading malware, fake download buttons and suchlike.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T22:12:24.000Z","created_at_i":1781907144,"id":48603878,"options":[],"parent_id":48603198,"points":null,"story_id":48600345,"text":"> I find this incredibly amusing, and at a different point in my life I'd already be gone.
How so? Bad actors buying existing extensions with large user bases then publishing a new version which does bad stuff is a pretty common pattern. It certainy seems like a reasonable concern for a corp IT department.","title":null,"type":"comment","url":null},{"author":"radley","children":[],"created_at":"2026-06-20T01:41:24.000Z","created_at_i":1781919684,"id":48605451,"options":[],"parent_id":48603198,"points":null,"story_id":48600345,"text":"> My org (or rather, the org they pay to run their IT) blocked browser plugins with a security justification.
Same here, but only on Chrome. Firefox works fine.","title":null,"type":"comment","url":null},{"author":"LtWorf","children":[{"author":"flir","children":[],"created_at":"2026-06-20T16:43:37.000Z","created_at_i":1781973817,"id":48610645,"options":[],"parent_id":48608602,"points":null,"story_id":48600345,"text":"Nope :)","title":null,"type":"comment","url":null}],"created_at":"2026-06-20T12:00:34.000Z","created_at_i":1781956834,"id":48608602,"options":[],"parent_id":48603198,"points":null,"story_id":48600345,"text":"Have they blocked vscode? I think any organisation that lets people use vscode, might just as well people do whatever they want.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T21:01:38.000Z","created_at_i":1781902898,"id":48603198,"options":[],"parent_id":48603093,"points":null,"story_id":48600345,"text":"My org (or rather, the org they pay to run their IT) blocked browser plugins with a security justification.
I find this incredibly amusing, and at a different point in my life I'd already be gone.
When you outsource IT, there are many, many misaligned incentives.","title":null,"type":"comment","url":null},{"author":"DANmode","children":[],"created_at":"2026-06-19T21:19:03.000Z","created_at_i":1781903943,"id":48603362,"options":[],"parent_id":48603093,"points":null,"story_id":48600345,"text":"They didn\u2019t take a decade plus to implement per-domain process isolation, for starters\u2026","title":null,"type":"comment","url":null},{"author":"FrinkleFrankle","children":[],"created_at":"2026-06-20T16:47:09.000Z","created_at_i":1781974029,"id":48610686,"options":[],"parent_id":48603093,"points":null,"story_id":48600345,"text":"Brave has ad-blocking built in and policies can be used to disable any unwanted features. With Chrome going user-hostile, it's a pretty great option.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:48:37.000Z","created_at_i":1781902117,"id":48603093,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"> Because Google has more resources to secure their browser
They've kneecapped ad-blockers, when ad networks are perhaps one of the biggest causes of malware installs/page hijacking/other unwanted behaviour. I'm not sure how you can consider Chrome remotely secure in this light.","title":null,"type":"comment","url":null},{"author":"verall","children":[{"author":"LtWorf","children":[],"created_at":"2026-06-20T11:24:12.000Z","created_at_i":1781954652,"id":48608425,"options":[],"parent_id":48603161,"points":null,"story_id":48600345,"text":"Running npm install is a good way to get compromised.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:57:41.000Z","created_at_i":1781902661,"id":48603161,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"Do people get pwned by anything besides spearphishing or ads nowadays? I think ad->phish or targeted phish emails is the only shady thing I've been exposed to in like 10 years","title":null,"type":"comment","url":null},{"author":"PunchyHamster","children":[{"author":"zdragnar","children":[],"created_at":"2026-06-20T02:54:04.000Z","created_at_i":1781924044,"id":48605910,"options":[],"parent_id":48603221,"points":null,"story_id":48600345,"text":"Ubo lite is plenty functional. It's not as full-featured as ubo, but... I don't see ads. At all. What sites doesn't it work well on?","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T21:04:07.000Z","created_at_i":1781903047,"id":48603221,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"having soon-to-be-nonfunctional adblocking will be far more dangerous to org than any extra security those options might provide","title":null,"type":"comment","url":null},{"author":"Wowfunhappy","children":[],"created_at":"2026-06-19T21:15:43.000Z","created_at_i":1781903743,"id":48603329,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"> But it's not your laptop. It's the company's.
Sure, which is why you should lock down the laptop. Blocking Firefox in Google Workspace seems like entirely the wrong layer for this.","title":null,"type":"comment","url":null},{"author":"makeitdouble","children":[],"created_at":"2026-06-19T22:10:19.000Z","created_at_i":1781907019,"id":48603855,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"This feels like the whole IE6 dance coming back.
People know how it ended, but don't seem to remember how it started, which is a shame.","title":null,"type":"comment","url":null},{"author":"LtWorf","children":[],"created_at":"2026-06-19T22:20:59.000Z","created_at_i":1781907659,"id":48603958,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"Google has the resources to do it, but do they actually do it? By the looks of it I'd say "no".
See the whole thing with libxml2 for example, or how they started boringssl to "fix" the issues with openssl, but they run it as an internal project you cannot depend on.","title":null,"type":"comment","url":null},{"author":"NewJazz","children":[{"author":"Arainach","children":[{"author":"NewJazz","children":[{"author":"Arainach","children":[],"created_at":"2026-06-20T16:52:32.000Z","created_at_i":1781974352,"id":48610740,"options":[],"parent_id":48609938,"points":null,"story_id":48600345,"text":"That's not obvious at all. The feature sets and tooling are very different. The person you replied to said as much.
You (and I) aren't that special. People who are actually irreplaceable are astonishingly rare, and unless you're one of them, employees who will gripe about things like what web browser they use are often not worth the trouble at scale.","title":null,"type":"comment","url":null}],"created_at":"2026-06-20T15:30:17.000Z","created_at_i":1781969417,"id":48609938,"options":[],"parent_id":48604312,"points":null,"story_id":48600345,"text":"All of what you listed is preventable at a mild labor cost to the same degree as other browsers.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T23:02:00.000Z","created_at_i":1781910120,"id":48604312,"options":[],"parent_id":48604104,"points":null,"story_id":48600345,"text":"Let's say you earn a million dollars a year (most of us earn far less). At quite a few companies, a 50% decrease in your productivity (and changing browsers is nowhere near that) would cost the company significantly less than dealing with the fallout of any of the following:
* A user intentionally leaking sensitive documents outside the corporate network
* A user installing an infected browser extension that gives attackers access to corporate resources
* A user accessing malware or ransomware which infects corporate resources.
That's on top of the cost of having the IT department having to debug issues among users with bespoke tool sets which can often interact in unintuitive ways.
There are many stupid ways that companies "optimize" costs that cost them more in the end. Standardizing the browser and extension set for data loss protection is not one of them.","title":null,"type":"comment","url":null},{"author":"alt227","children":[{"author":"NewJazz","children":[],"created_at":"2026-06-20T15:29:07.000Z","created_at_i":1781969347,"id":48609928,"options":[],"parent_id":48608452,"points":null,"story_id":48600345,"text":"I don't think using a popular web browser is that unreasonable an accomodation.","title":null,"type":"comment","url":null}],"created_at":"2026-06-20T11:30:21.000Z","created_at_i":1781955021,"id":48608452,"options":[],"parent_id":48604104,"points":null,"story_id":48600345,"text":"> But it is my craft
Then go work for yourself.
If you want the security of a regular salary, you need to jump through the hoops of your employer and not expect to be able to do 'your craft' however you see fit.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T22:35:50.000Z","created_at_i":1781908550,"id":48604104,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"It's a pain that when you cannot do what you want to do. But it's not your laptop. It's the company's.
But it is my craft, and to be limited to what tools I can use in my craft can decrease the value of my work, and in doing so decrease the company's productivity.","title":null,"type":"comment","url":null},{"author":"mbac32768","children":[{"author":"radley","children":[],"created_at":"2026-06-20T01:47:56.000Z","created_at_i":1781920076,"id":48605499,"options":[],"parent_id":48604688,"points":null,"story_id":48600345,"text":"Very curious how you avoid supporting multiple browsers. Apple, Google, and Microsoft each require users on their platforms to use their native browsers for secure connections.
And if your company has any web presence or apps, you usually can't cherry pick which browsers your customers can use. That means some portion of your company will need access to other browsers for QA purposes.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T23:46:05.000Z","created_at_i":1781912765,"id":48604688,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"This is the correct answer. Having your users run multiple browsers by default (instead of with whitelisted exceptions) is now multiple attack surfaces the org has to manage.","title":null,"type":"comment","url":null},{"author":"amiga386","children":[],"created_at":"2026-06-20T10:26:03.000Z","created_at_i":1781951163,"id":48608087,"options":[],"parent_id":48602858,"points":null,"story_id":48600345,"text":"> I can manage Chrome using the config infrastructure provided by Google
https://mozilla.github.io/policy-templates/","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T20:24:26.000Z","created_at_i":1781900666,"id":48602858,"options":[],"parent_id":48600951,"points":null,"story_id":48600345,"text":"While this is true, allow me to give another POV. I run corporate security and internal IT for a 100 person SaaS. I "nudge" our users towards Chrome. Why? Because I can manage Chrome using the config infrastructure provided by Google. Because Google has more resources to secure their browser. Because my observability and DLP stuff works with Chrome and not with Firefox. And I'm probably still missing out on a bunch of things.
Those are real, practical reasons. Not just "if I do this I get to check another box".
Yes. I know. It's a pain that when you cannot do what you want to do. But it's not your laptop. It's the company's. Supporting more browsers to the same standard that I just described would take engineering resources, of which I do not have an infinite supply. And the priority goes to keeping the company secure.","title":null,"type":"comment","url":null},{"author":"sgalbincea","children":[],"created_at":"2026-06-19T21:03:56.000Z","created_at_i":1781903036,"id":48603218,"options":[],"parent_id":48600951,"points":null,"story_id":48600345,"text":""it shouldn\u2019t be an option."
What? Are you serious? An organization has EVERY right to enforce whatever controls they deem appropriate for their environment. Period.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:34:28.000Z","created_at_i":1781890468,"id":48600951,"options":[],"parent_id":48600858,"points":null,"story_id":48600345,"text":"it shouldn\u2019t be an option.
Some IT departments just see a \u201cmore secure\u201d checkbox and will always check it, even if it doesn\u2019t make sense holistically- sometimes compliance incentivises (or forces) this behaviour.
A common example is forcing intune/device enrolment for mobile devices (including ipads)- but not for the infinitely less secure laptops: because no such endpoint enforcement checkbox exists","title":null,"type":"comment","url":null},{"author":"RichardoC","children":[{"author":"lelandfe","children":[],"created_at":"2026-06-19T22:55:53.000Z","created_at_i":1781909753,"id":48604262,"options":[],"parent_id":48603924,"points":null,"story_id":48600345,"text":"Psst, you have a merge conflict in your text","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T22:17:46.000Z","created_at_i":1781907466,"id":48603924,"options":[],"parent_id":48600858,"points":null,"story_id":48600345,"text":"Hi there, original author here. Can confirm we're not using IAP for this workspace, or anything I was trying to access","title":null,"type":"comment","url":null},{"author":"dvfjsdhgfv","children":[],"created_at":"2026-06-20T10:36:34.000Z","created_at_i":1781951794,"id":48608140,"options":[],"parent_id":48600858,"points":null,"story_id":48600345,"text":"But they explicitly negate this:
> We haven\u2019t configured, and don\u2019t use IAP (Identity Aware Proxy) - I\u2019ve used this before and yes that is Chrome only due to how it does device verification
> This isn\u2019t because of \u201cContext Aware Access\u201d this is an enterprise only feature, and we\u2019re on Google Workspace Business Plus","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:26:02.000Z","created_at_i":1781889962,"id":48600858,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"This is not a Google-wide thing\u2026 this is from Google\u2019s Context-Aware Access product, which is configurable in Google Workspace environments. OP should direct their ire at their corporate IT or infosec team.","title":null,"type":"comment","url":null},{"author":"add-sub-mul-div","children":[{"author":"hbn","children":[{"author":"TeMPOraL","children":[],"created_at":"2026-06-19T20:09:09.000Z","created_at_i":1781899749,"id":48602712,"options":[],"parent_id":48600931,"points":null,"story_id":48600345,"text":"That one has been a well-known thing for a decade if not more; it's not just Google, half the Internet will start throwing captchas or denying access once you connect via a VPN (specifically "VPN" as in one of the services you pay to avoid location-based discrimination of media streaming platforms).","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:33:13.000Z","created_at_i":1781890393,"id":48600931,"options":[],"parent_id":48600865,"points":null,"story_id":48600345,"text":"For a few years now Google has given me a captcha whenever my VPN is on (Private Internet Access)","title":null,"type":"comment","url":null},{"author":"AIcanbiteme","children":[],"created_at":"2026-06-19T17:36:32.000Z","created_at_i":1781890592,"id":48600971,"options":[],"parent_id":48600865,"points":null,"story_id":48600345,"text":"I browse over Tor for most things and most sites give me a captcha or just simply fail to load these days. I just close the window and move on to something else.","title":null,"type":"comment","url":null},{"author":"SoftTalker","children":[],"created_at":"2026-06-19T17:51:55.000Z","created_at_i":1781891515,"id":48601147,"options":[],"parent_id":48600865,"points":null,"story_id":48600345,"text":"I am seeing it a lot more lately with uBlock Origin. I've used DDG for search for a while now, but the last few times I've tried Google I got a captcha within a couple of queries if not immediately.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:26:39.000Z","created_at_i":1781889999,"id":48600865,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"I use Google as a secondary search and as of roughly last week it gives me a captcha every time I try to do a search. That had never been the case before.","title":null,"type":"comment","url":null},{"author":"saagarjha","children":[{"author":"Lendal","children":[],"created_at":"2026-06-19T17:49:32.000Z","created_at_i":1781891372,"id":48601125,"options":[],"parent_id":48600966,"points":null,"story_id":48600345,"text":"I'm not so sure that enforcing an internal digital monoculture is a productive way to achieve innovation & resilience.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T17:36:10.000Z","created_at_i":1781890570,"id":48600966,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"I know Google finally kicked all their employees off alternate browsers but doing it for external customers is definitely a choice","title":null,"type":"comment","url":null},{"author":"wwizo","children":[],"created_at":"2026-06-19T17:37:51.000Z","created_at_i":1781890671,"id":48600989,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"At least you got a heads-up. Few months back GCP "Agent Studio - Build" failed compiling the code in sandbox with a vague error message. Spent weeks troubleshooting, spoke to google engineers and reps, sending code, step by steps, screenshots. No one had a clue, until I switched from Firefox to Chrome out of desperation and it worked without a hitch.","title":null,"type":"comment","url":null},{"author":"eikenberry","children":[],"created_at":"2026-06-19T17:55:00.000Z","created_at_i":1781891700,"id":48601182,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"Does Chromium would still work?","title":null,"type":"comment","url":null},{"author":"insanitybit","children":[],"created_at":"2026-06-19T18:11:07.000Z","created_at_i":1781892667,"id":48601381,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"Sounds like you have a device policy configured and you should talk to your internal IT/Security team?
edit: This title is just incredibly misleading. OP seems to have made a mistake here in thinking that this is something that Google has done when it's just that their corporate IT/ Sec team now enforces using Chrome.","title":null,"type":"comment","url":null},{"author":"nekusar","children":[],"created_at":"2026-06-19T18:31:28.000Z","created_at_i":1781893888,"id":48601638,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"Oh look, a monopolist is making settings "more secure" by enshrining monopoly more.
And good fucking luck getting the FTC to follow monopoly law.","title":null,"type":"comment","url":null},{"author":"sdrawkcabsti","children":[],"created_at":"2026-06-19T19:38:44.000Z","created_at_i":1781897924,"id":48602387,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"They wont stop it. They will just slow down a bit if people get ruffled. That's how alphabet has handled everything else. They learned that if they can make changes slowly enough, they can do whatever the hell they want to.
As we all know we can even pay 10x more for items and get next to no raise in our wages, but because it was done slowly in an "official" and "professional" manner, most folks didn't even complain, they just screamed into the giant pillow we call "the internet".
Corporations of the 2020s love the internet's digital pillow and its magical crowd-quieting capabilities. If only the ancient roman empire had invented the internet they would be ruling the entire planet by now and we could watch gladiators on youtube :P provided we don't stand out too much (then we would be said gladiators)","title":null,"type":"comment","url":null},{"author":"j45","children":[],"created_at":"2026-06-19T19:41:39.000Z","created_at_i":1781898099,"id":48602410,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"Reading the news of EU countries leaving American cloud providers for local cloud solutions including mobile office, it's surprising to see Google doing this.
It will only accelerate moves towards location of data, self-hosting, etc. The technologies to make this possible are much easier than they ever have been.","title":null,"type":"comment","url":null},{"author":"Bill2Lewis","children":[],"created_at":"2026-06-19T20:44:10.000Z","created_at_i":1781901850,"id":48603044,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"The sky is falling! The sky is falling!
Do your homework before yelling "Fire!".","title":null,"type":"comment","url":null},{"author":"hoomank3","children":[{"author":"goda90","children":[],"created_at":"2026-06-19T21:32:12.000Z","created_at_i":1781904732,"id":48603484,"options":[],"parent_id":48603430,"points":null,"story_id":48600345,"text":"Firefox supports locking down like that as well so that sounds like lazy IT.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T21:26:59.000Z","created_at_i":1781904419,"id":48603430,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"It is probably Chrome Enterprise which lets you lock down, for example, what extensions people are allowed to install. There is a legit reason for organizations to want to standardize on one browser and to lock it down (as browser extensions are a major source of infiltration these days).","title":null,"type":"comment","url":null},{"author":"Someone1234","children":[],"created_at":"2026-06-19T21:51:27.000Z","created_at_i":1781905887,"id":48603677,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"If people want specifics about what this is, look here:
> https://knowledge.workspace.google.com/admin/security/contex...
In particular "Allow access to devices using Chrome browser with security requirements" would present this message.","title":null,"type":"comment","url":null},{"author":"RichardoC","children":[],"created_at":"2026-06-19T22:21:11.000Z","created_at_i":1781907671,"id":48603960,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"Hi folks, blog author here.
Few comments based on common threads
- No we don't have, or use, IAP and haven't configured it
- Yes I'm the admin so can confirm this
- "Context aware access" is only available on enterprise, we're just on "Workspace business plus"
Happy to answer any other questions","title":null,"type":"comment","url":null},{"author":"nosioptar","children":[],"created_at":"2026-06-19T23:18:29.000Z","created_at_i":1781911109,"id":48604458,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"I love that google always sends useless canned responses after basically requiring you to perform a blood sacrifice to get ahold of anyone.","title":null,"type":"comment","url":null},{"author":"eek2121","children":[],"created_at":"2026-06-19T23:55:13.000Z","created_at_i":1781913313,"id":48604743,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"That's fine. The second I stopped caring, which is the day I stopped working for a living, I stopped worrying about what Google thinks. I don't use Google for email or search. (my email addresses are with proton, iCloud, and Hey, and my search is DDG) I'm not a big video person so I never use Youtube, the few times I need to use an office product I will either use OnlyOffice, or the Apple stuff. My Phone is an iPhone (with the stuff mentioned above) My browser is Firefox with uBlock Origin, and I almost never have problems with this setup.","title":null,"type":"comment","url":null},{"author":"skygazer","children":[],"created_at":"2026-06-20T00:41:58.000Z","created_at_i":1781916118,"id":48605081,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"Unrelated to Google Workspace and Firefox, but I just noticed today that Google\u2019s YouTube now says my iPhone\u2019s Safari browser is incapable of playing full screen videos, which it\u2019s not ever claimed before. I\u2019m also getting sick of them pushing Chrome anytime I use a Google service like search or Gmail. I keep dismissing the prompts, but they are relentless. It all seems so sleezy and desperate.","title":null,"type":"comment","url":null},{"author":"xyst","children":[],"created_at":"2026-06-20T01:15:23.000Z","created_at_i":1781918123,"id":48605294,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"We have collectively let a few companies control/centralize the internet. Then have a shocked pikachu face when these same companies do shitty things.","title":null,"type":"comment","url":null},{"author":"patchtopic","children":[],"created_at":"2026-06-20T01:25:46.000Z","created_at_i":1781918746,"id":48605356,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"antitrust","title":null,"type":"comment","url":null},{"author":"jqpabc123","children":[],"created_at":"2026-06-20T11:25:38.000Z","created_at_i":1781954738,"id":48608433,"options":[],"parent_id":48600345,"points":null,"story_id":48600345,"text":"Just say no to Google.","title":null,"type":"comment","url":null}],"created_at":"2026-06-19T16:30:49.000Z","created_at_i":1781886649,"id":48600345,"options":[],"parent_id":null,"points":507,"story_id":48600345,"text":null,"title":"Google workspace threatening to block Firefox access","type":"story","url":"https://tales.fromprod.com/2026/169/google-workspace-threatening-to-block-firefox.html"}