Mastodawn

@dangillmor I think this is probably a relief. Google owning Chrome is awful, but anyone else buying it is even worse. A successful antitrust action would have put *Chromium* under a foundation outside Google's control and forced them to keep shipping Chrome based on that, with no control of the upstream. Not handed it over to someone with a worse mandate to monetize.

Matt Garber Sep 3, 2025

@dalias @dangillmor Bingo. I still trust Google’s developer and security teams on Chrome (and by extension, Chromium) far more than any of the trial balloon offers floated by “serious” suitors. Better stewardship under *OpenAI*? No thanks.

@matt_garber @dalias @dangillmor So I have to express that if you think Google is good at security you are wrong. So wrong, I would argue Google fundamentally *doesn't understand* security. We literally straight up ban Chrome at the office.

twifkak Sep 3, 2025

@ocdtrekkie @matt_garber @dalias @dangillmor Can you explain why you think Chrome doesn't understand security? Specific examples of failure, or a general sense, or...?

@twifkak @matt_garber @dalias @dangillmor So specifically with Chrome, Google constantly pushes new APIs which enable malware and fingerprinting, over half of which other browsers consider actively harmful. Most of good security is disabling about half of the "features" Chrome has shoved into web browsers. Notifications API, WebUSB, etc. Meanwhile they pioneered removing the EV indicator because Google is committed itself to misunderstanding SSL security.

@ocdtrekkie @twifkak @matt_garber @dangillmor Removing EV indicator was good. EV was nothing but a vector for deceiving users. One of these two things must inherently be true:

Either you have to be sufficiently big to play (pro-monopolist), or

Anyone can setup a scam company with a name sufficiently close to some company users trust and get an EV issued to that name to deceive users that they're trustworthy.

@dalias @twifkak @matt_garber @dangillmor This is false. And even Google has admitted it in a backwards way but they're too committed to their doctrine to publicly admit EV is necessary. BIMI requires the "Verified Mark Certificate" in Gmail which is just "EV but we can't admit we were wrong".

@ocdtrekkie @twifkak @matt_garber @dangillmor BIMI is likewise bad. For the exact same reasons.

The only reason they insisted on doing something so ridiculous was that they previously made the decision to *hide the actual sender address* and only show a freeform text field the sender sets to anything they want.

Email clients should never show the sender name, only the raw email address, unless the name is in your address book matching the address.

@dalias @twifkak @matt_garber @dangillmor Why is BIMI bad? It's not. VMC and EV are the only things that actually approach a useful purpose for the entire WebPKI nonsense. Because while there may be holes worth shoring up they put a huge practical dent in the problem of enabling users to trust a message.

And it's important that you recognize that an example edge case is not important: They are practically extremely effective: Malicious use is basically zero.

@ocdtrekkie @twifkak @matt_garber @dangillmor There's an abundance of information out there about what a joke BIMI is. I haven't spent any time thinking about it since several years ago and I'm not going to go dig the stuff up for you.