The Web We Can Ship

Transcript

1. The Web We Can Ship [email protected] / @mikewest SecWeb 2020

   @ Euro IEEE S&P
2. None
3. None

4. People live and work on the web.

5. None
6. None

7. How does Blink ship features?

8. Blink's Launch Process

9. Stay up to date. • Conversations around intents happen in

   public on [email protected]. • Chrome Platform Status has historical information about features. • https://bit.ly/blinkintents extracts intent threads from blink-dev@. • @intenttoship tweets Blink's intents, as well as information about other vendors.
10. None
11. None

12. https://research.google/pubs/pub47833/

13. Evaluating Tradeoffs

14. Core questions for deprecations. • Why should we remove the

    feature? How is it bad for the web? • Will users notice if we break the feature? Will they be happy or sad? • Do developers rely on the feature? If so, how widely? • Do alternatives exist?
15. None

16. Measuring the measurable. For objective questions, a few data sources

    are very useful: • Chrome's Use Counters • Chrome's UKM • HTTP Archive • Web Platform Tests • Anecdata

17. Use Counters Each metric folds into one bit per tab

    (usage in any frame is enough). ...0100010100101001100100000001010...

18. Use Counters Aggregated usage % over all page views. https://chromestatus.com/

19. Use Counters If we're not measuring something you think we

    ought to measure, add a counter! https://bit.ly/2Zojq76

20. UKM (URL Keyed Metrics) Each metric folds into one bit

    per tab, tied to the top-level origin. ...0100010100101001100100000001010...

21. UKM Aggregated usage % broken up by origin. https://chromestatus.com/

22. HTTP Archive (https:/ /httparchive.org) https://httparchive.org/ Periodic crawls of the top

    [many] sites, recording use counters as well as other vital statistics as it goes.

23. Web Platform Tests (https:/ /wpt.fyi)

24. A Short History of Breaking Things.

25. None

26. 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019

    2020 2021 Chrome and Adobe collaborate to bundle Flash Fuzzing! Reward$ for Flash exploits PPAPI Flash Driving down major Flash usage on the web History of Flash (in Chrome) HTML5 is made default in Chrome Flash EOL announced! Adobe Flash Mitigations to disable plugins, whitelist sites, and update Flash separately Ephemeral Enabling Disabled by default. More Warnings

27. 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019

    2020 2021 Chrome and Adobe collaborate to bundle Flash Fuzzing! Reward$ for Flash exploits PPAPI Flash Driving down major Flash usage on the web History of Flash Security (from Chrome’s perspective) HTML5 is made default in Chrome Flash EOL announced! Adobe Flash Mitigations to disable plugins, whitelist sites, and update Flash separately Ephemeral Enabling Disabled by default. More Warnings 1. Developer-facing warnings and user-facing friction can reduce usage. 2. Enterprise opt-outs remove roadblocks. 3. Collaboration with other vendors tells a consistent story.

28. 2014 2015 2016 2017 2018 2019 Marking HTTP as "Not

    Secure" Phase 3: HTTP is Not Secure! HTTPS Transparency Report Security panel in DevTools to debug broken HTTPS Proposal to evolve browser UI floated publicly Phase 1: HTTP is Not Secure! (for pws & cc#s) Phase 2: HTTP is Not Secure! (for pws & cc#s OR Incognito) UI plan announced! crbug.com/267781

29. 2014 2015 2016 2017 2018 2019 Marking HTTP as "Not

    Secure" Phase 3: HTTP is Not Secure! HTTPS Transparency Report Security panel in DevTools to debug broken HTTPS Proposal to evolve browser UI floated publicly Phase 1: HTTP is Not Secure! (for pws & cc#s) Phase 2: HTTP is Not Secure! (for pws & cc#s OR Incognito) UI plan announced! crbug.com/267781 1. Developers care deeply about browser UI surfaces, and appreciate clear timelines (deadlines). 2. Phased rollouts can keep the required actions top-of-mind. 3. Ecosystem changes require broad partnerships. 4. Conspiracy theories abound.

30. 2019Q2 2019Q3 2019Q4 2020Q1 2020Q2 2020Q3 Defaulting cookies to "SameSite=Lax"

    Rolled out in August 2020 Enterprise Opt-outs DevTools warnings. % Experiments. Pushed timeline back to Feb. 2020 due to interoperability concerns w/ Safari. Began rolling out to M80+ Announced intent at I/O. Targeting Sept. 2019. SSO Carveouts Direct Outreach & Measurement

31. 2019Q2 2019Q3 2019Q4 2020Q1 2020Q2 2020Q3 Defaulting cookies to "SameSite=Lax"

    Rolled out in August 2020 Enterprise Opt-outs DevTools warnings. % Experiments. Pushed timeline back to Feb. 2020 due to interoperability concerns w/ Safari. Began rolling out to M80+ Announced intent at I/O. Targeting Sept. 2019. SSO Carveouts Direct Outreach & Measurement 1. Low-percentage rollouts help bring bugs to the surface. Metrics thus gathered are critical. 2. Direct outreach can be an effective (though expensive) migration tool. 3. Good enough is better than perfect. 4. Holidays (and global pandemics) are poor times to schedule a change.

32. Thanks! [email protected] / @mikewest • Conversations around intents happen in

    public on [email protected]. • Chrome Platform Status has historical information about features. • https://bit.ly/blinkintents extracts intent threads from blink-dev@. • @intenttoship tweets Blink's intents, as well as information about other vendors.

33. Appendix Photos: Paper Boats on Solid Surface Miguel Á. Padriñán

    Vintage Camillus 1006 Joe Haupt Top View Of Boat On Sea Dominik Reiter Arial View of a Shipwreck Marc Coenen Every day General Grievous adds a unique lightsaber to his collection. Day 66(Finale) Thibson34 Birds-Eye View of Shipping Containers Tom Fisk Shipping Routes Red Black Wikimedia Commons Ship Rope Dock Cargo Skitterphoto