Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Web We Can Ship

Mike West
September 11, 2020
350

The Web We Can Ship

Presented at the SecWeb workshop (https://secweb.work/), adjunct to Euro IEEE S&P 2020.

Mike West

September 11, 2020
Tweet

Transcript

  1. The Web We Can Ship [email protected] / @mikewest
    SecWeb 2020 @ Euro IEEE S&P

    View full-size slide

  2. People live and work on the web.

    View full-size slide

  3. How does Blink ship features?

    View full-size slide

  4. Blink's Launch Process

    View full-size slide

  5. Stay up to date.
    ● Conversations around intents
    happen in public on
    [email protected].
    ● Chrome Platform Status has
    historical information about
    features.
    ● https://bit.ly/blinkintents extracts
    intent threads from blink-dev@.
    ● @intenttoship tweets Blink's
    intents, as well as information
    about other vendors.

    View full-size slide

  6. https://research.google/pubs/pub47833/

    View full-size slide

  7. Evaluating Tradeoffs

    View full-size slide

  8. Core questions
    for deprecations.
    ● Why should we remove the feature?
    How is it bad for the web?
    ● Will users notice if we break the
    feature? Will they be happy or sad?
    ● Do developers rely on the feature? If
    so, how widely?
    ● Do alternatives exist?

    View full-size slide

  9. Measuring the
    measurable.
    For objective questions, a few data sources
    are very useful:
    ● Chrome's Use Counters
    ● Chrome's UKM
    ● HTTP Archive
    ● Web Platform Tests
    ● Anecdata

    View full-size slide

  10. Use Counters
    Each metric folds into one bit per tab
    (usage in any frame is enough).
    ...0100010100101001100100000001010...

    View full-size slide

  11. Use Counters
    Aggregated usage %
    over all page views.
    https://chromestatus.com/

    View full-size slide

  12. Use Counters
    If we're not measuring
    something you think we
    ought to measure, add a
    counter!
    https://bit.ly/2Zojq76

    View full-size slide

  13. UKM (URL Keyed Metrics)
    Each metric folds into one bit per
    tab, tied to the top-level origin.
    ...0100010100101001100100000001010...

    View full-size slide

  14. UKM
    Aggregated usage %
    broken up by origin.
    https://chromestatus.com/

    View full-size slide

  15. HTTP Archive
    (https:/
    /httparchive.org)
    https://httparchive.org/
    Periodic crawls of the top [many] sites,
    recording use counters as well as other
    vital statistics as it goes.

    View full-size slide

  16. Web Platform Tests
    (https:/
    /wpt.fyi)

    View full-size slide

  17. A Short History of Breaking Things.

    View full-size slide

  18. 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021
    Chrome and Adobe collaborate to
    bundle Flash
    Fuzzing!
    Reward$ for Flash
    exploits
    PPAPI Flash
    Driving down major
    Flash usage on the web
    History of Flash (in Chrome)
    HTML5 is made
    default in Chrome
    Flash EOL
    announced!
    Adobe
    Flash
    Mitigations to disable plugins,
    whitelist sites, and update Flash
    separately
    Ephemeral
    Enabling
    Disabled by
    default.
    More
    Warnings

    View full-size slide

  19. 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021
    Chrome and Adobe collaborate to
    bundle Flash
    Fuzzing!
    Reward$ for Flash
    exploits
    PPAPI Flash
    Driving down major
    Flash usage on the web
    History of Flash Security (from Chrome’s perspective)
    HTML5 is made
    default in Chrome
    Flash EOL
    announced!
    Adobe
    Flash
    Mitigations to disable plugins,
    whitelist sites, and update Flash
    separately
    Ephemeral
    Enabling
    Disabled by
    default.
    More
    Warnings
    1. Developer-facing warnings and
    user-facing friction can reduce usage.
    2. Enterprise opt-outs remove roadblocks.
    3. Collaboration with other vendors tells a
    consistent story.

    View full-size slide

  20. 2014 2015 2016 2017 2018 2019
    Marking HTTP as "Not Secure"
    Phase 3:
    HTTP is
    Not Secure!
    HTTPS
    Transparency
    Report
    Security panel in DevTools to
    debug broken HTTPS
    Proposal to evolve
    browser UI floated
    publicly
    Phase 1:
    HTTP is
    Not Secure!
    (for pws & cc#s)
    Phase 2:
    HTTP is
    Not Secure!
    (for pws & cc#s OR
    Incognito)
    UI plan announced!
    crbug.com/267781

    View full-size slide

  21. 2014 2015 2016 2017 2018 2019
    Marking HTTP as "Not Secure"
    Phase 3:
    HTTP is
    Not Secure!
    HTTPS
    Transparency
    Report
    Security panel in DevTools to
    debug broken HTTPS
    Proposal to evolve
    browser UI floated
    publicly
    Phase 1:
    HTTP is
    Not Secure!
    (for pws & cc#s)
    Phase 2:
    HTTP is
    Not Secure!
    (for pws & cc#s OR
    Incognito)
    UI plan announced!
    crbug.com/267781
    1. Developers care deeply about
    browser UI surfaces, and appreciate
    clear timelines (deadlines).
    2. Phased rollouts can keep the
    required actions top-of-mind.
    3. Ecosystem changes require broad
    partnerships.
    4. Conspiracy theories abound.

    View full-size slide

  22. 2019Q2 2019Q3 2019Q4 2020Q1 2020Q2 2020Q3
    Defaulting cookies to "SameSite=Lax"
    Rolled out in
    August 2020
    Enterprise
    Opt-outs
    DevTools warnings.
    % Experiments.
    Pushed timeline back
    to Feb. 2020 due to
    interoperability
    concerns w/ Safari.
    Began rolling out
    to M80+
    Announced intent
    at I/O. Targeting Sept.
    2019.
    SSO Carveouts
    Direct Outreach &
    Measurement

    View full-size slide

  23. 2019Q2 2019Q3 2019Q4 2020Q1 2020Q2 2020Q3
    Defaulting cookies to "SameSite=Lax"
    Rolled out in
    August 2020
    Enterprise
    Opt-outs
    DevTools warnings.
    % Experiments.
    Pushed timeline back
    to Feb. 2020 due to
    interoperability
    concerns w/ Safari.
    Began rolling out
    to M80+
    Announced intent
    at I/O. Targeting Sept.
    2019.
    SSO Carveouts
    Direct Outreach &
    Measurement
    1. Low-percentage rollouts help bring
    bugs to the surface. Metrics thus
    gathered are critical.
    2. Direct outreach can be an effective
    (though expensive) migration tool.
    3. Good enough is better than perfect.
    4. Holidays (and global pandemics) are
    poor times to schedule a change.

    View full-size slide

  24. Thanks!
    [email protected] / @mikewest
    ● Conversations around intents
    happen in public on
    [email protected].
    ● Chrome Platform Status has
    historical information about
    features.
    ● https://bit.ly/blinkintents extracts
    intent threads from blink-dev@.
    ● @intenttoship tweets Blink's
    intents, as well as information
    about other vendors.

    View full-size slide

  25. Appendix
    Photos:
    Paper Boats on Solid Surface
    Miguel Á. Padriñán
    Vintage Camillus 1006
    Joe Haupt
    Top View Of Boat On Sea
    Dominik Reiter
    Arial View of a Shipwreck
    Marc Coenen
    Every day General Grievous adds a unique lightsaber
    to his collection. Day 66(Finale)
    Thibson34
    Birds-Eye View of Shipping Containers
    Tom Fisk
    Shipping Routes Red Black
    Wikimedia Commons
    Ship Rope Dock Cargo
    Skitterphoto

    View full-size slide