Some IT departments just see a “more secure” checkbox and will always check it, even if it doesn’t make sense holistically- sometimes compliance incentivises (or forces) this behaviour.
A common example is forcing intune/device enrolment for mobile devices (including ipads)- but not for the infinitely less secure laptops: because no such endpoint enforcement checkbox exists
I absolutely see many problems with this and you really ought to as well.
Your corporate serfdom is not in question, but I disagree with that notion too.
There is zero problem here guys.
Can you elaborate on why you think that Firefox is inherently insecure in some way for accessing Google workspaces?
> It's a paid product, they are actually allowed to do this.
If that were the only metric, then no monopoly would ever be broken up for any reason (which I guess is the way regulation seems to work nowadays, but at least in theory it's supposed to be possible for it to happen sometimes). The idea that using market pressure from one product a company sells to squeeze out competition in another is totally fine as long as the first product is paid is not a premise I agree with.
If course the reverse can also be argued, for example that Firefox supports proper adblocking.
You can make Firefox pass CAA if you want. You take the Chrome "SecureConnect Reporting" (Context-Aware Access) plugin, port it to Firefox with some light changes, and you can report whatever you want to CAA.
But who outside of Google is running exclusively ChromeOS? My impression from looking at the JS part is that it's mostly obfuscation, with the possible exception of ChromeOS.
I feel like the secure connect client being closed source would have been an effective deterrent 5 years ago, but these days everyone's throwing LLMs at everything. So an attack that would have taken effort doesn't present nearly as much of a barrier anymore. At least as long as there remain some platforms that don't enforce full attestation...
I just don't think that matters much. CAA is policy enforcement, it is not a full MDM solution, nor is it antimalware.
I think Chromebooks are pretty common in school settings
Of course Google is going to suggest using Chrome, if they detect that the browser might be out of date.
The issue presented doesn’t seem to be “an up to date browser check” it seems to be a “is it latest chrome” check, which is a very different thing.
If the organization is indeed enabling a specific check for Chrome that seems a little over the top but they're the ones supporting their users and if they want to make their life easier by only dealing with one browser that's their decision to make. It's like saying that everyone has to use Windows, or a specific line of laptops, or any other standardization to simplify the support workload.
I don’t see why I should give affordances of good will to Google here.
They’re not stupid, they know that this is an effective lever to further cement full-fat chrome as the default browser for the internet.
Other way to look at it is, the company is paying for everything, and they get to make decisions based on what suits their security needs.
https://knowledge.workspace.google.com/admin/security/create...
The Org admin can put all sorts of restrictions on who can do what based on the client device setup.
1. Make it ridiculously easy to install hardware vendor keys and register it with OS of choice. (like a standardized dialog box in UEFI and a standardized/regulated IPMI-like interface)
2. Allow for only measured boot on those devices.
3. Provided facility to verify signatures.
Do this on consumer and enterprise laptops and desktops alike and all of these weird set of conditions just go out of play and replaced by something much much simpler.
Want to check for DBSC? Enjoy not knowing whether the browser vendor decided to just roll a simple software implementation.
Nothing good comes from browser detection over feature detection anyways. It's time to do away with user-agents and other overt identifying markers, and if we're still not in a better place, aggressively start stubbing features.
* to some degree they still are. Firefox still ships with an user-agent override list for certain websites that have outdated user-agent sniffing for feature detection (and other fixes in about:compat).
At the end of the day user-preference is what dictates which browser is used and how it is configured. Developers will have to deal with what users choose to do on their end.
You can only patronize people for so long before they look for a way around silly restrictions. Trying to keep someone safe by putting up walls, whether the threat is real or imaginary, is pointless when it is in the user's power to trivially defeat those walls - and when extension and browser developers are going to line up to sell them demolition tools (see ad blocking).
Advice is going to go much further than roadblocks, long term.
As we all know we can even pay 10x more for items and get next to no raise in our wages, but because it was done slowly in an "official" and "professional" manner, most folks didn't even complain, they just screamed into the giant pillow we call "the internet".
Corporations of the 2020s love the internet's digital pillow and its magical crowd-quieting capabilities. If only the ancient roman empire had invented the internet they would be ruling the entire planet by now and we could watch gladiators on youtube :P provided we don't stand out too much (then we would be said gladiators)
It will only accelerate moves towards location of data, self-hosting, etc. The technologies to make this possible are much easier than they ever have been.
edit: This title is just incredibly misleading. OP seems to have made a mistake here in thinking that this is something that Google has done when it's just that their corporate IT/ Sec team now enforces using Chrome.
Monopolies aren't a prerequisite for antitrust action, they're the failure state when you should have acted sooner.
And good fucking luck getting the FTC to follow monopoly law.