New Caching Change Could Dramatically Accelerate Google Chrome

This site may earn affiliate commissions from the links on this page. Terms of use.

Google is exploring a new method of improving site performance in Google Chrome, this time by adding a new back-caching feature that would keep certain data in memory, even after you’ve left a site. The company writes:

A back/forward cache (bfcache) caches whole pages (including the JavaScript heap) when navigating away from a page, so that the full state of the page can be restored when the user navigates back. Think of it as pausing a page when you leave it and playing it when you return.

The company states that this feature could improve performance by up to 19 percent in mobile Chrome, and by 10 percent on desktop PC based on the number of site interactions that represent a back/forward usage pattern. This type of caching wouldn’t accelerate sites you visit on a regular basis or improve performance overall. It’s a specific change that would make it easier to surf when moving forward and back on the same site after having accessed it the first time.

According to Google, Chrome isn’t using the default WebKit implementation of a bfcache, due to incompatibilities with Google’s multi-process architecture. Google also has work to do on the browser, ensuring that JavaScript actually freezes on the page to be cached, rather than continuing to run in the background. Allowing background JavaScript to run from cached pages would be a significant privacy and security issue.

This is a feature that Firefox and Safari already use, albeit apparently in a somewhat different way. I tried comparing Chrome and Firefox in an ordinary desktop comparison, checking the load times on several sites in succession in the same manner as the videos on Google’s developer blog. Firefox may have outperformed Chrome slightly in these tests, but not enough for me to feel comfortable declaring it a winner, and it didn’t produce the same behavior as the Chrome test did for Google. The instant load of the previous page due to bfcache doesn’t seem to happen the same way. Then again, the video is supposed to show how the feature could work in the future, not serve as a final illustration of implementation.

These changes could increase RAM usage in Chrome, but Google plans to minimize this with smarter rules about when and how to keep data in RAM while pages are suspended. The goal is to implement the feature throughout 2019 and roll it into shipping Chrome in 2020.

Now Read:

Google’s Proposed Chrome Changes Would Cripple Ad Blockers, Other Extensions

This site may earn affiliate commissions from the links on this page. Terms of use.

Google has proposed a series of changes to Chrome that, if adopted in their current form, could cripple how ad blocking works within Chromium-based browsers. The impact of the changes wouldn’t be limited to ad blocking — other projects like NoScript and a wide range of other extensions would, according to their authors, also be impacted.

Google’s proposed changes, detailed in its Manifest V3 document, would make significant changes to how extensions fundamentally work within Chrome. Extensions, for example, will no longer be permitted to load code from remote servers or to automatically apply to all sites (users will have an option to choose to run extensions on specific sites or on every site). But the biggest problems appear to be with Google’s plans to deprecate or limit the use of its webRequest API. As Ars Technica details, webRequest allows extensions to evaluate each network request that the extension is intended to monitor and to make decisions about what happens to it. Requests can be modified in-flight to change how the browser behaves in a wide variety of scenarios. Ad blockers, script blockers, and a number of various privacy-oriented extensions rely on this capability.

Google wants to replace webRequest with a new API, declarativeNetRequest. Using the old webRequest API requires that the browser ask the extension how content should be handled. The new API instead requires that the extension declare to the browser what it can do and how it does it. The problem is, the new API has a fraction of the capability of the old one. Extensions are also currently hard-limited to a constraint of 30,000 items to be filtered. As Ars notes, the current version of uBlock Origin ships with 90,000 filters by default and supports up to 500,000.

uBlock-Screenshot

The advanced functionality of extensions like uBlock isn’t possible under the new rules.

Thus far, feedback from actual extension developers has been unilaterally negative. The hard-coded limit on blocked or redirected URLs has been criticized by almost everyone in the Google Chromium development thread. Anti-phishing and anti-malware extension developers are also concerned because the new rules require that extension data be stored in plaintext, whereas some security-related extensions store information in hashed form.

While there have been reports that AdBlock Plus will have an easier time functioning under these rules than extensions like uBlock Origin, one of the authors of that extension argues that even ABP will be harmed, noting that the declarativeNetRequest API “only covers the same limited subset of filter capabilities implemented in Adblock Plus that it does in uBlock Origin.” Instead of being able to implement powerful, custom rulesets, he argues that extensions would now be limited to “providing filter rules.” This would fundamentally limit the ability of extension developers to respond quickly to website efforts to bypass their work. Security extension developers also raised these concerns, noting that the new API disallows updating content-blocking lists in real time. This alone makes it impossible for security extensions to provide fast updates.

Google’s responses, thus far, have been fairly limited. The company has been stressing that the webRequest API will be sticking around in some capacity since declarativeNetRequest can’t handle everything. It’s still evaluating the contexts in which webRequest will be allowed to function, however.

Google’s claim that these changes will improve security and performance have been met with a gimlet eye overall. Several developers have pointed out that the performance impact of running uBlock or other ad blockers on websites is so large, any performance gains Google gets from adopting a faster API will be completely subsumed by the sharp limits on the amount of content those extensions are actually able to block. Speeding up page loads by 20 percent may not mean much if you’re loading 3-5x more data relative to using an ad blocker. Security extension authors have also argued that the security risk to breaking their own products is larger than the sum total of the improvements Google is hoping to gain.

For now, Manifest V3 remains a draft document. If Google decides to implement the current version of the standard, Firefox may see a sudden uptick in adoption. It’s now the only major cross-platform browser in active development that isn’t based on Chromium.

Now Read:

Ex-Microsoft Intern: Google Deliberately Crippled Edge Browser

This site may earn affiliate commissions from the links on this page. Terms of use.

Allowing any one company too much control over the internet and the long-term development of web standards has always been a bad idea. It didn’t work well in the late 1990s and early 2000s when Microsoft’s Internet Explorer was the de facto standard, and it isn’t likely to be a particularly great outcome in 2018, either, now that Chromium has emerged as the single dominant player in browsing. According to a former Edge intern/developer, Microsoft has given up on its own EdgeHTML engine because it couldn’t keep up with the ways Google kept breaking major websites to disadvantage it.

In a post at Hacker News, JoshuaJB (identified via Neowin as Joshua Bakita), in response to a post theorizing that Google could exploit its dominance by integrating preferential support to boost Google app performance at the expense of other platforms or products, writes:

This is already happening. I very recently worked on the Edge team, and one of the reasons we decided to end EdgeHTML was because Google kept making changes to its sites that broke other browsers, and we couldn’t keep up. For example, they recently added a hidden empty div over YouTube videos that causes our hardware acceleration fast-path to bail (should now be fixed in Win10 Oct update). Prior to that, our fairly state-of-the-art video acceleration put us well ahead of Chrome on video playback time on battery, but almost the instant they broke things on YouTube, they started advertising Chrome’s dominance over Edge on video-watching battery life. What makes it so sad, is that their claimed dominance was not due to ingenious optimization work by Chrome, but due to a failure of YouTube. On the whole, they only made the web slower.

Now while I’m not sure I’m convinced that YouTube was changed intentionally to slow Edge, many of my co-workers are quite convinced — and they’re the ones who looked into it personally. To add to this all, when we asked, YouTube turned down our request to remove the hidden empty div and did not elaborate further.

And this is only one case.

The irony of defending Edge and Microsoft after years of decrying the way Redmond has shoved everyone towards using Edge at every opportunity is not lost on me. Neither is the irony of defending Microsoft in general. The company’s hostility towards open source development and its fondness for monopoly may have faded somewhat in recent years, but they’ve scarcely been forgotten.

stupid-ad-2

What we needed was a happy medium between “One browser rules the Earth” and “Your browser is malware.” Image by Thurrot.com

But I don’t need to stick up for the way Microsoft pushed people to use Edge to see the danger in giving any single company too much control over standards and practices. We don’t know if the story above is actually true — as of this writing, it hasn’t been independently confirmed. But it’s not hard to believe, and we’ve seen historical examples of how this kind of monopoly can work against companies that attempt to create alternatives. IE6 dominated the internet to such a degree that websites were often programmed to perform well in Internet Explorer, even when this broke standards or failed to conform to best practices. Competing browsers that attempted to implement standards correctly would then fail to work with IE6 pages.

Ars Technica gives another example of how Google has designed sites like YouTube to favor its own approach, to the detriment of other browsers.

As another example, YouTube uses a feature called HTML imports to load scripts. HTML imports haven’t been widely adopted, either by developers or browsers alike, and ECMAScript modules are expected to serve the same role. But they’re available in Chrome and used by YouTube. For Firefox and Edge, YouTube sends a JavaScript implementation of HTML imports which carries significant performance overheads. The result? YouTube pages that load in a second in Chrome take many seconds to load in other browsers.

The fact that Chromium is open source won’t ultimately matter much if one company still represents the overwhelming force behind its development and the associated development of future web standards. In mobile, Apple still has some sway, thanks to Safari on the iPhone. But Mozilla Firefox, with its 9 percent market share, is now the only bulwark against Chrome’s total domination of the desktop browser market.

Now Read:

Firefox, Chrome and the Future of Trustworthy Extensions

Firefox

Browser extensions are wonderful. Nearly every day I come across a new Firefox extension that customizes my browser in some creative way I’d never even considered. Some provide amusement for a short time, while others have become indispensable to my work and life. Extensions are a real-world manifestation of one of Mozilla’s core principles — that individuals must have the ability to shape the internet and their experiences on it.

Another of Mozilla’s core principles is that an individual’s security and privacy on the internet are fundamental and must not be treated as optional. We’ve made the decision to support extensions, but it is definitely a balancing act. Our users’ freedom to customize their browser – their “user agent” – and to personalize their experience on the web can also be exploited by malicious actors to compromise users’ security and privacy.

At Mozilla, we continually strive to honor both principles. It’s why Firefox extensions written to the WebExtensions API are limited in their abilities and have good oversight, including automatic and manual review. It’s also why we make sure users can understand exactly what permissions they’ve granted to those extensions and what parts of their browser they can access.

In short, Mozilla makes every effort to ensure that the extensions we offer are trustworthy.

So it was with great interest that I read Google’s recent Chromium Blog blog post entitled “Trustworthy Chrome Extensions, by default.” It outlines upcoming changes to Chrome’s extension architecture designed to make “extensions trustworthy by default.” I thought it would be interesting to explore each of the announced changes and compare them to what Mozilla has built into Firefox.

User Controls for Host Permissions

“Beginning in Chrome 70, users will have the choice to restrict extension host access to a custom list of sites, or to configure extensions to require a click to gain access to the current page.”

Being able to review and modify the sites that an extension has access to, especially those extensions that ask to “access your data for all websites,” is a worthy goal. Mozilla has discussed similar ideas, but the problem always comes down presenting this in a clear, uncomplicated way to a majority of users.

Having played a bit with this feature in Chrome, the implementation definitely seems targeted at power users. Extensions that request access to all websites still get installed with that access, so the default behavior has not changed.

The click-to-script option is intriguing, although the UX is a bit awkward. It’s workable if you have a single extension, but becomes unwieldy to click and reload every site visited for every installed extension.

Admittedly, getting this interface right in an intuitive and easy-to-use manner is not straightforward and I applaud Google for taking a shot at it. Meanwhile Mozilla will continue to look for ways Firefox can provide more permission control to a majority of extension users.

Extension Review Process

“Going forward, extensions that request powerful permissions will be subject to additional compliance review.”

The post is vague about exactly what this means, but it likely means these extensions will be flagged for manual review. This brings Chrome up to the standard that Firefox set last year, which is great news for the web. More manual review means fewer malicious extensions.

“We’re also looking very closely at extensions that use remotely hosted code, with ongoing monitoring.”

Firefox expressly forbids remotely hosted code. Our feeling is that no amount of review can eliminate the risks introduced when developers can easily and undetectably change what code is loaded by extensions. Mozilla’s policy ensures that no unreviewed code is ever loaded into the browser, and enforced signatures prevents reviewed code from being altered after release.

Code Readability Requirements

“Starting today, Chrome Web Store will no longer allow extensions with obfuscated code…minification will still be allowed.”

In reality, minified and obfuscated code are not very useful in extensions. In both Chrome and Firefox, extensions load locally (not over the network) so there is almost no performance advantage to minification, and obfuscation can be overcome by a dedicated person with readily available tools and sufficient effort.

Nevertheless, Mozilla permits both obfuscated and minified extensions in our store. Critically, though, Mozilla requires all developers to submit original, non-obfuscated, non-minified code for review, along with instructions on how to reproduce (including any obfuscation or minification) the store version. This ensures that reviewers are able to review and understand every extension, and that the store version is unaltered from the reviewed version.

As you might expect, this takes a significant investment of time and energy for both Mozilla and developers. We believe it is worth it, though, to allow developers to secure their code, if desired, while simultaneously providing thoroughly reviewed extensions that maintain user security and privacy.

Required 2-Step Verification

As a whole, the web is moving in this direction and requiring it for developer accounts is a strong step towards protecting users. Mozilla recently added two-step authentication for Firefox Sync accounts, and two-step authentication for Firefox extension developers is on the roadmap for the fourth quarter of 2018. Like Google, we expect to have this feature enabled by 2019.

Manifest v3

“In 2019 we will introduce the next extensions manifest version…We intend to make the transition to manifest v3 as smooth as possible and we’re thinking carefully about the rollout plan.”

In 2015, Mozilla announced we were deprecating our extremely popular extension system in favor of WebExtensions, an API compatible with Chrome, as well as Edge and Opera. There were several reasons for this, but a large part of the motivation was standards — a fundamental belief that adopting the API of the market leader, in effect creating a de facto standard, was in the best interests of all users.

It was a controversial decision, but it was right for the web and it represents who Mozilla is and our core mission. Three years later, while there still isn’t an official standard for browser extensions, the web is a place where developers can quickly and easily create cross-browser extensions that run nearly unchanged on every major platform.

So I would like to publicly invite Google to collaborate with Mozilla and other browser vendors on manifest v3. It is an incredible opportunity to show that Chrome embodies Google’s philosophy to “focus on the user,” would reaffirm the Chrome team’s commitment to open standards and an interoperable web, and be a powerful statement that working together on the future of browser extensions is in the best interests of a healthy internet.

Conclusion

While all of the changes Google outlined are interesting, some of them could go a step further in protecting users online. Nevertheless, I’d like say — bravo! The motivation behind these changes is definitely in the spirit of Mozilla’s mission and a gain for the open web. With Chrome’s market share, these initiatives will have a positive impact in protecting the security and privacy of millions of users around the world, and the web will be a better place for it.

A lot of work remains, though. Expect Mozilla to keep fighting for users on the web, launching new initiatives, like Firefox Monitor, to keep people safe, and advancing Firefox to be the best user agent you can have in your online journies.

The post Firefox, Chrome and the Future of Trustworthy Extensions appeared first on Mozilla Add-ons Blog.

How to Import and Export Browser Bookmarks

I like to use multiple browsers and always mess around with any new browser in town. And so, quite often I import/export my bookmarks around. If you are looking to move your browser bookmarks to a different browser, then I can help.

In this post, I’ll show you how to import and export bookmarks and other data in:

Chrome

Import bookmarks

  1. Click on the three vertical dots menu at the top-right corner and go to Bookmarks > Import bookmarks and settings.
    bookmarks and settings
  2. Next, either select the an installed browser to directly import the bookmarks, or select the HTML file from your PC. While directly importing, you can select type of data as well, such as browser history, bookmarks, passwords, and search engines. Click on Import when you are done to import the data.
    chrome

Export bookmarks

  1. Click on the three vertical dots menu again and go to Bookmarks > Bookmark manager.
    chrome bookmark manager
  2. Go to Organize > Export bookmarks to HTML file. An HTML file will be ready to download.
    export chrome bookmark

Firefox

Import bookmarks

  1. From the top bar, click on the Show Bookmarks button, and select Show all bookmarks. You may also use Ctrl + Shift + B for this.
    show all firefox bookmarks
  2. Next, click on the Import and Backup menu at the top and click on Import Bookmarks from HTML to import them from an HTML file, or click on Import Data from Another Browser to select another browser to directly import data.
    import bookmarks firefox

Export bookmarks

From the same Import and Backup menu, click on the Export Bookmarks to HTML option and save the HTML.

export firefox bookmarks

Opera

Import bookmarks

  1. Open Opera menu from the top-left corner and click on Settings. Alternatively, you can use the shortcut Alt + P.
  2. Here move to the Browser section from the left menu and click on the Import bookmarks and settings button under the Default browser heading.
    opera bookmarks and settings
  3. Now you can either select a supported browser from the drop-down list or select “Bookmarks HTML file” option to import from an HTML file.
    import opera bookmarks

Export bookmarks

Unfortunately, Opera doesn’t support export feature. However, you can use Bookmarks Import & Export Opera extension to get this functionality. Install and open up the extension, and click on the Export button to download the bookmarks HTML file.

export opera bookmarks

Microsoft Edge

Import bookmarks

  1. Click on the three horizontal dots menu at the top-right corner and select Settings.
  2. Now click on the Import from another browser button under the Import favorites and other info” button.
  3. Next, you can select a supported browser, or click on the Import from file button to import from an HTML file.
    import edge bookmarks

Export bookmarks

Go to the “Import your info” menu again and click on the “Export to file” button to download the HTML file.

export favourites

Note: The export is only available in the Creators Update of Windows 10. In case you haven’t updated Windows 10 to Creators Update, you can use this third-party tool Edge Manage to export favorites.

Internet Explorer

Import bookmarks

  1. Click on the Star icon at the top-right corner, and click on the tiny upside down arrow next to the Add to favorites button. Here click on the Import and export option.
    import and export internet explorer
  2. A wizard will open up. Here you can either select Import from another browser or Import from a file option and then follow the wizard to import data.
    import bookmarks internet explorer

Export bookmarks

  1. Open the same “Import and export” wizard and select the “Export to a file” option.
    export internet explorer bookmarks
  2. On the next page, you can select the type of data that you want to export, including Favorites, Feeds, and Cookies. Afterward, click Next to finish the process and download the HTML file.
    select data internet explorer

Vivaldi

Import bookmarks

  1. Click on the Vivaldi menu button at the top-left corner and select Import Bookmarks and Settings from the File option.
    import vivaldi bookmark settings
  2. From the drop-down menu, you can select a supported browser or an HTML file. Interestingly, Vivaldi also supports importing data from Opera, although Opera natively doesn’t support the export feature.
    import vivaldi bookmark

Export bookmarks

To export bookmarks, go to the File menu again and select “Export Bookmarks” to download the HTML file.

export vivaldi bookmarks

Wrap up

While importing data, try to automatically import from an installed browser instead of an HTML file. This way you’ll be able to import more data, including cookies, bookmarks, history and saved passwords.

The exported HTML file usually only contains bookmarks, so direct importing is better and more convenient.