[cmeacham98]

The problem is Google appears to label this as a security feature. I'm fine with the feature existing, but it should say something like "require Chrome" or "block Firefox" not "require a secure browser (wink wink we actually mean Chrome)"

[insanitybit]

The wording here is bad, but basically CAA supports non browser specific policy and, in some cases, browser specific policy (GSuite offers a "Managed Chrome" policy). Firefox users can leverage much of the non browser specific policy, they obviously can not be a part of the "Managed Chrome" offering.

[saghm]

There's no contradiction here; it's totally possible for a company to make a feature configurable so that it doesn't block their competitors but also intentionally design and market it in a way that's misleading in ways that will lead to their competitors getting blocked. When we're talking about a company as large as Google and a product with as much market share as Chrome, I don't think it's that crazy to think that things like this add up to encouraging even more hegemony, and when that happens to align perfectly with the incentives of the company making said product decisions, I also don't think it's crazy to think it's unlikely to be a coincidence.

[insanitybit]

If the argument is that Google has built a product that encourages use of Google products, of course. The question is whether that's some sort of trickery or odd or bad. "Google offers Managed Chrome as a service" hardly seems controversial to me.

[jchw]

Google offering managed chrome as a service is a completely sensible thing. The problem is that they are nearly a browser monopoly, and making Google Workspace work in such a way with Google Chrome feels to me like anti-competitive practices. If we didn't have one giant megacorp that did both things, it would be different.

Of course, so far the only workable model for web browsers is having a giant megacorp fund their development and maintenance. Which is a huge issue, and we will do basically nothing about it.

(Don't get me wrong. I have high hopes for Ladybird and even Servo, but they may come too late if effectively-proprietary features force most users to stick to Chrome anyways.)

[insanitybit]

I'm not sure what the alternative is. Is there will from Firefox to support a "standard browser config", at which point GSuite could add support for managed Firefox config? If you want managed Firefox, Mozilla could offer that as well (they have something but it's different enough).

[spwa4]

The alternative that we've used for the past 100+ years is to force such companies apart. Is Google Docs allowed to offer a "managed chrome" policy? Sure. Is Google Chrome allowed to be a browser? Absolutely!

But if either side is close to a monopoly, both cannot be part of the same company, even if that means breaking an existing company up.

[jm4]

It is a security feature. In a corporate environment, you generally don't want users installing their own software. If it's a remote access thing from a personal device, you still generally want to be able to establish some kind of baseline. I don't like Chrome - not even a little bit - but I will admit that they have a pretty damn good security track record. I'd rather my remote users be on there than some crusty Firefox installation with 40 extensions. Organizations have the right to make these decisions when they are the ones that own the data. For example, when I was still in that world, we required personal phones to be encrypted to access corporate email. This was when a lot of people would still walk around with devices without a pin. People complained, but it was non-negotiable.

[hnlmorg]

Literally the only reason they can argue Chrome is more secure than Firefox in that kind of setting is because they can Google can push Google Chrome profiles via Google Workspaces but they’ve never working with Mozilla to create an interop for Firefox.

When Microsoft did this with Windows, AD, and Internet Explore, it was deemed a breach of anti-trust laws. The question is whether such laws apply to Google given they don’t have a monopoly in the identity services domain.

If you’d asked me 5 years ago, I’d have said “no way”, but recent judgements with Apple and their App Store lead me to think there is still hope. Regardless of how remote that might be.