What’s New with Chrome and the Web (Google I/O ’19)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[MUSIC PLAYING] [APPLAUSE] BEN GALBRAITH: I'm Ben Galbraith. DION ALMAER: And I'm Dion Almaer. And we're on the Chrome team, where we work on the Web Platform, and-- BEN GALBRAITH: We'll be tag teaming throughout this talk, as we share with you-- DION ALMAER: Some highlights of what's new on Chrome and the Web. BEN GALBRAITH: And since last year's Google I/O, we've had three major anniversaries. In September, Chrome turned 10 years old. And to celebrate, we shipped a major update to Chrome's UI. DION ALMAER: In the same month, Google marked 20 years pursuing its mission of organizing the world's information. And two months ago, the Web celebrated its 30th birthday. So I guess the Web is a real grown up now. BEN GALBRAITH: I guess we're headed to middle age. So it was back in 1989 that Tim Berners-Lee described this vision that he had for the Web. And I love this concept of a space where everything can be linked to everything. And I think this captures the spirit of the Web and what makes it special in today's landscape. It's this massive, global scale open platform where all of us can freely connect with each other and where a new experience is just a link away. DION ALMAER: And the Web's future depends on all of us working together to adapt and improve it, to meet the needs of our evolving world. This need to collaborate is why we work on the open-source Chromium Project, as we work to improve the Web Platform. And we're really excited that Chromium is used by so many different browsers all around the world. BEN GALBRAITH: So the Web has come so far over the past three decades-- this is the world's first web page up here-- from simple documents to really, really sophisticated modern websites. And so as we think about the next three decades, we ask ourselves what lies ahead. We have three major goals for the work that we're doing to improve the Web Platform. First, we want to enable users to traverse the Web instantly, no matter where they are in the world. And this helps ensure that people keep exploring and finding new content. And it builds this rich diversity that we value so much on the Web. Second major goal is expanding the power of the Web, which enables people to find all of the world's information and services on the platform. And it really brings this vision of everything connected to everything on the platform to life. Our third major goal is ensuring that, as people navigate the Web, they're kept safe. And so this afternoon, we're going to update you on some of the work that we've been doing in these three areas. DION ALMAER: So let's start with loading links instantly. Back in the early days-- [DIAL-UP SOUND] --you know, the dial-up modem era-- does this bring back any memories? BEN GALBRAITH: I don't know if they're good memories or bad memories. DION ALMAER: They're really good memories. This was fun. [INAUDIBLE] BEN GALBRAITH: I guess. DION ALMAER: Back in the dial-up era, high-speed connections were kind of limited to institutions. You didn't really have them at home. But today, broadband is everywhere. We increasingly have blazingly fast connections, even in our pockets. The instant web is here. OKR achieved. BEN GALBRAITH: Except it's really not. DION ALMAER: Really? BEN GALBRAITH: No. If you look at the data-- we're product managers, sometimes we do that. In real world conditions, the web can be pretty far from instant. These are stats from HTTP Archive, which has a corpus of about 5 million URLs that it retrieves over the world from a data center in the US. On average, it takes six seconds before the web page even starts to paint. And it takes nine seconds before users can even start interacting with the web page. And then when you start to consider other areas of the world with poorer connectivity, or sort of emerging, entry level devices, it can be much, much worse. DION ALMAER: And what's more, web pages are constantly getting bigger, nearly doubling in size over the past three years to an average total of 1.6 megs. BEN GALBRAITH: And we found that users are really sensitive to loading speed. This is from a recent study from the company SOASTA, the respected performance testing firm. They found that even just one second increases in loading times caused big conversion decreases for developers. It's a really, really important area. DION ALMAER: This is why we've invested so much energy through the years in adding new web platform features throughout the stack that enable developers to improve the performance of their sites, such as preload and prefetch, to make sure the browser knows what to prioritize for the current page and can fetch what you think will be needed for the next one. BEN GALBRAITH: And the developers who take advantage of all these improvements that are landing in the web consistently see big, big gains. For example, Wayfair, the popular retailer, recently optimized their site and saw a 10% increase in their year-over-year conversion rates. And Times Internet did a similar optimization and increased their average session duration by 31%. We used to work in retail and fight for basis point improvements. DION ALMAER: That's a big improvement. BEN GALBRAITH: These are massive gains. And again, it's consistent whenever developers put in this effort. DION ALMAER: For example, we spent a bunch of effort over the last year optimizing Chrome's initial page load performance. And you can really see these gains on entry level Android devices where we've gotten it down to half the time. Much of these gains are powered by improvements we've made to V8, our JavaScript engine. And this is so important, because JavaScript size has grown 50%, as well. And it's great to see new features that developers seem to really like, like async/await, really got a lot faster as the VM team really kind of supercharges it. BEN GALBRAITH: OK. A big part of the increase that Dion was talking about comes from images. And you know images are great, especially as our world becomes more visual, but they also lead to a lot of bloat. For example, the average page transfers 840 kilobytes of images, which is two times bigger than it was three years ago. And so with this in mind, we've added a new feature to the platform, lazy loading, that helps. And it does this by loading only the images that are required for the user to see. And it automatically manages the loading of new images as the user scrolls. And it addresses two problems. First, it's just a waste of data to send images down to user that they're never going to see. And two, we've found that mobile entry level devices really struggle when they try to download a lot of images simultaneously. They start to thrash. And it can lead to a really sluggish experience for users. All you need to do is add the new loading lazy tag to your image tags, and Chrome manages the rest. It detects the connection speed of the user to decide when to load, and it retrieves the first 2 kilobytes of the image to figure out what the size of the placeholder should be. We're also extending this feature to iframes, so that they can also be lazily loaded. And this is in Canary, and you can play with it today. DION ALMAER: Great. So to help you keep up with all of these platform improvements, a few years ago, we introduced a tool called Lighthouse. It's built right into Chrome DevTools, and it analyzes your site to tell you exactly how to use all of the latest of the platform's features to optimize your site's performance. Once you do the work to get your site fast, though, you want to keep it that way. And with a large team adding features, it's really easy to regress. What we're seeing with successful developers are they continuously measure their websites, and they set performance budgets. Partners like Pinterest and Uniqlo Canada saw an improvement in both business metrics and user engagement when they focused on performance and implemented budgets. So we love this practice so much, we wanted to add simple right into Lighthouse. And we did that today. It's really simple to set up. You get a configuration in a JSON file, and you just set different resource limits, or set different metrics that you want to hit. Then take Lighthouse-- it's easy to integrate it into your continuous integration server-- and that's it. So you can open up the newest release of Lighthouse and start budgeting. BEN GALBRAITH: About a year and a half ago, we released the Chrome User Experience Report. This is a massive corpus of Chrome performance data that tells you exactly how your users are experiencing your site all across the world. And it also shows you how your competitors are doing. We've been steadily expanding this corpus of data-- it now has about six million sites-- and you can get to the raw data and explore it using Google Cloud's BigQuery product. And we've also been integrating it into our performance tooling, like HTTP Archive and PageSpeed Insights. And we have a new integration that we're announcing today on our Search Console where, now, there's a new speed report that gives you insights at the URL level and also gives you aggregated information about how groups of pages can be improved. DION ALMAER: And then to go even deeper on your sites, the Firebase team announced Firebase Performance Monitoring earlier today. This lets you instrument your own sites together in even wider array of real user metrics, and it's all for free. BEN GALBRAITH: There's one more small performance feature I want to tell you about, and it's called Paint Holding. To understand this one, we need to look at one of my favorite sites. I don't know how to pronounce this, actually. DION ALMAER: A-wuh-wuh-wuh-wards? BEN GALBRAITH: Awuh-awards. I think it's Awwwards. It's a fantastic award site for web design. It's really fast, which is great. But there's this white flash when you transition between pages, which is really annoying. Take a look. I'm going to play it now. We click on the Performance Center, and you get the flash. So this is actually a feature, from our perspective, the flash you just saw, because we want to show the user that Chrome is being responsive and that we're going out and we're loading the page. And so we immediately clear the browser as soon as we start that process to show you that something's happening. But in this case, it happens nearly instantaneously. And so the flash is just really annoying. So with Paint Holding, we now look at the page that's being loaded. And if it's responding fast enough, we get rid of the flash. So I'll replay the video with this feature turned on, and you'll see a really seamless transition. So this flag is available in Canary today. So this is just a highlight of the work that we're doing to make the Web more instant. We'd also like to preview a couple of longer-term efforts that we have underway that have the potential to take the web much further in this direction. And to talk about one of them, I'd like to invite Barb onto the stage. Please welcome Barb. [APPLAUSE] BARB PALSER: Thank you, Ben. Hi, I'm Barb Palser. I work on the Chrome and Web Partnerships Team helping partners test new web capabilities. And one of the things that we've been working on is a new page transition experience. Today, as we click through links, we feel the transition of leaving one site and moving to the next. And when an iframe loads, it's a window to another site, but you can't go through that window to the other site. Portals make that possible. Portals are like iframes that you can navigate to. When a user opens a portal, the portal becomes the top-level page. With associated APIs to support free prefetching, enhanced transitions, and the exchange of contextual information, portals enable fluid, composed journeys within or across sites. So portals are very new. And we have a demo to show you why we are so excited about their potential. So we'll start at this imaginary meal planning site, which aggregates recipes from other sites. Now, the first thing that catches my eye is this avocado toast-- naturally, we're in the Bay Area-- but I'm looking for a dinner recipe. So I will save this one to the imaginary social site, Nom Nom. When I click the Share button, the share card will open in a portal. I'm now on Nom Nom's domain, but the meal plan site appears to persist in the background. This is thanks to the adoptPredecessor function in Portals, which allows the origin page to share context with the destination page. So I'll save this recipe, which will close the portal, so that I can keep browsing. Normally, each of the recipes on this page might link directly to a destination site. But here, they're all embedded portals which, with the help of prefetching, can empower developers to build cool things, like this peaking experience where I can preview a page on another site while I'm still on the meal plan site. And when I finally find a recipe that I want and click through to get my ham and spinach sammy, this portal transition is so smooth you don't feel it. But here we are on another site. So this recipe looks great. I'd like to buy the ingredients. This recipe site is now ready to hand off my shopping list by zipping through another portal to a grocery site where I can check out. Now, this shopping list handoff was accomplished by another function called PortalActivateOptions, which sends information from the origin page to the destination page. This animation could also be a nice distraction, if you're waiting for the destination page to render. So at the end of this journey, we have used four creative portal transitions across four sites in one composed instant experience. Now, portals also have a very strong single-site use case, enabling the smooth transitions of a single-page app without having to re-architect a multi-page website. So here, we've built a-- oh, if I can go back and show that video-- so I may go forward, back to-- there we go. So I hope we can see the animation. There we go. So here, we've built a demo for Hatena and [NON-ENGLISH] web comics, the Japanese manga brand, showing these SPA-like transitions on their multi-page site. So we have just launched the Portals API as an experimental feature behind a flag in Canary. And we're really eager for the developer community to uncover new use cases for Portals and also share your feedback with us. So now, I will hand it back to Ben for another part of the instant web vision. [APPLAUSE] DION ALMAER: Thanks, Barb. BEN GALBRAITH: Thanks, Barb. So we've got one more standard we want to talk to you about. This one's called Web Packaging. So with Packaging, the model for loading web pages changes from today's model, which we all understand, where the browser requests a page from an origin server, to a new model where developers create a signed package that contains the page. And the browser can load it from anywhere, even potentially other peer devices. And this can enable privacy-safe preloaded models because the data to fetch the package doesn't go back to the origin server. And it gives the browser tremendous flexibility to preload pages more of the time. The first phase of Web Packaging, signed exchanges, is available in Chrome Canary today. And we believe, when you look at the emerging Web Packaging and Portal standards, they have potential, over time, to enable a more seamless instant web with packaging enabling privacy-safe preloading and portals enabling seamless transitions. And we'd love your feedback on both. OK. Now, we'd like to shift gears and talk about some of what we're doing to make the web more powerful. DION ALMAER: That's right. Fast, instant loading is a really exciting vision and magical when it works. But it's only the beginning of the story. What really matters is what the user can do once the website is loaded. New capabilities for the Web are regularly becoming available. And over the past year, we've continued our efforts to expand what's possible on the Web, rolling out APIs that bring powerful capabilities to you. So when I think about cool websites, I normally think about movie websites. So maybe we should see someone using the real power of the web? BEN GALBRAITH: Some big motion picture from this year to see how they really merchandise the move. DION ALMAER: A popular movie. Yeah. BEN GALBRAITH: Well, let's take a look at one. DION ALMAER: I meant "Avengers." I meant the-- uh-- BEN GALBRAITH: That may not be what we had in mind, actually. This is the "Captain Marvel" website. It kind of fits the 30th anniversary theme. You've got a nice MIDI file playing in the background. DION ALMAER: It's very retro. It's very like retro. And I love how quirky and fun the web can be. Well played, Marvel. But seriously, what can you do with the new platform capabilities? To show us a real example, let's welcome Paul to the stage. BEN GALBRAITH: Please welcome Paul. [APPLAUSE] PAUL LEWIS: Thanks, chaps. Hi, everyone. I'm Paul Lewis. I'm a software engineer on the Chrome team. Now we've been thinking about the camera, how developers use it, and what that could mean for the web. Because I think most of us are used to the idea that you can get links from a web page. But what if you could get links from objects in the real world? Because many of them have QR codes, bar codes, product logos, images, and that kind of thing. And it's the case that when you're in, say, in a store, and you're looking at a product, rather than thumb typing, if you could just hold the product up to the camera and get some information inside of the PWA, that would be really useful. And it's that kind of scenario we've had in mind as we've been working on a thing that we call the Web Perception Toolkit, which I'm going to try and give you a demonstration of now. So if we could switch across to the device. Marvelous. OK, so what I have here is the I/O Web Sandbox Scanner PWA. Quite a mouthful, I'm sure you'll agree. But what it lets me do is it lets me scan items from our sandbox out there. I also have something that I actually really like, which is this 3D printed Chrome dino thing. It's amazing. Do I want this? Yes, I do. [LAUGHTER] Right? Marvelous. And it has a barcode. So what I'm going to do is I'm going to start this up, which is our scanner. So this is using the Web Perception Toolkit. First thing it does is it starts up a camera feed and a couple of detectors in the background. So what I'm going to do is I'm going to try and scan the barcode, if I can, with the lighting being as it is. There it is. OK, so it's detected the barcode. And you can see it's put this card on the screen. Now, that's not magic. I've already told the Perception Toolkit what I'm looking for by putting some structured data inside of the PWA. I've told it what I'm looking for and what I want it to put in the card when that's found. So I've given it the image, and the title, and so on, and so forth. This card that you're seeing is also part of the Web Perception Toolkit. Now, in order to do the scanning, we use the Shape Detection API, which is a brand new Web Platform API that lets you do QR code and barcode detection, as well as face detection and text detection, if your device supports it. But it's a brand new API, so it might not be available everywhere. So in that case, we also use WebAssembly to provide the same QR code and barcode scanning functionality. So we're maximizing support and performance by doing it this way. So from here, I can, say, go into the details of the thing that I scanned. And if this was a shopping experience, you could imagine I could add to cart and go on my way. Now, that's one thing, but what we also wanted to do was to be able to support images. So I'm going to scan something else for you. So I'm going to go out here, and I'm going to scan again. Now, what I have here on my I/O badge is the Squoosh logo. Squoosh is a PWA that we announced at Chrome Dev Summit last year. I put the sticker on my badge, and I'm going to try and see if I can get it to scan, which it just did. That's pretty cool. Again, it's the same kind of structured data that's in the PWA that's actually identifying this logo for me. So from here, not only can I view details as I did before, I can also launch it, because it's an app. Off we go to our PWA. And we're happy, and we're on our way. Right. That's the end of the kind of official demoey bit, except, well, I want to do bonus round. Huh? What I want to do is show you something a little bit extra that I put in in the last couple of days. So you heard Barb talk about Portals. And up until a couple of days ago, I hadn't had a chance to play with it. And I thought, I could add it to that PWA. LOL. That'll be a great idea. If you're up for it, I'll show it to you. So are you up for it? AUDIENCE: Yeah! PAUL LEWIS: Yeah. OK. This is what's known as a high stakes maneuver, because I'm going to be loading Chrome Canary, with flags, in a keynote, in front of a lot of people. So if it goes badly, it never happened. The official demo was amazing and flawless. If it goes well, we holler, we cheer, we high-five, and we call this a good one. Does that sound OK? AUDIENCE: Yeah. PAUL LEWIS: All right. OK. Here goes. So what I'm going to do is I'm going to go to Chrome Canary. Same PWA that you saw before. Start scanning. Here we go, initializing the detector. And it detects it. Now, watch what happens when I tap the Launch. Here we go. Flips over. I went into squoosh.app. [APPLAUSE] [CHEERS] So if you don't have it, you just get the normal experience. If you do have Portals, you get that wonderful transition. And with that, I'll say-- wait, can we go back to the slides? Yes. [INAUDIBLE] next. Marvelous. So if you've enjoyed that and you want more information, do check out the website, which is perceptiontoolkit.dev. Or come and see us in the sandbox over the next few days, and we'll run you through all the things that we've been working on. Thank you, very much. [APPLAUSE] BEN GALBRAITH: Thanks, Paul. DION ALMAER: Thank you, Paul. BEN GALBRAITH: OK. So Paul mentioned how they are able use WebAssembly to provide compatibility when some of the APIs they needed weren't available. I wanted to show you another example of a Google property that's been using WebAssembly for a fantastic desktop experience. This is Google Duo. It uses the Modern Web Media stack for video capturing streaming, of course. But it uses WebAssembly to bring their native library for Echo detection seamlessly to the web. And it can be installed and run in its own top-level window. DION ALMAER: With web apps and a lot of momentum now in desktop, we wanted to improve the discovery flow and make it easier for users to install their favorite web apps right to their desktop. So starting in Chrome 76, Chrome's going to be showing an installation prompt right within the Omnibox for PWAs across all desktop platforms, as Hulu shows here. PWAs on desktop came to Chrome OS first late last year to enable web apps that need full Windows support and common desktop app capabilities. Today, we've extended that support to Windows, Mac, and Linux. And we love how web apps fit right into these desktop operating systems. BEN GALBRAITH: Also happy to share that Slack is embracing this new desktop installation model. And they're rolling out an offline-enabled web-powered version of their desktop app later this year. And our own Stadia service, while we're talking about desktop, was able to use new capabilities that have recently come to the Web Platform to use full access to the keyboard and the mouse and to have low latency controller support, really challenging our notions of what's possible in a browser. DION ALMAER: And we're still making lots of integration improvements on mobile too. We launched Trusted Web Activities to give developers the best way to put full-screen web content into an Android app. OYO Rooms, which is India's largest affordable hotels network, use Trusted Web Activities to power a light version of their experience, which is a common pattern that we're seeing with partners in certain markets. Their web team had already built a high-quality PWA that they can then easily leverage. And we continue to bring core capabilities to mobile. Here, we see the Indian company, Myntra, sharing products with their PWA, using Android's native-share-sheet. And the Twitter PWA uses the Web Share Target API to tell the system that it can accept the shared link. BEN GALBRAITH: Dion's talking about Twitter. What I love here is it shows an example of the full progressive web app vision. Because from a single code base and experience, they're able to scale across the full spectrum of devices, going from feature phones all the way to high-powered desktop devices. DION ALMAER: It's the dream. BEN GALBRAITH: It is the dream, my friend. And speaking of feature phones, we've noticed that a certain class of web-enabled feature phone are becoming very popular in emerging markets. And as we saw this trend, we asked ourselves how far we could push it. And so we decided to try and create a really rich game using the web that would run really well on this form factor, as well as larger form factors. DION ALMAER: And with the whole 30-year anniversary theme, it was a good excuse to look back. And I don't remember about you, but I wasted quite a few hours playing Minesweeper back in the day. And so it got us thinking, what would a 2019-- BEN GALBRAITH: We have a fan in the back. DION ALMAER: We've got a fan in the back-- Minesweeper. It teaches you how to-- yeah. What would a 2019 version of Minesweeper look like? We call it Proxx. So this game here, for us to hit our performance budget, we wanted to use libraries to be productive, but also small enough in size. So this led us to be using Preact for our UI, Commlink to help us use workers to do more off the main thread, and Rollout to deliver type builds. Proxx loads incredibly fast, as it only needs 18k to be interactive, which is actually a lot smaller than the original Windows game. BEN GALBRAITH: That is amazing. DION ALMAER: Yeah. And it also supports the feature phones that Ben was talking about earlier. At the same time, we want visuals that you can expect from a modern game that runs at 60 frames a second. And we want people relying on assistive technologies to be able to enjoy our game, as well. So we made accessibility a first-class citizen. So did we succeed in building an interactive game that works across all devices? You be the judge. Go to proxx.app to play. And you can find all of the source code available on GitHub. And then to see how this was built, join the team that made it during their session on Thursday. BEN GALBRAITH: We're also working to integrate the web with Assistants. And to show some of what we're doing, I'd like to invite Dana to the stage to tell us more. Please welcome Dana. [APPLAUSE] DANA RITTER: Thank you, Ben. Hi, my name's Dana Ritter. I'm the product manager behind the technology that Sundar introduced earlier today, Duplex on the Web. Duplex on the Web is the technology that helps you get things done. But it doesn't only help you get things done, it can also help you get things done in your own language. This is extremely interesting, when we consider the many, many people coming online that interact online and interact in the internet, but not on predominant languages that are supported. Consider for a moment there are approximately 500,000 people speaking Hindi that are online, but not very well-serviced by the set of e-commerce sites that are available to them. I'd like to show a demo from Xiaomi, a leading smartphone brand in India. And on this basis, you'll see what we can provide. Imagine for a moment I'm a Hindi speaker in India. Ideally, I would like to be able to search, browse, and buy all in my own language, even if the underlying website's in English. So first, search. As you can see, we already support Hindi from a searching prospective. Now, I can come with Google Shopping in India, and I can browse the power bank I want. Here, we'll choose the second one. Google Shopping will provide for me details of that power bank, partially translated right now in Hindi. We're working as we speak on the entire experience being translated. And to complete the cycle of buy, that's where Duplex on the Web steps in. This blue button here, translated, says fast checkout. Once I click that, Duplex on the Web opens Chrome, goes to the underlying website from Xiaomi. It's in English, as you can see. But Duplex on the Web will help me in Hindi. I can see all my information. I can see the product I'm interested in. Looks good. I'm going to check out. As you move forward, Duplex on the Web leverages Chrome, the information that's stored in addresses and payment information, to navigate all the cumbersome forms. Of course, we adhere, as well, to all the privacy and security concerns that are extremely important from a Chrome perspective, as well as from the website. Here, I'll have to enter my security code for my credit card. I enter that information, but I'd like to see a summary of my purchase before I'm done. Duplex on the Web navigates to the site to show me my summary, the summary of the purchase, tax total, sends me a notification, and my power bank is on the way. This technology we're very excited to bring to users, partners, and web developers. Specifically for web developers, you'll be able to go to the Search Console to see the status of your site, as it relates to Duplex on the Web, the relative health. You'll also be able to provide a test account for Duplex on the Web to understand what your site looks like beyond the login. That helps increase the quality of the experience for your users. And finally, we also offer additional control for web developers for configuring the robots.txt file to be able to restrict different parts of the site, if that's something that you'd like to do. As Sundar said earlier today, we'll carefully roll out this technology-- first in the Showtime space and rental cars. And that'll be followed on by a shopping experience, much like you've seen here. Thank you very much. Ben, back to you. [APPLAUSE] BEN GALBRAITH: Thank you, Dana. It's fantastic to see the Assistant open up parts of the web to even more of the world with the translation capabilities. So we've talked about a bunch of new capabilities that the web now has. And more capabilities are coming. There's a steady stream of new capabilities in the pipeline. These are just some of my favorites. Can't wait to have native file system access, the ability to expand quota, contacts picker integration, the ability for web apps to integrate with MIME-types in the OS, SMS-based authentication, and more. And these are really going to take the web even further towards this vision we have of linking everything together. As we bring these capabilities to the platform, we often compare it to a fugu fish, because fugu fish can be a really delicious delicacy. Unless it's prepared wrong, in which case it kills you. And so as we thread the needle on the web between power and safety, we're very mindful of the need to preserve what makes the web greatest of all, which is that it has safety designed first, to keep users safe as they navigate and explore all across the world. So this is a good opportunity to transition to the last section of our talk, and share what else we're working on to keep users safe. Of course, this has always been a big focus for us at Chrome. When we first rolled, out we had the auto-updating feature that was, if you remember, controversial at the time. Anyone remember how controversial that was? Surely the Minesweeper person can give me a little bit of a hand. It was a really controversial feature, and we did it because we wanted to make sure that users always had the latest security fixes. We also have features like safe browsing to protect users against known bad sites. DION ALMAER: And then since last I/O, we rolled out site isolation, a major update to Chrome's multi-process architecture. Chrome's always put tabs in its own process, both for stability and security. But site isolation takes us to the next level by isolating cross-domain content within a page, as shown here on this iframe, into its own process. This aligns the OS process boundary with the web security model. We also rolled out the latest phases in our multi-year effort to move the web to HTTPS by default, flipping the UI model around URLs to one where we assume HTTPS as the [INAUDIBLE],, and warn the user when its HTTP and when they're at risk of sending data in the clear. Over the past three years, we've seen HTTPS page loads on Windows go from 42% to 82%, which we think is a significant security and privacy win for users on the web. And it wouldn't be possible without the broad community, such as the Let's Encrypt . Initiative. BEN GALBRAITH: So we've also been working to address user feedback about tracking on the web. And as we do that, we've been focused on giving users transparency and choice over how they're tracked on the web through easy-to-use controls. We want this to be a powerful and very useful feature, and so we're working with users to get this right. And we'll preview user-facing features later this year. Today, we're sharing our plans around changes to how cookies work in Chrome to support transparency and control features in browsers. Let me explain. So today, when we, as developers, set a cookie, it's visible, by default, in both first-party and third-party contexts. Now, this enables tracking. And it also leaves cookies that were really intended for use only by the same site exposed more broadly, by default. It also means that browsers need to rely on guesswork, based on observing how cookies are accessed, to understand both the intent of the developer and to provide transparency to users as to what's happening. Moving forward, Chrome will make all cookies limited to first-party context by default and will require developers to explicitly mark a cookie as needing third-party visibility, which creates a clear distinction between first-party and third-party cookies and enhances web safety. As a developer, to make cookies third-party visible, you just need to add a new setting, called samesite none to the cookie. Later, we will also require that third-party cookies only be served over HTTPS connections, which further enhances web security. Both of these states are available now for testing in Chrome Canary behind flags. And you can see web.dev for more technical details. We'll roll out these changes to users over the coming months, starting with the first-party cookie change I just described, and later with the HTTPS requirement for third-party cookies. Now, some developers attempt to track users with a technique known as browser fingerprinting. This involves looking at things like HTTP headers or invoking JavaScript APIs to build a profile of what makes the user's browser unique. And then you can use this to create a type of signature that you use to follow the user around as they navigate the internet. We see these efforts as subverting user choices about tracking. And so Chrome is announcing that we will work to block fingerprinting. And we'll share more details in the coming months. But we're sharing this now to make clear our commitment to user privacy. As we make these and other changes, we're taking care to preserve the health of the web ecosystem, but we're also clearly putting users first, and their choices. We see this as a journey that's similar in scope to what Dion described earlier, wit moving to HTTPS by default, . And we'll work with the full web community to refine our plans. And we need your feedback to make sure we get this right. DION ALMAER: So phishing is a major problem on the web. And we've been working with the FIDO Alliance and the W3C on a new web standard to help. The result is WebAuthn, which brings two-factor authentication to the web and can enable your web apps to take advantage of modern devices with hardware tokens built-in. A fantastic best practice we're seeing is using biometric checks on the device when users have previously signed in. In fact, here at Google, we're rolling out support for WebAuthn with passwords.google.com as a real authentication model. And this isn't just about usability. Our friends at Yahoo! Japan shipped fingerprint re-auth and improved time to signin by 37.5%. BEN GALBRAITH: OK, so to wrap up-- speed remains incredibly important. And take advantage of the platform enhancements and tools that we've made to move your site closer to an instant experience. And check out Portals and Packaging, and give us feedback, because we see these as having big potential to redefine the future of an instant web. Capabilities of the Web are expanding faster than ever. Take advantage of the new features so that users can do more on your site right in the browser and easily re-engage afterwards, leading to higher conversions for your business. And prepare for the upcoming privacy changes that are coming to Chrome, and consider integrating WebAuthn into your site. DION ALMAER: So there's so much good stuff coming, we really want to help you keep up with the latest features and best practices for the web. That's why we created a new site, web.dev, to help. It's a straightforward guide to teach you how to build on the modern web, with interactive code labs on the most important topics. And with Lighthouse integrated, we can help tailor the guidance based on your websites and help monitor your progress, including how to optimize popular web frameworks like React, CMSs like WordPress, all for top performance. Web.dev is here to help you build the instant, powerful, safe web that we hope to browse together. BEN GALBRAITH: You're also all invited to join us in six months at the Chrome Dev Summit in San Francisco where we'll share more progress on these themes. DION ALMAER: And I think we'll bring some avocado toast from the-- BEN GALBRAITH: I was wondering if you were going to go for that line. Cool. Hey, have a great I/O, and thanks for joining us this afternoon. DION ALMAER: Thank you. BEN GALBRAITH: Take care. [APPLAUSE] [MUSIC PLAYING]
Info
Channel: Google Chrome Developers
Views: 55,054
Rating: 4.8790698 out of 5
Keywords: type: Conference Talk (Full production);, pr_pr: Google I/O, purpose: Educate
Id: rUUazNIZW7I
Channel Id: undefined
Length: 40min 18sec (2418 seconds)
Published: Tue May 07 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.