[go: up one dir, main page]

Although the term "ClickJacking" is new, the underlying issue has been known for years. ClickJacking attacks affect all Web browsers because the attacks rely on standard browser features to trick the user into clicking on a dangerous spot on another Web page. A few months ago, Jeremiah Grossman and Robert Hansen sparked renewed interest in ClickJacking by demonstrating a clever application of the technique against Flash Player. Unfortunately, there is no "silver bullet" solution to all ClickJacking attacks. To find the best long-term solution, we're collaborating with other browser vendors and the standards community. If you're interested in ClickJacking solutions, I'd recommend reading Mark Pilgrim's summary of recent ClickJacking discussion in the HTML 5 working group and joining in the discussion.

Posted by Adam Barth, Software Engineer

Why are the buttons where they are instead of where I want them to be? What's up with bookmarks? Why does the Google Chrome UI look and operate the way it does? These are probably questions that some, many or even all you have about Google Chrome. We explained how we came to some of those decisions in a previous post:
"To achieve the streamlined feel we were after … we had our own intuitions about what was and wasn't useful in current browsers, we had no idea how those ideas matched to reality. So in typical Google fashion, we turned to data; we ran long studies of the browsing habits of thousands of volunteers, compiled giant charts of what features people did and didn't use, argued over and incorporated that data into our designs and prototypes, ran experiments, watched how our test users reacted, listened to their feedback, and then repeated the cycle over and over and over again."
To provide some more insight into this process, I should explain what we mean by "data." The data we turn to is both quantitative and qualitative. Usage logs provide statistics such how many users have tried a feature and how frequently a feature gets used. These logs are collected only from people who have chosen to share usage statistics with us. This quantitative data tells us the "how" and the "when" but not the "why." For that, we use qualitative data gathered through research methods like surveys, interviews and contextual inquiry which involves observing people in their home or work environments. Often we bring people to one of our usability labs where we can observe their interactions and collect feedback on a new feature we are working on. Many times we employ an eye tracker where we can find out what exactly people are looking at on our user interface. By incorporating data from all these sources into our design process, we hope to provide a user experience that satisfies the needs of the many Google Chrome users out there.

In the future, we are planning on releasing some of our research on this blog and the on the UX Site to show how the data we are collecting is impacting the Chrome experience.

All of our research data comes from studying and observing people. But what kind of "people" do I mean? Probably someone just like you. So if you are interested in becoming a potential participant in a research study on Chrome or one of the many other Google products, I encourage you to sign up at google.com/usability.

Posted by David Choi, User Experience Researcher

Since our public launch in September, a few Google Chrome users have had some questions about our installation and update process. We tried to answer most of them in our help center, but since many of you may not have visited the help center, this post attempts to give some background and insight into our current installation and update process.

When we started exploring various options for our installer, we came up with some explicit goals:
  • With new browser exploits showing up on regular basis, keep users free from the burden of checking for security updates.
  • Allow users who are not administrators to install Google Chrome.
  • Allow updates to happen automatically in the background even when Google Chrome is in use. The next time you open Google Chrome, it can simply start using the latest version.
  • Just like the minimal user interface (UI) of Google Chrome, limit or eliminate installer UI as much as possible.
  • Updates should be as small as possible. A security fix should be a small, fast download and should not need a full installer.
  • Uninstall should be clean and remove changes done by Google Chrome as much as possible.
After looking at existing options we found that none of them would give us all the things we wanted so we decided to write our own installer.

Installation
We believe Google Chrome installation has been made really simple. Once you run the installer, there are no screens to jump through or confusing choices to make. Installation happens and you get a first run UI window letting you import your data from your existing default browser. Some people (especially those using Windows XP as opposed to Windows Vista) were confused by our choice to install in the user profile directory instead of Program Files. There are several reasons we chose the user profile directory:
  • Anyone can install Google Chrome, not just administrators.
  • On Windows Vista there are no 'security prompts' during install. If you are running as a non-elevated Administrator, you can still install Google Chrome without having to enter an administrator's password. However we still need to ask for a password to make Google Chrome the default browser due to how Windows Vista requires browser applications to be registered with it.
  • You can choose to install or uninstall Google Chrome without affecting other people who use the same computer.
Updates
Google Chrome automatically updates itself with the help of Google Update, which is also used by other Google products including Google Talk, Gears, and the Google Earth Plugin. Using Google Update meant we could use an existing service that already takes care of lot of issues around automatic updates:
  • Maintaining different update channels, each with its own update schedules and Chrome versions.
  • Updating software in the background without any annoying dialogs.
  • Good proxy support that can handle various proxy configuration to download the installer payload.
  • Having only one instance of Google Update manage multiple Google programs installed on the machine.
Using Google Update has allowed us to push incremental changes out relatively quickly — we have released fourteen updates in three months between our release and our taking off the beta label.

Un-installation
During uninstall, Google Chrome deletes all the changes it made to the system, but a few people were surprised when they found all their profile data intact after reinstalling Google Chrome. This is intentional as many people try a sequence of uninstalling and then reinstalling to fix any installation issues, and we didn't want them to lose all of their profile data. If you really want to delete your Google Chrome profile we have instructions on how to do so.

Finally, if you made Google Chrome your default browser before uninstalling, we don't know how to undo that. All browsers face this problem: there's no way for one browser to know exactly how another browser registers itself as the default browser. To fix that, you should open your preferred browser, and use its option to set it as the the default browser.

Posted by Rahul Kuchhal, Software Engineer

Release early, release often. We think that's the best way to develop software that delights people. With Google Chrome, we want to release fewer features more often instead of making you wait 12 months for the next Major Dot-Oh Release Jam-Packed With Features. We can get your feedback faster, fix things faster, and release new improvements as soon as they're ready. We want Google Chrome to stay nimble so it can keep pace with changes in the sites and web apps you use. 

Because we don't have those big Dot-Oh release milestones on the calendar, we don't have long periods of Beta testing new features. Instead we use automatic update channels to release Google Chrome to a community of early adopters. The channels are essentially a never-ending Beta test and a continuous feedback loop that lets us rapidly develop new ideas into solid product features. 

You can subscribe to one of our update channels:
  • Stable channel. Everyone is on the Stable channel when they first install Google Chrome. The Stable channel is updated with features and fixes once they have been throughly tested in the Beta channel. If you want a rock solid browser but don't need the latest features, the Stable channel is for you.
  • Beta channel. People who like to use and help refine the latest features subscribe to the Beta channel. Every month or so, we promote stable and complete features from the Dev channel to the Beta channel. The Beta channel is more stable than Dev, but may lack the polish one expects from a finished product.
  • Developer preview channel. The Dev channel is where ideas get tested (and sometimes fail). The Dev channel can be very unstable at times, and new features usually require some manual configuration to be enabled. Still, simply using Dev channel releases is an easy (practically zero-effort) way for anyone to help improve Google Chrome.
To get more actively involved with Google Chrome, subscribe to the Dev or Beta channel. Just run a little program (found here) and that's it. After that, you'll automatically get early access updates.

If you're ready to try some new stuff, we've just released a Dev channel update that has a new version of WebKit, a new network stack, and some features like form autocomplete (read about it here). It's less polished than what Dev channel users have been getting during Google Chrome's Beta, so we've moved all of our existing Dev channel users to the Beta channel. If you were on the Dev channel, you can decide whether to switch to the new Dev channel or stay on the new Beta channel.

Posted by Mark Larson, Technical Program Manager

Tabbed Browsing is a prominent feature of modern browsers. We think it's one of the key elements that makes the browser a window manager for the web. Since we thought of the tab as the "container" element within which all other aspects of the browser lived, we designed the Chrome UI with the tab strip at the very top. But we didn't stop at aesthetic upheaval. As we were designing Google Chrome, we designed our tab strip behavior with an eye to making heavy use efficient. Observing how we were using our existing browsers, we were able to identify some pain points and come up with solutions targeted at fixing them. In this post I'll talk a bit about some of the things we've done.

Ordering

One of the most persistently annoying issues with tabbed browsing was the following situation:

You have a full tab strip and a "hub" page open towards the left of the strip. Perhaps its your RSS reader, or a news site like Google News. You open interesting links in new tabs so you can keep reading through the headlines. The problem is, the new tabs open at the end of the tab strip, beyond many other unrelated tabs that also happen to be open. Sometimes, because of the "many-tab overflow" UIs in existing browsers, the tabs that you are queuing up to read in just a moment may disappear off the end of the strip. In short: finding tabs can sometimes be a challenge.

In addition, when you're done reading one of the articles you opened and close its tab, selection jumps back to the opener. This was one of the improvements I made to the tab strip in Firefox a couple of years ago, but with some extended use it turns out to not be the best action when there are multiple tabs opened from the same opener. Worse still, when combined with the "overflow" UI I mentioned above, the result was disorienting "bouncing" between the left and right ends of the tabstrip.

What did we do? In Google Chrome, we open tabs opened from links in the background adjacent to their opener tab. This keeps the spatial proximity of related tasks close. So you don't end up with the "bouncing" scenario I just described. We also maintain loose grouping relationships between such related tabs, so that when you are done reading one of several articles opened from a hub page, we shift selection to the next in the group, rather than going back to the hub. We think this makes the news reading use case a lot simpler. We don't persist this group relationship when you switch to an unrelated tab, though, to avoid situations that might lead to unpredictable switching behavior if you move on to a different task.

Cleaning Up

Another common annoyance was related to closing several tabs quickly. In most tab strips, when you close a tab the other tabs expand to fit the space that has just been made available. The upshot of this is that the close boxes of the remaining tabs all move around slightly, which makes it harder to quickly close tabs by clicking in the same spot. Older versions of Firefox solved this by putting the close box in a static position at the end of the tab strip, but lab research showed this approach had usability and discoverability problems for novices not used to tabbed browsing, so the close box was moved into the tab (which now seems to be the standard location for tabbed browsers).

For Chrome, we came up with something a little different. Realizing that maintaining a fixed width for tabs when closing them would keep close buttons aligned under the mouse pointer, we designed a system whereby the tab strip will re-layout when you close a tab to fill the gap left, but not resize the remaining tabs, until you move your mouse away from the tab strip (thus signaling you're done closing tabs).

Open Issues

Based on feedback we've received so far, here are a few areas where our tab strip design needs further improvement:
Many Tab Overflow

We don't have a complete system for handling many open tabs right now. We let tabs grow infinitely smaller. This ends up looking bad when there are a very large number of tabs open. We chose not to go with an overflow menu or scrolling tab strip like in some other browsers because we think there are other usability problems with those approaches. Specifically, when you implement an overflow solution you generally pick a minimum "readable" width for the tab and overflow tabs when there are too many at that width to fit. The problem is usually that that width seems to be too wide, so there can be unnecessary overflow in conditions where a smaller tab width would have meant all of the tabs would have fit. We also don't really like the drop-down menu approach as it has a spatial disconnect (vertical scanning vs. horizontal tabs) that makes it clumsy to use quickly. In the end, we would like a system that doesn't over-zealously clip tabs out of the tab strip so that people with many tabs can still access their tabs with one click.

Disoriented Anchor Tabs

Opening tabs next to the tab that opened them can mean for some use cases that the behavior of having a few "anchor" tabs positioned at the left edge of the strip is more difficult since tabs opened from them are opened in between. We like the idea of "tab pinning" or "locking" as a solution for this, but haven't invested a lot of time in designing how this might work just yet. There may be some overlap with "startup tabs" in Options.

Restoring Mistakenly Closed Windows

We also don't prompt when you close a window with several tabs. The reason we don't do this is that one of our core design philosophies has been to avoid modal question prompts that interrupt the user when they're trying to get things done (in this case, use a standard window control to close the window). We're aware that the prompt has saved people (including ourselves!) using other browsers from losing tabs, but we have been trying to come up with a more creative system for helping this scenario that doesn't interfere with the window's close button. In recent trunk builds, you'll find that you can re-open a recently closed window from the New Tab Page, and that the "Recently Closed" section of the New Tab Page now spans multiple sessions. This is a good way to "undo" an accidentally closed window, in the same way you can "undo" an accidentally closed tab. To try this out you can get on the Google Chrome Dev Channel.

In all of these areas we've resisted adding options to control behavior. Keeping our set of options minimal is a good forcing function for us as user interface designers to come up with the right approach, since we never rely on the crutch of making the user decide what we were unable to. Instead, our approach has been to experiment with different behaviors and end up taking the approach that works the best. We are heavy users, and we've designed this user interface for heavy web users, so we hope it scales as well for you as it does for us!

Posted by Ben Goodger, Software Engineer