Despite the promise of faster page-loads and offline access, the maker of the Firefox browser foresees major problems in Google’s plan to boost the speed of the Internet by cutting data-center servers out of the process.
Should users be concerned, too?
At issue is the search-engine giant’s proposal to pre-package web pagesOpens a new window for offline viewing and third-party distribution. Mozilla is raising far-reaching questions about safety for users and businesses from what portends to be a paradigm shift on the World Wide Web.
Google wants the global standard-setting bodies that govern Internet practices to approve what it calls the Instant Web Vision. Its engineers explained the proposal at the company’s annual Google I/O conference in Mountain View, California, last month.
Google’s plan builds on a concept called Accelerated Mobile Pages (AMP), a data-saving initiative begun by Google’s engineers in 2015 to let publishers code user-friendly clonesOpens a new window of their web pages for search-engine distribution on mobile apps and social media platforms.
The Alphabet-owned company contends adoption of its new web packaging standard will promote seamless loading of full web pages — not just app-optimized facsimiles — on wireless devices and computer desktops.
Sounding Alarms
Mozilla, however, highlighted the complications it says can result from disrupting the current transmission model, in which browsers request pages directly from servers where the content is stored.
In a lengthy position paperOpens a new window , Mozilla says Google’s web packaging plan could compromise the veracity of the information in those pages and fundamentally change the security architecture of the web, opening new angles for cyberattacks. Site operators need to consider the technology before they adopt it, the not-for-profit organization says.
Central to Google’s proposal is the Same Origin policy, which governs how script and pages from one source interact with those from another. Google wants standards bodies to let third-party aggregators like search engines and social networks bundle materials that are encrypted for verification from various sources for redistribution.
Doing so would alleviate the need for browsers to fetch requests from servers that host the original content. Instead, users could access pre-loaded packages from their own or other networks — even from peer devices — thus reducing page-load times and increasing browser flexibility by omitting the back-and-forth over more of the web’s transmission infrastructure.
Source substitution of the type Google is proposing effectively decouples content from its publisher. The foundational technology is at work in competing formats like AMP, Apple’s News and Facebook Instant Articles, all of which have lured publishers with the promise of access to wider audiences.
Tighter Oversight
Mozilla warns that its main concern is “web packaging might be employed to alter power dynamics between aggregators and publishers.†Mozilla questions whether controls currently in place provide the oversight to prevent aggregators like Google and Facebook from abusing their market-dominant positions when re-distributing publisher content.
Given that the Same Origin policy prevents scripts from one page accessing sensitive data contained in another, Mozilla also contends that hackers could compromise server keys and certificatesOpens a new window  for creating signed exchanges to fake content and extract data.
Google says the robust encryption that enables publishers to load an entire page into a single file permits privacy-safe pre-loading of content. Alleviating the need to establish a connection with a host server to access that content acts as a further safeguard, with third-party portals affecting what it says are seamless transitions when Web Packages are opened by users.
In interviewsOpens a new window , Google engineers leading the project insist that the initiative is more about efficiency and less about a land grab, even as they acknowledge the company’s power in the marketplace.
To boost uptake, they used the annual developer gathering at Mountain View to launch Signed Packages, an open-source platform on Chrome Canary, the version of its flagship Chrome web browser aimed at developers.
Comment Sought
Other elements include algorithms for verification of encrypted source dataOpens a new window and a mechanism for bundling pairs of web-address requests and responsesOpens a new window into pre-loaded packages of web content.
Drafts of those standards are circulating in the development community and with working groups ahead of Google’s presentation to the bodies that govern the web.
Users as well can weigh in on the proposed shift. Given that Google controls better than two-thirds of the search market and the considerable revenues from advertising that goes with it, those forums should rank fairly high on search-engine results pages.