On October 15, 2018, an employee of Amplified IT, a Google education partner since it was acquired by CDW, filed a bug report describing how the Chromium URL Blocklist, which administrators can set to align with enterprise or business policy, doesn’t actually work. Thanks to this list, the source code of the determined sites should have been hidden.
However, it seems that no block was being applied. Therefore, for example, some students could reach the result by examining the source code of web-based tests to see the answers.
This was clearly stated in the bug report: “With schools using Google Forms as a testing platform, students can use this bug to search the source of the page and identify correct answers.”
Despite a lot of evidence that this is a problem, the bug that prevented URLs containing the view-source: prefix from being caught in the URL Block List was not fixed until a few days ago. And now this bug has been fixed by Microsoft main program manager Eric Lawrence, an experienced browser developer who has also worked at Google for several years. Microsoft’s Edge browser is also based on the open-source Chromium project, like Google’s Chrome.
The abstract possibility of losing access to the ability to view web page source code is also getting some complaints online. Because administrators have the opportunity to prevent the viewing of web source code without any basis.
There’s really no logical reason to complain that Chromium’s URL Block List will eventually work as intended. It should be noted that the fix only fixes a bug and makes the system work as it should, so it won’t change much for most of us.
Responding to the criticism, Lawrence explained the reason for fixing the URL Blocklist error in a post he wrote to Hacker News last week: “I made this fix because it was a policy that wasn’t working properly. Instead, we can document or fix the URLBlocklist policy that works for every schema except one. It’s better to fix it. Makes sense. This policy can only be set on managed machines. This policy, on its own, is easily circumvented. Managed environments block many things, including most of the circumventions suggested here. I have created one of the world’s most popular tools for viewing and modifying web traffic. The narrative that it has broad implications for anything is absurd.”
However, not everyone accepted this explanation. In response, Janne Mareike Koschinski, a computer scientist based in Germany and maintaining Quasseldroid, denounced Lawrence.
“Many of the best people in IT are there today because they wondered how things work, they experimented with it, they broke the rules, and they learned from it,” Koschinski wrote, adding: “This curiosity needs to be encouraged, not stopped. . . . If you’re contributing to a closed tech culture, you’re just as wrong as DRM tech or Android SafetyNet developers.”
37349
