Does Google Chrome 17 Screw with Server Logs, Analytics and Preload Malware Websites?
I upgraded to Chrome 17 today. It comes with many fixes, improvements and a couple of new features, some which users may love. However, one particular feature – the preloading of websites as you type a URL in the omnibox – had me worried for a moment.
Before I talk about that, though, remember how I posted about some of the annoyances with YouTube’s HTML5 video player? Chrome 17 has introduced a fix for the screen dimming issue. Hooray!
Chrome 17 Preloads Websites
This is a really cool feature, but first impressions worried me until I found out about how the system works. Although Chrome has had this feature for over a year, it is now enabled by default. How does it work? Basically, the moment I start typing a URL, Chrome tries to auto-complete the address it thinks I’m looking for and begin to preload the website, so as to lower load times between typing the address and hitting enter.
What’s next? Preloading bookmarks on mouseover? Actually, that sounds kinda cool… and impatient. Extremely, extremely impatient .
A cool feature? Yes. However, there are several potential issues that instantly (no pun intended) came to my mind.
What if the auto-completed URL is incorrect? What if I was trying to go to ‘google.com’, for example, and made a typo? Say I type “gogg” instead of “goog”. Chrome would auto-complete my URL to goggle.com (if it didn’t know any better) and begin to preload the site.
There’s a problem here. What if goggle.com were to contain malware? The user may be infected before they even hit enter. This could be dangerous if the auto-complete feature picks the wrong URL without a safety net.
Well, thankfully Chrome only loads URL suggestions if it’s confident. The confidence of Chrome to preload a page is based on the user’s browsing history (and I suspect it may also exclude potentially harmful websites that Google knows about, just as Google Instant’s suggestions exclude vulgar words), and therefore if ‘goggle.com’ did contain malware, the user would have had to have visited that site regularly in the past in order for Chrome to preload it, and is therefore probably infected anyway.
The second potential issue I see with pre-rendering is the generation of misleading statistics. If Chrome has started preloading a page and then a user backspaces that URL to go somewhere else, the webmaster of said page will see misleading numbers in their analytics as that preload will still count as a page view – even though the user never really saw their page.
Actually, let’s extend the issue of analytics. (The following is purely an example.)
Let’s say I want to go to ‘youtube.com/movies’, I would start by typing in “you” into the omnibox. Now, let’s say that I also often visit a website called ‘yourdailymedia.com’, in fact, I visit ‘yourdailymedia.com’ more often than ‘youtube.com’. Note how both websites start with “you”. If I’m not a fast typer, the moment I type in “you”, Chrome will start loading ‘yourdailymedia.com’, as I visit that site more often that ‘youtube.com’. This counts as a page view for them. Then, after a moment, I hit “t” on my keyboard and the next closest URL in line according to auto-complete would be ‘youtube.com’. Now Chrome stops loading ‘yourdailymedia.com’ and starts preloading ‘youtube.com’. YouTube now also logs me as visiting their home page because Chrome has started preloading their homepage. I continue to add “/movies” at the end of the URL and finally, Chrome loads the third page – the one I wanted to get to originally, but wasn’t suggested because I don’t visit it as often as the previous two URL’s.
The above example would result in wasted data transfer, misleading statistics for webmasters, and a clogged network for everyone else on my Wi-Fi connection (albeit probably negligible). It’d sure suck to have a popular website have people loading two pages to get to one.
Now sure, this example wouldn’t be valid if I visit ‘youtube.com/movies’ more often than ‘youtube.com’ and ‘yourdailymedia.com’, because auto-complete should see where I go most often. The point is that there are three potential down-sides to this feature, while only one very minor speed increase. With the ability to store data locally with HTML 5, is it really necessary to have this feature enabled by default? Sure, I love a good speed increase, but not at the cost of adding more noise to my analytics.
But then again… webmasters can handle it! If you don’t want to count instant preloads in your analytics, you can disable instant loading of your website by blocking all instant headers. Besides, most browsing on a website is down with the mouse, generally users only type in a home page at most. Sure, the potential issues in my example above exist, but they’d be a rarity.
Okay, maybe Instant Pages isn’t as bad as I first thought it was. Nevertheless, if you need to conserve your transfer quota and want to disable preloading of websites, you can…
How to Disable Website Preloading
To disable preloading in Chrome, simply go to your Chrome preferences, click the “Under the Hood” and un-tick “Predict network actions to improve page load performance”.
Alternatively, you can try…
- Type into your omnibox chrome://flags
- Scroll down to “Prerender from omnibox” and select “disable”.
- Restart Chrome.
The Chrome team definitely aren’t ignoring malware. In Chrome 17, when a user downloads a file, Google will check to see if it came from a website on their whitelist, and if not, the URL to the download will be sent to Google’s servers where it will be automatically analysed for malware.