Chromium’s URL Blocklist Can Now Prevent Viewing Page Source

Thomas Claburn, the Register:

Future Chromium-based browsers under administrative control will be able to prevent users from viewing webpage source code for specific URLs, a capability that remained unavailable to enterprise customers for the past three years until a bug fix landed earlier this week.

Back on October 15, 2018 an employee of Amplified IT, a Google education partner since acquired by CDW, filed a bug report describing how the Chromium URL Blocklist – which administrators can set to conform with organization or enterprise policy – doesn’t actually work.

Evidently, tech savvy students were viewing the source code of web-based tests to determine the answers.

The rationale for this bug seems pretty weak. If exam software is revealing answers in the page source, it should be rewritten. In this case, it was Google Forms, which makes this bug fix from Google’s Chromium project look especially hinky. But I am convinced a policy like this should behave as expected for all URLs, so it makes sense to make the correction even with the weak example. If you look solely at the facts of this bug and the limited scope of this fix, it should be uncontroversial.

Much dumber still was the hand-wringing about how this is some kind of plot to allow individual websites to block users from viewing markup, which is as technically illiterate as it is alarmist. I was shocked to see how many people spread this version of the story even well after it was clear this was an administrative policy for managed environments.

If the web were still primarily a venue for document viewing, as I naïvely believe it ought to be, I would see this through a more debilitating lens. But the web is basically an operating system and viewing the source tells you little these days. I think that is a bigger regression, but it is only tangentially related to this bug. This is a big, scary pile of nothing.