New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 597972 link

Starred by 4 users

Issue metadata

Status: WontFix
Owner:
(slow to respond to bugs. if it's i...
Closed: Jul 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

Non-secure search engines should be removed from Chrome

Project Member Reported by wfh@chromium.org, Mar 25 2016

Issue description

Version: M49 Stable

What steps will reproduce the problem?

(1) Go to chrome://settings/searchEngines
(2) Notice two insecure search engines are available:

Ask: http://www.ask.com/web?q=%s
AOL: http://search.aol.com/aol/search?q=%s

These should be removed from Chrome's defaults.
 

Comment 1 by wfh@chromium.org, Mar 29 2016

Cc: elawrence@chromium.org stevet@chromium.org pkasting@chromium.org
The file seems to be components/search_engines/prepopulated_engines.json

adding owners for their view.
Status: WontFix (was: Untriaged)
Our inclusion rules are very carefully based on usage metrics so that we give users choices that are most widely-used in their areas.  Nearly all the search engine choices around the world do not use HTTPS, so we clearly cannot remove all of them.  Removing any of them would be inconsistent, so we shouldn't do that either.

This is WontFix.  If you'd like to have a more in-depth discussion about our rules here, it should probably be done off the record, and you should include me and Tyler Odean.  If you'd like to reduce the number of insecure engines in Chrome, I think the best way would be to reach out to the engines in question and argue for why they and their users will benefit from a secure option.

Comment 3 by palmer@chromium.org, Jun 30 2016

Cc: f...@chromium.org emilyschechter@chromium.org est...@chromium.org palmer@chromium.org
Labels: OS-All
Summary: Non-secure search engines should be removed from Chrome (was: insecure search engines shoudl be removed from Chrome)
I agree that non-secure search engines have no place in Chrome. I also agree that we can't remove them just yet. :) +felt,estark,emilyschechter for consideration as part of the project to increase TLS usage — perhaps we can prioritize talking to the search engine operators.

Comment 4 by palmer@chromium.org, Jun 30 2016

 Issue 624794  has been merged into this issue.

Comment 5 by palmer@chromium.org, Jun 30 2016

Components: UI>Browser>Search
Labels: M-54
Owner: f...@chromium.org
Status: Assigned (was: WontFix)
pkasting, felt, et al.: Upon cursory inspection, at least some of the changes in the patch in  Issue 624794  do not break searching. So I think we should consider accepting (some form of) that patch.
Status: WontFix (was: Assigned)
I can't see that bug.  If you need to reopen this one, you need to be very clear on this bug what you're talking about doing.

But please don't reopen for anything that involves changing any of our prepopulated engines without prior agreement from the folks that own this on an internal thread.
I also can't see that bug FWIW

Comment 8 by wfh@chromium.org, Jul 1 2016

the bug is open now, it contains a patch to upgrade some http to https for search engines.
Unduping that bug since it's not the same as this, and unlike this bug is not WontFix.
Just want to celebrate the fact that ask and aol are now both officially HTTPS by default. Wooohooo!

Sign in to add a comment