Google is heavily criticized for its decision not to integrate a do-not-track option in its Chrome web browser, but the company is quietly adding many new features in its browser that appears to evolve much faster than the software of its rivals: the latest addition: HTTP throttling that can take the scare out of DDoS attacks.
DDoS attacks are among the nastiest and damaging attacks a website can suffer. Potentially hundreds of thousands of simultaneous fake requests sent from potentially thousands of client computers can bring websites to their knees. It’s painful for any website, especially if you don’t have the resources to protect your site accordingly and bring it back up. Chrome 12 introduces a new feature that won’t entirely kill Denial of Service attacks, but takes the edge off and allows webmasters to stabilize their sites.
The technology is described as HTTP throttling, which will kick in when your browser notices at least 4 server errors from a URL you have been trying to reach. If the site is not reachable, Chrome automatically assumes that the server may be unavailable or simply the target of a distributed denial of Service (DDoS) attack. As a result, Chrome will deny its user to access the web site for “a short period of time.” Chrome will then try again and if the errors persist, increase the “back-off interval” by an “exponential factor”, Google said. Initially, the requests will be throttled to 0.7 seconds, but will be scaled to a maximum of 900 seconds (or 15 minutes). According to Google, the perceived downtime will decrease “rapidly” once the maximum back-off kicks in, at least percentage wise.
Google is currently asking web site owners to track the effects of HTTP throttling and disable the feature in Chrome, if a website appears to be having difficulties with this feature. Users can access the feature via entering chrome://net-internals/#httpThrottling in the URL bar and either enable or disable the feature. HTTP throttling is disabled by default in Chrome 12.
Mozilla’s Asa Dotzler recently criticized Google’s Chrome team for not integrating a do-not-track feature in Chrome and speculated that Google’s advertising team may not want such a feature in their browser – which makes somewhat sense as Google recently confirmed during its latest earnings conference call that it is very interested in the user data that are collected from Chrome users overall. According to Dotzler, Chrome feels like Netscape 7 all over again, as Netscape refused to integrate a pop-up blocker in its software. He may have a point here, even if Google can ignore this entire discussion and pretend it has no idea what Google, Microsoft and Apple are talking about. Eventually, Google may have to follow this trend, as painful as it may be for its advertising unit.