The wording here is bad, but basically CAA supports non browser specific policy and, in some cases, browser specific policy (GSuite offers a "Managed Chrome" policy). Firefox users can leverage much of the non browser specific policy, they obviously can not be a part of the "Managed Chrome" offering.
There's no contradiction here; it's totally possible for a company to make a feature configurable so that it doesn't block their competitors but also intentionally design and market it in a way that's misleading in ways that will lead to their competitors getting blocked. When we're talking about a company as large as Google and a product with as much market share as Chrome, I don't think it's that crazy to think that things like this add up to encouraging even more hegemony, and when that happens to align perfectly with the incentives of the company making said product decisions, I also don't think it's crazy to think it's unlikely to be a coincidence.
If the argument is that Google has built a product that encourages use of Google products, of course. The question is whether that's some sort of trickery or odd or bad. "Google offers Managed Chrome as a service" hardly seems controversial to me.
Google offering managed chrome as a service is a completely sensible thing. The problem is that they are nearly a browser monopoly, and making Google Workspace work in such a way with Google Chrome feels to me like anti-competitive practices. If we didn't have one giant megacorp that did both things, it would be different.
Of course, so far the only workable model for web browsers is having a giant megacorp fund their development and maintenance. Which is a huge issue, and we will do basically nothing about it.
(Don't get me wrong. I have high hopes for Ladybird and even Servo, but they may come too late if effectively-proprietary features force most users to stick to Chrome anyways.)
I'm not sure what the alternative is. Is there will from Firefox to support a "standard browser config", at which point GSuite could add support for managed Firefox config? If you want managed Firefox, Mozilla could offer that as well (they have something but it's different enough).
The alternative that we've used for the past 100+ years is to force such companies apart. Is Google Docs allowed to offer a "managed chrome" policy? Sure. Is Google Chrome allowed to be a browser? Absolutely!
But if either side is close to a monopoly, both cannot be part of the same company, even if that means breaking an existing company up.
There's really nothing particularly wrong with the Chrome feature itself. There is a bit of a problem with the way it inherently results in browser vendor lock-in (regardless of whether it is a stated goal) with Google Workspace, which is by the same company. That's the main problem.
I may be missing something because I feel like this specific point has been reiterated a few times in this thread but I haven't seen it actually rebuked directly.
Look man, this is absolutely getting into the semantics phase. I know you're not stupid, don't treat me like I am.
Firstly, some Chrome features (like Chrome Remote Desktop) are delivered partly as extensions. This does not make them not features of Chrome. It makes them features that happen to be delivered in some part as extensions.
Doesn't matter. Let's say Endpoint Verification is not a Chrome feature. Thankfully, we don't actually need that for our argument. The crux of this argument is simple:
- Google Workspace depends on proprietary Chrome features,
- Chrome has specific proprietary features designed to support Google Workspace (and other proprietary Google offerings.)
What is the proprietary features I am referring to? Well, I'd just say "Endpoint Verification", but we can go a layer deeper. In order to implement Endpoint Verification, we need privileged, private extension APIs. These APIs are not for use with non-Google extensions, and Endpoint Verification uses enterprise.reportingPrivate.
You can disagree that it is a problem that Google Chrome and Google Workspace are developing proprietary integrations with each-other, that's your prerogative, but I'm not humoring this gaslighting attempt.
I'm not trying to treat you like you're stupid or to gaslight you. There is a "slice" of this that is absolutely a native, Chrome-only interface, but I just don't think that this is particularly exceptional. These sorts of Firefox-only APIs exist as well in order to support Mozilla's goals, and this is quite normal - you wouldn't expect every single aspect of the browser to be built in lockstep with every other browser.
For the most part, Mozilla could build out Endpoint Verification (and it supports a subset of the APIs anyways). Similarly, there could be a web proposal for device attestation APIs that are more generalized, etc, which I think would be great.