The Cr-48 boasts world-mode 3G. A must for any device that does everything via the Web. Credit: Technology Review.

One way to summarize Google's week so far is to say that it picked fights with two of the biggest computing companies on the planet. On Monday it unveiled a bookstore that competes with Amazon's Kindle line. Today it took the wraps off an attempt to displace Microsoft from the provider of the most popular operating system.

"With Chrome OS we have a viable third choice for OS on the desktop," said CEO Eric Schmidt at the launch event in San Francisco, drawing a comparison with Windows and Mac OS. He spoke after a lengthy demonstration that showed off a new vision of the computer that strips away pretty much everything except the browser.

Fresh out of the box, a Chrome notebook boots up in a few seconds. After connecting it to the Internet, you log in with a Google account and are pitched into the Chrome browser. At that point, the setup is over. Chrome OS is little more than Chrome the browser.

In this new world you get all your applications through the Chrome webstore, an app store on the now familiar model (check this link later today to browse the Chrome Web store using the browser on an existing OS). You can browse, search, read reviews and click to install. Some are paid and some are free. Examples shown today included a version of EA's puzzle game PopIt, a tablet-style NPR app that lets you drag and drop shows to build a custom playlist, and one from the New York Times that lets you choose alternative "skins" for the paper's content.

Those apps can be powerful because of features built into Chrome that make it faster than any other browser, boasted Sundar Pichai, vice president of product management at Google. Many—including most games and the app from the New York Times—can also work offline because they are cached by the browser, a feature that will soon appear in Google's online Microsoft Office competitor, Google Docs.

It adds up to an experience that looks compellingly simple. "Since 2004 it is very hard to name a new application outside the Web that has scaled to hundreds of millions of users," said Pichai, "people live within their browsers on the Web but most of the code and complexity on their systems has nothing to do with the browser and the Web." Chrome OS strips all that away, even updating itself without user input.

Very soon, certain users of the Chrome browser and fans of it on Facebook will get the chance to try that for themselves when they are invited to join a pilot program. They'll receive a notebook commissioned by Google to test its new OS. Notebooks made by Acer and Samsung—built with Intel chips—will go on sale globally in mid 2011, although pricing hasn't been announced. All of those devices will see battery lives in the region of eight hours while in active use, and weeks on standby.

It's possible to overdose on simplicity, though, as evidenced by some things Chrome OS currently lacks. A "Cloud Print" service that will allow use of network-connected printers is not yet done, for example, and although the devices will have USB ports it is not yet possible to plug in, say, a camera and download photos.

Building Chrome was not just an exercise in subtracting from the conventional OS experience, though. It also introduces some technologies not seen before. One is a feature called verified boot, which sees the initial chunk of the OS installed on a part of the device that cannot be modified without physically taking the computer apart. "Every time you boot we use that safe part to cryptographically check every other part of the OS and we keep a known backup copy that we can revert to," said Pichai. "We are very confident that it will be the most secure consumer OS shipped."

Ultimately, though the core promise of Chrome OS is familiar: it's an attempt to deliver on a suite of ideas and concepts about cloud computing and the Web that have been circling for years. Schmidt in particular has been here before. In the late 90s, in a previous life as CTO of Sun Microsystems, he pushed the "Network Computer," a diskless notebook that relied on the cloud for everything. "Our instincts were right 20 years ago but our technology wasn't mature," he said today. "This time it does in fact work."

The Wall Street Journal reported this weekend that some Facebook applications--such as games--share the unique number assigned to each of the social network's half-a-billion members with third-party companies including advertising firms. But this latest Facebook privacy scare has actually been brewing for more than a decade. It's all down to a "vulnerability" that was described back in 1999 by Tim Berners-Lee and others working on version 1.1 of the HTTP standard, and which underlies the Web: "The Referrer header allows reading patterns to be studied and reverse links drawn. Although it can be very useful, its power can be abused if user details are not separated from the information contained in [it]."

Here's what that means: Every time your browser loads a new Web page, or a section of one, the server providing the data gets to know the address of the page that sent you there. The same process is at work when you're interacting with an app inside Facebook, which means the app gets a Referrer header containing your unique Facebook ID. That ID is not exactly on a par with a Social Security number. It's a public number that can be used to pull up the public version of a person's profile page, which shows no more than a person has allowed to be seen publically. In most cases it's enough to reveal a person's name, though.

It's not unusual for apps and Web services of all kinds to bundle up metrics and data on their users to share with third parties, and The Wall Street Journal says that bundles from some apps have contained user IDs. Facebook says that in most cases app makers "did not intend" to share IDs and it has reinstated some apps that suddenly disappeared after the Journal's story appeared. As yet, there seems to be no evidence that user IDs were sold intentionally, or used to guide marketing efforts. It's also debatable whether your ID number counts as personal information, and the extent to which Facebook was culpable. On the latter point, it's clear that anyone with a good technical knowledge of the Web would be familiar with this somewhat ancient feature/bug of HTTP, including many at Facebook and elsewhere.

That being the case it seems surprising that, first, there's apparently no established way to cash in on it and, second, no systems exist to head off the issue. As for a fix, one approach would be for companies like Facebook to design their systems to alter this built-in behavior. Another would be a clean-slate redesign of the Web, preventing the need for case-by-case fixes.

Google staff engineer Adam de Boor gave a keynote this morning at Usenix WebApps '10 in Boston, where he outlined a few of Gmail's next steps. The webmail application, which launched in 2004, has aggressively added new features in the years since, and is currently launching as much as one new feature a week.

De Boor said that there's currently a big push at Gmail to figure out how to take maximum advantage of HTML 5, a standard Web technology that's been increasingly adopted by browser vendors. HTML 5 allows web applications to behave more like desktop applications, and Gmail recently started allowing users to attach files by dragging them into the browser window.

In the future, the company hopes to extend that by allowing users to download files by dragging them out of the window. By improving its applications this way (and by making complementary improvements to its Chrome browser), Google plans to show that Web applications truly can do everything desktop applications can do.

The company also plans to use HTML 5 to pursue its obsession with speed. In particular, Google's experiments with HTML 5 and the associated CSS 3 show that using those technologies could speed up Gmail's load time by 12 percent.

The company has also been researching a new model for Web applications that could speed up load times even more. In experimental builds of its Chrome browser, Google has started allowing users to install Web applications, meaning that the browser keeps a page for that application always loaded in the background. This means that the Web application always has up-to-date data, and is always just a click away. When the user types the URL for the application, the browser links the user to that preloaded background page, speeding up the time it takes to get to the service.

By applying this technique to Gmail, De Boor, said, the hope is to get the webmail application to load in under a second. Google's vision for the speed and behavior of Gmail is likely to set a standard for Web applications across the board.