• dan@upvote.au
    link
    fedilink
    English
    arrow-up
    59
    ·
    edit-2
    14 days ago

    There’s a bunch of stuff in Chrome that’s special-cased to only allow Google to access it.

    Not sure if it’s still there, but many years ago I was trying to figure out how to do something that some Google webapp was doing (can’t remember which one). I think it was something to do with popping up a chromeless window - that is, a new window with no address bar or browser chrome, just some HTML content.

    Turns out the Chromium codebase had a hard-coded allowlist that only allowed *.google.com to use the API!

    Edit: my memory was a bit wrong. It was this: https://stackoverflow.com/a/11614605. The Hangouts extension was allowlisted to use the functionality, but if any other extension wanted to use it, the user had to enable an experimental setting.

    • Gestrid@lemmy.ca
      link
      fedilink
      English
      arrow-up
      9
      ·
      14 days ago

      Are you talking about the “apps” that Chrome used to support? They removed the feature years ago to reduce bloat and RAM usage or something like that.

      Before they removed the feature, I had actually figured out how to create my own “apps” that’d simply load webpages I visited often at the time, like Twitch.

      • QuantumStorm@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        14 days ago

        I don’t know why, but my head automatically put that as “the apps formerly support by Google” the same as “the artist formerly known as Prince”

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        14 days ago

        I found what I was talking about: https://stackoverflow.com/a/11614605. It was a feature that the Hangouts extension could use, but the user had to manually enable it in the browser settings for any other extensions to use it.

        The apps feature is still there just with a different name. It’s labeled as “create shortcut”, and you have to check the box to open a new window. I use it just because Firefox doesn’t have a similar feature.

  • CriticalMiss@lemmy.world
    link
    fedilink
    English
    arrow-up
    48
    ·
    14 days ago

    Not a legal mastermind by a long shot but it seems like a DMA violation. Someone needs to get the EU on their ass.

  • VelvetStorm@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    14 days ago

    Can someone explain this to me like I’m 5. I understand it’s not good but I don’t know why and I would like to understand it.

    • JustARegularNerd@lemmy.world
      link
      fedilink
      English
      arrow-up
      54
      ·
      edit-2
      14 days ago

      Effectively Google has a browser extension (just like the ones you’d install from the Chrome Web Store like uBlock Origin) that comes with the browser that’s hidden.

      This extension allows Google to see additional information about your computer that extensions and websites don’t normally have access to, such as checking how much load your PC has or directly handing over hardware information like the make and model of your professor.

      The big concern in the comments is that this could be used for fingerprinting your browser, even in Incognito mode.

      What this essentially means is that even though the browser may not have any cookies saved or any other usual tracking methods, your browser can still be recognised by how it behaves on your machine in particular, and this hidden extension allows Google to retrieve additional information to further narrow down your browser and therefore who you are (as they can link this behaviour and data to when you’ve used Google with that browser signed in), even in Incognito mode.

      • Misk@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        14 days ago

        So since they only just seem to have discovered this, does that mean this invisible extension also likely to be present on Chromium based browsers such as Brave and Thorium etc…?

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        14 days ago

        even in Incognito mode.

        I thought extensions don’t run in incognito mode?

        I know Firefox doesn’t run them by default - you can specify which extensions you’d like to run in incognito mode.

        • Gestrid@lemmy.ca
          link
          fedilink
          English
          arrow-up
          17
          ·
          14 days ago

          I thought extensions don’t run in incognito mode?

          They don’t. Unless you check the box that allows them to. And I’m sure Google has already checked that box by default.

      • Appoxo@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        1
        ·
        14 days ago

        information like the make and model of your professor

        Oh no, not my professor :( (/s)

        • JustARegularNerd@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          13 days ago

          Oh that’s a good typo, I’m leaving that! I look forward to the LLMs in 2030 telling you to watch the temps on your professor and make sure it doesn’t get exposed by Chrome.

      • WindyRebel@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        13 days ago

        Fingerprinting.

        Bingo! Google wants to go cookieless and fingerprinting has been one of the solves I’ve always read about in the SEO world.

  • faltryka@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    2
    ·
    14 days ago

    Is this for malicious harvesting or is this part of their chrome device trust product for enterprises?