• dan@upvote.au
    link
    fedilink
    English
    arrow-up
    59
    ·
    edit-2
    6 months ago

    There’s a bunch of stuff in Chrome that’s special-cased to only allow Google to access it.

    Not sure if it’s still there, but many years ago I was trying to figure out how to do something that some Google webapp was doing (can’t remember which one). I think it was something to do with popping up a chromeless window - that is, a new window with no address bar or browser chrome, just some HTML content.

    Turns out the Chromium codebase had a hard-coded allowlist that only allowed *.google.com to use the API!

    Edit: my memory was a bit wrong. It was this: https://stackoverflow.com/a/11614605. The Hangouts extension was allowlisted to use the functionality, but if any other extension wanted to use it, the user had to enable an experimental setting.

    • Gestrid@lemmy.ca
      link
      fedilink
      English
      arrow-up
      9
      ·
      6 months ago

      Are you talking about the “apps” that Chrome used to support? They removed the feature years ago to reduce bloat and RAM usage or something like that.

      Before they removed the feature, I had actually figured out how to create my own “apps” that’d simply load webpages I visited often at the time, like Twitch.

      • QuantumStorm@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        6 months ago

        I don’t know why, but my head automatically put that as “the apps formerly support by Google” the same as “the artist formerly known as Prince”

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        6 months ago

        I found what I was talking about: https://stackoverflow.com/a/11614605. It was a feature that the Hangouts extension could use, but the user had to manually enable it in the browser settings for any other extensions to use it.

        The apps feature is still there just with a different name. It’s labeled as “create shortcut”, and you have to check the box to open a new window. I use it just because Firefox doesn’t have a similar feature.

  • CriticalMiss@lemmy.world
    link
    fedilink
    English
    arrow-up
    48
    ·
    6 months ago

    Not a legal mastermind by a long shot but it seems like a DMA violation. Someone needs to get the EU on their ass.

  • VelvetStorm@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    6 months ago

    Can someone explain this to me like I’m 5. I understand it’s not good but I don’t know why and I would like to understand it.

    • JustARegularNerd@lemmy.world
      link
      fedilink
      English
      arrow-up
      54
      ·
      edit-2
      6 months ago

      Effectively Google has a browser extension (just like the ones you’d install from the Chrome Web Store like uBlock Origin) that comes with the browser that’s hidden.

      This extension allows Google to see additional information about your computer that extensions and websites don’t normally have access to, such as checking how much load your PC has or directly handing over hardware information like the make and model of your professor.

      The big concern in the comments is that this could be used for fingerprinting your browser, even in Incognito mode.

      What this essentially means is that even though the browser may not have any cookies saved or any other usual tracking methods, your browser can still be recognised by how it behaves on your machine in particular, and this hidden extension allows Google to retrieve additional information to further narrow down your browser and therefore who you are (as they can link this behaviour and data to when you’ve used Google with that browser signed in), even in Incognito mode.

      • Misk@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        6 months ago

        So since they only just seem to have discovered this, does that mean this invisible extension also likely to be present on Chromium based browsers such as Brave and Thorium etc…?

        • daq@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          16
          ·
          6 months ago

          This is not a typical extension and it cannot be removed. It doesn’t even show up in the list of installed extensions.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        6 months ago

        even in Incognito mode.

        I thought extensions don’t run in incognito mode?

        I know Firefox doesn’t run them by default - you can specify which extensions you’d like to run in incognito mode.

        • Gestrid@lemmy.ca
          link
          fedilink
          English
          arrow-up
          17
          ·
          6 months ago

          I thought extensions don’t run in incognito mode?

          They don’t. Unless you check the box that allows them to. And I’m sure Google has already checked that box by default.

      • Appoxo@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        1
        ·
        6 months ago

        information like the make and model of your professor

        Oh no, not my professor :( (/s)

        • JustARegularNerd@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          6 months ago

          Oh that’s a good typo, I’m leaving that! I look forward to the LLMs in 2030 telling you to watch the temps on your professor and make sure it doesn’t get exposed by Chrome.

      • WindyRebel@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        6 months ago

        Fingerprinting.

        Bingo! Google wants to go cookieless and fingerprinting has been one of the solves I’ve always read about in the SEO world.

  • faltryka@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    2
    ·
    6 months ago

    Is this for malicious harvesting or is this part of their chrome device trust product for enterprises?

      • hendrik@palaver.p3x.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        6 months ago

        executing that command from the post returns the following on my Chromium:

        VM68:1 Uncaught TypeError: Cannot read properties of undefined (reading 'sendMessage')
            at [HTML_REMOVED]:1:16
        (anonymous) @ VM68:1
        
        
        • wanderingmagus@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          6 months ago

          It turns out Google Chrome (via Chromium) includes a default extension which makes extra services available to code running on the *.google.com domains - tweeted about today by Luca Casonato, but the code has been there in the public repo since October 2013 as far as I can tell.

          It looks like it’s a way to let Google Hangouts (or presumably its modern predecessors) get additional information from the browser, including the current load on the user’s CPU. Update: On Hacker News a Googler confirms that the Google Meet “troubleshooting” feature uses this to review CPU utilization

          The code doesn’t do anything on non-Google domains.

          Maybe it’s because you tried it on a non Google site? Idk.

          • hendrik@palaver.p3x.de
            link
            fedilink
            arrow-up
            3
            ·
            6 months ago

            Hehe, I read that sentence, tried it on google.com

            But forget what I said. I have the ungoogled variant of Chromium installed. No wonder that’s not in there…

    • raspberriesareyummy@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      1
      ·
      edit-2
      6 months ago

      I am “slightly” worried that there’s only a single option left. That’s only 1 organization’s corruption removed from total loss of control over browsing privacy :/

  • T156@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    6 months ago

    Does this also affect Chromium, or is it just Google Chrome?

    The article mentions it being affecting Google Chrome through Chromium, but it’s not clear if it also affects Chromium on its own, or other Chromium-based browsers.

    • Jay@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 months ago

      Chromium alone depends on if it’s the Google version or the Un-Googled version. For the Google version of Chromium, it still has that hangouts extension. However, the Un-Googled Chromium has that extension removed via the build flags, the one to note is enable_hangout_services_extension=false.

      As others have said though, it can also depend on what other Chromium-based is being used. Some browsers like Brave and including Vivaldi can have this turned off in the settings. Others like Edge and Opera are affected as well. However it doesn’t affect every Chromium-based browser.

    • Krzd@lemmy.world
      link
      fedilink
      English
      arrow-up
      25
      ·
      6 months ago

      It allegedly also affects Edge and Vivaldi, so it seems to be chromium not chrome

  • NutWrench@lemmy.world
    link
    fedilink
    English
    arrow-up
    46
    ·
    6 months ago

    I already ditched Windows for Linux a month ago because of spyware. Everything Google-related is next. My phone is going to be the hardest thing to de-infest.

    • CheeseNoodle@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Honestly I just keep my phone as my designated privacy nightmare so I can get free phone calls on wifi and keep in touch with family members who are still on facebook.

    • flop_leash_973@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      1
      ·
      6 months ago

      In my experience you either have to trade one devil for the other with Apple or accept buying hardware from the ad company so you can use GrapheneOS.

        • moonburster@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          6 months ago

          Ease of use and apple are not near each other in my dictionary.

          I think a lot of things are designed very unlogical

            • moonburster@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              6 months ago

              I’m using Linux and tried different distros. I also used chrome os and windows Phone. I tried ios, hence my feelings towards it

                • moonburster@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  6 months ago

                  Pff, sure buddy. Used it for 4 months due to my phone being dead. Go shill someone else. If the adoption of a new os goes against what I want of said os, then it’s not an os for me. Simple as that

    • nossaquesapao@lemmy.eco.br
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 months ago

      Welcome to the world of freedom. The first months may be a bit uncomfortable, but it’s a journey worth taking. Be welcome!

    • asdfasdfasdf@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      6 months ago

      I’m also doing this. Proton is amazing, for the most part. Ente Photos is also incredible for ditching Google Photos, although I’ll probably switch to Proton Photos when that comes out since Ente is pricey.

      • pathief@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        Isn’t proton photos built into their Proton Drive already? It’s implementation is… barebones… On Android but it works.

        • asdfasdfasdf@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          It is, but I’d barely consider it a launch of anything. It displays photos, but that’s it. I could already upload and view photos on Proton Drive before they “launched” this.

    • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      9
      ·
      6 months ago

      I already ditched Windows for Linux a month ago because of spyware.

      Great!

      Everything Google-related is next.

      Even better.

      My phone is going to be the hardest thing to de-infest.

      If you plan on getting a new phone soon, I recommend a Google Pixel, on which you can install GrapheneOS. Yes, ironically Google devices are the best for installing alternative operating systems and removing all the Google BS. GrapheneOS is completely free and open source, and based on the Android Open Source Project. It incorporates many privacy and security enhancements, and gives you total freedom and control over your device. In my opinion, it’s the best option for degoogling a phone.

  • Imgonnatrythis@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    49
    ·
    6 months ago

    Ianal, but this sounds like something worthy of suing their ass over. There’s not much Google would respond to and good luck beating their lawyers, but the only language they speak is $, so please try to take as much as possible away from them for this garbage.

  • _sideffect@lemmy.world
    link
    fedilink
    English
    arrow-up
    29
    arrow-down
    9
    ·
    6 months ago

    Why do people still use Chrome?

    Please uninstall it from everyone’s home pc and phone that you come into contact with

    • Tja@programming.dev
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      5
      ·
      6 months ago

      Because it’s fast and works well enough to keep the fame acquired over the last 10 years.

      • _sideffect@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        6 months ago

        At the cost of zero privacy, data being stolen and other fundamental issues and morals that Google lacks.

        • IronKrill@lemmy.ca
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          6 months ago

          Which is invisible to users, meaning they can ignore it or handwave it with “I haven’t got anything to hide”.

          • RobotZap10000@feddit.nl
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            6 months ago

            Or worse, “They already know everything about me, so why bother?”. One of my relatives says this. Kill me now.

        • Victor@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          6 months ago

          I’m a Firefox user on desktop and mobile, and I definitely feel like Chrome is faster on both platforms when I (have to) use it. But I prefer Firefox for the ideology and dev tools (on desktop), since I’m a web developer by trade, so the dev tools make a big difference for me.

        • Tja@programming.dev
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          2
          ·
          6 months ago

          I use both for my job and my subjective feeling is that chrome is faster. Js benchmarks seems to confirm it. Privately I use Firefox 95% of the time but I understand people who stay on chrome just out of inertia.

        • IronKrill@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          6 months ago

          There was a short period a few years ago after the Quantum update that I would have partially agreed, because Firefox’s renderer was much smoother. But Chrome seems to have caught up, because it’s been much faster every time I test something in it in the yesrs since.

  • cubism_pitta@lemmy.world
    link
    fedilink
    English
    arrow-up
    59
    ·
    6 months ago

    Google does a lot of standards breaking things.

    Like allowing a link on Google Apps Marketplace to open a new window (like popup) with POST instead of GET. (This pretty much ensures that buying an app will fail for browsers that follow the spec)

  • Holzkohlen@feddit.de
    link
    fedilink
    English
    arrow-up
    13
    ·
    6 months ago

    Refreshing change from reading about some new AI powered tracking nonsense in Windows.