Uncategorized

Google Chrome, Along With Other Popular Chromium Browsers, Grants System Monitoring Privileges to *.google.com Domains

Luca Casonato:

So, Google Chrome gives all *.google.com sites full access to
system / tab CPU usage, GPU usage, and memory usage. It also gives
access to detailed processor information, and provides a logging
backchannel.

This API is not exposed to other sites – only to *.google.com.

This is interesting because it is a clear violation of the idea
that browser vendors should not give preference to their websites
over anyone else’s.

The DMA codifies this idea into law: browser vendors, as
gatekeepers of the internet, must give the same capabilities to
everyone. Depending on how you interpret the DMA, this additional
exposure of information only to Google properties may be
considered a violation of the DMA. Take for example Zoom – they
are now at a disadvantage because they can not provide the same
CPU debugging feature as Google Meet.

I frequently bemoan the DMA’s ambiguity but here I’d say it’s crystal clear. Chrome is a designated gatekeeping platform, and granting system-monitoring privileges only to Google’s own websites is clearly in violation. Here’s a Hacker News comment from a purported Google employee who calls the feature “mundane” while admitting that Google Meet uses it as a tool to debug bad connections, even though no other web-based meeting app has access to it. I can think of no better example proving that Google views the open web as a platform that it owns.

But put the DMA aside. This is just creepy. It’s clearly a privacy violation. I don’t want Google to know what kind of CPU I have, how many cores, and how busy they are. And the makers of other Chromium-based browsers are so lazy that their browsers — Microsoft Edge and Brave at least — include this same “feature”. I don’t mean that Edge grants system-monitoring privileges to Microsoft’s websites. Edge grants these privileges to Google’s websites, and Google’s alone.

But speaking of the DMA, Chromium is, far and away, the most popular browser engine that the DMA compels Apple to allow on iOS. There are legitimate reasons to wish that Apple allowed third-party browser engines on iOS. But there are also legitimate reasons why Apple doesn’t allow them. Chrome really is bad. Better to let the market decide than let clueless regulator decide.

(Via Simon Willison.)

 ★ 

Luca Casonato:

So, Google Chrome gives all *.google.com sites full access to
system / tab CPU usage, GPU usage, and memory usage. It also gives
access to detailed processor information, and provides a logging
backchannel.

This API is not exposed to other sites – only to *.google.com.

This is interesting because it is a clear violation of the idea
that browser vendors should not give preference to their websites
over anyone else’s.

The DMA codifies this idea into law: browser vendors, as
gatekeepers of the internet, must give the same capabilities to
everyone. Depending on how you interpret the DMA, this additional
exposure of information only to Google properties may be
considered a violation of the DMA. Take for example Zoom – they
are now at a disadvantage because they can not provide the same
CPU debugging feature as Google Meet.

I frequently bemoan the DMA’s ambiguity but here I’d say it’s crystal clear. Chrome is a designated gatekeeping platform, and granting system-monitoring privileges only to Google’s own websites is clearly in violation. Here’s a Hacker News comment from a purported Google employee who calls the feature “mundane” while admitting that Google Meet uses it as a tool to debug bad connections, even though no other web-based meeting app has access to it. I can think of no better example proving that Google views the open web as a platform that it owns.

But put the DMA aside. This is just creepy. It’s clearly a privacy violation. I don’t want Google to know what kind of CPU I have, how many cores, and how busy they are. And the makers of other Chromium-based browsers are so lazy that their browsers — Microsoft Edge and Brave at least — include this same “feature”. I don’t mean that Edge grants system-monitoring privileges to Microsoft’s websites. Edge grants these privileges to Google’s websites, and Google’s alone.

But speaking of the DMA, Chromium is, far and away, the most popular browser engine that the DMA compels Apple to allow on iOS. There are legitimate reasons to wish that Apple allowed third-party browser engines on iOS. But there are also legitimate reasons why Apple doesn’t allow them. Chrome really is bad. Better to let the market decide than let clueless regulator decide.

(Via Simon Willison.)

Read More 

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top
Generated by Feedzy