Google can totally explain why Chromium browsers quietly tell only its websites about your CPU, GPU usage
- Reference: 1720780092
- News link: https://www.theregister.co.uk/2024/07/12/chromium_api_system_information/
- Source link:
The feature is, from what we can tell, for performance monitoring and not really for tracking – Google knows who you are and what you're doing anyway when you're logged into and using its sites – but it does raise some antitrust concerns in light of Europe's competition-fostering Digital Markets Act (DMA).
When visiting a *.google.com domain, the Google site can use the API to query the real-time CPU, GPU, and memory usage of your browser, as well as info about the processor you're using, so that whatever service is being provided – such as video-conferencing with Google Meet – could, for instance, be optimized and tweaked so that it doesn't overly tax your computer. The functionality is implemented as an API provided by an extension baked into Chromium – the browser brains primarily developed by Google and used in Chrome, Edge, Opera, Brave, and others.
[1]
Non-Chromium-based browsers – such as Mozilla's Firefox – don't have that extension, which puts them at a potential disadvantage. Without the API, they may offer a worse experience on Google sites than what's possible on the same hardware with Google's own browser, because they can't provide that live performance info.
[2]
[3]
There is, however, nothing technically stopping Moz or other browser-engine makers implementing a similar extension itself in Firefox, if they so chose.
Crucially though, websites that compete against Google can't access the Chromium API. This is where technical solutions start to look potentially iffy in the eyes of Europe's DMA.
[4]
Dutch developer Luca Casonato [5]highlighted the extension's existence this week on social media, and his findings went viral – with millions of views. We understand at least some people have known about the code for a while now – indeed, it's all open source and [6]can be found here in the preinstalled extension [7]hangout_services .
That name should give you a clue to its origin. It was developed last decade to provide browser-side functionality to Google Hangouts – a product that got [8]split into today's Google Meet and Chat. Part of that functionality is logging for Google, upon request, stats about your browser's use of your machine's compute resources when visiting a *.google.com domain – such as meet.google.com.
Casonato noted that the extension can't be disabled in Chrome, at least, and it doesn't show up in the extension panel. He observed it's also included in Microsoft Edge and Brave, both of which are Chromium based. We reached out to Casonato for more of his thoughts on this – though given the time differences between him in the Netherlands and your humble vulture in the US, we didn't immediately hear back.
Explanation
If you've read this far there's probably an obvious question on your mind: What's to say this API is malicious? We're not saying that, and neither is Casonato. Google isn't saying that either.
"Today, we primarily use this extension for two things: To improve the user experience by optimizing configurations for video and audio performance based on system capabilities [and] provide crash and performance issue reporting data to help Google services detect, debug, and mitigate user issues," a Google spokesperson told us on Thursday.
[9]
"Both are important for the user experience and in both cases we follow robust data handling practices designed to safeguard user privacy," the spokesperson added.
As we understand it, Google Meet today uses the old Hangouts extension to vary the quality of the video stream if the current resolution is proving too much for your PC. Other Google sites are welcome to use the thing, too.
That all said, the extension's existence could be harmful to competition as far as the EU is concerned – and that seems to be why Casonato pointed it out this week.
[10]Why France this week fined Google €250M over web news
[11]Japan turns up heat on Apple, Google with threat of hefty fines
[12]Billions on the line for Google as web search monopoly trial nears end
[13]Europe teases breaking up Google over ad monopoly
"[This API] is a clear violation of the idea that browser vendors should not give preference to their websites over anyone else's," Casonato argued, citing the [14]DMA 's prohibition on self-preferencing under [15]Article 6 .
DMA gatekeepers – of which Google is one – are required under the law to be impartial on-ramps to the world of the internet. Using a hidden API to give your services a performance edge may not fly under those rules.
"Take for example Zoom – they are now at a disadvantage because they can not provide the same CPU debugging feature as Google Meet," Casonato asserted.
Zoom are now at a disadvantage because they can not provide the same CPU debugging feature as Google Meet
Google told us it intends to comply with the Digital Markets Act. That's a smart idea, given it's [16]already being investigated alongside Meta and Apple by the bloc's antitrust cops. European Commission officials kicked off a probe of the trio in March for what they called suspected failures to comply with DMA mandates.
[17]Meta and [18]Apple have both since been charged with DMA violations, and the Commission is still working on its Google case. Whether this API will turn up the heat on the Chocolate Factory isn't clear – we asked European Commission officials for their take on whether the API would run afoul of the DMA and will update this story if we hear back. ®
Get our [19]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZpFTGo5EXf40dCEk81AToAAAARI&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZpFTGo5EXf40dCEk81AToAAAARI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZpFTGo5EXf40dCEk81AToAAAARI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZpFTGo5EXf40dCEk81AToAAAARI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://twitter.com/lcasdev/status/1810696257137959018
[6] https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/resources/hangout_services/thunk.js
[7] https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/resources/hangout_services/
[8] https://www.theregister.com/2022/06/28/say_goodbye_to_google_hangouts/
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZpFTGo5EXf40dCEk81AToAAAARI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2024/03/21/french_competition_watchdog_fines_google/
[11] https://www.theregister.com/2024/04/15/japan_app_store_monopolies/
[12] https://www.theregister.com/2024/05/02/google_search_antitrust_closing/
[13] https://www.theregister.com/2023/06/14/european_commission_google_breakup/
[14] https://www.theregister.com/2024/03/06/google_dma_europe/
[15] https://www.eu-digital-markets-act.com/Digital_Markets_Act_Article_6.html
[16] https://www.theregister.com/2024/03/25/ec_antitrust_team_opens_dma/
[17] https://www.theregister.com/2024/07/01/meta_eu_dma_violation/
[18] https://www.theregister.com/2024/06/24/ec_puts_apple_on_notice/
[19] https://whitepapers.theregister.com/
Re: Doh! Just stop using GOOGLE for anything
Their search-reach is not the problem. It's one of the sub-problems, but it's not the actual problem. Not using their search does not prevent them from strip-mining you for data.
The more root-adjacent problem is that Google has become so ingrained in how the WWW (and to a large degree the Internet as well - they own massive amounts of physical infrastructure that makes up the Internet) works, that it is virtually impossible to not touch them.
If you want to test this hypothesis out: block any and all google-owned domain, not just www.google.com, but all of them. Block any and all [1]AS that they use. Then tell me how well you get by... You'll quickly realize how many things online use assets pulled from those AS's (e.g. gstatic), or rely on assets located there (app store, cloud functions in GCP, firebase, the list goes on). Simple example: if you use an android phone and block all google AS's, your phone suddenly thinks it is constantly offline because the connectivity check (which goes to google) fails.
In a way, the internet - which was designed to be decentralized as a mitigation for a decapitation strike - has failed at that part of its experiment. We've re-centralized the Internet in the hands of a couple of large players who now have a complete stranglehold over it. Some others on that list of oligarchs are microsoft, amazon, cloudflare, and (to those that have fallen for the reality distortion field) apple(*).
(*) same deal, if you want to see how ingrained they are, block any one of those entities and tell me how well you can still function on the internet.
[1] https://en.wikipedia.org/wiki/Autonomous_system_(Internet)
Re: google sub domains
Yeah, like this site works perfectly well with links to
www.googlesyndication.com
www.googletagmanager.com
BLOCKED.
Google.com is also blocked and only opened up in one tab when I have to fill out one of their stupid captcha things. Google software is banned in my home.
All my internet access is via a VPN apart from YouTube which seems to have taken umbridge to serving videos via a VPN recently so I have one old laptop that is only used for Google/YouTube. No other access is allowed from it.
FSCK Google and all its slimy business stands for.
Re: google sub domains
Just to make sure I understand, you are acknowledging the huge dependence on google as a system, is this correct? Sites use captcha, you use youtube, ... Blocking www.google.com is not "blocking google", that is just papering over a particular poster google put up on the wall.
Every time any of your systems touches any system owned by google, it provides them with information about you: where you are, what you ask for, when you do things, meta-data about the device/software you use, how frequently you do things, your pattern of life, the list goes on. All of this surveillance just to sell you to the highest bidder of advertisement. It's a kinda sad business model to be honest.
Today, we primarily use this extension for two things...
Tomorrow, oh well, that's another story.
Re: Today, we primarily use this extension for two things...
But yesterday, we had all your data analysed thoroughly and created a shadow profile and predictive model of your being. But we are not gonna tell you that. No sir/m'lady, that is a secret.
Re: Today, we primarily use this extension for two things...
It's Google, if they don't primarily use a feature for tracking, they secondarily use a feature for fingerprinting.
Considering its a preinstalled extension that can't be disabled by the end user means its built in Google spyware, and I really wish more mainstream news would cover this sort of thing as it might make people think twice about using Chrome. As since it also works with incognito mode its trivial for Google to use it to track when you visit one of their sites using a private browser window.
Why is it in Chromium?
I can fully understand why Google put it in Chrome. It's anti-competitive, increases the browser's attack surface and is slightly (but not all that) creepy. So fits Google's MO perfectly.
But what advantage to Microsoft and Brave get from shipping it? It does nothing for them. Do they not review Google's code, and just copy and paste their browsers with a new badge on?
It also gives Google the chance to optimise their websites to say work more slowly if viewed in Firefox - stuffing as much crappy Javascript at them as possible - while sweetly putting up ap pop-up to say, "why not use our lovely Chrome browser" it'll work much faster. And then make sure it does. I'm sure they wouldn't do that (probably?) because they also want people using their other services, not just their browswer - though controlling peoples' browser gives you much more access to their data...
Re: Why is it in Chromium?
Borkzilla doesn't review its own code, you can hardly expect it to review code from anyone else.
Re: Why is it in Chromium?
Google already has popups etc all over the place trying to get people to use Chrome, as well as still installing via drive-by downloads from 3rd parties like Adobe, it's largely how they got so dominant in the browser market (and the alternatives from MS up until recently were crap as well).
Wonder if they're just seeing what they can get away with though, the adblocker queries they've been running on Youtube and other sites are under investigation IIRC.
Re: Why is it in Chromium?
But what advantage to Microsoft and Brave get from shipping it?
They don't want to give users a reason to change their browser. Remember at one time users left Firefox because it didn't play well with YouTube because YouTube used an API that was only implemented in Chromium browsers?
So Edge and Brave are coming along for the ride. That's the price of using a megacorp's "free" browser engine.
In a healthy ecosystem with many browser engines, Google couldn't do that.
"Luca Casonato highlighted the extension's existence this week on social media"
That link points to twitter.com.
I thought that had been renamed to X, following the lunatic's preference.
So, I'm guessing it was too much of a bother to actually rename everything. Apparently, he just contented himelf by redoing the logo and stuff the rest.
Of course, given that he had already fired all the competent people, it's pretty obvious that His Muskiness doesn't have the nous to change the domain name.
No wonder Google/Alphabet dropped their "Don't be evil" motto...
Their new motto ("Do the right thing") is just as meaningless unless it actually means "Do the right thing by/for us"...
> No wonder Google/Alphabet dropped their "Don't be evil" motto...
They never dropped it, they just added two characters: "Don't , be evil ! "
they may offer a worse experience on Google sites
My experience with Google is that if the version of Chrome on my phone is more than a couple of releases out of date, the site will sulk and tell me that I can't continue because I'm using an insecure browser.
At which point I switch to Firefox and stuff works. I tried it once with a really old version of Firefox (like double digit version number) and...it still worked.
I guess it's nice that Google is being honest about the state of their browser.....
Re: they may offer a worse experience on Google sites
They are instilling learned helplessness/dependence. They are positioning themselves as feudal lords: " come within the confines of my castle's wall, I will keep you safe, and don't go outside because there be dragons, and thieves, and murderers. You can only trust me to keep you safe ".
And once you start believing that, you're (quite literally) a captive audience.
It's not even only google's fault; as an industry we have been extraordinarily bad at educating and empowering those who use the things we build. From the get-go, there were folks in white lab-coats huddled in front of a big iron telling that young'en who wanted to use that machine as well that " this is a serious machine, for serious people, you need to know very advanced maths, and logic, and stuff, you are too dumb for this. Also, you need a white lab coat which you don't have, so go on, off you go, let this be for serious people, don't fret over this because your tiny, little brain would never understand any of it anyway ".
The result of this is that (normal) people file "how computers work" in the same mental cabinet as "stuff I couldn't possibly comprehend so why even bother" - which in the end is a huge disservice to them and to the field.
We've been practicing this horrible attitude continuously for the entirety of the existence of the field. We continue to do this to this day and cement it even further with things like forced upgrades, and relentless patching that we don't explain except for "if you don't patch, then bad things will happen to you, and you don't want that, do you?" (this is - I kid you not - a verbatim quote I've seen in an e-mail sent around a large-ish organization to justify why it enforced windows update on its machines) and 'security alerts' that just scare people.
Re: they may offer a worse experience on Google sites
For some reason, I have constant problems with Google Meet and Google Voice in Chrome. Those sites give me no problem on Firefox.
Mega-corp
that made a shed load of money selling other people's data caught using a browser extension that captures even more user's data
More on News at 11.
Also bear shit in the woods, pope's religion revealed.... etc etc
So I'll just kepp using Falkon for Google site.
According to [1]https://en.wikipedia.org/wiki/Falkon , Google is probably perfectly fine with you doing that:
> Falkon (formerly QupZilla) is a free and open-source web browser developed by KDE. It is built on the QtWebEngine, which is a wrapper for the Chromium browser core .
Unless they've stripped that out (and I'm not saying they have[n't]), it makes zero difference. In fact, it probably is detrimental because it continues to contribute to the browser monoculture that is chromium-based browser.
[1] https://en.wikipedia.org/wiki/Falkon
Software monoculture is not much of an issue, when code can be freely modified. Can always fork ungoogled-chromium instead, to be a step ahead of Google.
Doh! Just stop using GOOGLE for anything
If you have to use if for searching, use a private window and a VPN and certainly NOT any Chrome based browser. Who really knows what slurpware is there even in the non google versions?
Google can [see icon] .