Google web services take advantage of an API that only Google knows about.
Completely unsurprising. Google should have been given the anti-trust treatment long ago. There’s not a saving us because the ones to save us are completely complicit. And people who write independent browsers will be smacked back down by having places like YouTube throttle them.
In the comments its not just chrome that is affected.
Its apparently all Chromium browsers.
Isn’t chromium open source? How are the APIs a secret?
Simply noone ever looked and it’s not documented. And the api is locked to work only on google domains so it wasn’t usable to anyone to accidentally notice what’s going on.
The code doesn’t do anything on non-Google domains.
Luca says this - I’m inclined to agree:
This is interesting because it is a clear violation of the idea that browser vendors should not give preference to their websites over anyone elses.
Follow up question: How many other parts of the chromium codebase limited to work on (maybe other) specific domains?
The code doesn’t do anything on non-Google domains.
A Google engineer adds a piece of code, does not document what exactly it does, and it was approved without question. Something is seriously wrong with this or I don’t know how the Chromium project works.
I read somewhere a long time ago that chromium is a “look, but not touch” type of foss project. You can fork it, fix it, do whatever you want with the code, but on the main chromium repo they rarely accept PRs from random contributors
Here is an article from 2020, about the first non google employees getting some rights in the repo, before that all decisions was made by google employees: https://www.cnet.com/tech/mobile/google-gets-web-allies-by-letting-outsiders-help-build-chromes-foundation/ This api was added in 2013
And the workaround for this issue is really simple, and it was recommended privacy wise for a long time: don’t use chromium based browsers and don’t visit google related sites, as much as you can.
You can fork it, fix it, do whatever you want with the code, but on the main chromium repo they rarely accept PRs from random contributors
This needs to be discussed more by the community.
I can kind of understand what’s happening. They want to have complete control over what goes in an out of Chromium. Some PM is probably overseeing the PRs, and if some PR hinders their ability to collect data, that PR gets rejected. Mighty fine project this is. Other forks probably don’t have the resources to go through all the commits issued by Google and just accept them as it is. They just makes the changes to suit their own agenda. All the more reason for people to switch to Firefox
I wonder how Ungoogled Chromium is affected by all this.
I don’t know what needs to be discussed. Everyone owns their code, every project has some kind of hierarchy. Chromium is a project started by google, so Alphabet Inc. has a final word in any decisions. Similarly Linus Torvalds has a final say in Linux kernel development, and Lennart Poettering in systemd. That’s how it always worked, and I think it’s good enough.
What you can do is, you can hard fork a project, than you can have a final say there. This is actually how chromium’s engine started: its Blink engine is the fork of Apple’s webkit engine which is again a fork of Kde’s khtml engine.
Ungoogled chromium is not a hard fork it’s just a list of patches: https://github.com/ungoogled-software/ungoogled-chromium They can override google’s decisions this way, but the more thing they patch the more thing they have to maintain, more work, and more things can break with each update. Afaik it’s similar how all other chromium based browsers work.
Everyone said this for years now. If you care about the freedom of internet (caring about your privacy is secondary) you shouldn’t use chromium based browsers. Stop using it now.
Open source doesn’t mean they have to accept community input. The rights you’re granted are the right to take their code and alter it for your own project, or redistribute it, not direct it.
A lot of corporate owned open source projects choose not to accept third party contributions at all (or at least without giving them actual ownership), because if they own the entire codebase, they can sell different licenses to businesses that may not like some restriction of the open source license.
including Vanadium?
This comes from
hangout_services/thunk.js
I searched for
hangout
in the vanadium repo, no result, so it’s not patched there either: https://github.com/GrapheneOS/VanadiumVanadium
Just asked in their matrix channel.
hybridstaticanimate:discord Vanadium did not enable this at build time.
hybridstaticanimate:discord There is nothing to patch.
hybridstaticanimate:discord Other browsers chose to enable this.
Kind of. Vivaldi let’s you turn it off though. Privacy, disable meet extension.
Fuck Chromium. Don’t let Google single handedly control how the Internet works. Don’t support Chromium browsers.
Nah. I support Vivaldi. They are not funded by Google like your precious Firefox is and they are very open about using chromium but doing everything they can to clean it up so it doesn’t align with Google’s tyranny. I don’t think it’s fair to lump them in with other chromium browsers. Let me know if you have specific issues with Vivaldi beyond just general Google is bad sentiment.
When my problem with Chromium browsers is the fact that they’re Chromium browsers it’s fair to lump them in. The only complaint I have about Vivaldi other than “Google bad” (which is an unfair reductive statement) is that it isn’t open source. But I don’t care to try it.
The entire reason Chromium browsers are a problem is because it gives Google way too much power for controlling how the web works. They don’t need to seek consensus any longer. They can just make it do whatever. I’ve even seen people consider it the reference implementation of HTML. It’s sickening. Even if your “precious Vivaldi” and other Chromium browsers make tweaks to things it doesn’t change the fact that Google was able to make that decision without caring how it works in other browsers because there really aren’t other browsers now. Just fucking Chromium.
And for the record, it’s extremely unfair to say that Firefox gets funding from Google while pretending Chromium browsers do not. Using foss products made by a company is very similar to getting money from them. Google has put an enormous amount of money into Chromium. Vivaldi uses that. It’s like using public infrastructure then bragging that you don’t accept money from the government. I genuinely don’t care that Firefox gets money from Google because, despite the words you put in my mouth, my problem isn’t “Google bad” (though I don’t like them, but I don’t refuse to use their products). My problem with Chromium is that it has too large of a share of browsers using it.
I think I understand your perspective but lambasting people online for their browser choices is gross. Vivaldi has a respectable privacy oriented mission. Im not telling you to use it. You are telling me not to. Your strategy is inflammatory. Simply disagree that Vivaldi should be “lumped in” with other chromium browsers when they are practically trying to undermine everything that Google is doing with a highly functional browser that has real curb appeal since it can look and feel like chrome but can actually do way more out of the box without adding extensions. If your goal is some higher level martyrdom, sure use librewolf etc. If you want a powerful flexible browser that protects your personal privacy way better than chrome, it’s a reasonable choice.
You’re right, let’s cool things down. This is definitely something I feel strongly about and I’ve been stressed the past day or so. It’s possible some of that anger slipped out in my phrasing.
When I say “Fuck Chromium based browsers” I don’t mean to imply something like “Fuck you for using them,” even though I do believe you shouldn’t use them. It’s not that serious. But I see how saying “Fuck the thing you chose” followed by “Don’t use that thing” can feel way too aggressive. I’m sorry that it felt like I was attacking you personally. ❤️
This is why we need to all back firefox…
I dont care if the CEO sucks, or if they have some opt-out anti-features…
Chrome monopoly is a far greater threat
Google should have been given the anti-trust treatment long ago
Lina Khan on the horizon looming ominously.
People are conditioned by Windows to treat it as normal that they are using something developed by a hostile entity, but that entity is kinda benevolent and doesn’t do … what it can always do and no one will notice for a few months or years.
I switched to Linux being 16, so - still sufficiently maximalist to just believe that it shouldn’t be this way at all. (Still I have Chromium installed and sometimes use it, so same situation as everyone.)
For sane adult people it’s hard to just say no to unhygienic parts of tech, at least in their own mind, because IRL of course you can’t get rid of everything bad.
Remember this thumb rule -> if it’s not open-source, you are allowing the software to do whatever it wants to do.
No regulation, law, support group is going to help you. You are digging your own grave.
I agree, but… This was in open source software. Chromium. Not just Google Chrome. https://github.com/chromium/chromium/commit/422c736b82e7ee763c67109cde700db81ca7b443
hangout_services/thunk.js (via) It turns out Google Chrome (via Chromium) includes a default extension which makes extra services available to code running on the *.google.com domains - tweeted about today by Luca Casonato, but the code has been there in the public repo since October 2013 as far as I can tell.
https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/
This is included in the chromium source code which is public
If it’s any software you didn’t write yourself or audit every line of…
For a typical Linux distro that’s tens of thousands of packages…
I am no expert on code-auditing. But I’m slightly at peace that there are 100s of experts looking at the code because it’s open-source. But i also understand mistakes can still happen. It’s not a perfect system, but it’s the best solution so far.
There’s some truth to that, but bad actors have managed to slip things through in the past. It happened recently with xz.
I guess my point is that we put a lot of trust in strangers when we run any code on our systems. Open or not.
True. We can also not run code at all and be perfectly safe.
I wish there was a comparison. Number of 0days in open source and 0days in closed source for comparible projects and a measure for time to mitigate the 0days.
Hopefully no one comes in here and tells me Firefox does shit like this as well… I just swapped back.
Firefox doesn’t have a huge number of pages like Google does. The problem is collusion between browser and websites run by the same company.
This is not new news lol