Google Sites Get Exclusive API Access In Chromium??
Vložit
- čas přidán 5. 08. 2024
- Recently a series of treats have been making the rounds about websites on the google domain seemingly having more access to your system than other websites out there. Is this really true though and if it how how long has it been going on for.
==========Support The Channel==========
► Patreon: brodierobertson.xyz/patreon
► Paypal: brodierobertson.xyz/paypal
► Liberapay: brodierobertson.xyz/liberapay
► Amazon USA: brodierobertson.xyz/amazonusa
==========Resources==========
Twitter Thread: x.com/lcasdev/status/18106962...
How To Test: x.com/simonw/status/181073121...
=========Video Platforms==========
🎥 Odysee: brodierobertson.xyz/odysee
🎥 Podcast: techovertea.xyz/youtube
🎮 Gaming: brodierobertson.xyz/gaming
==========Social Media==========
🎤 Discord: brodierobertson.xyz/discord
🐦 Twitter: brodierobertson.xyz/twitter
🌐 Mastodon: brodierobertson.xyz/mastodon
🖥️ GitHub: brodierobertson.xyz/github
==========Credits==========
🎨 Channel Art:
Profile Picture:
/ supercozman_draws
🎵 Ending music
Track: Debris & Jonth - Game Time [NCS Release]
Music provided by NoCopyrightSounds.
Watch: • Debris & Jonth - Game ...
Free Download / Stream: ncs.io/GameTime
#Google #Linux #Chrome #Chromium #FOSS #OpenSource
DISCLOSURE: Wherever possible I use referral links, which means if you click one of the links in this video or description and make a purchase I may receive a small commission or other compensation. - Věda a technologie
From fingerprinting point of view it seems like a privacy nightmare.
Yeah fingerprinting was my first thought
forget finger printing, it could be taking screenshots from your desktop.
@@turtlefrog-tn3ek That's what I thought too. Hopefully some security researcher can find it out and present the evidence to EU and then EU will fine them to oblivion.
@@test-rj2vl it could record audio as well. Like any permission that hangouts needed, enabled by default out of the box to bypass browser permissions.. Its just google spyware.
Even in the US, that "could" be grounds for Anti-Trust for an advantage that none of the competition have, but like you said I am not lawyer, and in the US it takes A LOT for anything to actually happen. Our consumer and even company protections are pretty dated, broken & most of the upper government are old enough to have dentures, a cane, and have no clue on anything that is modern tech, so the tech companies usually stretch the truth and walk away free, then do it a few months later with another context. It is what has made Louis Rossmann basically put on the tin foil hat, lose it & post a rant on consumer rights just about every day. One day we will have someone under 60 in office lol
I wish it was simply a matter of them being too old to understand, unfortunately time after time has taught us that it is more a matter of who is lobbying for them and writing the biggest "donation" check to their campaigns.
Microsoft did this with Word and Excel in the early to mid 90s in order to get an unfair advantage over their competition and dominate the software space in addition to Windows. It is considered anti-trust.
It definitely is. Many sites would kill for cpuinfo to properly optimize things
wasn’t this like the same thing microsoft got got for. just its the browser not the operating system
With Google, there is no low that is too low and it is always worse than you think.
Isn't product bundling of this sort illegal in the EU? I'm sure they will be fined a rounding error on this week's revenue for that.
yes that's what's referenced in tweet two the DMA is EU regulations, also DMA fines can be up to 10% of the companys global turnover
I wonder what would be google's response if someone made a pull request to chrome/chromium source code
changing the domain allowing to use that extensions from google to just "*"
Would they allow it? Would they say its dangerous proving they are hypocrites. Would they say not everyone should have such access?
Unlike the older version, Manifest V3 doesn't allow * as a value
But it's really dangerous. You don't want every website under the sun being able to record your screen and query your CPU data. At least Hangouts has a good reason for doing so, and most people have already sold their souls to Google. I don't want rando internet sites having any extra permissions.
@@szaszm_ no, hangouts did *not* have a good reason for doing this.
@@szaszm_ Except it should be an opt-in extension. It also deanonymises users by directly allowing google websites access to everything that it wants in the browser.
@@Tonatsi well, Microsoft also want de-anonymization by pushing TPM being mandatory.
Each & every TPM has a different UNIQUE key within it, while it very unlikely for outsiders to know the content of that key, each TPM will give out UNIQUE answer when asked to do same certain tasks, from that its became even more trivial to do even more precise hardware finger printing.
This is the unspoken topic about TPM that TPM pushers uncomfortable to talk about, so they will try to divert the attention away from it by talking about other well known TPM's functions.
Chrome has a built in "anti virus" that scans every file on your computer. Only reason I found out about this feature was I heard my hard drives spinning up loud at 2am when I wasnt using my pc. Gutted that shit afterwards and went back to Firefox only.
Honestly Firefox are not a good alternative either... Mozilla are slowly falling into the same gaping hole Google did.
Yeah, Firefox is really pushing this AI crap.
went to floorp. can really recommend it
@@samuraiwarriorsuniteyeah like… local translation and local alt-text generation for the visually impaired… evil evil Mozilla 😂
@@samuraiwarriorsunite be careful, you're as evil as Mozilla because you have AI in your name, nice try bot 🤖
Feels good being paranoid, right?
The thing being in not only Chrome, but in Chromium is worrying, but talking about Google it could be so much worse. Ditching the slogan "Don't be evil" was only the first symptom.
Don't be silly!
We should have never left using lynx browser.
Typical fanboy behaviour. Netscape Navigator is where it was at.
Internet Explorer and its consequences have been a disaster for the human race.
What do you mean, you left? 😲
@@pelic9608 I find it is not nearly as critical with high-speed internet.
Using lynx for dial-up was a game-changer. Sites loaded in seconds instead of minutes.
@@pelic9608 i think, he meant " stop "
I'm so glad Firefox updated their shit to not crash from my encryption key dongle. Don't have to use chrome for anything other than testing now.
as far as EU goes this is in clear violation of DMA law. How much? In the 1-2 billion fine according to the latest fines EU has given.
And that would be only for the anticompetitive part. Now this can also be an issue for privacy.
on the other hand, EU will not chase anything smaller that did not hit a world wide dissatisfaction, that is not following the Apple brand at the current moment. Why? Probably it is an obsession they have or just Apple denied to give under the table money to Vestager
1-2B is nothing.
Stop using chromium browsers
Yay Ladybird! It may be a while before there’s a Windows version, let alone a full-featured competitor to Chromium, but yay Ladybird nonetheless!
@@CrippleX89 It's going to need work before it measures up to the competition I'm afraid. But, I'm hopeful long term.
I have a webapp that only works in a Chromium browser, or to be more exact, it kinda works but things break in Firefox. The docs state to use Chrome, so what can I do. For that, the ungoogled chromium flarpak works for me 🤷♂️
*except ungoogled chromium, ungoogled chromium the goat.
Mozilla As bad as google, check new ad thing they bought and is being enabled by default in v128
Sounds like anti-trust lawsuit. You can just decide that you treat your own sites better.
Never noticed. But I haven't started Chrome in a year. Firefox only but Edge on the corporate vm.
Chrome being there without using it does stuff, odd program.
This affects all chromium-based browsers. Edge is also chromium-based.
Mozilla As bad as google, check new ad thing they bought and is being enabled by default in v128
@@lussor1 Calm down. Some bad decisions don't make a company as bad as Google. Have some sense. There are worse and better browsers. Firefox is better for privacy than Chrome. Even out of the box.
@@lussor1Why are you spamming this comment everywhere and then refusing to provide any sort of evidence to what you're talking about? Don’t spread fear for the sake of smearing something, make people aware. As far as I can tell, nothing of the sort is happening, especially not something that would make Firefox "as bad as Google"--no one in the world has enough money to achieve that lol
close enough, welcome back internet explorer!
died
born
This reminds me of the bad old days of the Internet Explorer monopoly.
Google would probably argue that there’s no DMA violation because the plugin is _technically_ not an integral part of the browser. However, they do ship the browser with the plugin pre-installed which kinda reminds me of the whole IE-Windows bundling debacle
Was IE *technically* an integral part of Windows?
@@trollblox_ no but now edge is lol
@@trollblox_ Not initially, but in Windows 98 (IE 4) it became a semi-integral into the system and was much more difficult to remove due to its shell in Windows Explorer. For example it was required to view help files and other applications that would use the view to display web content/serve ActiveX objects through IE.
See United States v. Microsoft Corp. case for info about the controversy.
@@trollblox_ yes it was.
De-googling is getting easier all the time. CZcams is now all I use my account for
really liked this break down, informative and to the point!
2:27 new fetch script dropped 😂
The OBS "not liking" that you opened Meet might be a kwin bug. Or pipewire. Or portal. Someone didn't properly handle multiple screen recording/sharing clients.
Could also be that when Firefox tries to grab the webcam, that the v4l2 driver complains because those are generally only allowed to bind to a single application and as we see in the bottom right while it was captured the webcam was bugged.
I think it's what ether said
The only legitimate reason for something like this is high performance web applications that require this information to function at it's best efficiency
I wonder if there is there any way to prevent this information from being shared at an OS level?
Yeah compile the source code yourself and turn it off
My website has advantages over others! No adds, no tracking, no info gathering unless you fill out a form to give it to me by your own volition, no putting anyone on a mailing list automatically just for filling out the form, and no code pulled in from other websites, not even google fonts..., and I don't have that file on the site used to let google better index the site (Nor anyone else's)...
So... Congrats? You've discovered how to make websites without any external dependencies? Welcome to 1998
Robots.txt
@@stefanalecu9532 I'm webadmin for a website that also specifically doesn't have any tracking, no Google services, no social media integration, blah blah blah. I don't even keep website hit stats. It matters because privacy matters. The people who use our website are accessing it for health reasons (since it's a health related service) and their data is not any of our business and it sure is shit isn't any business of Google, Meta or anyone else. From a personal perspective, I'm frankly sick to death of going to even simple websites and seeing Privacy Badger blocking 10 (or more) fucking trackers (after Ublock has already done it's thing). Why the hell does a website providing the most basic of information need to have so many trackers? The answer is, we don't. I've been in web design and dev since the late 1990s. I've been doing websites since HTML, CSS and PHP were in their infancy. There is so much fucking bloat on websites these days. That's a waste of power, data storage, data transmission and user time and effort. It's also an unnecessary invasion of privacy. All because a bunch of dickwad SEO and data mining companies have convinced people they need to do unnecessary A/B testing, tracking, data mining, etc. that's to THEIR benefit, not the website owner and sure as shit not the customers/visitors. Worse is that so often these trackers and data miners are bundled with services that blocking them breaks the damn website. Ridiculous.
I kinda wanna visit the site
drop the link, I want to see it too
What about the KDE falcon browser side project? Is it there?
I use Floorp and firedragon so it doesn’t really concern me, but I’m just curious.
Exclusive rights in a browser, that sounds like dangerous territory for an EU fine.
That list of enabled permissions also includes the mic, video, and screenshotting the user's desktop... from any google site.
For why someone would use edge if an enterprise organization is using a bunch of Microsoft crap edge is both a default on the computer and means that you don’t need to ask for permission to get a browser.
What you just showed me at 2 minute and 50 seconds in is there is a peice of information I can diff to start building something given those values update at sufficient rate I can see the usage increase (oh this was on google site) and compare it to the amount of seconds lapsed since I last checked, getting the accurate elapsed time precisely however takes some magic within wasm since specter safeties added in browser, not sure what the most precise time measurement we can do in the browser is at this moment, but this CPU stuff is hinting as a possible spectre vuln maybe why it is being limitted?
Thanks for remining me that I need to make the switch to flatpaks
I always like your videos, even if the topic is not of much interest, because you are what makes it so good! and of course the wacky cat jam at the end! Oh, and I really want to know if that's your cat and what or rather who "Debris and Jonth" are! PLEEEEEEEEEEEEEEEEASE TELL ME!!
That's the name of the artist of the song lol
@@BrodieRobertson OK, but what about the kitties? My cat Lucy and I want to know!
@@Bob-of-Zoid it's a meme
@@nikkehtine Well it's a cute one!
Every *other* extension you need to explicitly enable incognito access. Seems bad to not only bundle this and not allow uninstall but to also enable that
We need more browser engines am sick of a garbage company like google essentially controlling the entire internet and what is standard I dont want a standard
Ladybird is coming soon, or might already be working
The problem is people dont want different sht because google account syncs data
What is stopping Microsoft from adding the same to Edge? If Google can do it, Microsoft can as well.
Very likely a fingerprinting method.
Everyone keeps asking what's going on and why it's going on but forget to ask how it's going on
Record the cpu, & ram usage with a timestamp & can basically tell who's who. I'm guessing with more error padding even across browsers with this setting.
Remember when devices had exclusive features?
Congratulations, now browsers are trying to do the same thing.
My issue is it’s proprietary google code and it’s in the chromium project. Want it in the chrome branded browser no big deal. Putting it in upstream they are overstepping imo.
I would have expected Microsoft to get rid of that plugin in Edge... Ah well, I mostly use Firefox anyway and only use Edge for PWA support and Chromium based testing.
Of course they didn't. If they did, users would essentially see an ad for Chrome when using Meet.
Mozilla As bad as google, check new ad thing they bought and is being enabled by default in v128
Is it possible maybe even google forgot about the hangout stuff?
Not use Chrome or Chromium-Based browsers, then?
I see very little issue with the kinds of data collected here, I mean it doesn't even seem to have a list of processes and given that we know it's connected to an extension now, it should be quite simple to track whether that changes in the future. Good on Google for doing this mostly out in the open, at least we know the what and how like this.
It kind of disturbs me, that a extension is installed without you're explicit permission that allows google to read those details. Personally, I would never ever switch to a chromium based browser. Sadly, there isn't that much left anymore and I hope, Mozilla will continue as long as possible.
On one hand, it could be another case of Google spying on its users. On the other hand, it could be another case of a billion-dollar company being lazy/negligent by leaving in code that's not even necessary. Either way it's not a pretty picture. I'm more surprised that few developers didn't notice that Hangouts and Meet were different services until recently.
Never assume malice if incompetence can achieve the same result. In this case I suspect someone at Google was just being lazy.
Thats very silly, even with companies with proven track records of doing bad things on purpose?
I don't have a Chromium-based browser and I don't want to install one. My only question is did anyone test mapping another legit IP in the hosts file to point to an unexisting Google sub-domain and test the command out? I have this weird hunch that this kind of shady solution would work and these network aliases can be applied in different contexts.
3:36: Kureiji Ollie, Gura, and Bao? Brodie watches Vtubers?
Ha e you never noticed his shelf at the back?
all they need to do is add a permission that asks the user if they want to send that info to the website.
So - this is API provided by extension, only for Google websites?
Currently I think the best course of actions would be to codify the API into a web standard, to extend such functionality to other sites and browsers.
What? And give ALL private companies access to your hardware details? The fact that people don't know how terrible an idea that is, is scary.
@@_Stin_ No - it should be fenced by the same dialog, as microphone/camera/gps access. I prefer that over something exclusive to google.
"chromium virus does not exists it cannot hurt you"
chromium virus :
Technically, the shims, and the polyfils typically in other google projects and some non google projects find their way into CSS and other parts of the chromium engine. Remember a shim is for adding javascript functionality in older browser and polyfill is a method to use javascript to manipulate css from javascript, and these ship to make other browsers that are not chromium work with google sites, many of the functions in the browser still ship as polyfills and some sites are using them when they do not need them. It has been a while, have to check myself on definition of polyfill and shim, but these are the design patterns I would use when a browser is missing a feature I think it should have, and ship it within javascript, and idk possibly wasm now may enhance a shim.
A polyfill is adding functionality that is otherwise not available, i.e. in older browsers or for new APIs that have not yet been implemented into the browser engine. It's not specific to CSS. A shim is intercepting existing APIs and implement different behaviour, like overwriting `fetch` or `console.log` to include additional code while still executing the original implementation.
TL;DR; Shims is intercepting existing APIs, Polyfills are implementing non-existing features and functionality (usually with a fallback to the original implementation).
Google, MicroSoft and Apple aren't companies that you can trust... I don't...
A Linux User for over 25yrs and Firefox for 20yrs...
Google doing the same thing they complain Apple is doing.
I actually think a web standard resource utilization API would be useful.
Cool twitter profile picture
ip+hardware info + other info gathering sytems = you add based on past data + your using a google account to login ,
I wonder if any of google analytics domains allow access to this data
Of course everything.
it does record it. but Google doesn't show it individually it will just compile it and show it just like steam hardware survey does.
Good Debian disables crap by default. Nice.
It's fine if it were exclusively Chrome feature, but embedding it in Chromium is a disaster.
reminder that people who don't have twitter accounts can't read threads so if people without accounts are seeing it they literally wont see any follow ups
I mean, chromium is open source, you could just check that.
But I think maybe you mean chrome, Google's very popular closed source chromium browser
Can someone tell why Brodie is so funny? Most Linux CZcamsr are highly opinionated and get salty pretty fast on certain Topic. Except Brodie.
Because he's an aussie
Hangout addin went away, I was mad, what, the chatty thing that can secure connect to googles servers? Interesting.
0:50 Theres a good chance they only know about the first tweet since that's all they can see since Twitter doesn't show you threads anymore without an account.
If you run into this issue and don't want to make an account, try viewing the tweet via a Nitter instance. I can't link instances or YT will delete my comment (it might even delete this comment and I won't be able to notice until I post it)
Your comment's still here.
For now...
I use emacs btw
Emacs pog
great web browser
ur being way to generous with that; thats definitely a backdoor.
My main point is it's not unique to Google, they're just in a special position to ship it out of the box
Link in the description... down under xd
Need to hook calls to Windows API and return my own values.
What API does the extension call? How do you want to hook it, build Chromium yourself and link it against your version? Or is there a way to hook windows API calls within windows, I mean there are window hooks to customise messageboxes but I am really intrigued what you had in mind. I simply do not use Chrome, I use Brave. Would it not be easier to uninstall/disbale the extension?
Nah, user space hooks are super easy to bypass
@@theevilcottonballWhat he is probably referring to is user space hooks aka peocess injection.
You just need to rewrite some dlls in the process. It is similar to game mods
@@theevilcottonball CZcams usually deletes too technical comments so I can't tell too much details but I meant Windows API. Think about games. Games do not expose any API and games have anticheats but wallhacks and aimbots are still being made despite of it. So what stops me from using the same approach with chrome? Of course in reality it's easier to just switch to Firefox so it was kind of 50% troll comment. But about disabling extension it was said in video you can't disable it.
@@tablettablete186 I wouldn't say super easy but I can mode to kernel mode if needed. I am 80% sure that if they try to make kernel mode anticheat to bypass it, they will get a ton of bad publicity from IT youtubers and that would make them roll it back.
Sallie enjoyer spotted
This could have been used for the recaptcha and google analytics.
Don't some bots use an embedded version of Chromium?
Wow, a browser developed by Google is making sure Google websites are optimized to run on my PC by letting Google's sites communicate directly with my computer, so that I keep using that browser? What a surprise!
How about brave browser?
hangouts extension is enabled by default.
brave://settings/extensions
Have you bothered watching the video?
In settings find Hangouts option to disable it
I use Vivaldi BTW
And it comes with option to disable it like brave
firefox win?
Check new data harvesting ad thing they bought. Its horrorific
After switching from Chrome to Firefox my perception is that I get more adds, more un-skippable adds and more delays on CZcams. Someone should do some tests !
first
Chromium developers and team sounds like are imported from the Edge. Now that GitHUB has a new owner.
YT adds are successfully pushed. lol
me who uses firefox:
As bad as google, check new ad thing they bought and is being enabled by default in v128
@@lussor1 as long as you can disable such stuff with like with like user.js, there's no way it is as bad as google, definitelly not good, but google is uncountably worse
you who uses firefox: using mozilla spyware, "telemetry".
Stop showing terrorist hate symbols in video.
ok
Your account is weird
@@stefanalecu9532 he's probably trying to get attention
I'm ok to use Chrome, at least it works
So does Firefox. Your point shill?
They all work tho lol
You have a really low bar.
Use brave dude
spyware, it just works.
This makes me think that this should not have made it into public builds.... As a Xoogler (eX-Googler) this was the kind of thing that was regularly used internally for validation and testing of performance and such through internal dog-fooding of tools. Curious if this was accidentally left in the code base