It’s time for Google being Google, this time by using an undocumented APIs to track resource usage when using Chrome.
When visiting a *.google.com domain, the Google site can use the API to query the real-time CPU, GPU, and memory usage of your browser, as well as info about the processor you’re using, so that whatever service is being provided – such as video-conferencing with Google Meet – could, for instance, be optimized and tweaked so that it doesn’t overly tax your computer. The functionality is implemented as an API provided by an extension baked into Chromium – the browser brains primarily developed by Google and used in Chrome, Edge, Opera, Brave, and others.
↫ Brandon Vigliarolo at The Register
The original goal of the API was to give Google’s various video chat services – I’ve lost count – the ability to optimise themselves based on the available system resources. Crucially, though, this API is only available to Google’s domains, and other, competing services cannot make use of it. This is in clear violation of the European Union’s Digital Markets Act, and with Chrome being by far the most popular browser in the world, and thus a clear gatekeeper, the European Commission really should have something to say about this. For its part, Google told The Register it claims to comply with the DMA, so we might see a change to this API soon.
Aside from optimising video chat performance, the API, which is baked into a non-removable extension, also tracks performance issues and crashes and reports these back to Google. This second use, too, is at its core not a bad thing – especially if users are given the option to opt out of such crash analytics. Still, it seems odd to use an undocumented API for something like this, but I’m not a developer so what do I know. Mind you, other Chromium-based browsers also report this data back to Google, which is wild when you think about it.
Normally I would suggest people switch to Firefox, but I’ve got some choice words for Firefox and Mozilla, too, later today.
Fun. I’m in the middle of switching from Firefox to the Debían build of Chromium.
Are there any Chromium builds without this “feature?” Ungoogled-chromium? Iridium?
I wouldn’t do this. It’s going to get manifest v3 just like the rest of chromium.
I’m no fan of companies giving themselves privileged access to user devices. Unfortunately. this sort of thing is even more widespread than google, Apple notoriously gives itself privileged access at the OS level. Microsoft too. Today’s consumers have to deal with the reality that companies have given themselves themselves privileged access often times without even disclosing the fact that information.is being collected or letting owners disable it.
We saw this during covid when Apple refused to allow the UK government’s track and trace solution access to the Bluetooth function. Instead the government was forced to implement a new solution based on the Apple/Google partnership (and pay them for the privilege).
Adurbe,
I remember that. This was also a problem with the NFC API. Apple kept the API to itself because they wanted to keep others from implementing competing services. Ugh, I don’t like monopoly behaviors regardless of who is behind them. It’s such a disappointment that our leading tech companies are guilty of this, but it’s because we let them get away with it and it “works” in terms of profits.
You can always do what Stallman does, who sends a request to a remote server to fetch a page for him and convert it to text, so he can then fetch it with wget and view it with emacs:
https://web.archive.org/web/20120506225930/http://stallmanfacts.com/what
Web browser became so complex that their are essentially, operating systems.
And with that, comes some of the worst practices of OS vendors, like giving themselves privileged APIs to use with their own products. Microsoft is notorious to have plenty of “undocumented APIs” for ages, never forget the whole Adobe Type Manager debacle.
Firefox doesn’t do that, it makes a browser the way it was meant to be (since the invention of the script tag), aka a sandboxed runtime that doesn’t have access to privileged info about the underlying OS and doesn’t grant preferential access to certain domain names. But unfortunately, everybody is using Chrome instead.
So Google takes everything, regarding privacy, and this is the issue we are having with it?
This makes me want to sarcastically laugh and cry at the same time.
I can see why they want to keep this API away from 3P developers. It is a privacy nightmare which can be used to uniquely identify individual users.
That being said, this should at least be a whitelist of apps, which go though a certification. If Google can prove Google Meet or other internal software are privacy compliant, they could extend this to at least Zoom, WebEx, Skype and others. (Would be a tough one for open source, though, maybe a specific signed version?)
This is why “old Google” and “new Google” are unrecognizably different.
Users should be able to turn this telemetry stuff off if they want to, but I don’t see a strong case for unilaterally denying 3rd party access to the cpu/gpu load information. Users of services like zoom/webex/skype are much more likely to be tracked by their account ids than this API. Still, whatever the solution is, I wouldn’t have a big problem as long as google lives by the same rules as everyone else. No “one rule for us and another for everyone else”.
Alfman,
Yes, this should be default.
There are of course exceptions, due to security, or APIs not being ready for public consumption. This particular one is egregious. Something like Windows 3.1 refusing to run on DR-DOS.
We get what we pay for.
Dead to Google, the “don’t be evil” sarcastic company…
The API is used to optimize video chat performance based on system resources, but it is only available to Google’s own domains, not to competing services. This is seen as a violation of the EU’s Digital Markets Act @io games