Chrome Exposes Scary System Functions To All Google Domains

GUYS I WAS WRONG. I WAS NOT AN INVESTOR IN GOOGLE. I sold my positions long ago and forgot. Don’t worry, just bought some now :)

It's very simple. If they want these features in Google Meet, then they must request we install the extension like every other website has to. Baking it into the browser is unfair and untrustworthy

It's not scary because it spies on you. It's scary because it breaks the social contract of the open web.

No, it's still very bad, because it breaks the fundamental trust that all websites, including google's, play under the same rules, same API, same everything. Today they just watch some CPU usage so they can deliver a better service(than others), tomorrow they could decide to compete with MS' Replay and track user's desktop screen, or whatever. Who knows? The situation would be a little different, if the damned extension was at least visible in the extensions menu, even if it comes preinstalled, then people who don't use Hangouts/Meet/Google Whatever could at least find it there and disable it. But they hid it. This is very very clear abuse of their market position, and should be heavily punished, despite their "best intentions". Also, the sheer audacity to keep the extension in other chromium forks...

With all that unique ID data it's a good job Google aren't an ad network or anything.

On the topic of Firefox not handling packets that are not perfectly sequential - is that the right way to do it? I've seen someone (I think from Firefox) comment that the way Google is doing it is wrong and goes against the standard. Even though I don't use Firefox I'm way more inclined to believe them, the "global nonprofit dedicated to keeping the Internet a public resource that is open and accessible to all", that they are implementing the standards correctly, rather than Google who's been known for shitty behavior all throughout the years.

The problem here is that the extension is baked in and unlisted in chrome extensions. Yes, you can create your own extension to get enough CPU info for your website, but: 1. It won't be baked in, user must install it. 2. You don't have access to regular extension controls to disable it (this won't prevent meet to work, but it will prevent optimal CPU utilization). Even if the extension exists and enabled by default, it should still be visible on chrome extension page.

Wish google shipped this a an extension in the web store and not installed it by default. Then they could tell users to install it when they visited Meet.

Yes, that's how security works. I can rest assured this is not a problem because you couldn't exploit it yourself in a stream (granted, with help). Come on man, you know this is fucked up.

The use case is probably not as bad as it first appeared, but having it be installed and unlisted by default is gross. If it just was an extension that meet prompted you to install to use the service I'd have no issues with it.

TLDR: Theo praises google for anticompetitive practices and also claims that updating a list of five domains every decade is too difficult for an indie company like Google

Its wild to me how Theo just casually uses his personal anecdotes to entirely discard serious discussions like Google throttling their services on other browsers. "I had a bad developer experience with Firefox, hence Google slowing down their services on other browsers must be bullsh*t" How does that even matter or make any sense. like do you even think before you speak or listen to yourself? Same goes for the whole video, the point is not about what that code can do, but more so about why does company specific code exist in an OS project.

A comment about the DMA: There are already multiple cases open against Apple, Google or Meta because the European Commission is not satisfied with the way these companies “comply” with the law, because they do not do it. And from what the commission has said, the regulations will continue to evolve and they will not stop sanctioning companies until they comply with the law. But it's only been a few months since the DMA came into force and these things take time...

There's a bit too much copium here.. okay it's only scoped for meets. But that misses the problem that Google has preloaded it's own special extension, which by the way is completely exploitable. There's no reason this shouldn't be opt in only. The fact brave is even exposed says it all. And being open source doesn't mean anything. Because we can see their dark pattern doesn't make it less of an issue.

was there not a line in a youtube script that slept for 5 seconds if you were on firefox?

I have invested in Google. Google has a unfair competitive advantage over my product but I'm not too annoyed. Am I the only one who reads this as a conflict of interests ?

even if you put aside the severity of the access google has, the key issue you did not address is the competitive advantage. You can't hand-wave it away by saying that the devs had a good intention at heart. How about all other devs that try to compete? do they have the same freedom to have already installed backdoor unlisted unapproved extensions?

Firefox, I don't care what they say about you. You're there when I need you the most. Apple did me wrong and Google does Google things.

I don't entirely trust you

"If the packets aren't perfectly sequential" TCP?