By John Gruber
1Password — Secure every sign-in for every app on every device.
- Google Chrome, Along With Other Popular Chromium Browsers, Grants System Monitoring Privileges to *.google.com Domains
-
Luca Casonato:
So, Google Chrome gives all *.google.com sites full access to system / tab CPU usage, GPU usage, and memory usage. It also gives access to detailed processor information, and provides a logging backchannel.
This API is not exposed to other sites - only to *.google.com.
This is interesting because it is a clear violation of the idea that browser vendors should not give preference to their websites over anyone else’s.
The DMA codifies this idea into law: browser vendors, as gatekeepers of the internet, must give the same capabilities to everyone. Depending on how you interpret the DMA, this additional exposure of information only to Google properties may be considered a violation of the DMA. Take for example Zoom - they are now at a disadvantage because they can not provide the same CPU debugging feature as Google Meet.
I frequently bemoan the DMA’s ambiguity but here I’d say it’s crystal clear. Chrome is a designated gatekeeping platform, and granting system-monitoring privileges only to Google’s own websites is clearly in violation. Here’s a Hacker News comment from a purported Google employee who calls the feature “mundane” while admitting that Google Meet uses it as a tool to debug bad connections, even though no other web-based meeting app has access to it. I can think of no better example proving that Google views the open web as a platform that it owns.
But put the DMA aside. This is just creepy. It’s clearly a privacy violation. I don’t want Google to know what kind of CPU I have, how many cores, and how busy they are. And the makers of other Chromium-based browsers are so lazy that their browsers — Microsoft Edge and Brave at least — include this same “feature”. I don’t mean that Edge grants system-monitoring privileges to Microsoft’s websites. Edge grants these privileges to Google’s websites, and Google’s alone.
But speaking of the DMA, Chromium is, far and away, the most popular browser engine that the DMA compels Apple to allow on iOS. There are legitimate reasons to wish that Apple allowed third-party browser engines on iOS. But there are also legitimate reasons why Apple doesn’t allow them. Chrome really is bad. Better to let the market decide than let clueless regulators decide.
★ Friday, 12 July 2024