This seems like a cut-and-dry case of getting caught in monopolistic behavior. The code is right there. The Chrome codebase has special features for Google’s own web properties.
I hope all these AGs suing google have some good tech advisors. It’s hard to keep track of all the nefarious things google has been up to over the past decade.
> This seems like a cut-and-dry case of getting caught in monopolistic behavior. The code is right there.
???
Is "Darn, their browser only gets to track me on their own websites; if Google were playing fairly, they'd send the tracking header to all websites so I can be tracked more and have less privacy" the argument you're making here?
And it's debatable that this header is actually serving a tracking purpose at all. Being limited to their own web properties cements it as a diagnostic to me. What use is a tracking header that only gets sent to domains they already know you're visiting?
Security flaw? Surely some entity is squatting youtube on some TLD?!
If there is a country TLD of X where Google owns google.X but entity Y owns youtube.X then entity Y gets the X-CLIENT-DATA header information. See usage of IsValidHostName() in code.
Note this would be a privacy flaw which is not covered by the Chrome Rewards program (which only covers security flaws) so I haven’t bothered logging it as a bug since I don’t want to waste my time verifying it for nothing!
Actual list: https://cs.chromium.org/chromium/src/components/google/core/...
This seems like a cut-and-dry case of getting caught in monopolistic behavior. The code is right there. The Chrome codebase has special features for Google’s own web properties.
I hope all these AGs suing google have some good tech advisors. It’s hard to keep track of all the nefarious things google has been up to over the past decade.
Perhaps you can send a summary to them, including the evidence?
> This seems like a cut-and-dry case of getting caught in monopolistic behavior. The code is right there.
???
Is "Darn, their browser only gets to track me on their own websites; if Google were playing fairly, they'd send the tracking header to all websites so I can be tracked more and have less privacy" the argument you're making here?
And it's debatable that this header is actually serving a tracking purpose at all. Being limited to their own web properties cements it as a diagnostic to me. What use is a tracking header that only gets sent to domains they already know you're visiting?
2 replies →
Security flaw? Surely some entity is squatting youtube on some TLD?!
If there is a country TLD of X where Google owns google.X but entity Y owns youtube.X then entity Y gets the X-CLIENT-DATA header information. See usage of IsValidHostName() in code.
Note this would be a privacy flaw which is not covered by the Chrome Rewards program (which only covers security flaws) so I haven’t bothered logging it as a bug since I don’t want to waste my time verifying it for nothing!
https://chromium.googlesource.com/chromium/src/+/master/docs...
like youtube.vg that is available ?