← Back to context

Comment by justo-rivera

6 months ago

You just need to "register" a subdomain. So basically any google employee has potentially full access to your system?

28 comments

justo-rivera

Reply
sophiebits  6 months ago

You’re likely severely underestimating the amount of internal paperwork and review that is required to launch a new google.com subdomain.

drpossum  6 months ago

Or anyone who controls your DNS resolution which has a number of paths (for example a local hosts file, possibly a router, changing your config or how you get your config to a malicious DNS server, etc)

Tiberium  6 months ago

In what world does "system / tab CPU usage, GPU usage, and memory usage" mean "full access to the system"? Any Chrome extension can access this info easily, the point that the tweet makes is that there's a built-in Chrome extension that shares this info with Google's own websites without any confirmation.

mywittyname  6 months ago

Is it really that easy? I just kind of assumed that devs could create subdomains under a dev TLD like googdev123.com, but not google.com until it was a fully-fledged product release.

  • hn_go_brrrrr  6 months ago

    Nothing at Google is that easy. It is a large and slow-moving bureaucracy.

    • rpnx  6 months ago

      Agree. I work at Google. I promise nothing happens quickly. It can take over a week to set up a new SQL database & client. Half coding (don't get me started on boq...) and half data integrity and criticality annotations for the data...

      I don't know what setting up a new domain is like but I can't imagine it's something you "just do".

      1 reply →

lyu07282  6 months ago

> full access to your system

Only to leak your CPU/GPU utilization though as far as I understand it. Those can also be exposed in other ways by legitimate JS/WebGPU by measuring/profiling shader runs/etc.