Comment by danans

6 months ago

There is potentially an innocuous and straightforward explanation for this. Imagine the browser comes with some functionality implemented as a google.com-signed web app (as opposed to compiled/linked C++ as a lot of the older Chrome UI).

It would be silly if that PWA-implemented browser code would need permission to access the system information, since it is part of the browser's functionality itself.

Another use case for a private API (that has long existed) is integration of the Chrome browser with Google-specific websites that provide core functionality, like the Chrome Web store, to allow for installation/removal of extensions from a web page.

I think it is a mistake to give a company like Google the benefit of the doubt. Consumer protection is a lot like security, we should theorize the worst case scenario, and assume the company is willing to work against consumer interest if it serves their own interests.

If there exists a mundane and reasonable explanation for this, that doesn’t matter if there also exists a potential to exploit it in a way that harms consumers’ interests.

  • Well said. Hanlon's razor doesn't work for corporations (or with people that have already shown their willingness to do the unethical).

    • I actually prefer Marx’s razor over Hanlon’s: “Never attribute to stupidity that which is adequately explained by class-interest.”

Any time things like this are needed, I think it should ask the user for permission first.

  • My examples are of core browser functionality, just implemented with a different tool chain (a web app instead of C++). Should the user be asked for permission for C++ to send an IPC to another C++ component? Should the Chrome Web store ask for permission to install extensions in Chrome?

    Down-thread I see that this is being used for Google Meet functionality, for which I agree it should ask for the user's permission.