Worse off. I have to use Meet for work, and I'm forced to run Chrome for Google's shitty software to run acceptably.
Edit: And for some reason I have a Chrome profile even though I never created one and never "logged into" Chrome. Another thing that's been forced on me by Google's product team.
Trying to be generous, the only reason I can think for why customers would be worse off is that Google is literally the only one who can be trusted with this kind of power. Not Zoom, not Microsoft, not the user whose data is being transmitted, etc.
But even that does not explain why the existence of the API was not disclosed. Do you agree that that looks bad for them?
Then there is the fact that Google is far from being a company people trust. They should be rushing to be transparent about their decision, if there is a good, persuasive reason for it. They could use the good press. Instead, they made a secret API that can read privileged system information, locked it so that nobody else could use it, and then never told anybody about it—all while claiming to be secure, and privacy-focused, and definitely not abusing their browser monopoly.
Microsoft Edge's source code isn't available. We don't know really know what kind of stuff they patch in.
It's just that Google keeps most stuff in Chrome open.
To me it looks like Google wants to use some analytics on Google Meet to improve it (e.g. a/b testing on CPU consumption), or they just want to provide that interactive CPU% widget in it, but they don't think it would be a good idea to let just any website use it, as it can could be used for fingerprinting (e.g. if you have two different sites open in separate tabs, they could detect this by co-operating to correlate the CPU% time series data, even if the connections are over Tor or proxies).
For non-Google services they provide a mechanism to do the same by having the customer install an extension with the correct permission.
That's the internal API used by the hangout_services extension. It's the extension itself that is undocumented.
A user might reasonably expect that web pages do not have access to the system.cpu API by default. And that's mostly true, but thanks to the pre-installed but hidden hangout_services extension, google.com does have access to this API. That's at least a little dubious.
Worse off. I have to use Meet for work, and I'm forced to run Chrome for Google's shitty software to run acceptably.
Edit: And for some reason I have a Chrome profile even though I never created one and never "logged into" Chrome. Another thing that's been forced on me by Google's product team.
Meet works in non-chromium browsers, so .. forced?
Trying to be generous, the only reason I can think for why customers would be worse off is that Google is literally the only one who can be trusted with this kind of power. Not Zoom, not Microsoft, not the user whose data is being transmitted, etc.
But even that does not explain why the existence of the API was not disclosed. Do you agree that that looks bad for them?
Then there is the fact that Google is far from being a company people trust. They should be rushing to be transparent about their decision, if there is a good, persuasive reason for it. They could use the good press. Instead, they made a secret API that can read privileged system information, locked it so that nobody else could use it, and then never told anybody about it—all while claiming to be secure, and privacy-focused, and definitely not abusing their browser monopoly.
Microsoft Edge's source code isn't available. We don't know really know what kind of stuff they patch in. It's just that Google keeps most stuff in Chrome open.
This bit wasn't discovered by looking at the source, though, so I don't think that point is relevant here.
> But even that does not explain why the existence of the API was not disclosed.
The existence of the API is documented: https://developer.chrome.com/docs/extensions/reference/api/s...
To me it looks like Google wants to use some analytics on Google Meet to improve it (e.g. a/b testing on CPU consumption), or they just want to provide that interactive CPU% widget in it, but they don't think it would be a good idea to let just any website use it, as it can could be used for fingerprinting (e.g. if you have two different sites open in separate tabs, they could detect this by co-operating to correlate the CPU% time series data, even if the connections are over Tor or proxies).
For non-Google services they provide a mechanism to do the same by having the customer install an extension with the correct permission.
That's the internal API used by the hangout_services extension. It's the extension itself that is undocumented.
A user might reasonably expect that web pages do not have access to the system.cpu API by default. And that's mostly true, but thanks to the pre-installed but hidden hangout_services extension, google.com does have access to this API. That's at least a little dubious.
[flagged]
> Google is by and large run by a bunch of engineers who are trying to do the right thing and often don't think about how things might be perceived.
Maybe that was true in 1998, but it's certainly not true now.
1 reply →
> Google is by and large run by a bunch of engineers who are trying to do the right thing and often don't think about how things might be perceived.
Strange statement given that there's absolutely no evidence of that.
3 replies →
Worse, by having less alternatives to choose from. This is why anti-monopoly laws exist.
[flagged]