It turns out Google Chrome (via Chromium) includes a default extension which makes extra services available to code running on the `*.google.com` domains - tweeted about today [by Luca Casonato](https://twitter.com/lcasdev/status/1810696257137959018), …
Simply noone ever looked and it’s not documented. And the api is locked to work only on google domains so it wasn’t usable to anyone to accidentally notice what’s going on.
The code doesn’t do anything on non-Google domains.
Luca says this - I’m inclined to agree:
This is interesting because it is a clear violation of the idea that browser vendors should not give preference to their websites over anyone elses.
Follow up question: How many other parts of the chromium codebase limited to work on (maybe other) specific domains?
The code doesn’t do anything on non-Google domains.
A Google engineer adds a piece of code, does not document what exactly it does, and it was approved without question. Something is seriously wrong with this or I don’t know how the Chromium project works.
I read somewhere a long time ago that chromium is a “look, but not touch” type of foss project. You can fork it, fix it, do whatever you want with the code, but on the main chromium repo they rarely accept PRs from random contributors
And the workaround for this issue is really simple, and it was recommended privacy wise for a long time: don’t use chromium based browsers and don’t visit google related sites, as much as you can.
You can fork it, fix it, do whatever you want with the code, but on the main chromium repo they rarely accept PRs from random contributors
This needs to be discussed more by the community.
I can kind of understand what’s happening. They want to have complete control over what goes in an out of Chromium. Some PM is probably overseeing the PRs, and if some PR hinders their ability to collect data, that PR gets rejected. Mighty fine project this is.
Other forks probably don’t have the resources to go through all the commits issued by Google and just accept them as it is. They just makes the changes to suit their own agenda. All the more reason for people to switch to Firefox
I wonder how Ungoogled Chromium is affected by all this.
I don’t know what needs to be discussed. Everyone owns their code, every project has some kind of hierarchy. Chromium is a project started by google, so Alphabet Inc. has a final word in any decisions. Similarly Linus Torvalds has a final say in Linux kernel development, and Lennart Poettering in systemd. That’s how it always worked, and I think it’s good enough.
What you can do is, you can hard fork a project, than you can have a final say there. This is actually how chromium’s engine started: its Blink engine is the fork of Apple’s webkit engine which is again a fork of Kde’s khtml engine.
Ungoogled chromium is not a hard fork it’s just a list of patches: https://github.com/ungoogled-software/ungoogled-chromium They can override google’s decisions this way, but the more thing they patch the more thing they have to maintain, more work, and more things can break with each update. Afaik it’s similar how all other chromium based browsers work.
Everyone said this for years now. If you care about the freedom of internet (caring about your privacy is secondary) you shouldn’t use chromium based browsers. Stop using it now.
Open source doesn’t mean they have to accept community input. The rights you’re granted are the right to take their code and alter it for your own project, or redistribute it, not direct it.
A lot of corporate owned open source projects choose not to accept third party contributions at all (or at least without giving them actual ownership), because if they own the entire codebase, they can sell different licenses to businesses that may not like some restriction of the open source license.
I prefer the VS Code approach. The entire codebase is open but owned by Microsoft. But because of the MIT licence, the community has made VSCodium. Microsoft does not interfere with VSCodium (AFAIK). This I think is a good model.
Isn’t chromium open source? How are the APIs a secret?
Simply noone ever looked and it’s not documented. And the api is locked to work only on google domains so it wasn’t usable to anyone to accidentally notice what’s going on.
Follow up question: How many other parts of the chromium codebase limited to work on (maybe other) specific domains?
A Google engineer adds a piece of code, does not document what exactly it does, and it was approved without question. Something is seriously wrong with this or I don’t know how the Chromium project works.
I read somewhere a long time ago that chromium is a “look, but not touch” type of foss project. You can fork it, fix it, do whatever you want with the code, but on the main chromium repo they rarely accept PRs from random contributors
Here is an article from 2020, about the first non google employees getting some rights in the repo, before that all decisions was made by google employees: https://www.cnet.com/tech/mobile/google-gets-web-allies-by-letting-outsiders-help-build-chromes-foundation/ This api was added in 2013
And the workaround for this issue is really simple, and it was recommended privacy wise for a long time: don’t use chromium based browsers and don’t visit google related sites, as much as you can.
This needs to be discussed more by the community.
I can kind of understand what’s happening. They want to have complete control over what goes in an out of Chromium. Some PM is probably overseeing the PRs, and if some PR hinders their ability to collect data, that PR gets rejected. Mighty fine project this is. Other forks probably don’t have the resources to go through all the commits issued by Google and just accept them as it is. They just makes the changes to suit their own agenda. All the more reason for people to switch to Firefox
I wonder how Ungoogled Chromium is affected by all this.
I don’t know what needs to be discussed. Everyone owns their code, every project has some kind of hierarchy. Chromium is a project started by google, so Alphabet Inc. has a final word in any decisions. Similarly Linus Torvalds has a final say in Linux kernel development, and Lennart Poettering in systemd. That’s how it always worked, and I think it’s good enough.
What you can do is, you can hard fork a project, than you can have a final say there. This is actually how chromium’s engine started: its Blink engine is the fork of Apple’s webkit engine which is again a fork of Kde’s khtml engine.
Ungoogled chromium is not a hard fork it’s just a list of patches: https://github.com/ungoogled-software/ungoogled-chromium They can override google’s decisions this way, but the more thing they patch the more thing they have to maintain, more work, and more things can break with each update. Afaik it’s similar how all other chromium based browsers work.
Everyone said this for years now. If you care about the freedom of internet (caring about your privacy is secondary) you shouldn’t use chromium based browsers. Stop using it now.
Open source doesn’t mean they have to accept community input. The rights you’re granted are the right to take their code and alter it for your own project, or redistribute it, not direct it.
A lot of corporate owned open source projects choose not to accept third party contributions at all (or at least without giving them actual ownership), because if they own the entire codebase, they can sell different licenses to businesses that may not like some restriction of the open source license.
I prefer the VS Code approach. The entire codebase is open but owned by Microsoft. But because of the MIT licence, the community has made VSCodium. Microsoft does not interfere with VSCodium (AFAIK). This I think is a good model.