A report suggests that Google has sneaked code into Chromium-based browsers that is favoring Google-owned properties. Browsers like Chrome, Brave, and Microsoft Edge appear affected.
If true, it would give critics of Google’s dominance in web browsing a mighty powerful argument.
Here are the details: Google Chrome and other Chromium-based browsers give *.google.com sites full access to system / tab CPU usage, GPU usage, memory usage, detailed processor information, and a logging backchannel.
Luca Casonato published information about this on X and Simon Willison published code that anyone may run to verify the claim.
Here is how that is done:
- Open Google Chrome on your system.
- Load https://www.google.com/ or any other *.google.com property.
- Select Menu > More Tools > Developer Console.
- Switch to the Console tab, if it is not active already.
- Type allow pasting.
- Paste the following code: chrome.runtime.sendMessage(‘nkeimhogjdpnpccoofpliimaahmaaome’, {method: ‘cpu.getInfo’}, response => {console.log(JSON.stringify(response, null, 2));});
- Press the Enter-key.
Chrome returns information when the code is run on a Google property. It returns an error message when you run it on any other site.
The code is accessible on the Chromium Code Search website. You can load it here and check it out yourself.
Casonato suggests that the exclusive feature is a violation of the Digital Markets Act as browser vendors “must give the same capabilities to everyone”.
Closing Words
It is unclear if and how Google is using the information. Casonato says that he does not believe that the company uses it for something malicious or invasive, such as fingerprinting.
Still, Google favoring Google in Chrome and Chromium-based browsers is giving critics of Google’s dominance in web browsing another reason why a browser monopoly or duopoly (if you consider Safari), is bad for users.
It is also interesting to note that other Chromium-based browsers have kept the code in their browsers. It is unclear why.
Which browser do you use mainly and why?
I use several different browsers, each for different reasons and purposes.
This info explains why even though I have Edge set to clear ‘all’ cookies and site data on exit it does not remove any cookies from google.com.
I’ve even tried Cookie AutoDelete 3.8.2 and it doesn’t remove the google cookies either.
Just to add my last two cents: Cookie Auto Delete is like a Swiss cheese. I checked all cookies that were not whitelisted and should have been deleted, and a lot of them are still present. I deleted a few dozen manually, then opened websites from those deleted cookies again and closed websites again. Most of the previously deleted cookies were created again and then deleted by Cookie Auto Delete. But few were missed again. And they were not from privileged websites like Google/YouTube/Bing, but from general run-of-the-mill websites.
You can not rely on Cookie Auto Delete for clean sweep and for that matter any others’ cookie extensions. I tried a somewhat similar extension, and the extension did not see those cookies too. It saw only cookies whitelisted by Cookie Auto Delete. This could be just a code bug in the browser. Google and YouTube cookies were actually deleted properly during this experiment by Cookie Auto Delete. So these cookies are not hard-coded yet.
Just in case, I Greylisted *.google.com on Cookie AutoDelete. I also limited Google.com usage on desktop. Now it is just around 25% of my web searches and 60% of map searches. It used to be 100% for decades.
I looked at the Chromium source you linked to, Martin. And it’s meant for Google Hangouts.
The script should restrict the domains to hangouts.google.com and accounts.google.com, but it is currently set to all Google subdomains. I don’t think this was intentional, so this article is a little disingenious.
That sounds like a re-write of the case whereby Google was fined €2.4 billion for breaching EU antitrust rules back in 2017: https://ec.europa.eu/commission/presscorner/detail/en/IP_17_1784
Margrethe Vestager, the EU Competition Commissioner seriously needs to make use of the nuclear option to fine Google 10% of worldwide sales. Just pussy-footing around in the background with what to Google would be trivial amounts such the one above only serves to encourage them to trample over users rights even more than they do now.