A report suggests that Google has sneaked code into Chromium-based browsers that is favoring Google-owned properties. Browsers like Chrome, Brave, and Microsoft Edge appear affected.
If true, it would give critics of Google’s dominance in web browsing a mighty powerful argument.
Here are the details: Google Chrome and other Chromium-based browsers give *.google.com sites full access to system / tab CPU usage, GPU usage, memory usage, detailed processor information, and a logging backchannel.
Luca Casonato published information about this on X and Simon Willison published code that anyone may run to verify the claim.
The information that Chrome reveals to Google when the code is run
Here is how that is done:
Open Google Chrome on your system.
Load https://www.google.com/ or any other *.google.com property.
Select Menu > More Tools > Developer Console.
Switch to the Console tab, if it is not active already.
Type allow pasting.
Paste the following code: chrome.runtime.sendMessage(‘nkeimhogjdpnpccoofpliimaahmaaome’, {method: ‘cpu.getInfo’}, response => {console.log(JSON.stringify(response, null, 2));});
Press the Enter-key.
Chrome returns information when the code is run on a Google property. It returns an error message when you run it on any other site.
The code is accessible on the Chromium Code Search website. You can load it here and check it out yourself.
Casonato suggests that the exclusive feature is a violation of the Digital Markets Act as browser vendors “must give the same capabilities to everyone”.
Closing Words
It is unclear if and how Google is using the information. Casonato says that he does not believe that the company uses it for something malicious or invasive, such as fingerprinting.
Still, Google favoring Google in Chrome and Chromium-based browsers is giving critics of Google’s dominance in web browsing another reason why a browser monopoly or duopoly (if you consider Safari), is bad for users.
It is also interesting to note that other Chromium-based browsers have kept the code in their browsers. It is unclear why.
Google is informing customers currently that it is shutting down VPN by Google One “later this year”.
I reviewed VPN by Google One in March 2023 and concluded that it was “the most basic VPN that you can get”. Subscribers would get access to the VPN if they paid Google at least $1.99 per month.
While that sounded like a good deal on paper, the VPN itself was severely limiting and only available to customers in 22 countries. The real downside was that it lacked core functionality. You basically got the option to connect to the VPN, use its kill switch and configure bypass options for apps.
One of the main downsides was that you could not use it to connect to select servers, only to servers that Google picked. This meant that you could not use it to quickly connect to a server in another country to get an IP associated with that country.
Other features found in clients of popular VPN servers, such as NordVPN or SurfShark, were missing as well. No protocol selection, no advanced servers or security features, or to set a custom DNS server.
It still helped protected the connection, especially when connected to public wireless access points, but that was it.
Google informs subscribers and Pixel owners
All Pixel owners and Google One members are informed about the change. The news that VPN by Google One is shutting down at the end of the year may be overlooked easily.
Google writes:
Phasing out two benefits: With a focus on providing the most in-demand features and benefits, we’re discontinuing free shipping for select print orders from Google Photos (in Canada, the UK, US, and EU) starting on May 15 and VPN by Google One later this year. As a Pixel user, you’ll continue to enjoy being able to access VPN from Google through Pixel settings if you have Pixel 7 or newer models.
In other words, the VPN service is removed from Google One. Pixel owners may still connect to Google’s VPN.
The official Google One website does not list VPN by Google One anymore already.
Closing Words
Another one bites the dust. I know quite a few users who do not commit to Google products anymore, because there is a good chance that the company will tear them apart in the future.
While there are better VPN services out there, it is still disheartening to add it as another discontinued product to Google’s Graveyard of products.
It is not uncommon for Google or Microsoft to shut down services or programs. In fact, there are entirewebsites dedicated to services and products that these companies shut down.
Google’s latest target is Keen. Keen was developed as a competitor to the incredibly popular Pinterest. As you may know, you can join Pinterest to create collections of “things” that you like. From classic game consoles over your favorite recipes to furniture and holiday destinations.
These collections may be explored by others. Add social features to the mix, and you got a highly addictive foundation.
Keen was not Google’s first rodeo. Remember Google Plus? It was another failed attempt by Google to establish a strong social service foothold.
Keen promised to do things just a tad different when compared to Pinterest. The service allowed users to “curate, collaborate & expand everything” that they were into.
The service was available on the web and on Google Play. Registered users could create so-called “Keens” and add links, text, images, or web searches to them.
Keen allowed users to collaborate and Google added machine learning to the mix to power recommendations.
Keen launched with some fanfare in 2020. While it did get an initial push, as anything that Google does to a degree, it seemed to underperform. The platform got fewer and fewer updates, and nothing really happened to it since December 2021.
Keen shutdown
When you open the Keen website today, you get a popup that informs you that it is shutting down on March 24, 2024.
Both the Keen website and Keen application won’t be accessible anymore after that date. Google says in the farewell message that Keen “was always intended as an experiment”. Keen users may use a data export tool to export their date before March 24, 2024.
All data, including posts, uploads, like, follows, and comments, will no longer be available after March 24, 2024.
Closing Words
Keen is the latest product in a long list of products that Google killed over the years. While there were lots of duds among them, some are missed by some users even today. This includes Google Reader, Google Specialized Search, or Picasa.
Google users who open a sign-in page on the company’s website receive a notification currently. It reads “A new look is coming soon. Google is improving its sign-in page with a more modern look and feel”.
A click on the dismiss button closes the notification on the sign-in page. There is no link or button to get more information on the change.
The current sign-in page uses multiple pages for the process of logging in to a Google account. Users need to type or paste the email address or phone number first, and then the account password to sign-in. Other authentication options, including using a Google Titan security key, are also supported.
The reason for the “a new look is coming soon” announcement
The announcement offers barely any details. Google does not reveal when it is going to change the sign-in page nor reveals how it will look like. The only information is that the page will change and that its appearance will change.
You may wonder why Google is making the announcement to users. While Google does not reveal its reason, it seems likely that the company wants users to be prepared.
Many may look critically at a different sign-in page. Some may suspect foul play or a successful attack on Google.
The announcement may help reassure some users and organizations. When the new Google sign-in page lands, users who have seen the notification may use it to log in without worrying too much about the change.
It is likely that Google is going to announce the new sign-in page officially on one of its blogs or websites shortly before or after the new page goes live.
Still, some Google users may use a search engine or interactions with an AI to make sure that the change is legitimate.
Making sure it is Google’s sign-in page
It takes just a few clicks to verify the legitimacy of a webpage. First step is to look at the URL in the address bar. Is it a Google domain? The current sign-in page starts with https://accounts.google.com/, which you may verify quickly.
It may be necessary to click or tap in the address field in some browsers, as some information may be omitted.
Next step is to click or tap on the icon on the right of the address. This displays information about the connection. Look for “Connection is secure”, “Connection secure” or a similar message. If you see this, you are on the “real” Google sign-in page.
Now You: do you verify sign-in pages before logging in?
If you live in a European Union region, you will soon benefit from another privacy improvement. Google just announced a new control for users within the EU that allows them to manage links between Google services. Links refers to data that services may exchange between each other.
Google links many of its services by default, which gives it and its services access to user data across its services. This changes soon in the EU.
A search on Google Search may result in recommendations showing on YouTube or Google Play, and Google Ad services may use the information as well.
Google describes the functionality in the following way:
When linked, these services can share your data with each other and with all other Google services for certain purposes. All types of data described in Google’s Privacy Policy can be shared across linked Google services. This includes your activity data when you’re signed in, such as things you search for and the videos you watch and listen to.
Google says that the feature is a response to the Digital Markets Act of the EU. The new functionality is only available to users who live in the European Union.
Note: the functionality is rolling out currently. You may not see the “Linked Google Services” option yet, or only on some devices.
Note 2: The default seems to be that services are no longer linked. This means that they won’t share any data anymore from March 6, 2024 onward. It is still a good idea to verify this.
Manage your linked Google services
Google users may control the data sharing of the following Google services under the new system:
Search
YouTube
Ad services
Google Play
Chrome
Google Shopping
Google Maps
Here are step by step instructions to manage these.
First, for desktop users:
Open the Google Account website in your browser of choice.
Select Data & privacy on the page that opens.
Scroll down to “Linked Google Services” and select Manage linked services.
Select or deselect services. Any service that is selected will be linked when you select Next.
Review the selections made and select Confirm > Done > Got it.
For Android users:
Open the Settings on the Android device.
Select Google > Manage your Google Account > Data & privacy.
If this is not available, open the Google app instead, tap on the account icon, select Google Account and then Data & privacy.
Under “Linked Google Services”, select Manage linked services.
Select or deselect services. Any service that is selected will be linked when you select Next.
Review the selections made and select Confirm > Done > Got it.
Google launched an updated Titan Security Key last week. The new hardware key supports FIDO2, which means that it is compatible with a wide range of services. While you may use it exclusively for Google accounts, you can store up to 250 entries using it.
Titan Security Key works similarly to other hardware keys, including latest generation YubiKey products. Google promises state of the art encryption and protections. For users, it is an option to protect their accounts with two-factor authentication. You’d use the hardware key instead of an authenticator app or other means to provide the second form of authentication.
I bought a Titan Security Key of the latest generation last week to check it out. This guide includes step-by-step instructions to set up the hardware key to protect your Google account and others. It includes important information also, for instance, how you can protect yourself to avoid locking yourself out.
The box includes the selected hardware key — there are two versions that have different USB ports, USB-A or USB-C, but are functional identical otherwise. It also includes a small getting started booklet, which simply tells you to go to this Google website to get started. There is also a bigger Safety & Warranty booklet that no one reads. The USB-A version includes an USB-C to USB-A adapter, the USB-C version of the hardware key none.
Protecting the Google account with the key is a simple process that requires the following steps:
Open this Google Security page in a modern browser, e.g., Firefox, Microsoft Edge, Google Chrome, Safari, Vivaldi, Opera or Brave.
If you prefer to go there manually, open this Google Account Help page instead and click on “Enroll your security key” under Step 2.
A prompt asks you to keep the key disconnected from the device for now. Select the Next button to continue.
A set up request is displayed as a prompt. Select OK to continue the process.
Another prompt explains that Google will see the make and model of the security now if you continue. Select OK to proceed.
Connect the security key to the device when prompted to do so.
Type a name for the key on the “Security Key registered” page and select Done.
This is the entire process.
Word of Caution
The Security Key becomes the default two-factor authentication option. It is advisable to make sure that there is at least one additional option enabled. This can be an authenticator app, voice or text message, another security key, Google prompts or backup codes.
If you lose the Titan Security Key and don’t have another option enabled in the account, you will be locked out of the account.
Signing-in with the Hardware security key
The first sign-in step is exactly the same as before. You need to supply your Google email address and password to continue.
The 2-step verification prompt lists the email address. Make sure it is the right one. There is a menu to switch to another email address; useful if you set up more than one account.
Select Continue to authenticate using the Titan Security Key. You may also select “Try another way”, which you need to do if you don’t have the hardware key with out. The option “Don’t ask again on this device” should only be used on personal devices.
You are now asked to touch your security key. It contains a small area that reacts to touch. This acts as local confirmation to proceed.
You should now be logged-in to the account.
The same option is also available on mobile devices. Just connect the security key to the mobile device and follow the instructions to sign-in.
Non-Google accounts
Non-Google accounts can be saved to the key. It supports up to 250 keys, e.g. passkeys, that you may add. Numerous services and companies support passkeys already and more will follow in the coming years.
Generally speaking, all you need to do is open the 2-step verification preferences at the service and follow the instructions to protect the account using a hardware key.
Other useful resources
Here is a list of Google resources that you may find useful:
Passkeys Management – this page lists all devices linked to the Google Account. You can edit or remove them, and create new passkeys on the page.
Security Keys Management — similarly, this page lists all security keys associated with the Google account.
There are other keys besides Google’s. I already mentioned Yubico keys as an alternative, but there are many more. To name a few: Onlykey, Feitian, or Thetis. All support FIDO2 and offer similar functionality.
Trust plays a role, but so may other factors, including price or the built-in security. There is no clear answer to that question. If you use a Google account and want to protect it, there is nothing wrong with using a Titan Security Key to do so. Similarly, you may use other hardware keys for the same protections.
Google announced an update to storage policies in November 2020. Back then, the company informed users that it changed which files count against a user’s storage quota.
The change affects high quality photos uploaded to Google Photos and also new Google Docs, Sheets, Slides, Drawings, Forms or Jamboard files. One of these services, Jamboard, a whiteboarding app, has been shut down in the meantime.
A help page on Google’s support website lists data that counts against a user’s quota. Apart from what is listed above, this also includes the following:
Meet call recordings.
Files in Google Drive.
Gmail messages and attachments.
Original quality photos and videos backed up to Google Photos.
Users may experience issues when they are over quota. Broken down, it limits the ability to save new files to the cloud storage in many Google products.
Inactive Google accounts
In the same update, Google announced new policies for inactive accounts and accounts that are over the limit.
Accounts inactive for 24 months may have content deleted in the aforementioned services. Google explicitly refers to “product(s) in which you’re inactive”.
The wording is confusing, as users may interpret it as having to use all of these services at least once in a 2 year period to avoid having their data deleted.
This appears to not be the case. Google suggests to “periodically visit Gmail, Drive or Photos on the web or mobile, while signed in and connected to the internet” to avoid the banhammer.
Google reassures users that it will notify users multiple times by email and notifications prior to deleting content or deleting the entire account.
Accounts that exceed their storage quota for a 2 year period also risk deletion, according to Google.
Most accounts are safe
Some news outlet painted the new policy in dramatic terms. While it is true that Google may delete inactive accounts, it is relatively easy to do something about it.
One could argue that users who have not used their account for 2 years may not hold it in high value and that most may not mind the deletion.
In any event, here is what I recommend:
If you store valuable files or emails in your Google account, create a backup.-You can use Google’s Takeout service to export the data. Another option is to save files locally or use a local email client, e.g., Thunderbird, to synchronize the emails.
To make sure the account is not deleted, sign-in to one of the supported Google products at least once every 24 months.
Closing Words
Google is not the only company that threatens to delete inactive accounts. Microsoft, for example, has similar policies in place. Microsoft users who have not signed-in to their account in a 2 year period may have their accounts deleted as well.
Tools like Bing Chat, Windows Copilot, ChatGPT, Claude or Google Bard have seen a rise to prominence this year. These advanced chatbots promise to deliver information to users who chat with them. While you can’t ask them anything, as some content is locked down, you can get answers and information about lots of things.
Ask about the Mona Lisa or the Hallgrímskirkja and you get a good overview of these items, usually. You may get instructions on fixing PC issues or your car, and even medical advice is not out of the question.
There is always the chance of hallucination, which more or less refers to it returning content that is not true. Still, many tech companies are pushing AI like crazy. Microsoft, for example, added Bing Chat to Windows and several other company products.
Google Bard and Human Reviewers
Google confirmed on the Bard Help website that human reviewers may look at conversations. Feedback from Bard users plays an important role in improving Bard, but Google says that this is not enough. Human reviewers are “a necessary step of the model improvement process” according to the company.
The reviews, ratings and rewrites of human reviewers helps Google improve the quality of its generative machine-learning models”.
Google explains that conversations that human reviewers access are unlinked from Google accounts. Furthermore, random samples are picked for human review and “only a portion of all Bard conversations are reviewed”.
While that sounds reassuring, it is clear that input from human users of Bard may reveal their identity. Google recommends to users that they don’t reveal anything in conversations with Bard that they don’t want human reviewers to potentially have access to.
To Google’s credit, it highlights the fact that human reviewers may access conversations on the Bard website prominently.
What Human Reviewers do
Reviewers look for “low-quality, inaccurate, or harmful” Bard responses according to Google. Once identified, evaluators suggests higher-quality responses. These are then used to “create a batter dataset for generative machine-learning models”.
In other words, Google is using human reviewers to improve Bard’s responses to user queries.
How to prevent the sharing with reviewers
Google Bard users have just one option to prevent the sharing of their conversations with human reviewers. This requires disabling the Bard Activity. Here is a step-by-step guide on disabling Bard Activity:
Open the Bard Activity website on Google’s My Activity hub.
Activate the toggle to turn off Bard Activity on the page that opens. Note that you may also delete existing conversations while there.
Note that Bard activity won’t be saved to the Google account anymore. In other words, you can’t access conversations from one device on another when the feature is disabled.
The deletion doesn’t affect conversations that has been reviewed by human reviewers already. Google retains that data and related data for up to three years according to the privacy information on the Bard Help website.
Related information may include the language, device type and location info according to Google.
Closing Words
The advice to never include personal information that could be traced back to you is as old as the Internet. While this limits some conversations with AI, it is still sound advice.
Bard users who want to include personal information in their conversations may want to turn off Bard Activity first, as this prevents access for human reviewers.
Google Photos Takeout is a straightforward option to export all Google Photos to a local computer system. It is an excellent option to create a local backup of all photos uploaded to Google Photos or moving to a different provider.
A big problem with the takeout is that the photos are stored in multiple zip files, often hundreds of them. The number of folders depends largely on activity and time. Each zip file contains photos and a JSON file.
While it is possible to extract individual folders or all at once, doing so still leaves the photos in a disorganized state.
Google Photos Takeout Helper
The open source application comes to the rescue. All it takes is to point the app to a downloaded Google Photos takeout folder for it to do its magic. The application extracts all zip archives, sets timestamps correctly and will put all photos in a single folder or in monthly folders.
You need to download the photos from Google Takeout in the first step. This is done by visiting the Google Takeout site, signing-in, activating “deselect all” at the top to uncheck all export options, and checking the box next to Google Photos on the page.
Select “Next step” to continue and keep all other settings. Activate “create export” and wait for Google to inform you with an email that your download is ready.
A click on each of the download links opens the download page. You may need to authenticate yourself again before the download starts.
Extract all Zip archives. You may need to move them into a single root folder first, if there is more than one archive. The easiest way to do so is to copy all additional Google Photos folder into the first folder, so that all folders are under the same structure (Takeout\Google Photos).
Once all photos have been downloaded and all archives extracted, it is time to switch to Google Photos Takeout Helper.
Using the Helper app
First step is to download the application from the project’s GitHub repository. Visit it with a click on this link. The app is available for Windows, macOS and Linux. I downloaded the Windows version for this guide.
Run the downloaded file once it is on the local system. Note that you may get a “Windows protected your PC” prompt. This is thrown by SmartScreen, a security feature. The app is not dangerous, but SmartScreen does step in if an app is new or unrecognized by it.
Select “more info” and then “run anyway” to continue. A command prompt window opens with instructions. Press the Enter-key and use the folder browser that opens to pick the Takeout folder.
Once done, press Enter again to select the output folder. This is the folder that all sorted photos are put into.
All photos may be put into a single folder or sorted into year/month folders. Press 1 or 2 to make the selection.
Select what Google Photos Takeout Helper should do with albums in the final step:
0 Shortcut — links album folders to original photos.
1 Duplicate-Copy — puts photos into album folders as well.
2 JSON – puts all photos into a single folder and creates a json file with album information.
3 Nothing — ignore albums, which will ignore archive and trash photos altogether.
If the target folder is not empty, you need to select (1) to delete all files inside, (2) to place photos next to existing files or (3) exit the process.
The process may take a moment to complete. Press the Enter-key to finish the process and close the program window.
Once closed, open the target folder. You should see a folder structure based on your selections. Check the ALL_PHOTOS folder to access them all.
Closing Words
Google Photos Takeout Helper is a useful open source tool to quickly sort all exported photos. While not needed per-se, it may save users lots of time.
