💾 Archived View for bbs.geminispace.org › s › privacy › 18465 captured on 2024-12-17 at 15:07:27. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-08-31)

🚧 View Differences

-=-=-=-=-=-=-

Another way in which Google Chrome spies on users

It turns out Google Chrome (via Chromium) includes a default extension which makes extra services available to code running on the *.google.com domains - tweeted about today by Luca Casonato, but the code has been there in the public repo since October 2013 as far as I can tell.

https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/

Posted in: s/privacy

💀 requiem

Jul 10 · 5 months ago · 👍 lufte, decant_, LucasMW, arma

8 Comments ↓

🚀 decant_ · Jul 11 at 06:49:

f corpo

🛰️ lufte · Jul 11 at 17:44:

This is in the chromium code base for everyone to see, so I guess they don't consider it too bad. What sort of surprises does Chrome include?

☕️ Morgan · Jul 12 at 13:20:

Tech corps are not trying to secretly steal your data.

They have hugely profitable businesses collecting your data in ways that are well documented and public. It would be incredibly foolish for them to also run a "black ops" type side business to add sneakily collected data into the mix, it would put their actual business in danger.

For the type of privacy risk you're thinking of here, you need to look elsewhere ... organized crime, governments local and foreign, for a start.

💀 requiem [OP] · Jul 12 at 17:16:

Google specifically has been caught red handed with “undocumented” “data collection” “features”. Apple does it to some extent, too but Google’s data harvesting was found to be far far more extensive. This is all then mined for behaviour data, and sold on to advertisers, or of course is a treasure trove of information for three-letter agencies, who can be assumed to have unhindered access, at least if the device is hacked.

So Chrome opening the door to collect such telemetry under *some* cases is likely exploitable for *any* cases. A back door is a back door for anyone.

See this research on data mining

https://www.scss.tcd.ie/doug.leith/apple_google.pdf

☕️ Morgan · Jul 12 at 18:14:

You contradict yourself: if it's sold on to advertisers, it's not secret. Advertisers can be anyone and have no reason to keep secrets for Google, it would leak.

It's well known that government agencies demand information from Google. If I recall correctly they were one of the first companies to speak openly about it to the extent they are allowed to. I said look to governments for privacy abuse: it's clear they can't be trusted, because law enforcement is too closely intertwined with the mechanisms that should offer legal protection for privacy.

Google is far more trustworthy because it's in their financial interest to be. They don't want your private data beyond what they openly use for ads: it's a liability. One example is your location history. It used to be stored on Google's servers, it will switch to being only on your device. Google doesn't want your location data: it's a privacy nightmare, governments can try to get it, and users don't get so much benefit that it's worth the huge cost to keep it. Having it only on your local device will mean you lose it sometimes ... you'll just have to live with that. I'm a bit sad about that, but they're right, I don't care enough that it's worth all the trouble.

☕️ Morgan · Jul 12 at 18:36:

Also, you might have noticed that Europe has some really strict laws on this stuff now and likes handing out <big> fines. Even Apple doesn't get to make up their own rules now.

Based on what I think I know on the subject, I would say that Google has always been well behaved. But even if you don't buy that, they surely are now. The cost of even a tiny mismatch between the declared and actual data collection is huge.

💀 requiem [OP] · Jul 12 at 18:59:

I didn’t say it was a secret, and as you rightly say, the rules are different now, after they have been caught collecting to s of data they didn’t notify users about, in comparison to say, when Google Maps was launched. They hoovered up a lot of information without explicit consent, and that black mark will forever erode public trust in them. Even if this information collection is “benign”, it is not straight and honest to average users.

And further, once that data lands on Google’s servers, you cannot know whether the data you submitted as “technical telemetry” will be used for other means, too, which you didn’t sign up for.

☕️ Morgan · Jul 12 at 19:38:

You can't collect data for one purpose then use it for a different purpose under EU law.

Tech companies don't do that kinda stuff any more, at least not intentionally. I personally think that some did and some didn't, but I won't get into details, it's anyway history and they have really good lawyers ;)