Chrome Browser Revealed to Secretly Spy on PCs

Written by

Geoff Halstead

Published on

July 9, 2024

Reading time

1 min.

Luca Casonato 🏳️‍🌈 on Twitter / X

Developer Luca Casonato posted a series of tweets on July 9. He revealed that Google has reserved a private API in the Chrome browser. This allows Google domain names (such as *.google.com) exclusive access to detailed system information.

The Details:

Chrome’s Private API: Google has reserved a private API in Chrome that gives Google domains exclusive access to detailed system data, including CPU architecture and processor usage.

Impact on Google Services: This API enables Google services, such as Google Meet, to monitor system resources more effectively, suggesting optimizations like closing tabs to alleviate CPU overload.

Public Discovery and Reaction: The feature was brought to light by developer Luca Casonato and further demonstrated by Simon Willison, who showed how the API responds differently when accessed from Google versus non-Google domains.

Why It Matters:

Privacy Concerns: The exclusive access Google has to detailed system information via a private API raises significant privacy concerns, particularly regarding the transparency and control users have over their data.

Competitive Fairness: This API could potentially give Google an unfair advantage by allowing its services to optimize performance based on data that is not available to competitors, leading to questions about competitive fairness in the tech industry.

Regulatory Implications: The discovery of this private API might attract regulatory scrutiny regarding how tech giants manage user data and their dominance over the web ecosystems they help create.

Faction’s Take:

While there can be perfectly innocuous product-focused reasons for Google to want to know such things, the way this was done – secretly and separately from what is available to any other developers – belies all of that. The tech giants have built back doors for gathering data on all of us into all of their software, and the ‘privacy agreements’ users sign off on with no actual choice all grant them the unencumbered right to do so. It’s time for people to wake up and demand change.

Related posts

AT&T Admits that Data of “Nearly All” Customers Was Breached in 2022

Reading Time: 2 min.

The New York Times reported today that AT&T disclosed a significant data breach affecting nearly all of its customers. The…

Read more

NSA Report Details the Extent and Effectiveness of PRC Exploitation of the Internet

Reading Time: 2 min.

The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of…

Read more
Data Breach

125 Million User Records and 19 Million Passwords Leaked in Firebase Vulnerability

Reading Time: 1 min.

Breaking news: the cloud is (really) not secure Three cybersecurity researchers (Logykk, xyzeva/Eva, and MrBruh) recently uncovered a significant security breach involving…

Read more

Chrome Browser Revealed to Secretly Spy on PCs

Luca Casonato 🏳️‍🌈 on Twitter / X Developer Luca Casonato posted a series of tweets on July 9. He revealed that Google has reserved a private API in the Chrome browser. This allows Google domain names (such as *.google.com) exclusive access to detailed system information. The Details: Chrome’s Private API:…

Reading Time: 1 min.

Luca Casonato 🏳️‍🌈 on Twitter / X

Developer Luca Casonato posted a series of tweets on July 9. He revealed that Google has reserved a private API in the Chrome browser. This allows Google domain names (such as *.google.com) exclusive access to detailed system information.

The Details:

Chrome’s Private API: Google has reserved a private API in Chrome that gives Google domains exclusive access to detailed system data, including CPU architecture and processor usage.

Impact on Google Services: This API enables Google services, such as Google Meet, to monitor system resources more effectively, suggesting optimizations like closing tabs to alleviate CPU overload.

Public Discovery and Reaction: The feature was brought to light by developer Luca Casonato and further demonstrated by Simon Willison, who showed how the API responds differently when accessed from Google versus non-Google domains.

Why It Matters:

Privacy Concerns: The exclusive access Google has to detailed system information via a private API raises significant privacy concerns, particularly regarding the transparency and control users have over their data.

Competitive Fairness: This API could potentially give Google an unfair advantage by allowing its services to optimize performance based on data that is not available to competitors, leading to questions about competitive fairness in the tech industry.

Regulatory Implications: The discovery of this private API might attract regulatory scrutiny regarding how tech giants manage user data and their dominance over the web ecosystems they help create.

Faction’s Take:

While there can be perfectly innocuous product-focused reasons for Google to want to know such things, the way this was done – secretly and separately from what is available to any other developers – belies all of that. The tech giants have built back doors for gathering data on all of us into all of their software, and the ‘privacy agreements’ users sign off on with no actual choice all grant them the unencumbered right to do so. It’s time for people to wake up and demand change.

If you liked this post, Share it on: