this post was submitted on 09 Jul 2024
1532 points (99.4% liked)

Technology

59593 readers
5015 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] Andromxda@lemmy.dbzer0.com 249 points 4 months ago* (last edited 4 months ago) (1 children)

Yet another reason to switch to Firefox, or even better, a hardened fork like LibreWolf !librewolf@lemmy.ml

[–] sigmaklimgrindset@sopuli.xyz 71 points 4 months ago (22 children)

What functionality would I lose/gain if I switch from Firefox to Librewolf? I'm admittedly an amateur in the privacy space, and I've been pretty content with Firefox + Ublock and container tabs for different profiles, but I consistently get the issue that my browser fingerprint is pretty unique, and I have no idea how to or even if I can anonymize that anymore.

[–] Imgonnatrythis@sh.itjust.works 44 points 4 months ago (5 children)

Librewolf is not associated with Mozilla and does not receive their primary source of funding from Google like Mozilla does. I really like having the same browser and browser synchronization between my phone and desktop/laptop, so librewolf is out for me. They have no interest or resources to build an Android version. Waterfox does at least have desktop / android option and takes things at least one small step further away from Google.

[–] muntedcrocodile@lemm.ee 22 points 4 months ago

U can sync regular mobile ff and librewolf. Thats what i currently have.

[–] Andromxda@lemmy.dbzer0.com 19 points 4 months ago* (last edited 4 months ago)

It is the same browser. LibreWolf doesn't change much of the Firefox code, mostly just the configuration. They enable various privacy/security settings by default and remove Mozilla telemetry. You can go to the LibreWolf settings and enable Firefox Sync, and it will work just fine with your Mozilla account and other Firefox browsers.

For Android, I like to use Mull, it's a hardened build of Firefox, similar to LibreWolf.

load more comments (3 replies)
load more comments (21 replies)
[–] nyan@lemmy.cafe 150 points 4 months ago (2 children)

Would everyone who is surprised by this please raise your hand? . . . That's what I thought.

[–] gofsckyourself@lemmy.world 41 points 4 months ago (5 children)
[–] homesweethomeMrL@lemmy.world 78 points 4 months ago

License and registration, sir

[–] 11111one11111@lemmy.world 26 points 4 months ago

Really? That's not what the data from your api says /s

[–] gjoel@programming.dev 20 points 4 months ago

You don't need to actually write it, just raise your hand and we have registered your vote, either via your computer's camera, Google Nest, Google Assistant or inferred it by analysing the WiFi data returned by your Google Mesh network.

load more comments (2 replies)
load more comments (1 replies)
[–] kakes@sh.itjust.works 117 points 4 months ago (1 children)

It baffles me that they sell Chrome as private and/or secure, and baffles me even more that people believe them.

[–] sudo 28 points 4 months ago (2 children)

It baffles me people use chrome.

load more comments (2 replies)
[–] ComeHereOrIHookYou@lemmy.world 94 points 4 months ago* (last edited 4 months ago) (8 children)

This is hilarious! It even works on Edge, Vivaldi and even Brave 🤣. Good thing I use Firefox in almost everything or general day to day use

[–] Andromxda@lemmy.dbzer0.com 22 points 4 months ago (1 children)
load more comments (1 replies)
[–] madis@lemm.ee 17 points 4 months ago (1 children)

Vivaldi and Brave have the option to disable the Hangouts extension in settings, which should disable this.

As linked in the article, it is indeed used for "Hangouts" (Meet) troubleshooting.

load more comments (1 replies)
load more comments (6 replies)
[–] kworpy@lemm.ee 92 points 4 months ago (2 children)

idk what to tell you if you're still using chrome

[–] GoogleSellsAds@sh.itjust.works 37 points 4 months ago (8 children)

Or anything Google for that matter. I see a lot of praise on Lemmy for their Pixel phones, but it wouldn't surprise me if they eventually find there was a backdoor in their firmware all this time. Yes of course, I can not prove that right now, but this news about Google Chrome isn't news for no reason. Don't trust anything Google if you care about privacy, it is literally their business model (selling targeted ads).

[–] irreticent@lemmy.world 31 points 4 months ago (1 children)
load more comments (1 replies)
[–] joel_feila@lemmy.world 20 points 4 months ago (8 children)

Wrll you have to use a pixel phone to use graphene os

load more comments (8 replies)
load more comments (6 replies)
load more comments (1 replies)
[–] Gloria@sh.itjust.works 88 points 4 months ago (1 children)
[–] Andromxda@lemmy.dbzer0.com 46 points 4 months ago (1 children)
load more comments (1 replies)
[–] 4am@lemm.ee 78 points 4 months ago (1 children)

Remember when Google pushed for use of open standard in the browser to force Microsoft IE out of the market? Oh yeah I ‘member

load more comments (1 replies)
[–] Scotty_Trees@lemmy.world 76 points 4 months ago (1 children)

If you're still using Google Chrome in 2024, you might be a moron. #Firefox

[–] raspberriesareyummy@lemmy.world 23 points 4 months ago* (last edited 4 months ago) (2 children)

I am "slightly" worried that there's only a single option left. That's only 1 organization's corruption removed from total loss of control over browsing privacy :/

[–] Scrollone@feddit.it 27 points 4 months ago (2 children)

And Mozilla main source of income is... Google.

This is bad, very bad.

load more comments (2 replies)
load more comments (1 replies)
[–] cubism_pitta@lemmy.world 59 points 4 months ago (1 children)

Google does a lot of standards breaking things.

Like allowing a link on Google Apps Marketplace to open a new window (like popup) with POST instead of GET. (This pretty much ensures that buying an app will fail for browsers that follow the spec)

load more comments (1 replies)
[–] dan@upvote.au 59 points 4 months ago* (last edited 4 months ago) (3 children)

There's a bunch of stuff in Chrome that's special-cased to only allow Google to access it.

Not sure if it's still there, but many years ago I was trying to figure out how to do something that some Google webapp was doing (can't remember which one). I think it was something to do with popping up a chromeless window - that is, a new window with no address bar or browser chrome, just some HTML content.

Turns out the Chromium codebase had a hard-coded allowlist that only allowed *.google.com to use the API!

Edit: my memory was a bit wrong. It was this: https://stackoverflow.com/a/11614605. The Hangouts extension was allowlisted to use the functionality, but if any other extension wanted to use it, the user had to enable an experimental setting.

load more comments (3 replies)
[–] ZILtoid1991@lemmy.world 56 points 4 months ago (3 children)

How long until it will be used as a backdoor to hack womeone's PC?

[–] gencha@lemm.ee 49 points 4 months ago

Chrome is the backdoor and you already installed it

[–] ILikeBoobies@lemmy.ca 21 points 4 months ago

Seems google has already done that

load more comments (1 replies)
[–] Imgonnatrythis@sh.itjust.works 49 points 4 months ago

Ianal, but this sounds like something worthy of suing their ass over. There's not much Google would respond to and good luck beating their lawyers, but the only language they speak is $, so please try to take as much as possible away from them for this garbage.

[–] CriticalMiss@lemmy.world 48 points 4 months ago (7 children)

Not a legal mastermind by a long shot but it seems like a DMA violation. Someone needs to get the EU on their ass.

load more comments (7 replies)
[–] Suavevillain@lemmy.world 46 points 4 months ago (1 children)

I will stick with using Firefox.

load more comments (1 replies)
[–] empireOfLove2@lemmy.dbzer0.com 46 points 4 months ago

Hmmm, no way this could ever turn into a security hole, I'm sure of it.

[–] NutWrench@lemmy.world 46 points 4 months ago (25 children)

I already ditched Windows for Linux a month ago because of spyware. Everything Google-related is next. My phone is going to be the hardest thing to de-infest.

load more comments (25 replies)
[–] jinarched@lemm.ee 42 points 4 months ago* (last edited 4 months ago) (12 children)
load more comments (12 replies)
[–] fin@sh.itjust.works 39 points 4 months ago (1 children)
load more comments (1 replies)
[–] powermaker450@discuss.tchncs.de 36 points 4 months ago

this just in: google is still spying on you in every way possible

[–] alphapuggle@programming.dev 31 points 4 months ago (2 children)

Uhh do we know if this extends to sites.google.com?

[–] Andromxda@lemmy.dbzer0.com 39 points 4 months ago

You can check this yourself. Just paste this into the developer console:

chrome.runtime.sendMessage(
  "nkeimhogjdpnpccoofpliimaahmaaome",
  { method: "cpu.getInfo" },
  (response) => {
    console.log(JSON.stringify(response, null, 2));
  },
);

If you get a return like this, it means that the site has special access to these private, undocumented APIs

{
  "value": {
    "archName": "arm64",
    "features": [],
    "modelName": "Apple M2 Max",
    "numOfProcessors": 12,
    "processors": [
      {
        "usage": {
          "idle": 26890137,
          "kernel": 5271531,
          "total": 42525857,
          "user": 10364189
        }
      }, ...
[–] tal 21 points 4 months ago

Not an area I'm familiar with, but this user says no:

https://news.ycombinator.com/item?id=40918052

lashkari 5 hours ago | prev | next [–]

If it's really accessible from *.google.com, wouldn't this be simple to verify/exploit by using Google Sites (they publish your site to sites.google.com/view/)?

DownrightNifty 5 hours ago | parent | next [–]

JS on Google Sites, Apps Script, etc. runs on *.googleusercontent.com, otherwise cookie-stealing XSS >happens.

[–] _sideffect@lemmy.world 20 points 4 months ago (1 children)

Why do people still use Chrome?

Please uninstall it from everyone's home pc and phone that you come into contact with

[–] Tja@programming.dev 26 points 4 months ago (7 children)

Because it's fast and works well enough to keep the fame acquired over the last 10 years.

load more comments (7 replies)
[–] VelvetStorm@lemmy.world 17 points 4 months ago (1 children)

Can someone explain this to me like I'm 5. I understand it's not good but I don't know why and I would like to understand it.

[–] JustARegularNerd@lemmy.world 54 points 4 months ago* (last edited 4 months ago) (14 children)

Effectively Google has a browser extension (just like the ones you'd install from the Chrome Web Store like uBlock Origin) that comes with the browser that's hidden.

This extension allows Google to see additional information about your computer that extensions and websites don't normally have access to, such as checking how much load your PC has or directly handing over hardware information like the make and model of your professor.

The big concern in the comments is that this could be used for fingerprinting your browser, even in Incognito mode.

What this essentially means is that even though the browser may not have any cookies saved or any other usual tracking methods, your browser can still be recognised by how it behaves on your machine in particular, and this hidden extension allows Google to retrieve additional information to further narrow down your browser and therefore who you are (as they can link this behaviour and data to when you've used Google with that browser signed in), even in Incognito mode.

[–] Appoxo@lemmy.dbzer0.com 21 points 4 months ago (1 children)

information like the make and model of your professor

Oh no, not my professor :( (/s)

load more comments (1 replies)
load more comments (13 replies)
load more comments
view more: next ›