600
you are viewing a single comment's thread
view the rest of the comments
[-] kbin_space_program@kbin.run 61 points 3 months ago

In the comments its not just chrome that is affected.

Its apparently all Chromium browsers.

[-] Jilanico@lemmy.world 26 points 3 months ago

Isn't chromium open source? How are the APIs a secret?

[-] infeeeee@lemm.ee 68 points 3 months ago* (last edited 3 months ago)

Simply noone ever looked and it's not documented. And the api is locked to work only on google domains so it wasn't usable to anyone to accidentally notice what's going on.

The code doesn't do anything on non-Google domains.

Luca says this - I'm inclined to agree:

This is interesting because it is a clear violation of the idea that browser vendors should not give preference to their websites over anyone elses.

Follow up question: How many other parts of the chromium codebase limited to work on (maybe other) specific domains?

[-] xavier666@lemm.ee 6 points 3 months ago

The code doesn't do anything on non-Google domains.

A Google engineer adds a piece of code, does not document what exactly it does, and it was approved without question. Something is seriously wrong with this or I don't know how the Chromium project works.

[-] infeeeee@lemm.ee 9 points 3 months ago* (last edited 3 months ago)

I read somewhere a long time ago that chromium is a "look, but not touch" type of foss project. You can fork it, fix it, do whatever you want with the code, but on the main chromium repo they rarely accept PRs from random contributors

Here is an article from 2020, about the first non google employees getting some rights in the repo, before that all decisions was made by google employees: https://www.cnet.com/tech/mobile/google-gets-web-allies-by-letting-outsiders-help-build-chromes-foundation/ This api was added in 2013

And the workaround for this issue is really simple, and it was recommended privacy wise for a long time: don't use chromium based browsers and don't visit google related sites, as much as you can.

[-] xavier666@lemm.ee 3 points 3 months ago

You can fork it, fix it, do whatever you want with the code, but on the main chromium repo they rarely accept PRs from random contributors

This needs to be discussed more by the community.

I can kind of understand what's happening. They want to have complete control over what goes in an out of Chromium. Some PM is probably overseeing the PRs, and if some PR hinders their ability to collect data, that PR gets rejected. Mighty fine project this is. Other forks probably don't have the resources to go through all the commits issued by Google and just accept them as it is. They just makes the changes to suit their own agenda. All the more reason for people to switch to Firefox

I wonder how Ungoogled Chromium is affected by all this.

[-] infeeeee@lemm.ee 5 points 3 months ago

I don't know what needs to be discussed. Everyone owns their code, every project has some kind of hierarchy. Chromium is a project started by google, so Alphabet Inc. has a final word in any decisions. Similarly Linus Torvalds has a final say in Linux kernel development, and Lennart Poettering in systemd. That's how it always worked, and I think it's good enough.

What you can do is, you can hard fork a project, than you can have a final say there. This is actually how chromium's engine started: its Blink engine is the fork of Apple's webkit engine which is again a fork of Kde's khtml engine.

Ungoogled chromium is not a hard fork it's just a list of patches: https://github.com/ungoogled-software/ungoogled-chromium They can override google's decisions this way, but the more thing they patch the more thing they have to maintain, more work, and more things can break with each update. Afaik it's similar how all other chromium based browsers work.

Everyone said this for years now. If you care about the freedom of internet (caring about your privacy is secondary) you shouldn't use chromium based browsers. Stop using it now.

[-] conciselyverbose@sh.itjust.works 1 points 3 months ago

Open source doesn't mean they have to accept community input. The rights you're granted are the right to take their code and alter it for your own project, or redistribute it, not direct it.

A lot of corporate owned open source projects choose not to accept third party contributions at all (or at least without giving them actual ownership), because if they own the entire codebase, they can sell different licenses to businesses that may not like some restriction of the open source license.

[-] xavier666@lemm.ee 1 points 3 months ago

I prefer the VS Code approach. The entire codebase is open but owned by Microsoft. But because of the MIT licence, the community has made VSCodium. Microsoft does not interfere with VSCodium (AFAIK). This I think is a good model.

[-] vomitaur@lemmy.world 6 points 3 months ago
[-] infeeeee@lemm.ee 15 points 3 months ago

This comes from hangout_services/thunk.js

I searched for hangout in the vanadium repo, no result, so it's not patched there either: https://github.com/GrapheneOS/Vanadium

[-] iturnedintoanewt@lemm.ee 2 points 3 months ago* (last edited 3 months ago)

Vanadium

Just asked in their matrix channel.

hybridstaticanimate:discord Vanadium did not enable this at build time.

hybridstaticanimate:discord There is nothing to patch.

hybridstaticanimate:discord Other browsers chose to enable this.

[-] Imgonnatrythis@sh.itjust.works 1 points 3 months ago

Kind of. Vivaldi let's you turn it off though. Privacy, disable meet extension.

[-] JackbyDev@programming.dev 15 points 3 months ago

Fuck Chromium. Don't let Google single handedly control how the Internet works. Don't support Chromium browsers.

this post was submitted on 09 Jul 2024
600 points (98.4% liked)

Technology

59070 readers
3701 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS