Table of Contents
When it comes to privacy concerns, Chromium-based browsers have been under scrutiny for some time. Recent revelations confirm that these browsers share user data with Google, challenging the idea that one can escape Google’s reach by avoiding its flagship Chrome browser. This finding is particularly troubling for those who trusted browsers like Brave to safeguard their privacy.
The Silent Snitch: An Overly Chatty Extension
The alarm was raised on X.com by Luca Casonato, who revealed that Google Chrome includes an API that grants Google services (e.g., *.google.com) unrestricted access to CPU, GPU, and RAM usage data, detailed processor information, and logs of user visits to Google domains. This API is embedded in a pre-installed, non-disableable Chrome extension called “hangout services.”
This technical setup raises significant legal questions, especially regarding the Digital Markets Act (DMA), which prohibits browsers from favoring their own services at the expense of competitors. More importantly, it poses a serious privacy concern, as users’ data is collected and processed without their knowledge.
What’s more alarming is that this API has also been found in other Chromium-based browsers, including Microsoft Edge, Opera, and Brave. This means that even if users avoid Chrome, Google can still gather information about their devices and their interactions with Google services.
Brave’s Response to the Data Leak
In a post on X.com, Brave confirmed the presence of this API and detailed the measures it has taken to mitigate data collection and sharing with Google. The day after the alert, Brave announced it had disabled the extension by default and planned to remove it entirely in the future.
A Timely Revelation for the European Commission
The “hangout services” extension constitutes a violation of the DMA partly because it allows Google to gather enough information about user devices and behaviors to tailor the performance of its services (such as Google Meet) to each user’s hardware configuration. This approach nudges users towards Chrome, which loads Google services faster, and steers them away from alternative browsers that may struggle with speed when accessing Google services.
Essentially, Google has created a self-serving cycle that promotes its tools at the expense of competitors, disregarding legal boundaries. This revelation comes at an inconvenient time for Google, as the European Commission recently launched an investigation into Alphabet’s (Google’s parent company) anti-competitive practices.
Implications for Users and Developers
The implications of this discovery are vast. For users, it means that their data privacy is compromised not just by Chrome but by any browser built on the Chromium framework. For developers and privacy advocates, it highlights the need for increased transparency and stricter regulations to ensure user data is protected.
Steps to Protect Your Privacy
While the news is disheartening, there are steps users can take to enhance their privacy:
- Switch to Non-Chromium Browsers: Consider using browsers that do not rely on the Chromium engine, such as Mozilla Firefox or Safari.
- Use Privacy-Focused Extensions: Employ extensions that block trackers and ads, such as uBlock Origin or Privacy Badger.
- Regularly Review Browser Extensions: Regularly check and remove any extensions that you do not use or trust.
- Enable Do Not Track: Activate the “Do Not Track” setting in your browser to reduce the amount of data collected by websites.
- Utilize VPN Services: A Virtual Private Network (VPN) can help mask your online activities, providing an additional layer of privacy.
Conclusion
The confirmation that Chromium-based browsers share user data with Google underscores the pervasive nature of data collection in the digital age. While companies like Brave are taking steps to protect user privacy, the onus is also on users to be vigilant about their online practices. By adopting more privacy-focused tools and habits, users can take control of their data and reduce the extent to which it is shared without their consent.