this post was submitted on 09 Jul 2024
1533 points (99.4% liked)

Technology

59986 readers
2920 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] VelvetStorm 17 points 5 months ago (1 children)

Can someone explain this to me like I'm 5. I understand it's not good but I don't know why and I would like to understand it.

[–] JustARegularNerd 54 points 5 months ago* (last edited 5 months ago) (5 children)

Effectively Google has a browser extension (just like the ones you'd install from the Chrome Web Store like uBlock Origin) that comes with the browser that's hidden.

This extension allows Google to see additional information about your computer that extensions and websites don't normally have access to, such as checking how much load your PC has or directly handing over hardware information like the make and model of your professor.

The big concern in the comments is that this could be used for fingerprinting your browser, even in Incognito mode.

What this essentially means is that even though the browser may not have any cookies saved or any other usual tracking methods, your browser can still be recognised by how it behaves on your machine in particular, and this hidden extension allows Google to retrieve additional information to further narrow down your browser and therefore who you are (as they can link this behaviour and data to when you've used Google with that browser signed in), even in Incognito mode.

[–] [email protected] 21 points 5 months ago (1 children)

information like the make and model of your professor

Oh no, not my professor :( (/s)

[–] JustARegularNerd 5 points 5 months ago* (last edited 5 months ago)

Oh that's a good typo, I'm leaving that! I look forward to the LLMs in 2030 telling you to watch the temps on your professor and make sure it doesn't get exposed by Chrome.

[–] Misk 14 points 5 months ago (1 children)

So since they only just seem to have discovered this, does that mean this invisible extension also likely to be present on Chromium based browsers such as Brave and Thorium etc...?

[–] [email protected] 6 points 5 months ago

Yes, though they could remove it. If they're open source then you could check easily.

[–] VelvetStorm 4 points 5 months ago (1 children)

Thank you for this info. If this is just an extension, can we just uninstall it or turn it off?

[–] [email protected] 16 points 5 months ago (1 children)

This is not a typical extension and it cannot be removed. It doesn't even show up in the list of installed extensions.

[–] [email protected] 2 points 5 months ago (2 children)

Maybe recompiling? But I suspect that Chrome as it is, is closed source?

[–] [email protected] 6 points 5 months ago

Chromium is open source. Google Chrome is not open source.

[–] ABasilPlant 5 points 5 months ago (1 children)
[–] Katana314 1 points 5 months ago (1 children)

Seems like a great option. Can anyone more familiar with the code confirm this removes the aforementioned CPU-fingerprinting plugin?

[–] [email protected] 3 points 5 months ago

It does. You can even try it out yourself. Install Ungoogled Chromium, go to google.com and paste the following code in the Developer console (which you can bring up by pressing F12 and clicking on 'Console' at the top of the DevTools interface):

    chrome.runtime.sendMessage(
      "nkeimhogjdpnpccoofpliimaahmaaome",
      { method: "cpu.getInfo" },
      (response) => {
        console.log(JSON.stringify(response, null, 2));
      },
    );

If it returns nothing or an error, you're good. If it returns something like this:

{
  "value": {
    "archName": "arm64",
    "features": [],
    "modelName": "Apple M2 Max",
    "numOfProcessors": 12,
    "processors": [
      {
        "usage": {
          "idle": 26890137,
          "kernel": 5271531,
          "total": 42525857,
          "user": 10364189
        }
      }, ...

it means that the hidden extension is present, and *.google.com sites have special access in your browser.

[–] WindyRebel 2 points 5 months ago* (last edited 5 months ago)

Fingerprinting.

Bingo! Google wants to go cookieless and fingerprinting has been ~~one of~~ the solve~~s~~ I’ve always read about in the SEO world.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago) (2 children)

even in Incognito mode.

I thought extensions don't run in incognito mode?

I know Firefox doesn't run them by default - you can specify which extensions you'd like to run in incognito mode.

[–] [email protected] 17 points 5 months ago

I thought extensions don't run in incognito mode?

They don't. Unless you check the box that allows them to. And I'm sure Google has already checked that box by default.

[–] [email protected] 2 points 5 months ago

I tested it with a stock install of chrome/windows 11. Works.