this post was submitted on 09 Jul 2024
1514 points (99.4% liked)

Technology

58009 readers
2968 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
1514
Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage (fedi.simonwillison.net)
submitted 2 months ago* (last edited 2 months ago) by Andromxda@lemmy.dbzer0.com to c/technology@lemmy.world
199 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.dbzer0.com/post/23752739

https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/

you are viewing a single comment's thread
view the rest of the comments
[–] kworpy@lemm.ee 93 points 2 months ago (2 children)

idk what to tell you if you're still using chrome

[–] GoogleSellsAds@sh.itjust.works 37 points 2 months ago (4 children)

Or anything Google for that matter. I see a lot of praise on Lemmy for their Pixel phones, but it wouldn't surprise me if they eventually find there was a backdoor in their firmware all this time. Yes of course, I can not prove that right now, but this news about Google Chrome isn't news for no reason. Don't trust anything Google if you care about privacy, it is literally their business model (selling targeted ads).

[–] irreticent@lemmy.world 31 points 2 months ago (1 children)

Relevant username.

[–] GoogleSellsAds@sh.itjust.works 1 points 1 month ago

People don't hate Google as much as they should. It's cringeworthy how much they promote this ad company on this platform. They don't even realze themselves they got comprised.

[–] joel_feila@lemmy.world 20 points 2 months ago (2 children)

Wrll you have to use a pixel phone to use graphene os

[–] 01189998819991197253@infosec.pub 5 points 2 months ago (1 children)

Yeah, I'm not super happy about that part, but don't really know what to do

[–] Emerald@lemmy.world 8 points 2 months ago (1 children)

Use a Pixel phone. No more sketchy then any other popular phone manufacturer

[–] 01189998819991197253@infosec.pub 2 points 2 months ago (1 children)

It's what I do. With degoogled os. But the proprietary blobs aren't filling me with confidence.

[–] Emerald@lemmy.world 3 points 2 months ago (1 children)

Does your laptop run free software boot firmware? If not, it has the same issues as a phone, if not more. No smartphone runs fully free firmware.

[–] 01189998819991197253@infosec.pub 1 points 2 months ago (1 children)

I know all this and that's not filling me with confidence, either. It's why Framework is in my sights.

[–] Emerald@lemmy.world 3 points 2 months ago (1 children)

Framework doesn't have free boot firmware either and it contains the Intel ME (the backdoor in Intel CPU's). The point I am trying to make is that you won't find a perfect solution anywhere.

[–] 01189998819991197253@infosec.pub 2 points 2 months ago

You're right, but I never said perfect. Perfect doesn't exist. I'm looking for reasonable and sustainable. Projects like framework and libreboot are making this possible for the first time in history. But, like you eluded to, they, too, won't be perfect.

[–] GoogleSellsAds@sh.itjust.works 1 points 1 month ago

Eat the ads then.

[–] Emerald@lemmy.world 6 points 2 months ago (1 children)

Well pretty much all computers have a backdoor to the CPU. That hasn't been proven for Pixel phones though.

[–] GoogleSellsAds@sh.itjust.works 0 points 1 month ago (1 children)

No, only Google has backdoors that are coming to light tome after time. Stop defending them Google ad fan boi.

[–] Emerald@lemmy.world 1 points 1 month ago

Is this trolling or are you for real?

[–] Andromxda@lemmy.dbzer0.com 3 points 2 months ago (1 children)

I fucking hate Google and wouldn't use any of their (proprietary) software, but Pixel phones are amazing. Hear me out, Google is the only phone manufacturer right now, that puts extensive hardware security features like MTE, a secure element, as well as a bunch of others in their phones. The Google Titan M2 is based on an open-source project called OpenTitan, and Google has even contributed their own changes upstream. It's based on the open RISC-V architecture, and it's the most complete and secure implementation of a secure element that you can find in an Android phone. The only thing that comes even close is the "Secure Enclave" in Apple ARM chips, that are used in modern iPhones, iPads and Macs. I understand the concern about a potential backdoor in the firmware, but that's a valid concern with basically every CPU on the market right now. x86 are ARM are completely proprietary, so you can't really trust any CPU based on one of these architectures. The old Google Titan M1 was based on ARM, Apple's Secure Enclave is also based on ARM, as well as Snapdragon's SPU (which is incomplete and insecure anyway). The Titan M2, being based on open hardware architecture and firmware, is the most trustworthy secure element, despite being made by Google. It includes features like Insider Attack Resistance, support for the Weaver API, Android StrongBox hardware keystore implementation and is used for a secure implementation of Android Verified Boot. GrapheneOS is free, open-source, and doesn't use any proprietary Google apps/services by default. Although I hate Google, a Pixel with GrapheneOS is currently the best option for a secure smartphone.

[–] GoogleSellsAds@sh.itjust.works -1 points 1 month ago (1 children)

Google fan boy. Good luck promoting that shitty ad company.

[–] Andromxda@lemmy.dbzer0.com 1 points 1 month ago

Ah yes, definitely promoting Google

I fucking hate Google and wouldn't use any of their (proprietary) software

I hope you realize how dumb your comment is