Why Chromium Tells Google Sites About Your CPU and GPU Usage • The Register


Are you using a Chromium-based browser, like Google Chrome or Microsoft Edge? Chances are, it’s quietly informing Google about your CPU and GPU usage when you visit one of the search giant’s websites.

From what we can tell, this feature is for performance monitoring, not really tracking — Google knows who you are and what you’re doing anyway when you’re logged in and using its sites — but it does raise some antitrust concerns in light of Europe’s pro-competition Digital Markets Act (DMA).

When you visit a *.google.com domain, the Google site may use the API to query in real time the CPU, GPU and memory usage of your browser, as well as information about the processor you are using, so that the service provided (such as video conferencing with Google Meet) can, for example, be optimized and fine-tuned to not overload your computer. The functionality is implemented as an API provided by an extension built into Chromium (the brain of the browser mainly developed by Google and used in Chrome, Edge, Opera, Brave and others).

Non-Chromium-based browsers, like Mozilla’s Firefox, don’t have this extension, which puts them at a potential disadvantage. Without the API, they may offer a worse experience on Google sites than they would on the same hardware with Google’s browser, because they can’t provide this live performance information.

However, there is nothing technically stopping Moz or other browser vendors from implementing a similar extension in Firefox themselves, if they wish.

But most importantly, Google’s competing websites cannot access the Chromium API. This is where the technical solutions start to look potentially questionable in the eyes of the European DMA.

Luca Casonato, Netherlands-based developer Underlines the existence of the extension this week on social media, and its findings have gone viral – with millions of views. We understand that at least some people have known about the code for some time now – indeed, it’s all open source and can be found here in the pre-installed extension hangout_services.

That name should give you an idea of ​​its origins. It was developed last decade to provide browser-side functionality for Google Hangouts, a product that was later split into Google Meet and Chat. Part of that functionality involves recording for Google, upon request, statistics about how your browser is using your machine’s computing resources when you visit a *.google.com domain, such as meet.google.com.

Casonato noted that the extension can’t be disabled in Chrome, at least, and it doesn’t appear in the extensions panel. He noted that it’s also included in Microsoft Edge and Brave, both of which are based on Chromium. We reached out to Casonato for his thoughts on this, but given the time difference between him in Europe and your humble vulture in the US, we didn’t get an immediate response.

Explanation

If you’ve read this far, an obvious question probably comes to mind: what makes this API malicious? We’re not saying that, and neither is Casonato. Google isn’t saying that either.

“Today, we mainly use this extension for two things: to improve the user experience by optimizing video and audio performance configurations based on the system capabilities. [and] “Providing reporting data on crash and performance issues to help Google services detect, debug, and mitigate user issues,” a Google spokesperson told us Thursday.

“Both are important to the user experience and in both cases we follow rigorous data handling practices designed to protect user privacy,” the spokesperson added.

From what we understand, Google Meet is now using the old Hangouts extension to, among other things, vary the quality of the video stream if the current resolution is too high for your PC. Other Google sites are also encouraged to use this feature.

That said, the existence of this extension could be detrimental to competition as far as the EU is concerned – and this is why Casonato seems to have highlighted it this week.

“[This API] “This is a clear violation of the idea that browser vendors should not give preference to their websites over someone else’s,” Casonato argued, citing the DMA’s ban on self-preference. Article 6.

The DMA gatekeepers, of which Google is a part, are required by law to be impartial gateways to the world of the Internet. Using a hidden API to give your services a performance advantage may not be in compliance with these rules.

“Take Zoom for example: they are now at a disadvantage because they cannot provide the same CPU debugging functionality that Google Meet does,” Casonato said.

Zoom is now at a disadvantage because it cannot provide the same CPU debugging functionality as Google Meet

Google has told us it intends to comply with the Digital Markets Act. That’s a smart move, given that the company is already under investigation alongside Meta and Apple by EU antitrust authorities. European Commission officials launched an investigation into the trio in March for what they called alleged failures to comply with DMA mandates.

Meta and Apple have since been accused of violating the DMA, and the Commission is still working on its Google case. It’s not yet clear whether this API will increase pressure on the Chocolate Factory. We’ve asked European Commission officials for their thoughts on whether the API would conflict with the DMA, and will update this article if we hear back. ®

Leave a Comment