Luca found a hidden Chrome extension that is installed by default in Chrome and most Chromium derivatives. Surma and Jake dig into what this extensions does and how reasonable it is to get angry about it.
Surma:All right, Jake, we're probably slightly behind schedule this month, but, you know,
Surma:we're traveling, it happens, we... but I think it's... yeah, true! And also, I feel like
Jake:Yeah, it's been a busy old summer. Oh, yeah, it's more than once a year, so that's,
Surma:compared to our, you know, schedule commitment we had on HTTP203, it's still an improvement!
Jake:yeah, we're doing very, very well. We should say, I mean, how kind of proper are we supposed to do this? Like, because, I mean, who are you? What's going on?
Surma:Oh, who am I? What's going on? I'm Surma. This is a podcast. And this... Oh! I didn't
Jake:And I am Jake. Yeah, like, I was trying to do an intro. Look, so the state of react came out, right? And what's there in the podcast section?
Surma:realize... OK. Right. Yeah, I mean, you say that, but HTTP203 was pretty sloppy. Obviously,
Jake:HTTP 203. Not OTMT. And I'm just, I just don't think we're ever going to, you know, beat our previous selves if we are this sloppy, if we're just, like...
Surma:we had professional editors. I mean, we still have a professional editor, but we're doing
Jake:Yeah.
Surma:more of the work ourselves. And for some reason, it has brought us to... I think the
Surma:reason OTMT is not on the state of React is because that survey came out before we even
Jake:Okay, we'll keep telling ourselves that, and we'll see what happens. But that's fine. That's fine by me. So who's a half listener? Because it's me, you, Lucas, our editor, and there's just someone overhearing Lucas in another room? Is that it?
Surma:started with OTMT. Yeah. If we're still not on there by next year, then I guess we'll
Surma:just keep talking to our three and a half listeners. Yeah.
Surma:Yeah, I feel like it was mostly Lucas, because he's not listening to the words we're saying.
Jake:Oh, that's fine. Yeah, that makes sense.
Surma:He's just waiting for someone to bang on the table and just cut that noise out, isn't he?
Surma:And doing, you know, and making a sound actually coherent, which honestly, sometimes he does
Surma:do that. Yeah, a lot of hard work. Ooh. Oh, I thought you were going to say, oh, I didn't
Jake:A lot of work, a lot of work.
Jake:So I went to Silverstone recently for the Grand Prix, which I tend to do every couple of years. And it reminded me of something which happened last time I was there.
Jake:So, so last time I was, I went to the track on a Thursday. Now, there isn't motorsport as such on a Thursday. But what they do have is the Sky TV folks do their live show.
Jake:Well, interesting, you should say that. Well, so their show is just like they bring the drivers out, they do interviews, that kind of thing. But it's on the start finish straight. And if you want to get decent seats, you got to turn up like fairly, fairly early. So we did. And we were there like an hour, an hour and a half before anything was going to happen. And we weren't alone. Like there was a lot of people in the stand just kind of sitting waiting.
Surma:say like they do power walking tournaments or something. Oh.
Jake:So people were entertaining themselves. And one thing they were doing is like, so there is stuff happening on the track. Like, there are people who are running it, there are road sweepers, there are people who are cycling it. Well, yeah, so the engineers do it just for exercise, right? Because they're flying around the world from track to track. And it's, it's something they do for, for exercise. But it is also what people they do it to see if there's any new bumps on the track as well. There are scouts that feedback to the drivers.
Jake:So whenever someone came around the final corner on their sweeper or their bike or whatever, the crowd would start going, oh, as they got closer and closer to the start finish straight. And as they cross the finish line, the crowd would go way. And, and it was at this point, you know, the person cycling or the person in the sweeper would have to acknowledge the crowd in some way and wave.
Jake:And if they didn't, the whole crowd would boo really, really loudly. That was it. They would turn on you instantly. So we were doing this for like, you know, 45 minutes or whatever.
Surma:Yeah.
Surma:Yeah.
Surma:Yeah.
Surma:Yeah.
Surma:
Jake:And then around the final corner came a child or a young, young kid in an electric wheelchair. And you could see that the whole crowd was thrown into a kind of quandary. Like, what was, what's the etiquette here? Like, we've got a system, you know, we've got a thing we do here. But is it, is it appropriate? What, what, what do we do?
Surma:Yeah, of course you cheer them on. Yes, he did.
Jake:Well, that's it. Someone started, oh, and the rest of the crowd started building up. Oh, and this kid crossed the start finish line. And he like, pumped his fist in the air. And the whole stadium went crazy. Like it, I think, I think there was more cheering than there was at any point during the actual Grand Prix. People were on their feet, cheering. It was, it was like, it was a lovely thing to be part of.
Surma:That's amazing.
Jake:But there was a guy on the track, kind of around the start finish line. And he, he sort of walked around just to the final corner. And he, he put his phone on a selfie stick, extended it. And then he clearly sort of started recording and he was, you know, talking into, into his phone and he was sort of gesturing at the audience. And then he set off running towards the finish line with his selfie stick in a hand sort of pointing sort of, you know, between him and the crowd.
Surma:Nothing. I would also have done that. Doing it for the gram. You're not getting anything.
Jake:And, you know, so the crowds would be behind him. And he walked and he, well, he ran, he ran, he ran fast to the finish line. And the crowd gave him nothing. Not even a boo. Absolutely. He crossed that finish line to almost deadly silence. It made me proud to be British.
Surma:So petty, but effective. I love it. Yeah, because even like a boo would have been, you
Jake:Absolutely. I don't get patriotic very often, but that was one of those moments.
Surma:know, content, but that the fact that there's like the instant hive mind of doing the correct
Surma:thing, that he basically just now has footage of him running across a finish line by himself
Surma:and visually or like on the video, nobody cares. That's absolutely brilliant.
Jake:Do we know what the episode is titled? Or does that come later?
Surma:Let's talk about the web, because I feel like in the last month spent some, you know, spicy
Surma:things. I guess at this point people already know what the episode is titled.
Surma:Yeah.
Jake:Oh, that is good. I like it.
Surma:My current pick is Chrome's secretly installed extensions. There's a bit of spice in that.
Surma:So this whole thing got started by a tweet that Luca did. And Luca is an engineer at
Jake:Yes.
Surma:Dino. Lovely guy, really talented, does, you know, loads of engineering in the Dino front
Surma:end. Dino back end is also on TC39 and on the Winter CG and just like, I honestly don't
Surma:know how he juggles it all. And I suppose in his work, while, you know, spelunking the
Surma:Chromium code base, because he works a lot with V8, but also with Chromium, I suppose
Jake:It's not sounding good, but what does it do?
Surma:over a piece of source code in the Chromium source space, which is a Google meet extension,
Surma:like literally same as if it was a normal Chrome extension you install from the Chrome
Surma:extension store or whatever that's called. But it's installed by default and it doesn't
Surma:shop in the extension list and you can't disable it. Right. And he was also saying, you know,
Surma:it's also in Brave and it's an arc and it's an edge and it's likely in all other Chromium
Jake:Oh, interesting. Because, because we should say that Chrome and Chromium are technically different things. Like you've got the, like Chromium is the open source project that Brave, Opera, Arc, like feed off.
Surma:derivatives as well. So I was also like.
Surma:Exactly.
Jake:And then you've got Chrome, which is kind of the closed source version, which has some extra bits. I think that's where some of the like video codec stuff goes into. That's, that's like less open source. It's where I think some of the DRM stuff, which we all love goes in. But so, but this, which kind of feels like it sits on more that sort of side of things, but no, this is in Chromium.
Surma:Yeah. So that's where I immediately and look at the set this as well, like he had a fairly
Surma:long thread where he said, I don't think this is actually malicious or harmful. It's just
Jake:Hmm.
Surma:an hour dive into the whole dissection of what it is and is it good? Is it bad? Is it
Surma:not? But my immediate thought was as well, he linked to the Chromium source code with
Surma:a link and and it was in Chromium. So therefore, it's not really a secret. It's out there.
Surma:All of the other people who build on top of Chromium would have to know about it or just
Surma:have missed it. If it was malicious, it would have been a lot smarter by Google to put it
Surma:into Chrome, which is the closed source thing to get added to Chromium, which I think also
Jake:But the important thing you said there is that it's not malicious. So nothing to see here. Happy next time. Bye bye.
Surma:has stuff like the whole logging into your Google account and syncing your tabs, which
Surma:I'm assuming that code can't necessarily be fully open. But also, like you said, the
Surma:DRM stuff for Netflix to play video so you can take screenshots and stuff to maintain
Surma:that whole chain of trust.
Surma:Yeah.
Surma:Well, that was my hunch, but I did want to check and I think so did many others, because
Jake:Except hidden. It's so normal. They've decided to hide it.
Surma:obviously that tweet got attention and loads of people were saying like, yeah, you should
Surma:have been using Brave all along. And he was like, yep, it's in Brave as well. Go try it
Surma:out. Right. So what does it do? Let's actually look at that. Like I said, it's a completely
Surma:in that sense, normal Chrome extension.
Surma:Yeah, I mean, in the terms of the code that it's like the language is written, it's just
Surma:JavaScript, same. It could be just as well a public Chrome extension. There's no special
Jake:Okay. Okay.
Surma:abilities granted to that extension apart from being installed by default. So this Chrome
Surma:extension, as any Chrome extension, filters the domains in which it is active. And this
Surma:one is filtered to all Google subdomains.
Jake:Oh, so it's not just meat.
Surma:No. So that's already, I think, where, you know, that net raises eyebrows. It basically
Surma:I think the filter is quite literally star.google.com.
Jake:I mean, my eyebrows were already raised. They're, they're kind of off my head entirely. At this point, they're kind of, they're up on the ceiling. It's, it's slightly terrifying there.
Surma:It's a great look. And from skimming the code, what it seems to do is it adds additional
Surma:APIs to the global in which that extension is active, which allows that tab to know about
Surma:the computer's CPU usage, this specific tabs, CPU usage, the GPU usage and the JavaScript
Surma:memory consumption. And that's pretty much it. There's also some logging happening, which
Jake:Yeah.
Surma:I don't understand why this need to be in the extension. I think it was just convenience
Surma:for them. But in the end, you know, logging like somebody opened this URL, you can just
Surma:do with the beaten API or something. I don't know why that is indirect, because, you know,
Surma:it's not in any way special from what Lucas said and showed is that this extension is
Surma:used by Google meet and Google meet is also in the title of the extensions name exclusively
Jake:So what was it? You said it was CPU.
Surma:question mark in the troubleshooting panel. So if you go to like a three dot menu and
Surma:there's like a troubleshooting menu point, that dialogue is supposed to help you figure
Surma:out why your meeting is maybe not working as expected or why you're having issues and
Surma:to be able to give better advice of what is going wrong or what you should try. They
Surma:want to have access to these data points which are not available as a normal Web API.
Jake:CPU states. Did you say memory state as well?
Surma:Well, yes, CPU usage also like globally, but also specific to the tab, GPU usage and
Surma:JavaScript memory consumption. So, you know, they can do stuff like, hey, it looks like
Jake:Okay.
Surma:your GPU is pretty bogged down. Maybe you can close one of the three games you're currently
Surma:running or something like I wouldn't know what you have running off because that is
Surma:not exposed. But I think that's kind of like the kind of data they want. And they even
Surma:draw a CPU graph, I guess, to show your CPU is bogged down. So if you open this in Safari,
Surma:that part of the dialogue just has is blank and says, hey, use Chrome if you want more
Jake:Right. And so we can say like, oh, it seems like the intent with these APIs is good. And it's not like doing anything totally crazy. But this represents the Chrome has given itself an advantage by bypassing web standards.
Surma:help.
Surma:Exactly. So I think I fully agree with the assessment. It seems to me that this extension
Surma:doesn't do anything evil. And it probably was born out of the need and desire to help
Jake:Oh, it sure is. Yeah.
Surma:users to make me work. Some people were saying like this data that they're exposing could
Surma:be an additional fingerprinting vector. But at the same time, and look, I said this as
Surma:well. It's like, well, you're already locked into Google when you use meat. I think we
Surma:are beyond fingerprinting in this context. And this extension is scoped. Some other people
Jake:Presumably all of these, like the GPU monitoring, CPU monitoring is, is just is, is available to other extensions as well. So yeah. Okay. So rather than messing around with DNS, your easier thing you could do is just write an extension.
Surma:also weren't like, hey, cool, I can abuse this by just like you having a custom DNS
Surma:setup. And if I put myself on a Google subdomain, I get access to this.
Surma:Yeah, yeah. Well, even then, the extension is scoped to HTTPS. So you would also have
Surma:to have a custom certificate installed. And once you install custom certificates, I think
Jake:Okay.
Surma:you have bigger security problems going anyway, because yeah, then other things can be stolen
Surma:as well. So I feel like in that sense, they did it the best way possible. And yeah, there's
Surma:like in terms of like, it's not a secret. In fact, there's a thread on Blink Dev where
Surma:contributors from Edge and I think even other browsers are talking about this extension
Surma:in the code base and whether it should be revisited at some point. So yeah, it's not
Surma:a secret. It seems harmless. It seems like the additional APIs that are being exposed
Jake:Well, so recently, Apple Maps has been released for the web. And if you try to go to that site on Chrome, or Firefox, you get a blanket no.
Surma:cannot be really exploited or could be used by other parties that are not supposed to
Surma:have access. But like you said, does that make it okay? And I feel like the answer is
Surma:still kind of no.
Jake:It's like, especially if you're, if you're on Mac. Yeah, like, it's, it's very much like you should use Safari. And it's an artificial limiting thing. Because I think if you're on Windows, you can use Chrome, something like that is, is just like, you know, we're Apple, you should use Safari if you can.
Surma:Oh, really?
Surma:Now, if you're on Apple, use Safari. If you're somewhere else, I guess we'll let you through.
Jake:Yeah, and I don't like that. I think that's bad for the openness of the web. So what we're seeing Chrome do here is, at least as bad as that. I mean, so meet now does work in Firefox does work in Safari, there was times when that wasn't true. But they are creating a better experience in Chrome through a hidden extension. And you would think if it if it was, if it was something they were proud of, it would be great.
Surma:And I keep thinking about that as well. So like someone dug up the original PR when this
Jake:It wouldn't be a hidden extension, would it?
Surma:was added. And at the time, this is apparently in 2013, it was scoped to Hangouts. Like even
Surma:on the URL, I think it was scoped to google.com slash Hangouts. It was Hangouts only. No other
Surma:Google product could use these APIs. In fact, currently it is, as I said, like available
Surma:to all Google subdomains. I do not know if any other Google product uses the abilities
Surma:of this extension, but I also understand why they increased the scope. Like why is it available
Jake:I mean, the whole thing is iffy. But yes, that in particular, it is Chrome giving itself an advantage. Like, of course, Safari could add the same hidden extension. And they could add the same non standard API's to Google meet and in order to create the same extension. But that is very, very similar to what was happening in the old IE days where Microsoft would just add whatever API you wanted to add to Chrome.
Surma:to all Google products when it's specific? That's just something I find a bit iffy. It seems
Surma:unnecessary.
Surma:Yeah.
Jake:And it was down to the other browsers to reverse engineer it is it's not I mean, okay, it's this is limited to a set of domains. But in some ways, that's, that's worse on a on another axis, right? So we're saying it's bad, because Hangouts on Chrome can have this better experience and then Hangouts on Safari through artificial means. But you're you can also say, well, well, hang on now.
Surma:Yes.
Jake:Zoom is having a worse experience than Hangouts through this. And like if they wanted to have that similar experience, yes, they could create an extension, but they would have to get you to install that extension. They don't have the benefit of it being you're installed on the slide by default. Yeah, that it's I mean, I guess I will say the word anti competitive as not a lawyer. But yeah.
Surma:No, that's exactly what other people have been saying as well. It was in like, at least
Surma:with our EU hat on, this could probably be quite, you know, realistically framed as anti-competitive
Jake:Yeah.
Surma:because exactly that example was brought up as well, where zoom now potentially has less
Surma:abilities or a worse experience than what Google meet offers in Chrome. And it's mostly
Jake:Hmm.
Surma:about the fact that it's installed by default, enabled by default and hidden and can't be
Surma:disabled. And what I think really weird because it's clearly not critical for operation, this
Surma:extension, because it works, you know, Hangouts or meet works just fine in Firefox and Safari
Surma:as is. I haven't tested that. I assume that would push you towards the app. Maybe. Yes.
Jake:Does it work on Android Chrome? Because we don't there's no extensions on Android Chrome.
Jake:Yeah, oh, they definitely do.
Surma:I was like, if I just use Hangouts and I went to the troubleshooting dialogue and then I
Surma:went, Hey, if you install this extension, we can help you troubleshoot better. Legit.
Surma:That seems completely fine to me. Like that's an opt in. And that is basically even playing
Surma:field because any other provider could also write such an extension.
Jake:Yes, a lot of these API's actually went through the standards process, because at the time Firefox OS wanted them.
Jake:Yeah, so they just wanted everything that you could do on native really at the time, but these API's were rejected because of well eventually like Firefox didn't want them because of Firefox OS kind of going away.
Surma:Ah, Firefox OS. Yes.
Jake:But the problem was fingerprinting. And as you say, it's not so bad in this case, if you are logged in. But I mean, from what I understand, like, if this is available to all Google sites, then you know, these things can be accessed when you're not logged in.
Jake:And certainly the web standards version could be it doesn't have the concept of logged in at all.
Surma:Yeah.
Jake:So yeah, I mean, there are good reasons why these API's were not taken forward.
Jake:So kind of just adding them again on the slide is a bit not great.
Surma:So I wonder why this extension is around installed by default. And so I dug a bit deeper,
Surma:especially because people were, you know, tagging in all the other Chromium directors
Surma:like Brave and Vivaldi and asking, is this true? And they were like, yes, it's true.
Surma:And at that time that extension was necessary for Hangouts to work. So I think at the time
Surma:just the web platform hadn't evolved enough to make something like Hangouts work. That
Jake:That was the reason why for a long time, it didn't work in in Firefox and Safari, there was like a particular web RTC, something, something, something, like even when there was some support in other browsers, there was a couple of methods that Google claimed were essential for this and could justify
Surma:was before it was renamed to meet across browsers, just based on web APIs. You know, I think
Surma:WebRTC probably wasn't quite there and some other APIs maybe too.
Surma:Yeah.
Jake:not allowing Safari and Firefox access on those but they were fixed. Yeah, that has changed.
Surma:So for example, Vivaldi weighed in on this thread. I don't know who from Vivaldi, but
Surma:they have their browser account on X. And they replied with, yeah, yeah, we know about
Surma:this and we expose it in the settings. So it is enabled by default, but they very much
Surma:make it a setting where you can go like, no, I don't want this extension to be enabled
Surma:by default.
Surma:Brenton Eich weighed in from the perspective of Brave and he said, you know, it used to
Jake:Which is interesting, because as you said, the logging bits feel like well, you know, logging isn't exactly a new capability on the web.
Surma:be enabled by default, but they used a patched version. So they disabled the logging parts
Surma:but still left the other APIs in there to give a consistent experience from Chrome to
Surma:Brave.
Surma:No, but it was really interesting that he then later linked to PR and that was probably,
Surma:I assume, spawned by the thread that Lukas started, that they have it now fully disabled
Surma:because, and they have a comment in their commit history, that they actively knew about
Surma:and kept this extension because when this whole thing started, you needed it for Meet
Surma:to work. And they obviously wanted people to be able to stay in Brave and attend a Meet
Surma:without having to switch back to Chrome. So they left it enabled. But as I said, you know,
Surma:it works cross-browser now. All the mission-critical things that Meet needs are on the web platform
Jake:But even what you said there is like highlights what's wrong with doing this is like, you know, another browser has has to adopt these Google designed API's exposed to Google sites, because if they don't, then, you know, Hangouts meet doesn't work. It's
Surma:and are supported cross...
Surma:Yeah.
Surma:Well, that's what I was just saying. I think now they have realized that that statement
Surma:isn't true anymore. You can disable this extension and Meet will continue to work because it
Surma:works in Safari now, for example, as well without any extensions. So it feels to me
Jake:It's
Surma:that this, again, the very original extension for Hangouts was born to make this product
Surma:a thing, virtual meetings, platform evolved, less and less capabilities need to be like
Surma:crowbarred into the browser via extension and could just be built on top of the web platform.
Surma:And this extension just kind of continued to exist and was slightly adapted and evolved.
Surma:And technically it's not needed anymore, but people kind of forgot about it, seems to be
Surma:my takeaway, because just now Brave was like, oh, we can actually disable this because Meet
Jake:Hmm.
Surma:continues to work. The only thing that won't work is the troubleshooting dialog where you
Surma:get a CPU graph. And I don't know, like I'm okay with that by default. They could probably
Surma:inject like a little, hey, if you want the graph, we can enable the extension for you
Surma:or something. So it seems overall an artifact of history and probably harmless. But I also
Surma:think stuff like this still burns user trust.
Jake:Oh, absolutely. Has Chrome said anything about this? Has Google said anything about this? Okay.
Surma:No, as far as I know, there has been no official statement. I assume that they revised history
Surma:probably more thoroughly than I have and came to the conclusion, this is all harmless
Surma:and not worth giving attention to, which I'm not sure I agree with. I guess the majority
Surma:of public users didn't even notice this in terms of waves within the web development
Surma:community. I thought it was quite big. I think it was one of those tweets from Luca which
Jake:Hmm.
Surma:went to like a thousand likes and above. So definitely got eyes on it. But, you know,
Surma:people love a good outcry and outrage, but I think nothing major has come of it. But
Surma:I think it's just one of those things, a bit of carelessness and a bit of like questionable
Surma:decision making that just now look really dodgy.
Jake:I agree. So I wonder if Google had the same journey here that they they had the extension for you to make Hangouts meet work at all. You know, again, I question the ethics of that decision. But when the that, like strong requirement went away, maybe no one asked the question, should this be around anymore? It's like, well, people aren't or if they did ask, it's like, well, people aren't complaining about it. So why not have this slightly better user experience through this slightly shady method?
Surma:The questions were definitely asked on BlinkDev. So there was someone asking, hey, do we still
Jake:Hmm.
Surma:need this? I had a quick skim of this code. It looks like it just does some, you know,
Surma:GPU, CPU stuff and some logging. And they're like, yeah, we could probably rework this.
Surma:I don't think we can land these APIs. But there were definitely people bringing up the
Surma:questions and Chromies were replying. So there was a prompt for them to maybe go, maybe
Surma:revisit this. But they didn't. And, you know, that's again, not to paint a picture of them
Jake:Hmm.
Surma:actively turning a blind eye to leave the evil extension running, but more like people
Surma:are busy and have better things to do. But also...
Jake:I mean, that is kind of the definition of turning a blind eye. So but yeah, I don't know. I think I'm angrier about this than you are. I don't like this. I think Chrome should remove it, especially now, if it's just a tiny little, if I was working at Google still, this would make me really angry. Because like you say, it is so much trust burned for so little. I mean, well, like you say, it maybe hasn't sort of taken off in dev communities.
Surma:I agree.
Surma:Yeah.
Jake:So maybe they haven't burned a lot of trust. But I feel I would feel like it's just, it's something there that anyone who doesn't like Chrome or other browser vendors would just be able to, you know, if I'm in a standards group, and I try and say to someone, hey, you know, I, you can't just ship that without standards effort. All they'll have to say is like, well, you, you know, you install this stuff in the background all the time. I mean, so what, you know, you don't care about this stuff.
Surma:And Chrome gains so little from this extension at this point.
Jake:And that's it. It's not for anything anymore. I mean, such a small thing now. It's not worth it is not worth burning the trust over it.
Surma:So I'm going to link to all of this in the description. Curious if, you know, if people
Surma:want to take a look and form their own opinion on the original PR, the DevLink discussion,
Surma:Lucas whole thread, the commit, Brendan Ice stuff. I'd be curious to hear from our three
Surma:and a half listeners what they think and if how angry are they? Because I'm not like angry,
Jake:I am angry about it. And again, I just have to keep asking myself, like, how would I feel if it was Apple doing this? You know, who I've kind of got, I guess, historical knowledge of.
Surma:but also I've become increasingly indifferent because it sounds harsh, but like, this is
Surma:not the first time we have discovered something weird about how Chrome operates. And it almost
Surma:feels a bit pal for the cause at this point.
Surma:Yeah.
Jake:historical beef with in terms of, you know, their attitude towards the web. And yeah, I'd be really angry about it. And I am I, I think they could, it would be a nice step for them just to remove that extension and maybe do a bit of like a postmortem blog post on it.
Surma:Yeah.
Surma:Yeah.
Surma:Maybe it's like, what is the process for solving a product at the time, but also making sure
Jake:You know, because I think there is a reasonable ish story that you could tell behind it. And certainly a nice thing to kind of end and say, look, maybe we should have removed this sooner, but we have removed it now.
Jake:Hmm.
Surma:you don't forget about it and put in the effort to remove it once that need has evaporated?
Surma:Because I wonder, you know, it also makes you think how much more is there in Chromium
Surma:or Chrome, especially in Chrome where we can't see it, but even in Chromium, because we worked
Surma:at Google for a good number of years and know how to read lots of code, but I still am not
Surma:someone to easily navigate the Chromium code base and figure out where would you hide this
Jake:Yeah, well, that speaks to the burn trust thing is there's a lot of folks who, you know, get a little bit towards conspiracy theory stuff with Google and the web.
Surma:stuff or say, hi, where would you place this?
Surma:Where could I find all these other, if there are others, default installed, hidden, uninstallable
Surma:extensions that maybe do other things?
Jake:But yeah, I think it's very reasonable and very easy to say, like, well, if they're doing this in plain sight, what else are they doing? Because it's, yeah, it's a big smoking gun right there. Oh, well. Well, do you know what's great? We don't have to deal with this anymore. From in terms of like, you know, trying to fix it.
Surma:Yeah, exactly.
Surma:We don't have to defend it or apologize for it or try to push both sides.
Jake:No.
Surma:Yeah, no, that's what I was thinking as well.
Surma:Sometimes it's nice to just be able to lean back and eat the popcorn, which is kind of
Surma:what I did while scrolling that tweet.
Surma:It's very refreshing, but I figure that is probably enough dystopian bleakness.
Jake:Until next time.
Surma:Until next time, where we, where OTMT comes back with more dystopian bleakness and tangents.
Surma:That's a good tagline.
Surma:Ooh, I like that.
Jake:This is a tight 30 minutes as well. Nice.
Surma:Look at us go.
Surma:Well, I guess at this point there's the usual left to say.