h/t @simon@simonwillison.net https://fedi.simonwillison.net/@simon/112757810519145581
Simply noone ever looked and it’s not documented. And the api is locked to work only on google domains so it wasn’t usable to anyone to accidentally notice what’s going on.
The code doesn’t do anything on non-Google domains.
Luca says this - I’m inclined to agree:
This is interesting because it is a clear violation of the idea that browser vendors should not give preference to their websites over anyone elses.
Follow up question: How many other parts of the chromium codebase limited to work on (maybe other) specific domains?
The code doesn’t do anything on non-Google domains.
A Google engineer adds a piece of code, does not document what exactly it does, and it was approved without question. Something is seriously wrong with this or I don’t know how the Chromium project works.
I read somewhere a long time ago that chromium is a “look, but not touch” type of foss project. You can fork it, fix it, do whatever you want with the code, but on the main chromium repo they rarely accept PRs from random contributors
Here is an article from 2020, about the first non google employees getting some rights in the repo, before that all decisions was made by google employees: https://www.cnet.com/tech/mobile/google-gets-web-allies-by-letting-outsiders-help-build-chromes-foundation/ This api was added in 2013
And the workaround for this issue is really simple, and it was recommended privacy wise for a long time: don’t use chromium based browsers and don’t visit google related sites, as much as you can.